Posted
over 2 years
ago
by
Daniel Marjamäki
Today, Cppcheck-2.7 is released
Add support for container views. The view attribute has been added to the library tag to specify the class is a view. The lifetime analysis has been updated to use this new attribute to find dangling lifetime containers.
Various checker improvements.
Fixed false positives.
|
Posted
over 2 years
ago
by
Daniel Marjamäki
Today a tool with the name Cppcheck Premium is launched.
It integrates the open source Cppcheck tool and a premium addon into a package.
You will get:
* Open source Cppcheck command line tool.
* Analysis; Extra checking for memory errors
... [More]
, diagnoses one of the bugs reported in CVE-2019-15048.
* Security: Binaries and installer are signed using an organization certificate. (This removes the "Unknown Publisher" warning).
* Currently, Cppcheck Premium only includes a Windows installer. Feel free to contact us if you want Linux binaries.
More Cppcheck Premium features are coming, for example:
* Detect more memory errors and other undefined behavior
* Misra rule texts
* Improved Clang import
It will be free to use during November.
Cppcheck Premium is developed by the Swedish company Cppcheck Solutions AB. Cppcheck Solutions AB has ambitious goals for Cppcheck and will actively contribute to the open source Cppcheck project.
To get Cppcheck Premium, contact [email protected]
[Less]
|
Posted
over 2 years
ago
by
Daniel Marjamäki
New checks in core cppcheck:
* missing return in function
* writing overlapping data, detect undefined behavior
* compared value is out of possible type range
* [perf] Copy elision optimization can't be applied for return std::move(local)
*
... [More]
file can not be opened for read and write access at the same time on different streams
Various improvements:
* Color output for diagnostics are added for unix-based platforms.
* Added symbolic analysis for ValueFlow. A simple delta is used to compute the difference between two unknown variable.
* Rules using the "define" tokenlist can also match #include as well.
* Library tags can now use tag, so free functions that accept containers such as std::size, std::empty, std::begin, std::end, etc. can specify the yields or action for the container.
* Library tag can specify a tag for smart pointers that have unique ownership. Cppcheck now warns about dangling references to smart pointers with unique ownership.
* Fixed problems when --cppcheck-build-dir is used, that should now work better. It is recommended to use --cppcheck-build-dir to speedup Cppcheck analysis.
* htmlreport can now output author information (using git blame)
* More warnings about variables that is not const but can be const
Misra C 2012 compliance has been "completed"
All Misra C 2012 rules have been implemented except 1.1 , 1.2 and 17.3. Including the rules in amendment 1 and amendment 2.
The rules 1.1 and 1.2 must be checked with a compiler.
The rule 17.3 can be checked by a compiler, for instance GCC.
[Less]
|
Posted
almost 3 years
ago
by
Daniel Marjamäki
A new Cppcheck release
Parser:
* various fixes
* checked that all features in c++11, c++14, c++17 are supported
* c++20 support is improved but not complete yet
Core:
* improved library files, better knowledge about APIs
* improved checks to
... [More]
detect more bugs
* fixed checks to avoid unwanted warnings
Changed output:
* try to use relative paths when using compile databases, if compile database is accessed with relative path
* updated XML; The file0 attribute is moved from to
Misra:
* fixed crashes and false positives
New checks:
* suspicious container/iterator assignment in condition
* rethrow without current handled exception
[Less]
|
Posted
about 3 years
ago
by
Daniel Marjamäki
There has been questions before about how well Cppcheck handles the latest C++ standard language features. And unfortunately I feel I could not answer that very well.
Lately I have been investigating C++20 (and below) support. Cppcheck-2.4.1 has
... [More]
pretty good support overall for C++17 (and lower) and it also handle a few C++20 features. We have improved the parser and I now feel that latest Cppcheck development build support all C++17 language features and a couple of additional C++20 features. The improved parser will be available in Cppcheck-2.5.
The builtin Cppcheck parser is designed to handle incomplete code and code with various compiler extensions. As a consequence it is not very strict. Therefore the checks do not have very strict requirements neither.
In my investigation I wanted to ensure that Cppcheck parser meets the requirements of the checks so you will catch bugs and avoid false positives.
Here is a table with my notes for C++17 language features:
Making the text message for static_assert optional Yes
Allow typename in a template template parameter Yes
New rules for auto deduction from braced-init-list Yes
Nested namespace definitions Yes
Attributes for namespaces and enumerators Yes
attribute [[fallthrough]] Yes
attribute [[nodiscard]] Yes
attribute [[maybe_unused]] Yes
UTF-8 character literals Yes
Hexadecimal floating-point literals Yes
Use of auto as the type for a non-type template parameter Yes
Constant evaluation for all non-type template arguments Yes (template is not instantiated)
Fold expressions, for variadic templates Yes (fold expressions are replaced by function call)
if constexpr Yes
Structured binding declarations Yes
Initializers in if and switch Yes
copy-initialization and direct initialization (copy-elision) Yes, not optimised
Some extensions on over-aligned memory allocation Yes
Class template argument deduction Yes (template is not instantiated)
Inline variables Yes
__has_include Yes
Value of __cplusplus changed to 201703L Yes
Exception specifications were made part of the function type Yes, not strict
Direct list initialization of enums Yes
constexpr lambda Yes
Lambda capture this by value Yes
The C++20 support is work in progress, and will hopefully be ready soon.
[Less]
|
Posted
about 3 years
ago
by
Daniel Marjamäki
We have made a fix release with this little fix:
The windows installer was fixed, there was a missing file for the Misra addon.
|
Posted
about 3 years
ago
by
Daniel Marjamäki
Fixed false negatives and false positives
New check; Detect one definition rule violations
Various improvements:
* MISRA improvements
* ImportProject fixes
* Various bug hunting improvements
* Fixes when importing AST from clang
|
Posted
over 3 years
ago
by
Daniel Marjamäki
Improved C++ parser
- types
- wrong operands in ast
- better simplification of templates
Improved clang import, various fixes.
Improved value flow analysis
Fixed false positives
Improved configuration in library files
- boost.cfg
-
... [More]
googletest.cfg
- qt.cfg
- windows.cfg
- wxwidgets.cfg
Added several Misra rules:
- 6.1
- 6.2
- 7.2
- 7.4
- 9.2
- 10.2
- 15.4
Added platforms:
- elbrus e1c+
- pic
- pic8
- mips
[Less]
|
Posted
over 3 years
ago
by
Daniel Marjamäki
New checks:
* incorrect usage of mutexes and lock guards
* Dereference end iterator
* Iterating a known empty container
* outOfBounds check for iterators to containers
Removed 'operator=' check that ensures reference to self is returned. That is
... [More]
not about safety.
Improved parser
* various ast fixes
Clang parser
* The Clang import feature in Cppcheck should be considered to be experimental for now. There are problems.
Improved bug hunting
* variable constraints
* handling of multidimension arrays
* function calls, execute functions that are in same TU
* improved handling of containers
* several improvements for uninitialized variables check
* improved analysis of for loops
* added a hash value for warnings that can be used for suppressions
Improved data flow
* one more heuristic for ternary operators
* improved data flow for containers
CLI:
* Fixed some addon execution problems when there are spaces etc
GUI:
* Fix handling of tags
* Exclude files
cppcheck-htmlreport:
* several result files can be combined into 1 output
Suppressions:
* comments can be added at end of suppression in suppressions file
[Less]
|
Posted
over 3 years
ago
by
Daniel Marjamäki
I have launched one more Kickstarter project. Its goal is to improve the Clang import feature in Cppcheck.
There are two tasks:
Comparison of Clang/Cppcheck syntax tree. This will help us ensure that Cppcheck and Clang import work properly.
The
... [More]
Cppcheck SymbolDatabase has a few fields for Variables that are not set properly by Clang import.
Link to project:
https://www.kickstarter.com/projects/3300446/cppcheck-clang-import
[Less]
|