What's new in Klocwork 2022.3

Here are the highlights for Klocwork 2022.3. If you're upgrading, also see the Limitations for items that affect how you use Klocwork.

C/C++ analysis engine

We've added the following new checkers:

DBZ.ITERATOR.CALL detects cases where division by zero might occur in a function call.

NUM.OVERFLOW.DF detects possible cases of numeric overflow or wraparound in an arithmetic operation.

We've also updated mappings to many of the standards we support, as listed below in the Taxonomies improvements section.

C#

In this release we added support for C# 7.2. More specifically, we now support

readonly references, such as in parameters and ref readonly locals
non-trailing named arguments
conditional ref expressions
the private protected access modifier
leading underscores in numeric literals
initializers on stackalloc arrays

We also updated the OWASP Top 10 2021 taxonomy for C#.

Java

This release includes support for Java 13. We've also enhanced the following areas:

We've added new API points to our knowledge base. We're detecting more defects and have enhanced the quality of our analysis.
The kwandroid command now supports all kwinject options.
We've tidied some java build messages by moving sourcegraph messages under the debug category.
We've mapped checkers to weaknesses CWE-1032 and CWE-1035.
And we've reduced false positives for the checker RLK.SQLOBJ.

JavaScript, Kotlin, Python analysis engines

General upgrades and improvements to JavaScript, Kotlin, and Python analysis engines and checkers, including many new checkers.

You can also tune JavaScript and Python checkers. For more information, see Tuning JavaScript analysis and Tuning Python analysis.

Visual Studio

You can now run your C# analysis in Visual Studio by using the kwcheck command. Using kwcheck can significantly improve analysis performance.

Coding standards

This release includes new and expanded standards coverage for the following coding standards:

AUTOSAR
CERT
CWE for C/C++, Java
HKMC
ISO/IEC TS 17961
JSF AV C++
MISRA
OWASP Top 10 2021 for C#

Klocwork checker improvements

From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change as accuracy and coverage improve.

New Klocwork checkers

Checker	Description
DBZ.ITERATOR.CALL	This C/C++ checker detects cases where division by zero might occur in a function call.
NUM.OVERFLOW.DF	This C/C++ checker detects possible cases of numeric overflow or wraparound in an arithmetic operation.

Modified Klocwork checkers

Checker	Description
ABV.GENERAL	Reduced false positives
ABV.GENERAL.MULTIDIMENSION	New defects detected
AUTOSAR.ADD.NULLPTR	Reduced false positives
AUTOSAR.OP.BINARY.RETVAL	Reduced false positives
CERT.CONC.ATOMIC_TWICE_EXPR	Overall improvements to the checker
CONC.NO_UNLOCK	Reduced false positives
CONC.UNLOCK. GLOBAL	Reduced false positives
INVARIANT_CONDITION.UNREACH	Reduced false positives
MISRA.ASSIGN.OVERLAP	Reduced false positives
MISRA.INCGUARD	New defects detected
MLK.MUST	New defects detected
RLK.SQLOBJ	Reduced false positives
UNREACH.GEN	Reduced false positives
VA_UNUSED.INIT	Reduced false positives

Enabled or disabled checkers

No checkers were added to the default enabled field of the checker configuration files for this release.

Taxonomy improvements

As part of our installation, we offer several custom taxonomy files that map our checkers to standards such as MISRA, CWE, OWASP, and DISA STIG.

Taxonomy	New/updated
autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf	Modified checker mapping for the following rule: A5-6-1
cert_c_all.tconf and cert_c_all_ja.tconf cert_c_rules.tconf and cert_c_rules_ja.tconf	Added or modified checker mappings to the following rules: INT30-C INT32-C
cert_cpp.tconf and cert_cpp_ja.tconf	Added or modified checker mappings to the following rules: CERT EXP60-CPP CERT INT32-C CERT POS35-C CERT STR30-C
cwe_2019_top_25_cxx.tconf and cwe_2019_top_25_cxx_ja.tconf cwe_2020_top_25_cxx.tconf and cwe_2020_top_25_cxx_ja.tconf cwe_2021_top_25_cxx.tconf and cwe_2021_top_25_cxx_ja.tconf	Added or modified checker mappings to the following weaknesses: CWE-190
cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf	Added or modified checker mappings to the following weaknesses: CWE-119 CWE-124 CWE-125 CWE-190 CWE-369 CWE-481 CWE-482 CWE-484 CWE-783 CWE-787 CWE-806
cwe_all_java.tconf and cwe_all_java_ja.tconf	Added or modified checker mappings to the following weaknesses: CWE-1032 CWE-1035
cwe_all_py2.tconf and cwe_all_py2_ja.tconf	These taxonomies were removed.
disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf	Significant changes to the checker mappings.
Helix QAC taxonomies	The Helix QAC taxonomies have been updated to Helix QAC version 2022.3.
hkmc_c.tconf and hkmc_c_ja.tconf hkmc_cpp.tconf and hkmc_cpp_ja.tconf	New taxonomies that map C/C++ checkers to the Hyundai-Kia Motor Corp (HKMC) Coding Standard for Automotive Development.
iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf	Added or modified checker mappings to the following rules: 5.26 5.30
js.base.tconf and js.base_ja.tconf	Updated to version 8.20.
js.react.tconf and js.react_ja.tconf	Updated to version 7.30.0.
js.ts.tconf and js.ts_ja.tconf	Updated to version 5.32.0.
js.vue.tconf and js.vue_ja.tconf	Updated to version 9.1.0.
jsf_av_rev_c_cpp.tconf and jsf_av_rev_c_cpp_ja.tconf	Added or modified checker mappings to the following rules: 203
kt.base.tconf and kt.base_ja.tconf	Updated to version 1.21.0.
owasp_2021_10_py2.tconf and owasp_2021_10_py2_ja.tconf	These taxonomies were removed.
misra_c_2004_certified.tconf and misra_c_2004_certified_ja.tconf	Added or modified checker mappings to the following rules: 12.11
misra_c_2012_c90_all_checkers.tconf and misra_c_2012_c90_all_checkers_ja.tconf misra_c_2012_c90_certified.tconf and misra_c_2012_c90_certified_ja.tconf misra_c_2012_c99_all_checkers.tconf and misra_c_2012_c99_all_checkers_ja.tconf misra_c_2012_c99_certified.tconf and misra_c_2012_c99_certified_ja.tconf misra_c_2012_with_amd1_c90_all_checkers.tconf and misra_c_2012_with_amd1_c90_all_checkers_ja.tconf misra_c_2012_with_amd1_c90_certified and misra_c_2012_with_amd1_c90_certified_ja.tconf misra_c_2012_with_amd1_c99_all_checkers.tconf and misra_c_2012_with_amd1_c99_all_checkers_ja.tconf misra_c_2012_with_amd1_c99_certified.tconf and misra_c_2012_with_amd1_c99_certified_ja.tconf misra_c_2012_with_amd2_c11_all_checkers.tconf and misra_c_2012_with_amd2_c11_all_checkers_ja.tconf misra_c_2012_with_amd2_c11_certified.tconf and misra_c_2012_with_amd2_c11_certified_ja.tconf	Added or modified checker mappings to the following rules: Dir 4.1 18.1
owasp_2021_10_cs.tconf and owasp_2021_10_cs_ja.tconf	Significant changes to the checker mappings.
owasp_2021_10_py2.tconf and owasp_2021_10_py2_ja.tconf	These taxonomies were removed.
python.py2.tconf and python.py2_ja.tconf	These taxonomies were removed.
python.py3.tconf and python.py3_ja.tconf	Updated to version 3.

Improvements to supported compilers

We've added or improved support for the following compilers:

HI-TECH C
Synopsys ARC MetaWare

Licensing

Klocwork now supports Reprise License Manager (RLM). FLEXlm/FlexNet Publisher support is deprecated, but will continue to work until the release of Klocwork 2023.1. You can continue to use your existing FLEX license files for the remainder of the Klocwork 2022 releases. If you need new license files, please contact license@perforce.com.

2021 licenses are not compatible with Klocwork 2022.4. You need a new license to use the latest version of the product. Contact license@perforce.com to obtain a new license.

Changes to system requirements

In this release, we've added support for

Debian 10.12, 11.4
Red Hat Enterprise Linux 8.6
Oracle Linux 8.6
Amazon Linux 2 (2.0.20220805.0 Update)
Ubuntu 18.04.6 LTS, 20.04.5 LTS
Fedora 36
SUSE Enterprise 15 SP4
Eclipse 4.24
Android Studio Chipmunk (2021.2.1 Patch 2)
Visual Studio 2017 version 15.9.50
Visual Studio 2019 version 16.11.18
Visual Studio 2022 version 17.3.4
Visual Studio Code 1.71
IntelliJ IDEA 2021.3 (up to 2021.3.3)
Microsoft Edge 99.x, 100.x, 101.x, 102.x, 103.x, 104.x, 105.x
Firefox 98.x, 99.x, 100.x, 101.x, 102.x, 103.x, 104.x
Chrome 93.x to 105.x
Jenkins 2.366
Gradle 7.5.1

In this release, we've ended support for

Python 2 analysis
CentOS 8.0 to 8.5
Ubuntu 21.04
Fedora 34
OpenSUSE Leap 15.4
Microsoft Edge 89.x, 90.x, 91.x, 92.x
Firefox78.x, 86.x, 87.x, 88.x, 89.x, 90.x, 91.x
Chrome 88.x-92.x

Maintenance for Klocwork 2020 ended

Maintenance for all versions of Klocwork 2020 ended March 31, 2022. The end of maintenance (EOM) date and end of sale (EOS) date was also March 31, 2022. For information about the availability of support for any release of Klocwork, see the Klocwork Product Lifecycle.

Pre-announcements

Take note of the following changes we have planned for upcoming releases.

Path API version upgrade in Klocwork 2023.1

After Klocwork 2023.1 is released, we recommend you review your custom checkers for potential race conditions and recompile by using the 2023.1 Klocwork Path API headers and library. Old custom checkers that are not recompiled will continue to work, but will not be able to use the parallelization feature improvements.

End of Life notice for FLEXlm/FlexNet Publisher as of Klocwork 2023.1

This is a six-month notice for the End-Of-Life and support for FLEXlm/FlexNet Publisher license files.

Klocwork is changing its license management tool by moving from FLEXlm/FlexNet Publisher to Reprise License Manager (RLM) as of Klocwork 2023.1.

New product license files will be generated for Reprise, and if you require a FLEX license file for older Klocwork versions we will provide this for you.

End of Life notice for macOS as of Klocwork 2023.1

Beginning with Klocwork 2023.1, the following operating systems and installers will not be supported:

macOS