Cppcheck is a static analysis tool for C/C++ code. It doesn't look for syntax errors, but for bugs that a compilation steps would not normally detected. It provides out of bounds checking, checking the code for each class, exception safety, memory leaks checking, warnings for obsolete function usage, invalid usage of STL, and tests for uninitialized variables and unused functions. There are IDE and VCS bindings for Code::Block, CodeLite, Eclipse, gedit, Hudson, Jenkins,
Mercurial, Tortoise SVN, Visual Studio.
1.9023 Dec 2019 06:05
Cppcheck-1.90 has been released.. New check:
alias to vector element invalid after vector is changed. Improved checking:
improved value flow analysis for struct members.
improved value flow analysis for pointer alias. CERT:
Added ENV33-C: Do not call system(). MISRA:
Added rule 2.7.
Added rule 3.2.
Added rule 4.2.
Added rule 14.2.
Added rule 21.1.
Added rule 21.12. Addons:
Add --recursive option. You can check dump files recursively..
1.8902 Sep 2019 06:45
Cppcheck-1.89 has been released. Command line:
The default warning message format was changed. The new format is similar to GCC. If you want to get warnings in the old format, add --template=cppcheck1 to the command line.. Compiling:
From now on, use FILESDIR instead of CFGDIR to specify the path for Cppcheck data files. The readme.txt describes the available flags.. Improved checking:
Improved value flow analysis for pointer aliases.
Improved checking for uninitialized variables/structs.
Better checking of smart pointers.
Better checking of global variables.
Added Cppcheck annotations. cppcheck_low (VALUE) and. cppcheck_high (VALUE).
Shadow variables; warn when argument is shadowed.
Warn if local reference variable can be const... read more.
1.8830 Jun 2019 13:05
Cppcheck-1.88 has been released.. New checks:
Comparing pointers that point to different objects.
Address of local variable 'x' is accessed at non-zero index.
STL usage: unnecessary search before insertion.
Duplicate expression for condition and assignment: if (x==3) x=3;. Added --library configuration files for:
Sqlite3. Better handling of C++14 and C++17... read more.
1.8610 Dec 2018 02:25
Cppcheck-1.86 has been released. General:
Many in the template simplifier.
Several in the abstract syntax tree.. Checking improvements:
New check: passing address of char to function that expects a strz.
New check: shadow variables.
Improved lifetime checking.
Improved STL iterators checking.
Improved data flow analysis. New libraries:
misra.py: for suppressions and exclusions.
namingng.py: New addon to check naming conventions. Rules are specified in json file..
1.8518 Oct 2018 03:17
Cppcheck-1.85 has been released.. General: We are modernizing the Cppcheck code. Support for MSVC 2010 and GCC 4.4 is dropped. You now need a compiler that is at least as good as MSVC 2013 or GCC 4.6.. According to "daca@home" (http://cppcheck.osuosl.org:8000).. There are fewer crashes.. Cppcheck-1.85 is 25 slower than Cppcheck-1.84
Checking improvements: New check: Suggest STL algorithms instead of hard-coded for loops. New check: Warn about ineffective algorithms (same iterator passed). New check: Mismatching iterators used together in operators. Container (STL/Qt/WxWidgets/etc) access out of bounds. Improved the checkers that warns about same/opposite expressions, track variable values better... logical conjunctions. identical/opposite inner expressions. same expressions around operator. etc.
Variable scope: warn about references also.
Graphical user interface:. read more.
1.6602 Aug 2014 13:48
New checks include to compare pointers with ' 0' and assigning boolean expression to floating point variables.
The AST was much improved, as was the ValueFlow analysis.
ValueFlow and AST now used by much more checks, improving checking accuracy and performance.
Checking for self assignment now supports more complex expressions.
Returning references to literals or references to calculation results is detected.
Enhanced support for commutative operators in duplicate expression checking.
Improved template/enum parsing.
Much improved htmlreport.
Generate xml dump of AST/ValueFlow/SymbolDatabase/TokenList if --dump is given.