Cppcheck 2.11 Released for C++ and C Static Code Analysis

CPPCHECK 2.11 – New Version of Static Code Analyzer

The new version of the static code analyzer
CPPCHECK 2.11 has been released. CPPCHECK 2.11 is a powerful tool that allows developers to identify various classes of errors in code written in C and C++ languages. It is capable of detecting errors even when using non-standard syntax typical of built-in systems. Integration with various development systems, continuous integration, and testing is made possible through a collection of plugins. The tool also provides additional features like using its own parser or an external parser from Clang, as well as the ability to donate CPU resources for jointly checking the Debian package code. The project is distributed under the license GPLv3.

The main focus of the CPPCHECK development is to identify problems associated with uncertain behavior and the use of dangerous structures in terms of security. The goal is also to minimize false positives. Some of the identified problems include referencing nonexistent objects, zero divisions, integer overflow, incorrect bit shift operations, incorrect transformations, memory-related issues, improper use of STL, improper handling of zero signs, buffer overflows, and usage of uninitialized variables.

The main changes in CPPCHECK 2.11 include:

  • Added check Pop_Back() for empty containers.
  • Improved control in cycles for the algorithms of the library STL ANY_OF, ALL_OF, and NONE_OF.
  • Improvement of the control analyzer:

    • The returned function of the function can now be determined even when using conditions.
    • Overwriting the sizes of containers returned from the function.
    • Deriving possible values based on their possible symbolic meanings.
    • Improvement after placing values in the container.
  • Graphic interface:

    • In the .cppcheck files, support for the type “UNSPECIFied” will be removed in version 2.14. Instead, use “Unspecified’.
    • The dialog box selection of project files no longer replaces relative paths with absolute paths.

/Reports, release notes, official announcements.