The release of the version of the static code analyzer cppcheck 2.6, what allows to detect various kinds of errors in C and C ++ codeeven when using non-standard syntax typical of embedded systems.
A collection of plugins is provided through which the integration of cppcheck with various development, continuous integration and test systems is provided, as well as features such as checking code compliance with the coding style.
To analyze the code, you can use both your own parser and an external Clang parser. It also includes a donate-cpu.py script to provide local resources for collaborative code review work for Debian packages.
The development of cppcheck focuses on identifying problems associated with undefined behavior and the use of constructs that are dangerous from a safety point of view.
The goal is also to minimize false positives. Among the problems identified: pointers to non-existent objects, division by zero, integer overflows, incorrect bit-shifting operations, incorrect conversions, memory problems, incorrect use of STL, dereferencing null pointers, applying checks after an access real to a buffer, overflowing the buffer limits, using uninitialized variables.
Main new features of cppcheck 2.6
In this new version se have added various checks to the kernel of the parser, among which the verification of the absence of a return declaration in the body of the function stands out, as well as that of overlapping data records, undefined behavior definitions and also the verification for the value being compared is out of the range of the representation of the value of the type.
Another novelty that stands out is the copy optimization does not apply to return std :: move (local);, plus support was added for displaying diagnostic messages in different colors for Unix platforms and that the library tag can now contain a tag for smart pointers that have unique property. Dangling link warning is now issued to this kind of smart pointers.
In addition, Misra C 2012 controls have been fully implemented, including Amendment 1 and Amendment 2, except for rules 1.1, 1.2 and 17.3. The compiler should perform checks 1.1 and 1.2. A compiler like GCC can check 17.3.
Of the other changes that stand out of this new version:
- The file cannot be opened simultaneously to read and write in different streams;
- Added symbolic analysis for ValueFlow. A simple delta is used when calculating the difference between two unknown variables;
- The rules used for the "define" token list can also match #include;
- The library tag can now contain a tag and thus free functions that can accept containers like std :: size, std :: empty, std :: begin, std :: end, etc. you can specify yeld or action for containers;
- Fixed problems with the handling of the –cppcheck-build-dir parameter;
htmlreport can now print information about the author (using git blame);
- Extended issuance of warnings on variables that are not constant, but can become constant;
- Accumulated analyzer bugs and deficiencies have been fixed.
Finally, if you are interested in knowing more about this new version, you can consult the details in the following link.
How to install cppcheck on Linux?
For those who are interested in being able to install cppcheck on their Linux distribution, they can follow the instructions we share below.
If you are a Debian user or any other distribution based or derived from it such as Deepin or Ubuntu, you can install directly from the terminal by typing the following command:
sudo apt-get install cppcheck
Now for those who are Fedora users and derivatives of it, they can perform the installation by typing the following command:
sudo yum instalar cppcheck
Or for those who are Arch Linux users or any other derivative of it, they can install with the following command:
sudo pacman -S cppcheck