What's new in Klocwork 2024.3

Released October 2024

Here are the highlights for Klocwork 2024.3. If you're upgrading Klocwork, see the Limitations for items that might affect your upgrade and usage.

Validate / Klocwork enhancements

This release includes the following enhancements.

Basic Klocwork administration tasks no longer consume build license

In this release, we've updated the build license consumption model for kwadmin and validate admin. Basic administrative tasks such as list, get and export will no longer consume a build license. This change simplifies the licensing process and enhances alignment between QAC and Klocwork.

For more information on build license consumption, see kwadmin or validate admin.

C and C++ enhancements

This release includes the following enhancements:

  • Benefit from improved defect detection, with enhanced support for tracking conditionally freed memory.
  • Enjoy increased support for the Bazel build system on both Windows and Linux. See kwbazel.

Java enhancements

Starting in this release, kwauth defaults to storing credentials in secure storage with Java KeyStore. The environment variable KLOCWORK_ SECURE_TOKEN_STORAGE is set to JAVA_SECRET_STORAGE for new tokens and is set to empty for pre-existing tokens.

For more information, see Secure authentication tokens.

Plug-ins and extensions

The following features were added to the plug-ins and extensions:

  • Device authorization: Instead of running kwauth externally for the Validate 24.2 and later servers, you can now authenticate directly within the Visual Studio and CLion plug-ins. For Visual Studio, the token is stored in the ltoken file. For CLion, the token can be stored in the credentials or ltoken file, depending on your analysis tool version.

Expanded coverage for coding standards

This release includes new and expanded coverage for the following coding standards:

  • AUTOSAR

  • SEI CERT C and C++

  • HKMC C++

  • MISRA C 2012 with Amendment 2 (100% coverage can now be obtained with a tool available on-demand from Klocwork Support)

  • MISRA C 2004 and 2023

  • MISRA C++ 2008 and 2023

Checker improvements

New checkers

The following checkers were added in this release:

Checker Description

CERT.ALIGN.OF

CERT.ANONYMOUS.STRUCT

CERT.ANONYMOUS.UNION

CERT.ARRAY.LENGTH.ZERO

CERT.BITFIELD.NOT.INT

CERT.BITFIELD.SIGN.MODIFIER

CERT.EMPTY.AGR.INIT

CERT.ENUM.LITERAL.TYPE.INT

CERT.ENUM.TYPE.SPECIFIER

CERT.FIXED.MEMORY.ADDRESS

CERT.LITERAL.BINARY

CERT.LITERAL.MULTI-BYTE.CHAR

CERT.LITERAL.SUFFIX.I64

CERT.NAME.DOLLAR.CHAR

CERT.STMT.EXPR

CERT.STR.RANGE.FORMATTER

CERT.TYPEOF

CERT.UNNAMED.MEMBER

 These CERT checkers provide support for CERT MSC14-C: Do not introduce unnecessary platform dependencies.
CERT.CHROOT

CERT.CHROOT.CHDIR

 These CERT checkers provide support for POS05-C: Limit access to files by creating a jail.

CERT.LITERAL.ARRAY

CERT.LITERAL.BITFIELD

CERT.LITERAL.CHAR.CONST

CERT.LITERAL.FLT.CONST

CERT.LITERAL.INT.CONST

CERT.LITERAL.STR.CONST

 These CERT checkers provide support for CERT DCL06-C:(L3) Use meaningful symbolic constants to represent literal values.
CERT.LITERAL.OCTAL This CERT checker provides support for CERT MSC14-C: Do not introduce unnecessary platform dependencies.

CERT.MEM.PLACEMENTNEW.MISALIGNED

CERT.MEM.PLACEMENTNEW.TOOSMALL

 These CERT checkers provide support for CERT MEM54-CPP: Provide placement new with properly aligned pointers to sufficient storage capacity.
CERT.MULTI.FUNC.ARG.CALLS This CERT checker provides support for CERT EXP10-C: Do not depend on the order of evaluation of subexpressions or the order in which side effects take place.
CERT.RTN.FLT.CAST.DBL

CERT.RTN.FLT.IMPLICIT.CAST.DBL

 These CERT checkers provide support for CERT FLP07-C: Cast the return value of a function that returns a floating-point type.
CERT.SIG.SIG_HANDLER.ASYNC_SAFE This CERT checker provides support for SIG30-C: Call only asynchronous-safe functions within signal handlers.

CERT.STATIC.SINGLE.USE

CERT.TU.UNUSED.GLOBAL.DECL

 These CERT checkers provide support for CERT DCL19-C: Minimize the scope of variables and functions.

CXX.ID_VIS.GLOBAL_VARIABLE.EXTERN

CXX.ID_VIS.GLOBAL_VARIABLE.STATIC

 These MISRA checkers provide support for MISRA C 2012 and 2023 Rule 8.9 (Advisory): An object should be declared at block scope if its identifier only appears in a single function.
MISRA.DECL.EXTERNAL.MULTIPLE This MISRA checker provides support for MISRA C 2012 and 2023 Rule 8.5, and for MISRA C 2004, Rule 8.8: An external object or function shall be declared once in one and only one file.
MISRA.DEFINE.EXTERNAL.MULTIPLE

This MISRA checker provides support for MISRA C 2012 and 2023 Rule 8.6, and for MISRA C 2004, Rule 8.9: An identifier with external linkage shall have exactly one external definition.

MISRA.ELIF.DEFINED

MISRA.EXPANSION.NARGS

MISRA.EXPANSION.UNSAFE

MISRA.IF.DEFINED

MISRA.INCOMPLETE.STRUCT

MISRA.INCOMPLETE.STRUCT.UNNAMED

MISRA.INCOMPLETE.UNION

MISRA.INCOMPLETE.UNION.UNNAMED

 These MISRA checkers provide support for MISRA C 2012 Rule 1.3: There shall be no occurrence of undefined or critical unspecified behaviour.
MISRA.EXT.IDENT.DISTINCT.2012.C90

MISRA.EXT.IDENT.DISTINCT.2012.C99

 These MISRA checkers provide support for MISRA C 2012 and 2023 Rule 5.1: External identifiers shall be distinct.
MISRA.EXT.LINKAGE.REDUNDANT.2012 This MISRA checker provides support for MISRA 2012 and 2023 Rule 8.7: Functions and objects should not be defined with external linkage if they are referenced in only one translation unit.
MISRA.MACRO_ARG.EXPRESSION.2012 This MISRA checker provides support for MISRA 2012 and 2023 Rule 20.7: Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses.
MISRA.STRUCT_DEF.HIDDEN.2012 This MISRA checker provides support for MISRA C 2012 Directive 4.8: If a pointer to a structure or union is never dereferenced within a translation unit, then the implementation of the object should be hidden.
MISRA.TOKEN.COMMENTED.CODE This MISRA checker provides support for MISRA C 2004 Rule 2.4; for MISRA C++ 2008 Rules 2-7-2 and 2-7-3; for MISRA C++ 2023 Directive 5.7.2; and for MISRA C 2012 and 2023 Directive 4.4: Sections of code should not be “commented out”.

Modified checkers

Checker Description
AUTOSAR.ADD.LITERAL Finds fewer false positives
AUTOSAR.ADD.REDEF.DERIVED.FUNC Finds fewer false positives
CERT.OOP.COPY_MUTATES Finds fewer false positives
MISRA.IF.UNDEF Finds fewer false positives
MISRA.LOGIC.NOT_BOOL Finds fewer false positives

MLK.MUST

 Finds fewer false positives
UFM.DEREF.MIGHT Finds additional defects
UFM.DEREF.MUST Finds additional defects

Enabled or disabled checkers

No checkers were added to the default enabled field of the checker configuration files in this release.

Taxonomy improvements

As part of the installation, you will find several custom taxonomy files that map Klocwork checkers to coding standards such as MISRA, CWE, OWASP, and DISA STIG.

Taxonomy Improvements

autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf

autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf

Added or modified checker mappings to the following rules:

  • A2-7-2

cert_c_all.tconf and cert_c_all_ja.tconf

Added or modified checker mappings to the following rules:

  • MSC14-C
  • POS05-C
  • DCL06-C
  • EXP10-C
  • FLP07-C
  • DCL19-C
  • MEM00-C
cert_c_rules.tconf and cert_c_rules_ja.tconf

Added or modified checker mappings to the following rules:

  • SIG30-C
cert_cpp.tconf and cert_cpp_ja.tconf

Added or modified checker mappings to the following rules:

  • MEM54-CPP
cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf

Added or modified checker mappings to the following rules:

  • CWE-401

disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf

disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf

Added or modified checker mappings to the following rules:

  • APSC-DV-002400
  • APSC-DV-003170
  • APSC-DV-003320
disa_stig_v5_java.tconf and disa_stig_v5_java_ja.tconf

Added or modified checker mappings to the following rules:

  • APSC-DV-002440
  • APSC-DV-002550
  • APSC-DV-001820

 
Helix QAC taxonomies Updated the Helix QAC taxonomies to Helix QAC version 2024.3.
iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf

Added or modified checker mappings to the following categories:

  • 5.18
misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf

Added or modified checker mappings to the following rules and directories:

  • Rule 1.3
  • Rule 5.1
  • Rule 8.5
  • Rule 8.6
  • Rule 8.7
  • Rule 8.9
  • Rule 20.7
  • Rule 22.1
  • Dir. 4.4
  • Dir. 4.8
misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf

Added or modified checker mappings to the following rules and directories:

  • Rule 1.3
  • Rule 5.1
  • Rule 5.2
  • Rule 5.4
  • Rule 5.5
  • Rule 8.5
  • Rule 8.6
  • Rule 8.7
  • Rule 8.9
  • Rule 20.4
  • Rule 20.7
  • Rule 22.1
  • Dir. 4.4
  • Dir. 4.8
misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf

Added or modified checker mappings to the following rules and directories:

  • Rule 1.3
  • Rule 5.1
  • Rule 8.5
  • Rule 8.6
  • Rule 8.7
  • Rule 8.9
  • Rule 20.7
  • Rule 22.1
  • Dir. 4.4
  • Dir. 4.8

misra_c_2023_c90.tconf and misra_c_2023_c90_ja.tconf

Added or modified checker mappings to the following rules and directories:

  • Rule 5.1
  • Rule 5.2
  • Rule 5.4
  • Rule 5.5
  • Rule 8.5
  • Rule 8.6
  • Rule 8.7
  • Rule 8.9
  • Rule 20.4
  • Rule 20.7
  • Rule 22.1
  • Dir. 4.4
  • Dir. 4.8

misra_c_2023_c99.tconf and misra_c_2023_c99.tconf

misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf

Added or modified checker mappings to the following rules and directories:

  • Rule 5.1
  • Rule 8.5
  • Rule 8.6
  • Rule 8.7
  • Rule 8.9
  • Rule 20.7
  • Rule 22.1
  • Dir. 4.4
  • Dir. 4.8
misra_cpp_2008.tconf and misra_cpp_2008_ja.tconf

Added or modified checker mappings to the following rules and directories:

  • Rule 2-7-2
  • Rule 2-7-3
misra_cpp_2023.tconf and misra_cpp_2023_ja.tconf

Added or modified checker mappings to the following rules and directories:

  • Dir. 5.7.2

Improvements to supported compilers

You'll find additional or improved support for the following compilers:

  • GNU compiler (gcc, g++ and gcc-based cross-compilers)
  • Clang compiler (clang, clang++)
  • TI ARM Clang (tiarmclang)
  • QNX compiler (qcc)
  • iccarm compiler (iccarm)
  • Tricore compiler (cctc, ctc, cptc)

For the full list of supported C and C++ compilers, see C/C++ compilers supported for build integration.

Licensing

Klocwork supports Reprise License Manager (RLM).

2023 licenses are not compatible with Klocwork 2024.1 or newer. To use the latest version of the product, obtain a new license by contacting Perforce at license@perforce.com.

For more information, see Supported versions of RLM and Operating systems that support RLM dongles.

Changes to system requirements

In this release, we added support for:

  • Amazon Linux 2 (2.0.20240903.0 Update)
  • Ant 1.10.15
  • Chrome 117.x to 128.x
  • CLion 2023.2.5
  • Debian 11.11
  • Eclipse 4.33 (2024-09)
  • Firefox 118.x to 130.x
  • Glibc 2.15 to 2.40
  • Gradle 8.10
  • IntelliJ IDEA 2023.1.8
  • Maven 3.9.9
  • Microsoft Edge 117.x to 128.x
  • Oracle Linux 8.10, 9.4
  • Red Hat Enterprise Linux 8.10
  • Suse Enterprise Enterprise 15 SP6
  • Ubuntu 22.04.5 LTS
  • Visual Studio 2017 version 15.9.66
  • Visual Studio 2019 version 16.11.40
  • Visual Studio 2022 version 17.11.4
  • VS Code 1.83.1 to 1.93.1

In this release, we ended support for:

  • CentOS Linux 7.x
  • Chrome 115.x to 116.x
  • Firefox 115.x to 117.x
  • Microsoft Edge 115.x to 116.x
  • Oracle Linux 7.x
  • Red Hat Enterprise Linux 7.x
  • VS Code 1.80.2 to 1.82.3

For the complete list of supported versions, see System Requirements.

Discontinuation of NIS access control starting in Klocwork 2024.3

Starting in Klocwork 2024.3, NIS access control will no longer be supported. Some functionalities may be affected in Klocwork 2024.2.

When migrating from an earlier version to Klocwork 2024.2, you will need to switch to a different authentication method. It is recommended that you switch authentication methods before migrating, to ensure that you can continue to sign in after the upgrade. For migration information, see Setting up NIS access control.

End of life notice for CentOS Linux 7 starting in Klocwork 2024.3

Starting in Klocwork 2024.3, the following operating systems and installers are not supported:

  • CentOS Linux 7

Removal of the Jenkins plug-in starting in 2024.2

Starting in Klocwork 2024.2, the Jenkins plug-in has been removed from Klocwork and the installation package is no longer provided.

Removal of Validate Code Review starting in 2024.2

Starting in Klocwork 2024.2, the Code Review function and its associated command line tools have been removed from Validate.

Maintenance ending for Klocwork 2022

Maintenance (including end of maintenance and end of sale) for all 2022 versions of Klocwork ended on March 31, 2024. To learn about the support available for all Klocwork releases, see the Klocwork Product Lifecycle.

Discontinuation of docs.roguewave.com in 2024

The docs.roguewave.com site was discontinued in early 2024. For Klocwork versions 2021 and earlier, see the offline documentation that is included with the product.

Discontinuation of Klocwork Server installations in release 2023.4

Starting from release 2023.4, Klocwork Server installations have been discontinued. You can transition to a Validate installation, which is designed to provide a more streamlined and integrated experience.

When transitioning from Klocwork to Validate:

  • Stop your Klocwork instance and back up the projects_root directory.

  • During Validate install, set the projects_root directory location to your current projects_root directory.

  • If you are currently using non-default values for ports or license server, be sure to set the same values when you install Validate.