What's new in Klocwork 2023.4

Here are the highlights for Klocwork 2023.4. If you're upgrading, see the Limitations for items that affect how you use Klocwork.

Command options for exact match and overrides file

In this release, we have introduced new functionalities for exact match and overrides file options in both kwcheck and kwciagent.

Exact File Matching:

Enable exact file matching by setting the enable_exact_file_match option to true when using kwcheck or kwciagent.
File Overrides:

Run the --overrides-file option with kwcheck or kwciagent to apply file matching overrides.

New commands for kwcheck and kwciagent

In this release, we have introduced several commands in kwcheck and kwciagent:

The clean command cleans your local Klocwork project and/or settings directories.
The add-replace-path command adds system path replacement configurations. Use to replace or shorten the directory structure for your source files.
The apply-replace-path command lists defects using their replace-path paths.
The list-replace-path command lists replace paths set with add-replace-path.
The remove-replace-path command removes replace path settings.

Download compliance reports using the Web API

In the Validate Static Code Analysis Web API, the compliance_download action has been added, allowing you to download a compliance report file.

Deprecation of docs.roguewave.com in 2024

The docs.roguewave.com site will be deprecated in early 2024. Refer to the offline help documentation that is included with the product for versions 2021 and earlier.

Klocwork/Validate Server

In this release, Apache Tomcat has been upgraded to version 8.5.96, with enhanced performance, security features, and additional optimizations for a more efficient and reliable server environment.

Plugins and extensions

From Klocwork 2023.4, the Klocwork Desktop Analysis plugins for IntelliJ IDEA, Android Studio, and CLion will work when using version 2023.1 or higher of the IDEs.

In release 2023.4, stability fixes have been completed for the Klocwork extension for Visual Studio Code and Klocwork Desktop plug-in for Visual Studio. Several customer issues have also been fixed, including:

In Visual Studio Code, the error notification on startup will appear only if the workspace contains Klocwork analysis folders.
In Visual Studio Code, the status options are ordered consistently in different areas of the extension.

In Visual Studio, the infobar will be enabled immediately and updated after Klocwork options are saved.
In Visual Studio, the defects of server taxonomies will disappear after being disconnected from the server.

C/C++

In this release we

improved tracking of array values when using constant indices
improved the desktop analysis tools (kwcheck/kwciagent) to match more closely the results of the server analysis tool (kwbuildproject).
improved the C/C++ analysis engine for stability and accuracy
significantly updated the HKMC taxonomy for more accurate coverage of rules

C#

In this release we

added a new taxonomy for CWE 2023 Top 25 for C#

Java

In this release we

added a new taxonomy for CWE 2023 Top 25 for Java
added support for Gradle 8.3
improved CERT Java coverage
expanded analysis and identification of potential issues for enhanced code security

Coding standards

This release includes new and expanded standards coverage for the following coding standards:

CWE IDs and 2023 Top 25 for C/C++, C#, and Java
CERT Secure Coding Standard
DISA STIG
HKMC Secure Coding Standard
ISO/IEC TS
Klocwork Quality
MISRA 2012 AMD3
Payment Card Industry Data Security Standard

Checker improvements

From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change as accuracy and coverage improve.

New checkers

Checker	Description
CXX.SUSPICIOUS_INDEX_CHECK	This C/C++ checker detects when a suspicious index check is present before accessing an array at a specific index.
CXX.SUSPICIOUS_INDEX_CHECK.CALL	This C/C++ checker detects when a suspicious index check is present before accessing an array in another function.
CXX.SUSPICIOUS_INDEX_CHECK.ZERO	This C/C++ checker detects when a suspicious index check against zero is present before accessing an array, but the index value is not checked against the upper array boundary.
MISRA.BITFIELD.UNION	This MISRA checker detects when a union contains bit field(s) as member(s).
MISRA.INTEGER_CONSTANT.MACRO.FLOAT_VALUE	This MISRA checker detects when the argument of an integer-constant macro is not a floating-point number.
MISRA.INTEGER_CONSTANT.MACRO.RANGE	This MISRA checker detects when the argument of an integer-constant macro is not within the range.
MISRA.INTEGER_CONSTANT.MACRO.SUFFIX	This MISRA checker detects when the argument of an integer-constant macro is not an unsuffixed integer constant.

Modified checkers

Checker	Description
ABV checkers	Overall improvements to the checkers
ABV.GENERAL	Updated the documentation and reduced false positives
AUTOSAR.OP.BINARY.RETVAL	Reduced false positives
CS.HIDDEN.MEMBER checkers	Reduced false positives
CS.RLK	Reduced false positives
CWARN.IMPLICITINT	Reduced false positives
CXX.ERRNO.NOT_CHECKED	Updated the documentation with sample codes
CXX.SUSPICIOUS_INDEX_CHECK.CALL	Reduced false positives
INFINITE_LOOP.GLOBAL	Reduced false positives
INVARIANT_CONDITION.GEN	Updated the documentation with clarification
MISRA.ASSIGN.OVERLAP	Reduced false positives
MISRA.FLOAT_EQUAL	New defects detected
MISRA.MEMB.NON_CONST	Reduced false positives
MISRA.ONEDEFRULE.VAR	Reduced false positives
MISRA.VAR.HIDDEN	Reduced false positives
MLK checkers	Reduced false positives
NNTS.MUST	Overall improvements to the checker
NNTS.TAINTED	New defects detected
NPD checkers	New defects detected
RABV.CHECK	Reduced false positives
RLK checkers	Reduced false positives
RN.INDEX	Reduced false positives
SV.STRBO.BOUND_COPY.OVERFLOW	New defects detected
SV.STRBO.NOBOUND_COPY	New defects detected
SV.TAINTED.CALL.INDEX_ACCESS	New defects detected
SV.TAINTED.GLOBAL	New defects detected
UNINIT.CTOR.MUST	Reduced false positives
UNUSED.FUNC.GEN	Reduced false positives
UFM checkers	New defects detected

Enabled or disabled checkers

No checkers were added to or removed from the default enabled field of the checker configuration files for this release.

Taxonomy improvements

As part of our installation, we offer several custom taxonomy files that map our checkers to standards such as MISRA, CWE, OWASP, and DISA STIG.

Taxonomy	New/updated
cert_cpp.tconf and cert_c_pp_ja.tconf	Added or modified checker mappings to the following rules: CERT EXP56-CPP
cert_java.tconf and cert_java_ja.tconf	The cert_java.tconf and cert_java_ja.tconf taxonomies were renamed from cert_java_community.tconf and cert_java_community_ja.tconf, respectively. Added a substantial number of mappings to the cert_java.tconf and cert_java_ja.tconf taxonomies.
cwe_2019_top_25_cxx.tconf and cwe_2019_top_25_cxx_ja.tconf cwe_2020_top_25_cxx.tconf and cwe_2020_top_25_cxx_ja.tconf cwe_2021_top_25_cxx.tconf and cwe_2021_top_25_cxx_ja.tconf cwe_2022_top_25_cxx.tconf and cwe_2022_top_25_cxx_ja.tconf cwe_2023_top_25_cxx.tconf and cwe_2023_top_25_cxx_ja.tconf	Added or modified checker mappings to the following weaknesses: CWE-119 CWE-125 CWE-787
cwe_2023_top_25_cs.tconf and cwe_2023_top_25_cs_ja.tconf cwe_2023_top_25_java.tconf and cwe_2023_top_25_java_ja.tconf	Added new taxonomies that map Klocwork checkers to the 2023 CWE Top 25 Most Dangerous Software Weaknesses.
cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf	Added or modified checker mappings to the following weaknesses: CWE-119 CWE-124 CWE-125 CWE-787
disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf	Added or modified checker mappings to the following rules: APSC-DV-002590 APSC-DV-003170
disa_stig_v5_java.tconf and disa_stig_v5_java_ja.tconf	Added or modified checker mappings to the following rules: APSC-DV-001540
hkmc_c.tconf and hkmc_c_ja.tconf hkmc_cpp.tconf and hkmc_cpp_ja.tconf	Substantial reorganization of the hkmc_c.tconf and hkmc_c_ja.tconf taxonomies.
iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf	Added or modified checker mappings to the following rules: 5.22
kw_quality_std_cxx.tconf and kw_quality_std_cxx_ja.tconf	Added or modified checker mappings to the following categories: Buffer Overflow
misra_c_2023_c11_all_checkers.tconf and misra_c_2023_c11_all_checkers_ja.tconf misra_c_2023_c11_certified.tconf and misra_c_2023_c11_certified_ja.tconf	Added or modified checker mappings to the following categories: Mandatory Rules Required Rules
misra_c_2023_c90_all_checkers.tconf and misra_c_2023_c90_all_checkers_ja.tconf misra_c_2023_c90_certified.tconf and misra_c_2023_c90_certified_ja.tconf	Added or modified checker mappings to the following categories: Required Rules
misra_c_2023_c99_all_checkers.tconf and misra_c_2023_c99_all_checkers_ja.tconf misra_c_2023_c99_certified.tconf and misra_c_2023_c99_certified_ja.tconf	Added or modified checker mappings to the following categories: Mandatory Rules Required Rules
pci_3_2_1_cxx.tconf and pci_3_2_1_cxx_ja.tconf	Added or modified checker mappings to the following rules: 6.5.2

Taxonomy

New/updated

cert_cpp.tconf and cert_c_pp_ja.tconf

Added or modified checker mappings to the following rules:

CERT EXP56-CPP

cert_java.tconf and cert_java_ja.tconf

The cert_java.tconf and cert_java_ja.tconf taxonomies were renamed from cert_java_community.tconf and cert_java_community_ja.tconf, respectively.

Added a substantial number of mappings to the cert_java.tconf and cert_java_ja.tconf taxonomies.

cwe_2019_top_25_cxx.tconf and cwe_2019_top_25_cxx_ja.tconf

cwe_2020_top_25_cxx.tconf and cwe_2020_top_25_cxx_ja.tconf

cwe_2021_top_25_cxx.tconf and cwe_2021_top_25_cxx_ja.tconf

cwe_2022_top_25_cxx.tconf and cwe_2022_top_25_cxx_ja.tconf

cwe_2023_top_25_cxx.tconf and cwe_2023_top_25_cxx_ja.tconf

Added or modified checker mappings to the following weaknesses:

CWE-119
CWE-125
CWE-787

cwe_2023_top_25_cs.tconf and cwe_2023_top_25_cs_ja.tconf

cwe_2023_top_25_java.tconf and cwe_2023_top_25_java_ja.tconf

Added new taxonomies that map Klocwork checkers to the 2023 CWE Top 25 Most Dangerous Software Weaknesses.

cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf

Added or modified checker mappings to the following weaknesses:

CWE-119
CWE-124
CWE-125
CWE-787

disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf

disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf

Added or modified checker mappings to the following rules:

APSC-DV-002590
APSC-DV-003170

disa_stig_v5_java.tconf and disa_stig_v5_java_ja.tconf

Added or modified checker mappings to the following rules:

APSC-DV-001540

hkmc_c.tconf and hkmc_c_ja.tconf

hkmc_cpp.tconf and hkmc_cpp_ja.tconf

Substantial reorganization of the hkmc_c.tconf and hkmc_c_ja.tconf taxonomies.

iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf

Added or modified checker mappings to the following rules:

5.22

kw_quality_std_cxx.tconf and kw_quality_std_cxx_ja.tconf

Added or modified checker mappings to the following categories:

Buffer Overflow

misra_c_2023_c11_all_checkers.tconf and misra_c_2023_c11_all_checkers_ja.tconf

misra_c_2023_c11_certified.tconf and misra_c_2023_c11_certified_ja.tconf

Added or modified checker mappings to the following categories:

Mandatory Rules
Required Rules

misra_c_2023_c90_all_checkers.tconf and misra_c_2023_c90_all_checkers_ja.tconf

misra_c_2023_c90_certified.tconf and misra_c_2023_c90_certified_ja.tconf

Added or modified checker mappings to the following categories:

Required Rules

misra_c_2023_c99_all_checkers.tconf and misra_c_2023_c99_all_checkers_ja.tconf

misra_c_2023_c99_certified.tconf and misra_c_2023_c99_certified_ja.tconf

Added or modified checker mappings to the following categories:

Mandatory Rules
Required Rules

pci_3_2_1_cxx.tconf and pci_3_2_1_cxx_ja.tconf

Added or modified checker mappings to the following rules:

6.5.2

Improvements to supported compilers

We've added or improved support for the following compilers:

Clang
Clang-cl
GNU
Green Hills
Microsoft Visual C++
Windriver GCC

For the full list of supported C/C++ compilers, see C/C++ compilers supported for build integration.

Licensing

Klocwork supports Reprise License Manager (RLM).

2022 licenses are not compatible with Klocwork 2023.4. You need a new license to use the latest version of the product. Contact license@perforce.com to obtain a new license.

In this release, we have added information about using RLM dongles with Klocwork. For more information, see Supported versions of RLM and Operating systems that support RLM dongles.

End of Life notice for FLEXlm/FlexNet Publisher as of Klocwork 2023.1

Klocwork has changed its license management tool by moving from FLEXlm/FlexNet Publisher to Reprise License Manager (RLM) as of Klocwork 2023.1. FLEXlm/FlexNet Publisher is no longer supported.

New product license files will be generated for Reprise; if you require a FLEXlm license file for older Klocwork versions, we can provide this for you.

To learn more about transitioning, see Transition license from FlexLM to Reprise.

Changes to system requirements

In this release, we've added support for:

Windows 11 (version 23H2)
Debian 11.8
Amazon Linux 2 (2.0.20231101.0 Update)
Ubuntu 20.04.6 LTS, 22.04.3 LTS
openSUSE Leap 15.5
SUSE Enterprise 15 SP5
Eclipse 4.29 (2023-09)
Android Studio Giraffe (2022.3.1 Patch 3)
Visual Studio 2017 version 15.9.58
Visual Studio 2019 version 16.11.31
Visual Studio 2022 version 17.7.6
Visual Studio Code 1.84.1 (minimum supported version is 1.74.3)
IntelliJ IDEA 2023.1.5, 2023.2.4
CLion 2023.2 (up to 2023.2.2)
Microsoft Edge 108.x to 119.x
Firefox 119.x, 115.x ESR
Chrome 119.x
Jenkins 2.431
Gradle 8.3
Windows RLM v15.1BL2
Linux RLM v15.1BL2

In this release, we've ended support for

Ubuntu 16.04
Visual Studio 2022 versions 1.72.2 to 1.74.2
IntelliJ IDEA 2019.1, 2019.2
Microsoft Edge 105.x to 107.x
Firefox 105.x to 106.x
Chrome 106.x to 108.x

For the complete list of supported versions, see System Requirements.

Discontinuation of Klocwork Server installations in release 2023.4

Starting from release 2023.4, Klocwork Server installations have been discontinued. We recommend transitioning to Validate installation for a more streamlined and integrated experience.

When transitioning from Klocwork to Validate:

Stop your Klocwork instance and back up the projects_root.
During Validate install, set the projects_root location to your current projects_root.
If you are currently using non-default values for ports or license server, be sure to set the same values during Validate install.

Deprecation of issue grouping

Issue grouping is deprecated as of Klocwork 2023.3. If you are upgrading from a previous version, we recommend turning off issue grouping before performing a migration.

Maintenance for Klocwork 2021 ended

Maintenance for all versions of Klocwork 2021 ended March 31, 2023. The end of maintenance (EOM) date and end of sale (EOS) date was also March 31, 2023. For information about the availability of support for any release of Klocwork, see the Klocwork Product Lifecycle.

Path API version upgrade in Klocwork 2023.1

We upgraded the Path API version to accommodate multi-threaded execution within path analysis instances. The upgraded API is not backward compatible with previous versions. All custom checkers using the Path API need to be updated and recompiled by using the 2023 Klocwork Path API headers and library. To learn more, see the Path API documentation.

End of Life notice for macOS as of Klocwork 2023.1

Beginning with Klocwork 2023.1, the following operating systems and installers are not supported:

macOS