What's new in Klocwork 2024.3
Released October 2024
Here are the highlights for Klocwork 2024.3. If you're upgrading Klocwork, see the Limitations for items that might affect your upgrade and usage.
Validate / Klocwork enhancements
This release includes the following enhancements.
Basic Klocwork administration tasks no longer consume build license
In this release, we've updated the build license consumption model for kwadmin
and validate admin
. Basic administrative tasks such as list, get and export will no longer consume a build license. This change simplifies the licensing process and enhances alignment between QAC and Klocwork.
For more information on build license consumption, see kwadmin or validate admin.
C and C++ enhancements
This release includes the following enhancements:
- Benefit from improved defect detection, with enhanced support for tracking conditionally freed memory.
- Enjoy increased support for the Bazel build system on both Windows and Linux. See kwbazel.
Java enhancements
Starting in this release, kwauth defaults to storing credentials in secure storage with Java KeyStore. The environment variable KLOCWORK_ SECURE_TOKEN_STORAGE is set to JAVA_SECRET_STORAGE for new tokens and is set to empty for pre-existing tokens.
For more information, see Secure authentication tokens.
Plug-ins and extensions
The following features were added to the plug-ins and extensions:
- Device authorization: Instead of running
kwauth
externally for the Validate 24.2 and later servers, you can now authenticate directly within the Visual Studio and CLion plug-ins. For Visual Studio, the token is stored in the ltoken file. For CLion, the token can be stored in the credentials or ltoken file, depending on your analysis tool version.
Expanded coverage for coding standards
This release includes new and expanded coverage for the following coding standards:
-
AUTOSAR
-
SEI CERT C and C++
-
HKMC C++
-
MISRA C 2012 with Amendment 2 (100% coverage can now be obtained with a tool available on-demand from Klocwork Support)
-
MISRA C 2004 and 2023
-
MISRA C++ 2008 and 2023
Checker improvements
New checkers
The following checkers were added in this release:
Checker | Description |
---|---|
CERT.ALIGN.OF CERT.ANONYMOUS.STRUCT CERT.ANONYMOUS.UNION CERT.ARRAY.LENGTH.ZERO CERT.BITFIELD.NOT.INT CERT.BITFIELD.SIGN.MODIFIER CERT.EMPTY.AGR.INIT CERT.ENUM.LITERAL.TYPE.INT CERT.ENUM.TYPE.SPECIFIER CERT.FIXED.MEMORY.ADDRESS CERT.LITERAL.BINARY CERT.LITERAL.MULTI-BYTE.CHAR CERT.LITERAL.SUFFIX.I64 CERT.NAME.DOLLAR.CHAR CERT.STMT.EXPR CERT.STR.RANGE.FORMATTER CERT.TYPEOF CERT.UNNAMED.MEMBER |
These CERT checkers provide support for CERT MSC14-C: Do not introduce unnecessary platform dependencies. |
CERT.CHROOT CERT.CHROOT.CHDIR |
These CERT checkers provide support for POS05-C: Limit access to files by creating a jail. |
CERT.LITERAL.ARRAY CERT.LITERAL.BITFIELD CERT.LITERAL.CHAR.CONST CERT.LITERAL.FLT.CONST CERT.LITERAL.INT.CONST CERT.LITERAL.STR.CONST |
These CERT checkers provide support for CERT DCL06-C:(L3) Use meaningful symbolic constants to represent literal values. |
CERT.LITERAL.OCTAL | This CERT checker provides support for CERT MSC14-C: Do not introduce unnecessary platform dependencies. |
CERT.MEM.PLACEMENTNEW.MISALIGNED CERT.MEM.PLACEMENTNEW.TOOSMALL |
These CERT checkers provide support for CERT MEM54-CPP: Provide placement new with properly aligned pointers to sufficient storage capacity. |
CERT.MULTI.FUNC.ARG.CALLS | This CERT checker provides support for CERT EXP10-C: Do not depend on the order of evaluation of subexpressions or the order in which side effects take place. |
CERT.RTN.FLT.CAST.DBL CERT.RTN.FLT.IMPLICIT.CAST.DBL |
These CERT checkers provide support for CERT FLP07-C: Cast the return value of a function that returns a floating-point type. |
CERT.SIG.SIG_HANDLER.ASYNC_SAFE | This CERT checker provides support for SIG30-C: Call only asynchronous-safe functions within signal handlers. |
CERT.STATIC.SINGLE.USE CERT.TU.UNUSED.GLOBAL.DECL |
These CERT checkers provide support for CERT DCL19-C: Minimize the scope of variables and functions. |
CXX.ID_VIS.GLOBAL_VARIABLE.EXTERN CXX.ID_VIS.GLOBAL_VARIABLE.STATIC |
These MISRA checkers provide support for MISRA C 2012 and 2023 Rule 8.9 (Advisory): An object should be declared at block scope if its identifier only appears in a single function. |
MISRA.DECL.EXTERNAL.MULTIPLE | This MISRA checker provides support for MISRA C 2012 and 2023 Rule 8.5, and for MISRA C 2004, Rule 8.8: An external object or function shall be declared once in one and only one file. |
MISRA.DEFINE.EXTERNAL.MULTIPLE |
This MISRA checker provides support for MISRA C 2012 and 2023 Rule 8.6, and for MISRA C 2004, Rule 8.9: An identifier with external linkage shall have exactly one external definition. |
MISRA.ELIF.DEFINED MISRA.EXPANSION.NARGS MISRA.EXPANSION.UNSAFE MISRA.IF.DEFINED MISRA.INCOMPLETE.STRUCT MISRA.INCOMPLETE.STRUCT.UNNAMED MISRA.INCOMPLETE.UNION MISRA.INCOMPLETE.UNION.UNNAMED |
These MISRA checkers provide support for MISRA C 2012 Rule 1.3: There shall be no occurrence of undefined or critical unspecified behaviour. |
MISRA.EXT.IDENT.DISTINCT.2012.C90 MISRA.EXT.IDENT.DISTINCT.2012.C99 |
These MISRA checkers provide support for MISRA C 2012 and 2023 Rule 5.1: External identifiers shall be distinct. |
MISRA.EXT.LINKAGE.REDUNDANT.2012 | This MISRA checker provides support for MISRA 2012 and 2023 Rule 8.7: Functions and objects should not be defined with external linkage if they are referenced in only one translation unit. |
MISRA.MACRO_ARG.EXPRESSION.2012 | This MISRA checker provides support for MISRA 2012 and 2023 Rule 20.7: Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses. |
MISRA.STRUCT_DEF.HIDDEN.2012 | This MISRA checker provides support for MISRA C 2012 Directive 4.8: If a pointer to a structure or union is never dereferenced within a translation unit, then the implementation of the object should be hidden. |
MISRA.TOKEN.COMMENTED.CODE | This MISRA checker provides support for MISRA C 2004 Rule 2.4; for MISRA C++ 2008 Rules 2-7-2 and 2-7-3; for MISRA C++ 2023 Directive 5.7.2; and for MISRA C 2012 and 2023 Directive 4.4: Sections of code should not be “commented out”. |
Modified checkers
Checker | Description |
---|---|
AUTOSAR.ADD.LITERAL | Finds fewer false positives |
AUTOSAR.ADD.REDEF.DERIVED.FUNC | Finds fewer false positives |
CERT.OOP.COPY_MUTATES | Finds fewer false positives |
MISRA.IF.UNDEF | Finds fewer false positives |
MISRA.LOGIC.NOT_BOOL | Finds fewer false positives |
MLK.MUST |
Finds fewer false positives |
UFM.DEREF.MIGHT | Finds additional defects |
UFM.DEREF.MUST | Finds additional defects |
Enabled or disabled checkers
No checkers were added to the default enabled
field of the checker configuration files in this release.
Taxonomy improvements
As part of the installation, you will find several custom taxonomy files that map Klocwork checkers to coding standards such as MISRA, CWE, OWASP, and DISA STIG.
Taxonomy | Improvements |
---|---|
autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf |
Added or modified checker mappings to the following rules:
|
cert_c_all.tconf and cert_c_all_ja.tconf |
Added or modified checker mappings to the following rules:
|
cert_c_rules.tconf and cert_c_rules_ja.tconf |
Added or modified checker mappings to the following rules:
|
cert_cpp.tconf and cert_cpp_ja.tconf |
Added or modified checker mappings to the following rules:
|
cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf |
Added or modified checker mappings to the following rules:
|
disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf |
Added or modified checker mappings to the following rules:
|
disa_stig_v5_java.tconf and disa_stig_v5_java_ja.tconf |
Added or modified checker mappings to the following rules:
|
Helix QAC taxonomies | Updated the Helix QAC taxonomies to Helix QAC version 2024.3. |
iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf |
Added or modified checker mappings to the following categories:
|
misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf |
Added or modified checker mappings to the following rules and directories:
|
misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf |
Added or modified checker mappings to the following rules and directories:
|
misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf |
Added or modified checker mappings to the following rules and directories:
|
misra_c_2023_c90.tconf and misra_c_2023_c90_ja.tconf |
Added or modified checker mappings to the following rules and directories:
|
misra_c_2023_c99.tconf and misra_c_2023_c99.tconf misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf |
Added or modified checker mappings to the following rules and directories:
|
misra_cpp_2008.tconf and misra_cpp_2008_ja.tconf |
Added or modified checker mappings to the following rules and directories:
|
misra_cpp_2023.tconf and misra_cpp_2023_ja.tconf |
Added or modified checker mappings to the following rules and directories:
|
Improvements to supported compilers
You'll find additional or improved support for the following compilers:
- GNU compiler (gcc, g++ and gcc-based cross-compilers)
- Clang compiler (clang, clang++)
- TI ARM Clang (tiarmclang)
- QNX compiler (qcc)
- iccarm compiler (iccarm)
- Tricore compiler (cctc, ctc, cptc)
For the full list of supported C and C++ compilers, see C/C++ compilers supported for build integration.
Licensing
Klocwork supports Reprise License Manager (RLM).
2023 licenses are not compatible with Klocwork 2024.1 or newer. To use the latest version of the product, obtain a new license by contacting Perforce at license@perforce.com.
For more information, see Supported versions of RLM and Operating systems that support RLM dongles.
Changes to system requirements
In this release, we added support for:
- Amazon Linux 2 (2.0.20240903.0 Update)
- Ant 1.10.15
- Chrome 117.x to 128.x
- CLion 2023.2.5
- Debian 11.11
- Eclipse 4.33 (2024-09)
- Firefox 118.x to 130.x
- Glibc 2.15 to 2.40
- Gradle 8.10
- IntelliJ IDEA 2023.1.8
- Maven 3.9.9
- Microsoft Edge 117.x to 128.x
- Oracle Linux 8.10, 9.4
- Red Hat Enterprise Linux 8.10
- Suse Enterprise Enterprise 15 SP6
- Ubuntu 22.04.5 LTS
- Visual Studio 2017 version 15.9.66
- Visual Studio 2019 version 16.11.40
- Visual Studio 2022 version 17.11.4
- VS Code 1.83.1 to 1.93.1
In this release, we ended support for:
- CentOS Linux 7.x
- Chrome 115.x to 116.x
- Firefox 115.x to 117.x
- Microsoft Edge 115.x to 116.x
- Oracle Linux 7.x
- Red Hat Enterprise Linux 7.x
- VS Code 1.80.2 to 1.82.3
For the complete list of supported versions, see System Requirements.
Discontinuation of NIS access control starting in Klocwork 2024.3
Starting in Klocwork 2024.3, NIS access control will no longer be supported. Some functionalities may be affected in Klocwork 2024.2.
When migrating from an earlier version to Klocwork 2024.2, you will need to switch to a different authentication method. It is recommended that you switch authentication methods before migrating, to ensure that you can continue to sign in after the upgrade. For migration information, see Setting up NIS access control.
End of life notice for CentOS Linux 7 starting in Klocwork 2024.3
Starting in Klocwork 2024.3, the following operating systems and installers are not supported:
- CentOS Linux 7
Removal of the Jenkins plug-in starting in 2024.2
Starting in Klocwork 2024.2, the Jenkins plug-in has been removed from Klocwork and the installation package is no longer provided.
Removal of Validate Code Review starting in 2024.2
Starting in Klocwork 2024.2, the Code Review function and its associated command line tools have been removed from Validate.
Maintenance ending for Klocwork 2022
Maintenance (including end of maintenance and end of sale) for all 2022 versions of Klocwork ended on March 31, 2024. To learn about the support available for all Klocwork releases, see the Klocwork Product Lifecycle.
Discontinuation of docs.roguewave.com in 2024
The docs.roguewave.com site was discontinued in early 2024. For Klocwork versions 2021 and earlier, see the offline documentation that is included with the product.
Discontinuation of Klocwork Server installations in release 2023.4
Starting from release 2023.4, Klocwork Server installations have been discontinued. You can transition to a Validate installation, which is designed to provide a more streamlined and integrated experience.
When transitioning from Klocwork to Validate:
Stop your Klocwork instance and back up the projects_root directory.
During Validate install, set the projects_root directory location to your current projects_root directory.
If you are currently using non-default values for ports or license server, be sure to set the same values when you install Validate.