Skip to content

Cppcheck Open-Source 2.11 released

We are happy to announce the release of Cppcheck Open-Source 2.11!

The update introduces new checks, notably for calling pop_back on an empty container, and enhances existing checks, especially within the ValueFlow analysis and use of STL algorithms. GUI changes deprecate the 'Unspecified' platform type, and the interface adds a --check-level option for depth control in analysis. "missingInclude" warnings have been refined, and const checks are now more specific to variable types. Command-line enhancements ensure argument validity, and project scanning optimizes markup file analysis.

Release notes:

  • New checks:
    • pop_back on empty container is UB
  • Improved checking:
    • Improve useStlAlgorithm check to handle many more conditions in the loop for any_of, all_of and none_of algorithms
    • ValueFlow can evaluate the return value of functions even when conditionals are used
    • ValueFlow will now forward the container sizes being returned from a function
    • ValueFlow can infer possible values from possible symbolic values
    • Improve valueflow after pushing to container
  • GUI:
    • The platform type 'Unspecified' within .cppcheck projects has been deprecated and will be removed in Cppcheck 2.14. Please use 'unspecified' instead.
    • Do not replace relative paths with absolute paths in suppressions in the project file dialog
  • Interface:
    • The new option --check-level=<level> has been added that controls how much checking is made by Cppcheck. The default checking level is "normal". If you feel that you can wait longer on results you can use --check-level=exhaustive.</level>
    • It is no longer necessary to run "--check-config" to get detailed "missingInclude" and "missingIncludeSystem" messages. They will always be issued in the regular analysis if "missingInclude" is enabled.
    • "missingInclude" and "missingIncludeSystem" are reported with "-j" is > 1 and processes are used in the backend (default in non-Windows binaries)
    • "missingInclude" and "missingIncludeSystem" will now cause the "--error-exitcode" to be applied
    • "--enable=information" will no longer implicitly enable "missingInclude" starting with 2.16. Please enable it explicitly if you require it.
    • The constParameterand constVariable checks have been split into 3 different IDs based on if the variable is a pointer, a reference, or local. The different IDs will allow users to suppress different const warning based on variable type.
      • constParameter
      • constParameterReference
      • constParameterPointer
      • constVariable
      • constVariableReference
      • constVariablePointer
  • More command-line parameters will now check if the given integer argument is actually valid. Several other internal string-to-integer conversions will now be error checked.
  • scanning projects (with -j1) will now defer the analysis of markup files until the whole code was processed