A new version of the cppcheck 2.7 static code analyzer has been released, which allows you to detect various classes of errors in C and C++ code, including when using non-standard syntax typical for embedded systems. A collection of plugins is provided through which cppcheck is integrated with various development, continuous integration and testing systems, as well as features such as checking code compliance with code style. To parse the code, both your own parser and an external parser from Clang can be used. It also includes a donate-cpu.py script to provide local resources to do the work of collaborating on Debian package code reviews. The source texts of the project are distributed under the GPLv3 license.
The development of cppcheck is focused on identifying problems related to undefined behavior and the use of constructs that are dangerous from a security point of view. The goal is also to minimize false positives. Problems identified include: pointers to non-existent objects, division by zero, integer overflows, incorrect bit shift operations, incorrect conversions, memory handling problems, incorrect use of STL, null pointer dereferencing, applying checks after actually accessing the buffer, buffer overruns , use of uninitialized variables.
In parallel, the Swedish company Cppcheck Solutions AB is developing an extended version of Cppcheck Premium, which provides analysis of the presence of infinite loops, improved search for uninitialized variables, and advanced analysis of buffer overflows.
In the new version:
- Support for container views has been added - the view attribute has been added to the library tag, indicating that the class is a view. Updated lifetime analysis code to use this attribute when searching for dangling containers;
- Improved checks;
- Accumulated errors have been fixed and analyzer shortcomings have been eliminated.
Source: opennet.ru