What's new in Klocwork 2022.1

Here are the highlights for Klocwork 2022.1. If you're upgrading, also see the Limitations for items that affect how you use Klocwork.

Project streams

For projects that have related streams, Klocwork now provides full support for desktop tools (kwcheck), CI (kwciagent), and kwxsync.

We've improved how the portal displays streams: For example, we've introduced a hide streams button for easier navigation, and a selected project now always displays all streams associated with the project.

JSON + XML list output from kwcheck and kwciagent indicate whether a connected project's system defect exists in a connected project or stream, and whether it exists in any other member of its family.

C/C++

This release introduces a range of improvements, including:

  • performance improvements for C/C++ analysis, especially for large projects such as Android, when using a large number of CPUs

  • increased support for Visual Studio 2019 C/C++ default headers

  • improved analysis of C++20 modules

  • improved coverage of the CERT C++ 2016 standard that increases coverage from 62% to 66%

  • multiple improvements in specific checkers to reduce false positives and improve defect detection

Java

This release includes:

  • support for Android S by using the kwandroid command -s option

  • static analysis for Kotlin projects on both desktop and server by using the kwktspec and kwktspecimport commands. You can use the kwktspec command to generate a Klocwork build specification. You can use the kwktspecimport command to convert Detekt configuration data into a Klocwork pconf file.

  • an update to the log4j vulnerability checker

Klocwork help

We've updated the look and feel of our embedded and online help and have moved the online help to a new website. You can now find the latest online help at https://help.klocwork.com.

Coding standards

This release includes new and expanded standards coverage for the following coding standards:

  • CERT C
  • CERT CPP
  • CWE for C/C++
  • DISA STIG Version 5 for C/C++, C#
  • MISRA C++:2008
  • MISRA C:2012

Klocwork checker improvements

From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change as accuracy and coverage improve.

New Klocwork checkers

Checker Description
CERT.EXPR.PARENS This C/C++ checker provides support for CERT EXP00-C. Use parentheses for precedence of operation.
CERT.FILE_PTR.DEREF This C/C++ checker provides support for CERT FIO38-C. Do not copy a FILE object.
CERT.FILE_PTR.DEREF.CAST This C/C++ checker provides support for CERT FIO38-C. Do not copy a FILE object.
CERT.FILE_PTR.DEREF.INDIRECT This C/C++ checker provides support for CERT FIO38-C. Do not copy a FILE object.
CERT.FILE_PTR.DEREF.RETURN This C/C++ checker provides support for CERT FIO38-C. Do not copy a FILE object.
CERT.OOP.CTOR.VIRTUAL_FUNC This C/C++ checker provides support for CERT OOP50-CPP. Do not invoke virtual functions from constructors or destructors.
CERT.PUTENV.AUTO_VARIABLE This C/C++ checker provides support for CERT POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument.
MISRA.DECL.FUNC.NAME.QUAL.2012 This MISRA checker provides support for MISRA C 2012 Rule 8.3.
MISRA.PTR.CMP.2008 This MISRA checker provides support for MISRA C++:2008 Rule 5-0-18.
MISRA.PTR.CMP.OBJECT.2008 This MISRA checker provides support for MISRA C++: 2008 Rule 5-0-18.

Modified Klocwork checkers

Checker Description
ABV.GENERAL Reduced false positives
AUTOSAR.OP.RELATIONAL.RETVAL Reduced false positives
JD.LOCK Reduced false positives
JD.NEXT Reduced false positives
JD.VNU Reduced false positives
MISRA.ASSIGN.SUBEXPR.2012 New defects detected
MISRA.CAST.CONST Reduced false positives
MISRA.EXPR.PARENS.INSUFFICIENT Reduced false positives
MISRA.USE.EXPANSION Reduced false positives
NPD.CONST.DEREF Reduced false positives
NPE.CONST Reduced false positives
SV.RVT.RETVAL_NOTTESTED Reduced false positives
UNINIT.CTOR.MUST Reduced false positives
UNINIT.STACK.ARRAY.MUST Reduced false positives
UNINIT.STACK.ARRAY.PARTIAL.MUST Reduced false positives
UNINIT.STACK.MIGHT Reduced false positives

Enabled or disabled checkers

No checkers were added to the default enabled field of the checker configuration files for this release.

Taxonomy improvements

As part of our installation, we offer several custom taxonomy files that map our checkers to standards such as MISRA, CWE, OWASP, and DISA STIG.

Taxonomy New/Updated

cert_c.tconf and cert_c_ja.tconf

 Added or modified checker mappings to the following rules:
  • CERT EXP00-C

  • CERT POS34-C

  • CERT PRE32-C
cert_c_all.tconf and cert_c_all_ja.tconf Added or modified checker mappings to the following rules:
  • CERT EXP00-C

  • CERT MSC39-C

  • CERT POS34-C

  • CERT PRE32-C

Removed a mapping to rule PRE32-C.
cert_cpp.tconf and cert_cpp_ja.tconf Added or modified checker mappings to the following rules:

  • ERR33-C

  • EXP00-CPP

  • CERT EXP50-CPP

  • EXP61-CPP

  • EXP62-CPP

  • FIO38-C

  • FLP36-C

  • OOP50-CPP

  • POS34-C

  • POS44-C

  • PRE30-C

  • PRE32-C
cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf

Added or modified checker mappings to the following weaknesses:

  • CWE-413

  • CWE-484

  • CWE-667

  • CWE-764

  • CWE-765

  • CWE-832

  • CWE-833

Removed a mapping to CWE-414.

cwe_2019_top_25_cs.tconf and cwe_2019_top_25_cs_ja.tconf

cwe_2019_top_25_cxx.tconf and cwe_2019_top_25_cxx_ja.tconf

cwe_2019_top_25_java.tconf and cwe_2019_top_25_java_ja.tconf

cwe_2020_top_25_cs.tconf and cwe_2020_top_25_cs_ja.tconf

cwe_2020_top_25_cxx.tconf and cwe_2020_top_25_cxx_ja.tconf

cwe_2020_top_25_java.tconf and cwe_2020_top_25_java_ja.tconf

cwe_2021_top_25_cs.tconf and cwe_2021_top_25_cs_ja.tconf

cwe_2021_top_25_cxx.tconf and cwe_2021_top_25_cxx_ja.tconf

cwe_2021_top_25_java.tconf and cwe_2021_top_25_java_ja.tconf

 Reorganized the taxonomies to include the ranking of each rule in the Top 25.
disa_stig_v5_cs.tconf and disa_stig_v5_cs_ja.tconf New taxonomies that map Klocwork C# checkers to DISA STIG version 5 IDs.
disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf Included an additional ID with each of the rule descriptions.
kt.base.tconf and kt.base_ja.tconf New Kotlin taxonomies.

misra_c_2012_c90_all_checkers.tconf and misra_c_2012_c90_all_checkers_ja.tconf

misra_c_2012_c99_all_checkers.tconf and misra_c_2012_c99_all_checkers_ja.tconf

misra_c_2012_with_amd1_c90_all_checkers.tconf and misra_c_2012_with_amd1_c90_all_checkers_ja.tconf

misra_c_2012_with_amd1_c99_all_checkers.tconf and misra_c_2012_with_amd1_c99_all_checkers_ja.tconf

misra_c_2012_with_amd2_c11_all_checkers.tconf and misra_c_2012_with_amd2_c11_all_checkers_ja.tconf

 Mapped a checker to the following rule: 8.3.
misra_cpp_2008_certified.tconf and misra_cpp_2008_certified_ja.tconf Mapped checkers to the following rule: 5-0-18.

Improvements to supported compilers

We've added or improved support for the following compilers:

  • Clang
  • GNU
  • Microsoft Visual C++
  • QNX
  • TI Arm Clang
  • TI tms320c28x

Change to analysis engine data synchronization

The Klocwork analysis engine now keeps its knowledge base data in memory during C/C++ and C# analysis (for all 64-bit systems) and synchronizes the data to tables at the end of the analysis. Keeping the entire database in memory is beneficial for an analysis that uses a large number of CPUs because it reduces the latency for accessing the database. However, there is increased memory consumption use by the analysis engine due to this change.

Licensing

2021 licenses are not compatible with Klocwork 2022.4. You need a new license to use the latest version of the product. Contact license@perforce.com to obtain a new license.

Maintenance for Klocwork 2020 ending

Maintenance for all versions of Klocwork 2020 is ending March 31, 2022. The end of maintenance (EOM) date and end of sale (EOS) date is also March 31, 2022. For information about the availability of support for any release of Klocwork, see the Klocwork Product Lifecycle.

Changes to system requirements

This section lists changes to the system requirements. We've added support for the following:

  • Debian 10.11, 11.2
  • Red Hat Enterprise Linux 8.5
  • Oracle Linux 8.5

  • Amazon Linux 2 (2.0.20211223.0 Update)

  • CentOS 8.5

  • Fedora 35

  • Eclipse 4.22

  • Android Studio Bumblebee (2021.1.1 Patch 1)

  • Visual Studio 2017 version 15.9.44

  • Visual Studio 2019 version 16.11.10

  • Visual Studio Code 1.64.2

  • IntelliJ IDEA 2021.2.4

  • Microsoft Edge 97.x, 98.x

  • Mozilla Firefox 95.x, 96.x, 97.x

  • Google Chrome 98.x

  • Jenkins 2.335

  • Gradle 7.4

We no longer provide support for the following:

  • Microsoft Edge versions 88.x
  • Mozilla Firefox 82.x, 83.x, 84.x, 85.x

  • Google Chrome 80.x to 87.x

  • Microsoft Internet Explorer