Cppcheck Premium 26.1.0 Released — Improved MISRA and CERT Accuracy

Discover the updates in Cppcheck Premium version 26.1.0!

Cppcheck Premium 26.1.0 is now available. This release focuses on improving accuracy and usability across MISRA C/C++ and CERT C/C++ compliance checking, with a strong emphasis on reducing false positives and improving rule coverage and reporting.

What’s New in 26.1.4

MISRA C Enhancements

MISRA C:2025

MISRA C:2025 support continues to mature in this release. The compliance report display for MISRA C:2025 rules has been corrected, ensuring clearer and more reliable reporting when working with the latest version of the standard.

Expanded Rule Coverage and Accuracy

Cppcheck Premium 26.1.0 includes a large number of targeted improvements across MISRA C rules, addressing both false positives and false negatives:

• Identifiers and linkage: Improved handling of static, extern, and global identifiers, including better detection of name clashes and linkage inconsistencies (Rules 1.5, 5.1, 5.3, 5.7–5.9).

• Type conversions and expressions: Enhanced checking for enum conversions, float-to-double conversions, implicit casts, and assignment correctness (Rules 10.1–10.6, 11.1, 11.5).

• Macros and preprocessing: Reduced false positives related to #define / #undef usage and null pointer macros (Rules 2.5, 11.5).

• Control flow and side effects: Improved detection of loop counter modification, volatile variable increments, and chained member access (Rules 13.2, 13.3, 14.2).

• Function usage: Better handling of function pointers, extern variables, and functions defined in custom configuration files (Rules 8.2, 21.2).

These refinements improve confidence in MISRA compliance results, particularly for large or legacy codebases.

MISRA C++ 2023 Improvements

MISRA C++ analysis has also been refined in this release:

• Rule 7.0.3: Improved distinction between char and int8_t / uint8_t types.

• Rule 9.4.2: Improved detection of missing default cases in switch statements.

These updates reduce unnecessary findings and improve correctness for modern C++ code.

CERT C/C++ Secure Coding

CERT C/C++ Security Enhancements

Cppcheck Premium 26.1.0 strengthens CERT C/C++ coverage with both accuracy improvements and robustness fixes:

• ARR30-C: Improved detection of unconditional pointer arithmetic (CVE-2018-14938).

• CTR50-CPP: Fixed false positives in iterator and loop index handling.

• DCL06-C / DCL37-C: Enhanced constant checking and better handling of custom configuration files.

• EXP34-C: Fixed crashes and improved validation of custom library parameters.

• EXP50-CPP: Improved detection of unknown evaluation order involving side effects.

• MEM52-CPP: More accurate checking for new after allocation.

These changes help teams identify real security risks while reducing noise in analysis results.

Configuration and Reporting Improvements

Several updates in this release improve usability and reporting clarity:

• Compliance reports now return successful exit codes where appropriate and provide clearer suppression and coverage information.

• Improved mapping for dangerous type casts in reports.

• Better display of suppression comments.

• Improved handling of struct member access patterns and essential type resolution, especially for function return types.

Together, these changes make compliance results easier to interpret and integrate into automated workflows.

Summary

Cppcheck Premium 26.1.0 focuses on incremental improvements to compliance checking, including more accurate MISRA C:2025 handling, expanded rule coverage, refinements to CERT checks, and clearer compliance reporting.