Cppcheck Premium 26.3.0 Released — New CERT Checks and Improved MISRA Accuracy

Discover the updates in Cppcheck Premium version 26.3.0!

Cppcheck Premium 26.3.0 is now available. This release focuses on expanding secure coding rule coverage, improving detection accuracy across MISRA and CERT standards, and strengthening analysis stability. Numerous false positives and false negatives have been addressed, along with improvements to compliance reporting and code analysis infrastructure.

What’s New in 26.3.0

New CERT Check

INT13-C

A new CERT C rule check has been introduced:

• INT13-C: Detects unsafe or implementation-defined use of bitwise operators on signed integers.

This addition strengthens detection of integer-related issues that can lead to undefined or implementation-dependent behavior.

CERT C Improvements

Several improvements have been made to CERT C rule checking, particularly around string handling and buffer safety.

STR30-C

• Reduced false positives when reading from arrays.
• Reduced false positives when passing const char* pointers to functions.

STR31-C

• Improved detection based on official CERT examples, including:
  • getchar() usage.
  • sprintf() examples.
  • getenv() usage.
  • argv handling.
• Reduced false positives related to loop counters.
• Fixed crash related to sprintf(buf, fmt, n) handling.

These improvements improve detection reliability for common string and buffer handling patterns.

CERT C++ Improvements

Updates to CERT C++ checks improve both detection accuracy and stability.

CTR50-CPP

• Fixed cases where dangerous iterator usage was not reported.
• Reduced false positives related to safe iterator increment operations.

EXP53-CPP

• Reduced false positives related to uninitialized pointer or variable usage inside catch blocks.

MEM54-CPP

• Improved detection when placement new uses a buffer that is too small.

MISRA C Improvements

This release includes a broad set of improvements across MISRA C rules, targeting correctness, false positive reduction, and improved handling of edge cases.

Preprocessing and comments

• Dir 4.4: Reduced false positives triggered by semicolons inside comments.

Identifiers and naming

• Dir 4.5: Improved detection of identifier conflicts that differ only by case (id2_abc vs id2_ABC).
• Rule 5.1: Corrected handling of significant naming characters.
• Rule 5.6: Improved detection involving typedefs and local variables.
• Rule 5.7: Reduced false positives involving identical tag names and typedef names and improved handling of official examples.
• Rule 5.9: Improved detection for identifier reuse scenarios.

Function declarations and parameters

• Rules 8.1 / 8.2: Reduced false positives related to ellipsis (...) used as function parameters.
• Rule 8.3: Improved warning placement to improve readability.

Type conversions and expressions

• Rule 10.3: Improved handling of pointer essential types, compound assignments, and pointer expressions.
• Fixed crash related to double = float assignments.
• Rule 10.6: Reduced false positives for expressions such as double d = (double)a / (double)b.

Pointer conversions

• Rule 11.3: Improved detection based on official examples and reduced false positives for pointer conversions to character types.
• Rule 11.9: Improved handling of integer literal 0, including cases used in function calls.

Control flow

• Rule 14.2: Reduced false positives in certain function call scenarios and fixed crash related to loop expressions.
• Rule 15.3: Improved detection of inner scopes within switch statements.
• Rule 15.4: Improved detection of goto statements breaking both inner and outer loops.
• Rule 16.6: Corrected handling of switch statements with multiple cases inside a single clause.

Function usage

• Rule 17.3: Reduced false positives when calling callbacks initialized with const.

MISRA C++ 2023 Improvements

Several improvements have been made to MISRA C++ 2023 rule checking:

• Rule 0.2.1: Reduced false positives involving template arguments.
• Rule 7.0.3: Improved detection when the numerical value of a character is used.
• Rule 8.2.5: Reduced false positives related to std::byte.
• Rule 11.6.1: Reduced false positives when handling class objects.

These improvements increase reliability when analyzing modern C++ code under MISRA C++ 2023.

AUTOSAR Improvements

Several AUTOSAR rule checks have been improved:

• A0-1-2: Checker rewritten for improved robustness and maintainability.
• A2-5-1: Detection logic improved by reusing logic from rule M2-3-1.
• A5-1-1: Improved handling of integer literal 0 within function calls.
• A5-2-2: Improved pedantic checking.

General Improvements

Compliance Reporting
Inline suppression comments now display their location in compliance reports, improving traceability.

Coverage Reporting
Added coverage reporting for the MISRA C example suite.

HIS Metrics
Improved cyclomatic complexity calculation for nested if statements.

CTU Analysis
Fixed broken cross translation unit (CTU) functionality and improved performance.

Stability
Fixed segmentation fault in FwdAnalysis.

Summary

Cppcheck Premium 26.3.0 expands rule coverage with the addition of the CERT INT13-C check and includes extensive improvements across MISRA C, MISRA C++ 2023, CERT C/C++, and AUTOSAR rule sets. The release also improves reporting clarity, analysis performance, and overall stability.