Cppcheck is a static analysis tool for C/C++ code. It doesn't look for syntax errors, but for bugs that a compilation steps would not normally detected. It provides out of bounds checking, checking the code for each class, exception safety, memory leaks checking, warnings for obsolete function usage, invalid usage of STL, and tests for uninitialized variables and unused functions. There are IDE and VCS bindings for Code::Block, CodeLite, Eclipse, gedit, Hudson, Jenkins,
Mercurial, Tortoise SVN, Visual Studio.
Homepage
Download
Recent Releases
2.1420 Apr 2024 21:32
minor feature:
Summary:
- Fixed 23 "crash" tickets
- Fixed 69 "false positive" tickets
- Fixed 36 "improve check" tickets
New checks:
- eraseIteratorOutOfBounds: warns when erase() is called on an iterator that is out of bounds
- returnByReference: warns when a large class member is returned by value from a getter function
GUI:
-Make it possible to suppress warnings in all files in a folder
Changed interface:
- Fixed crash with '--rule-file=' if some data was missing.
- '--rule-file' will now bail out if a rule could not be added or a file contains unexpected data.
- Add option '--check-version', you can use it to pin the cppcheck version in a script.
- Added '--template=simple'. It is expands to ' file : line : column : severity : inconclusive:inconclusive: message id ' without any additional location details.
- Removed deprecated platform type 'Unspecified'. Please use 'unspecified' instead.
- Add --file-filter=- option that reads file filters from stdin. Added for a plugin.
Other:
- Added CMake option 'EXTERNALS_AS_SYSTEM' to treat external includes as 'SYSTEM' ones.
- The minimum required compiler versions have been bumped to GCC 5.1 / Clang 3.5 / Visual Studio 2015
- The minimum required CMake version has been bumped to 3.5
- Using Visual Studio with CMake now checks if the CMake version is at least 3.13. This was always required but was not checked explicitly.
- Removed deprecated 'Makefile' option 'SRCDIR'.
- Added CMake option 'DISALLOW_THREAD_EXECUTOR' to control the inclusion of the executor which performs the analysis within a thread of the main process.
- Removed CMake option 'USE_THREADS' in favor of 'DISALLOW_THREAD_EXECUTOR'.
- misra-config will not be treated as a critical error anymore
Safety critical:
- #12440 : Misra violations found but cppcheck exited with 0 even after specifying exit code
2.1324 Dec 2023 14:45
minor feature:
Release Notes for Cppcheck 2.13. New checks:
PassedByValueCallback for functions which take a parameter by value but are used as callbacks (subset of passedByValue).
ReturnImplicitInt for C functions without return type (previously reported as a demessage).
IterateByValue for iterating by value in a range-based for loop when a const reference could be used. Changed interface:
Final report of active checkers is reported as a normal information message instead.... read more.
2.1211 Sep 2023 11:05
minor feature:
New checks:
UselessOverride finds overriding functions that either duplicate code from or delegate back to the base class implementation.
KnownPointerToBool finds pointer to bool conversions that are always true or false. Improved checking:
TruncLongCastAssignment and truncLongCastReturn check additional types, including float/double/long double.
DuplInheritedMember also reports duplicated member functions.
ConstParameter. /constVariable checks find more instances of pointers/references that can be const, e.g. when calling library functions... read more.
2.1115 Jul 2023 03:53
minor feature:
New checks:
pop_back on empty container is UB
Improved checking:
Improve useStlAlgorithm check to handle many more conditions in the loop for any_of, all_of and none_of algorithms
ValueFlow can evaluate the return value of functions even when conditionals are used
ValueFlow will now forward the container sizes being returned from a function
ValueFlow can infer possible values from possible symbolic values
Improve valueflow after pushing to container
GUI:
The platform type 'Unspecified' within .cppcheck projects has been deprecated and will be removed in Cppcheck 2.14. Please use 'unspecified' instead.
Do not replace relative paths with absolute paths in suppressions in the project file dialog
Interface:
The new option --check-level= has been added that controls how much checking is made by Cppcheck. The default checking level is "normal". If you feel that you can wait longer on results you can use --check-level=exhaustive.
It is no longer necessary to run "--check-config" to get detailed "missingInclude" and "missingIncludeSystem" messages. They will always be issued in the regular analysis if "missingInclude" is enabled.
"missingInclude" and "missingIncludeSystem" are reported with "-j" is 1 and processes are used in the backend (default in non-Windows binaries)
"missingInclude" and "missingIncludeSystem" will now cause the "--error-exitcode" to be applied
"--enable=information" will no longer implicitly enable "missingInclude" starting with 2.16. Please enable it explicitly if you require it.
The constParameter and constVariable checks have been split into 3 different IDs based on if the variable is a pointer, a reference, or local. The different IDs will allow users to suppress different const warning based on variable type.
constParameter
constParameterReference
constParameterPointer
constVariable
constVariableReference
constVariablePoi
1.9023 Dec 2019 06:05
minor feature:
Cppcheck-1.90 has been released.. New check:
alias to vector element invalid after vector is changed. Improved checking:
improved value flow analysis for struct members.
improved value flow analysis for pointer alias. CERT:
Added ENV33-C: Do not call system(). MISRA:
Added rule 2.7.
Added rule 3.2.
Added rule 4.2.
Added rule 14.2.
Added rule 21.1.
Added rule 21.12. Addons:
Add --recursive option. You can check dump files recursively..
1.8902 Sep 2019 06:45
minor feature:
Cppcheck-1.89 has been released. Command line:
The default warning message format was changed. The new format is similar to GCC. If you want to get warnings in the old format, add --template=cppcheck1 to the command line.. Compiling:
From now on, use FILESDIR instead of CFGDIR to specify the path for Cppcheck data files. The readme.txt describes the available flags.. Improved checking:
Improved value flow analysis for pointer aliases.
Improved checking for uninitialized variables/structs.
Better checking of smart pointers.
Better checking of global variables.
Added Cppcheck annotations. cppcheck_low (VALUE) and. cppcheck_high (VALUE).
Shadow variables; warn when argument is shadowed.
Warn if local reference variable can be const... read more.
1.8830 Jun 2019 13:05
minor feature:
Cppcheck-1.88 has been released.. New checks:
Comparing pointers that point to different objects.
Address of local variable 'x' is accessed at non-zero index.
STL usage: unnecessary search before insertion.
Duplicate expression for condition and assignment: if (x==3) x=3;. Added --library configuration files for:
Cppunit.
Libcerror.
Nspr.
Opengl.
Sqlite3. Better handling of C++14 and C++17... read more.
1.8610 Dec 2018 02:25
minor feature:
Cppcheck-1.86 has been released. General:
Many in the template simplifier.
Several in the abstract syntax tree.. Checking improvements:
New check: passing address of char to function that expects a strz.
New check: shadow variables.
Improved lifetime checking.
Improved STL iterators checking.
Improved data flow analysis. New libraries:
zlib.
googletest. Addons:
misra.py: for suppressions and exclusions.
namingng.py: New addon to check naming conventions. Rules are specified in json file..
1.8518 Oct 2018 03:17
minor feature:
Cppcheck-1.85 has been released.. General: We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped. You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6.. According to "daca@home" (http://cppcheck.osuosl.org:8000).. There are fewer crashes.. Cppcheck-1.85 is 25 slower than Cppcheck-1.84
Checking improvements: New check: Suggest STL algorithms instead of hard-coded for loops. New check: Warn about ineffective algorithms (same iterator passed). New check: Mismatching iterators used together in operators. Container (STL/Qt/WxWidgets/etc) access out of bounds. Improved the checkers that warns about same/opposite expressions, track variable values better... logical conjunctions. identical/opposite inner expressions. same expressions around operator. etc.
Variable scope: warn about references also.
Graphical user interface:. read more.
1.6602 Aug 2014 13:48
minor bugfix:
New checks include to compare pointers with ' 0' and assigning boolean expression to floating point variables.
The AST was much improved, as was the ValueFlow analysis.
ValueFlow and AST now used by much more checks, improving checking accuracy and performance.
Checking for self assignment now supports more complex expressions.
Returning references to literals or references to calculation results is detected.
Enhanced support for commutative operators in duplicate expression checking.
Improved template/enum parsing.
Much improved htmlreport.
Generate xml dump of AST/ValueFlow/SymbolDatabase/TokenList if --dump is given.