Cppcheck-2.16.0

Release Notes for Cppcheck 2.16.0

Improved checking:

• constVariable; checking multidimensional arrays
• constVariablePointer; nested array access
• deallocuse

Changed interface:

• SARIF output. Use --output-format=sarif to activate this.
• Add option --output-format=. Allowed formats are sarif and xml.

Deprecations:

• The previously deprecated support for Python 2.7 has been removed. please use Python 3 instead.
• The maximum value for --max-ctu-depth is currently capped at 10. This limitation will be removed in a future release.

Other:

• "missingInclude" is no longer implicitly enabled with "information" - you need to enable it explicitly now.
• Fixed checkers report when --addon=misra.py or --addon=misra.json is used.

Cppcheck-2.15

Release Notes for Cppcheck 2.15

New checks:

• suspiciousFloatingPointCast flags unnecessary floating point casts that cause loss of precision

GUI:

• Added misra/cert/autosar reports
• Fixed "Recheck"
• Add "inline suppressions" option in project file
• Make it possible to define extra defines when importing a project

Changed interface:

• Added command-line option --cpp-header-probe (and --no-cpp-header-probe) to probe headers and extension-less files for Emacs marker (see https://trac.cppcheck.net/ticket/10692 for more details)

Deprecations:

• Support for Python 2.7 has been deprecated (it went EOL in January 2020) and will be removed in Cppcheck 2.16 - please use Python 3.x instead.
• The already deprecated support for qmake will be removed in Cppcheck 2.16 - please use CMake instead.

Other:

• Add support for 'CLICOLOR_FORCE'/'NO_COLOR' environment variables to force/disable ANSI color output for diagnostics.
• Add "remark comments" that can be used to generate reports with justifications for warnings
• The whole program analysis is now being executed when "--project" is being used.
• Improved import of Visual Studio projects, support shared items projects (*.vcxitems).

Cppcheck-2.14.2

Small tweaks and fixes

• Justifications for warnings using comments in the code (https://trac.cppcheck.net/ticket/12610)
• Fix alignas handling (https://trac.cppcheck.net/ticket/12807) and (https://trac.cppcheck.net/ticket/12813)

Cppcheck-2.14.1

What's Changed

• Build: fix USE_MATCHCOMPILER CMake option validation, it works as it should again
• Improve Checking: implement evaluation order checker for c++11 and later
• GUI: Do not show messages during analysis that are inactivated in the toolbar
• Cppcheck Premium: update mapping of checkers in cppcheck
• Cppcheck Premium: GUI option to enable misra c++ 2023
• Cppcheck Premium: show misra c++ 2023 option in --help output

Full Changelog: 2.14.0...2.14.1

Cppcheck-2.14.0

Release Notes for Cppcheck 2.14.0

Summary:

• Fixed 23 "crash" tickets
• Fixed 69 "false positive" tickets
• Fixed 36 "improve check" tickets

New checks:

• eraseIteratorOutOfBounds: warns when erase() is called on an iterator that is out of bounds
• returnByReference: warns when a large class member is returned by value from a getter function

GUI:
-Make it possible to suppress warnings in all files in a folder

Changed interface:

• Fixed crash with '--rule-file=' if some data was missing.
• '--rule-file' will now bail out if a rule could not be added or a file contains unexpected data.
• Add option '--check-version', you can use it to pin the cppcheck version in a script.
• Added '--template=simple'. It is expands to '{file}:{line}:{column}: {severity}:{inconclusive:inconclusive:} {message} [{id}]' without any additional location details.
• Removed deprecated platform type 'Unspecified'. Please use 'unspecified' instead.
• Add --file-filter=- option that reads file filters from stdin. Added for a plugin.

Other:

• Added CMake option 'EXTERNALS_AS_SYSTEM' to treat external includes as 'SYSTEM' ones.
• The minimum required compiler versions have been bumped to GCC 5.1 / Clang 3.5 / Visual Studio 2015
• The minimum required CMake version has been bumped to 3.5
• Using Visual Studio with CMake now checks if the CMake version is at least 3.13. This was always required but was not checked explicitly.
• Removed deprecated 'Makefile' option 'SRCDIR'.
• Added CMake option 'DISALLOW_THREAD_EXECUTOR' to control the inclusion of the executor which performs the analysis within a thread of the main process.
• Removed CMake option 'USE_THREADS' in favor of 'DISALLOW_THREAD_EXECUTOR'.
• misra-config will not be treated as a critical error anymore

Safety critical:

• #12440 : Misra violations found but cppcheck exited with 0 even after specifying exit code

Cppcheck-2.13.0

Release Notes for Cppcheck 2.13

New checks:

• passedByValueCallback for functions which take a parameter by value but are used as callbacks (subset of passedByValue)
• returnImplicitInt for C functions without return type (previously reported as a debug message)
• iterateByValue for iterating by value in a range-based for loop when a const reference could be used

Changed interface:

• Final report of active checkers is reported as a normal information message instead.

Deprecations:

• "--showtime=top5" has been deprecated and will be removed in Cppcheck 2.14. Please use --showtime=top5_file or --showtime=top5_summary instead.
• Building with Qt5 has been deprecated (it went EOL in May 2023) and will be removed in a future version - please use Qt6 instead.

Other:

• Windows builds now default to the native platform instead of win32A or win64. Please specify it explicitly if you depend on it.
• The undocumented and deprecated command-line options --template <template> and --template-format <template> has been removed. Please use --template= and --template-format= instead.
• "--showtime=summary" will now show a single summary at the end instead of showing it after each file when using the thread execution (default on Windows)
• added "--showtime=none" to disable any previously specified showtime report. "--showtime=" without parameter is no longer valid.
• Multiple "--project" options are now prohibited. These would have overlapped each other and lead to unexpected behavior. Please use separate runs with a single "--project" option instead.
• "--project" can also no longer be used in conjunction with additional source files.
• If a addon cannot be found it will bail out immediately instead of continously writing errors and failing the analysis at the end.
• clang-tidy was not invoked when the process-based executor (only available on Linux / default) was used.
• Added CMake option "BUILD_MANPAGE" which adds the "man" target which will build the manpage. This requires xsltproc and the docbook XSLs to be installed.
• Added some library configurations to the official Windows installer.
• Removed some unused Qt DLLs from the official Windows installer.
• Improved inline suppressions:
  • You can suppress warnings in a block of code using "-begin" and "-end".
  • You can suppress warnings in current file using "-file".
  • You can suppress all warnings where macro is used using "-macro"
• Cppcheck will now error out when an option, which requires code which is not compiled in, is being specified. In the past it might have silently ignored it or reported it as unknown.
• Several macros defined by "limits.h"/"climits" will now be generated from the used platform condiguration and passed to the analysis.
• fixed CMake build with UBSAN and GCC
• Files will now be processed in the order as specified via the command-line.
• Added command-line options "--fsigned-char" and "--funsigned-char" to control the signess of the "char" type. This overrides previously specified "--platform" options and is overrides by following ones.
• An error is now reported when the "cppcheck.cfg" is invalid. The CLI version will also exit with a failure in that case.
• Fixed loading of addons from "cppcheck.cfg" in the GUI application.
• Markup files will now be processed after the regular source files when using multiple threads/processes (some issues remain - see Trac #12167 for details).
• Added file name to ValueFlow "--debug" output.
• Fixed build when using "clang-cl" in CMake.

Safety critical:

• #10866 unsafe handling of unconditional #error
• #12071 unsafe suppressions of critical errors
• #12079 missing "misra-config" warning, calling unknown function in condition

Cppcheck-2.12.1

Bug fix:

• Fix problem to import GUI project (#5456 ).

Cppcheck-2.12.0

New checks:

• uselessOverride finds overriding functions that either duplicate code from or delegate back to the base class implementation
• knownPointerToBool finds pointer to bool conversions that are always true or false

Improved checking:

• truncLongCastAssignment and truncLongCastReturn check additional types, including float/double/long double
• duplInheritedMember also reports duplicated member functions
• constParameter*/constVariable* checks find more instances of pointers/references that can be const, e.g. when calling library functions

GUI:

• Show in statistics which checkers have been activated in latest analysis
• Make it more visible if there has been critical errors that caused checkers to be skipped

Changed interface:

• Write how many checkers was activated after a run
• Added --checkers-report that can be used to generate a report in a file that shows what checkers was activated and disabled

Deprecations:

• The qmake build system has been deprecated and will be removed in a future version.
• Command-line option '--template ' is deprecated and will be removed in 2.13 - please use '--template=' instead.
• Command-line option '--template-location ' is deprecated and will be removed in 2.13 - please use '--template-location=' instead.

  Other:

  • "USE_QT6=On" will no longer fallback to Qt5 when Qt6 is not found.
  • When the execution of an addon fails with an exitcode it will now result in an 'internalError' instead of being silently ignored.
  • "Win32" configurations have been removed from the bundled Visual Studio solution and projects. You might still be able to build 32-bit binaries using CMake but that is untested and unmaintained.

Cppcheck-2.11

New checks:

• pop_back on empty container is UB

Improved checking:

• Improve useStlAlgorithm check to handle many more conditions in the loop for any_of, all_of and none_of algorithms
• ValueFlow can evaluate the return value of functions even when conditionals are used
• ValueFlow will now forward the container sizes being returned from a function
• ValueFlow can infer possible values from possible symbolic values
• Improve valueflow after pushing to container

GUI:

• The platform type 'Unspecified' within .cppcheck projects has been deprecated and will be removed in Cppcheck 2.14. Please use 'unspecified' instead.
• Do not replace relative paths with absolute paths in suppressions in the project file dialog

Interface:

• The new option --check-level= has been added that controls how much checking is made by Cppcheck. The default checking level is "normal". If you feel that you can wait longer on results you can use --check-level=exhaustive.
• It is no longer necessary to run "--check-config" to get detailed "missingInclude" and "missingIncludeSystem" messages. They will always be issued in the regular analysis if "missingInclude" is enabled.
• "missingInclude" and "missingIncludeSystem" are reported with "-j" is > 1 and processes are used in the backend (default in non-Windows binaries)
• "missingInclude" and "missingIncludeSystem" will now cause the "--error-exitcode" to be applied
• "--enable=information" will no longer implicitly enable "missingInclude" starting with 2.16. Please enable it explicitly if you require it.
• The constParameter and constVariable checks have been split into 3 different IDs based on if the variable is a pointer, a reference, or local. The different IDs will allow users to suppress different const warning based on variable type.
  • constParameter
  • constParameterReference
  • constParameterPointer
  • constVariable
  • constVariableReference
  • constVariablePointer
• More command-line parameters will now check if the given integer argument is actually valid. Several other internal string-to-integer conversions will now be error checked.
• scanning projects (with -j1) will now defer the analysis of markup files until the whole code was processed

Cppcheck-2.10

Analysis:

• Many improvements and fixes in checkers.
• Windows binaries currently default to the "win32A" and "win64" platform respectively. Starting with Cppcheck 2.13 they will default to 'native' instead. Please specify '--platform=win32A' or '--platform=win64' explicitly if you rely on this.
• New check: use memset/memcpy instead of loop

CLI:

• if the file provided via "--file-list" cannot be opened it will now error out
• add command-line option "--disable=" to individually disable checks

GUI:

• Detect when installed version is old. There is setting in Edit/Preferences to turn this on.
• Fix path issue with backslashes
• Cleanup *.ctu-info files after analysis

Build:

• the deprecated Makefile option SRCDIR is no longer accepted
• added CMake option BUILD_CORE_DLL to build lib as cppcheck-core.dll with Visual Studio