News (original) (raw)
cppcheck / News: Recent posts
Cppcheck-2.18.0
Release Notes for Cppcheck 2.18
Changed interface:
- Updated path matching syntax for -i, --file-filter, suppressions, GUI excludes, and project file excludes.
Old patterns that use a * may need to use ** instead if it is intended to match path separators. More details can be seen in the manual.
Deprecations:
- Support for building with Qt 5 will be removed in Cppcheck 2.19.
- The platform 'unix32-unsigned' has been deprecated and will be removed in Cppcheck 2.19. Please use '--platform=unix32 --funsigned-char' instead.
- The platform 'unix64-unsigned' has been deprecated and will be removed in Cppcheck 2.19. Please use '--platform=unix64 --funsigned-char' instead.... read more
Posted by 
2025-07-20 Labels: 2.18.0
Cppcheck-2.17.0
Release Notes for Cppcheck 2.17
New checks:
- staticFunction: detect functions that should have internal linkage since they
are not used outside of their translation unit (C code only).
- Check null pointer return from memory/resource allocation functions (nullPointerOutOfMemory,
nullPointerArithmeticOutOfMemory, nullPointerOutOfResources, ctunullpointerOutOfMemory,
ctunullpointerOutOfResources).... read more
Posted by 2025-02-23 Labels: 2.17.0
Cppcheck-2.16.0
Release Notes for Cppcheck 2.16.0
Improved checking:
- constVariable; checking multidimensional arrays
- constVariablePointer; nested array access
- deallocuse
Changed interface:
- SARIF output. Use --output-format=sarif to activate this.
- Add option --output-format=. Allowed formats are sarif and xml.
Deprecations:
- The previously deprecated support for Python 2.7 has been removed. please use Python 3 instead.
- The maximum value for --max-ctu-depth is currently capped at 10. This limitation will be removed in a future release.... read more
Posted by 2024-10-27 Labels: 2.16.0
Cppcheck-2.15.0
Release Notes for Cppcheck 2.15
New checks:
- suspiciousFloatingPointCast flags unnecessary floating point casts that cause loss of precision
GUI:
- Added misra/cert/autosar reports
- Fixed "Recheck"
- Add "inline suppressions" option in project file
- Make it possible to define extra defines when importing a project
Changed interface:
- Added command-line option
--cpp-header-probe(and--no-cpp-header-probe) to probe headers and extension-less files for Emacs marker (see https://trac.cppcheck.net/ticket/10692 for more details)... read more
Posted by 2024-08-31
Cppcheck-2.14.1
Fixes:
- Build: fix USE_MATCHCOMPILER CMake option validation, it works as it should again
- Improve Checking: implement evaluation order checker for c++11 and later
- GUI: Do not show messages during analysis that are inactivated in the toolbar
- Cppcheck Premium: update mapping of checkers in cppcheck
- Cppcheck Premium: GUI option to enable misra c++ 2023
- Cppcheck Premium: show misra c++ 2023 option in --help output
Posted by 2024-05-27 Labels: 2.14.1
Cppcheck-2.14.0
Release Notes for Cppcheck 2.14.0
Summary:
- Fixed 23 "crash" tickets
- Fixed 69 "false positive" tickets
- Fixed 36 "improve check" tickets
New checks:
- eraseIteratorOutOfBounds: warns when erase() is called on an iterator that is out of bounds
- returnByReference: warns when a large class member is returned by value from a getter function
GUI:
-Make it possible to suppress warnings in all files in a folder... read more
Posted by 2024-04-20
Cppcheck-2.13.0
Release Notes for Cppcheck 2.13
New checks:
- passedByValueCallback for functions which take a parameter by value but are used as callbacks (subset of passedByValue)
- returnImplicitInt for C functions without return type (previously reported as a debug message)
- iterateByValue for iterating by value in a range-based for loop when a const reference could be used
Changed interface:
- Final report of active checkers is reported as a normal information message instead.... read more
Posted by 2023-12-23
Cppcheck-2.12.0
New checks:
- uselessOverride finds overriding functions that either duplicate code from or delegate back to the base class implementation
- knownPointerToBool finds pointer to bool conversions that are always true or false
Improved checking:
- truncLongCastAssignment and truncLongCastReturn check additional types, including float/double/long double
- duplInheritedMember also reports duplicated member functions
- constParameter_/constVariable_ checks find more instances of pointers/references that can be const, e.g. when calling library functions... read more
Posted by 2023-09-10 Labels: 2.12.0
Cppcheck-2.11
New checks:
- pop_back on empty container is UB
Improved checking:
- Improve useStlAlgorithm check to handle many more conditions in the loop for any_of, all_of and none_of algorithms
- ValueFlow can evaluate the return value of functions even when conditionals are used
- ValueFlow will now forward the container sizes being returned from a function
- ValueFlow can infer possible values from possible symbolic values
- Improve valueflow after pushing to container ... read more
Posted by 2023-06-22 Labels: 2.11
Gartner Peer Insights reviews
Cppcheck has been added in the Gartner "Application Security Testing" Peer Insights listing.
The Gartner Peer Insights lists various tools and show reviews. The reviews are verified by Gartner. A user that use the tool professionally can write a review.
Please help us getting reviews. If you work at a company that uses Cppcheck then please review us. Both open source Cppcheck and Cppcheck Premium users are welcome to review. The link below takes you to the review form:
https://gtnr.io/J81zesfzL
Posted by 2023-04-25
Cppcheck-2.10
Analysis:
- Many improvements and fixes in checkers.
- Windows binaries currently default to the "win32A" and "win64" platform respectively. Starting with Cppcheck 2.13 they will default to 'native' instead. Please specify '--platform=win32A' or '--platform=win64' explicitly if you rely on this.
- New check: use memset/memcpy instead of loop
CLI:
- if the file provided via "--file-list" cannot be opened it will now error out
- add command-line option "--disable=" to individually disable checks... read more
Posted by 2023-01-28 Labels: 2.10
Cppcheck-2.9
Analysis
- restored check for negative allocation (new[]) and negative VLA sizes from cppcheck 1.87 (LCppC backport)
- replaced hardcoded check for pipe() buffer size by library configuration option (LCppC backport)
- on Windows the callstack is now being written to the output specific via "--exception-handling"
- make it possible to disable the various exception handling parts via the CMake options "NO_UNIX_SIGNAL_HANDLING", "NO_UNIX_BACKTRACE_SUPPORT" and "NO_WINDOWS_SEH"
- detect more redundant calls of std:🧵:c_str(), std:🧵:substr(), and unnecessary copies of containers
- Add a
matchfunction to addon similiar toToken::Matchused internally by cppcheck:|for either-or tokens(iestruct|classto match eitherstructorclass)!!to negate a token- It supports the
%any%,%assign%,%comp%,%name%,%op%,%or%,%oror%, and%var%keywords - It supports
(*),{*},[*], and<*>to match links @can be added to bind the token to a name**can be used to match until a token
- Add math functions which can be used in library function definition. This enables evaluation of more math functions in ValueFlow
- Further improve lifetime analysis with
thispointers - Propagate condition values from outer function calls
- Add debug intrinsics
debug_valueflowanddebug_valuetypeto show more detail including source backtraces... read more
Posted by 2022-08-28 Labels: 2.9
Cppcheck-2.8
- Lifetime analysis can now track lifetime across user-defined constructors when they are inline and using member initializer list.
- SymbolDatabase can now deduce iterator types from how they are specified in the library files.
- ValueFlow can evaluate class member functions that return known values.
- Improve duplicateValueTenary to not warn when used as an lvalue or when one branch has side effects
- Fix variableScope to not warn when variables are used in lambda functions
- Fix unassignedVariable warnings when using structured bindings
- Fix redundantInitialization warning when variable is used in a lambda
- Fix variableScope warnings when using if/while init-statement
- Improve lifetime analysis when returning variadic template expressions
- Detect more statements with constStatement
- Detect variableScope for more types
- Improvements to unreadVariable
- Detect more instances of C style casts
- Warn if the return value of new is discarded
- The pre-ValueFlow uninitialized checker now uses a different ID as legacyUninitvar
- Extended library format to exclude specific function argument values
Posted by 2022-05-21
Cppcheck-2.7
Today, Cppcheck-2.7 is released
Add support for container views. The view attribute has been added to the <container> library tag to specify the class is a view. The lifetime analysis has been updated to use this new attribute to find dangling lifetime containers.
Various checker improvements.
Fixed false positives.
Posted by 2022-02-05 Labels: 2.7
Cppcheck Premium 21.10
Today a tool with the name Cppcheck Premium is launched.
It integrates the open source Cppcheck tool and a premium addon into a package.
You will get:
* Open source Cppcheck command line tool.
* Analysis; Extra checking for memory errors, diagnoses one of the bugs reported in CVE-2019-15048.
* Security: Binaries and installer are signed using an organization certificate. (This removes the "Unknown Publisher" warning).
* Currently, Cppcheck Premium only includes a Windows installer. Feel free to contact us if you want Linux binaries.... read more
Posted by 2021-11-02
Cppcheck-2.6
New checks in core cppcheck:
* missing return in function
* writing overlapping data, detect undefined behavior
* compared value is out of possible type range
* [perf] Copy elision optimization can't be applied for return std::move(local)
* file can not be opened for read and write access at the same time on different streams
Various improvements:
* Color output for diagnostics are added for unix-based platforms.
* Added symbolic analysis for ValueFlow. A simple delta is used to compute the difference between two unknown variable.
* Rules using the "define" tokenlist can also match #include as well.
* Library <function> tags can now use <container> tag, so free functions that accept containers such as std::size, std::empty, std::begin, std::end, etc. can specify the yields or action for the container.
* Library <smart-pointer> tag can specify a <unique> tag for smart pointers that have unique ownership. Cppcheck now warns about dangling references to smart pointers with unique ownership.
* Fixed problems when --cppcheck-build-dir is used, that should now work better. It is recommended to use --cppcheck-build-dir to speedup Cppcheck analysis.
* htmlreport can now output author information (using git blame)
* More warnings about variables that is not const but can be const... read more
Posted by 2021-10-02 Labels: 2.6
Cppcheck-2.5
A new Cppcheck release
Parser:
* various fixes
* checked that all features in c++11, c++14, c++17 are supported
* c++20 support is improved but not complete yet
Core:
* improved library files, better knowledge about APIs
* improved checks to detect more bugs
* fixed checks to avoid unwanted warnings
Changed output:
* try to use relative paths when using compile databases, if compile database is accessed with relative path
* updated XML; The file0 attribute is moved from to ... read more
Posted by 2021-07-04 Labels: 2.5
C++17 support in Cppcheck
There has been questions before about how well Cppcheck handles the latest C++ standard language features. And unfortunately I feel I could not answer that very well.
Lately I have been investigating C++20 (and below) support. Cppcheck-2.4.1 has pretty good support overall for C++17 (and lower) and it also handle a few C++20 features. We have improved the parser and I now feel that latest Cppcheck development build support all C++17 language features and a couple of additional C++20 features. The improved parser will be available in Cppcheck-2.5.... read more
Posted by 2021-04-26
Cppcheck-2.4.1
We have made a fix release with this little fix:
The windows installer was fixed, there was a missing file for the Misra addon.
Posted by 2021-03-23
Cppcheck-2.4
Fixed false negatives and false positives
New check; Detect one definition rule violations
Various improvements:
* MISRA improvements
* ImportProject fixes
* Various bug hunting improvements
* Fixes when importing AST from clang
Posted by 2021-03-21
Cppcheck-2.3
Improved C++ parser
- types
- wrong operands in ast
- better simplification of templates
Improved clang import, various fixes.
Improved value flow analysis
Fixed false positives
Improved configuration in library files
- boost.cfg
- googletest.cfg
- qt.cfg
- windows.cfg
- wxwidgets.cfg
Added several Misra rules:
- 6.1
- 6.2
- 7.2
- 7.4
- 9.2
- 10.2
- 15.4
Added platforms:
- elbrus e1c+
- pic
- pic8
- mips
Posted by 2020-12-05 Labels: 2.3
Cppcheck-2.2
New checks:
* incorrect usage of mutexes and lock guards
* Dereference end iterator
* Iterating a known empty container
* outOfBounds check for iterators to containers
Removed 'operator=' check that ensures reference to self is returned. That is not about safety.
Improved parser
* various ast fixes
Clang parser
* The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems.... read more
Posted by 2020-10-03 Labels: 2.2
