What's new in Klocwork 2024.4

Released December 2024

Here are the highlights for Klocwork 2024.4. If you're upgrading Klocwork, see the Limitations for items that might affect your upgrade and usage.

Klocwork and Validate enhancements

This release includes the following enhancements.

Back up projects and server information with minimal downtime

To minimize downtime, you can safely back up information without ever having to stop your servers. See hot backup Method 1: Use supported scripts to learn how to back up individual projects or Validate server configurations and restore them later.

Improved workflow for application token authentication

Authenticating a client in automated environments is now more streamlined and secure. This enhancement is especially useful for setups like Docker container deployments.

You can securely authenticate a client by storing the application token in a secret storage system such as Docker Secrets, then use your system's automated interaction methods to pass the token using the kwauth -t command.

For more information, see Authentication using application tokens.

Added support for regular expressions when creating modules in Java

Regular expressions are now supported along with Glob for pattern matching when you create modules in Java. A wide range of standard regex characters are supported for precise pattern matching. For more information and examples, see Creating a module.

Updated taxonomy page for improved navigation

To reduce visual clutter and simplify navigation, taxonomy categories are now collapsed by default. Categories will expand when you click on them or search the page. To expand or collapse all categories at once, use the top menu buttons.

Added confirmation step for editing multiple issues at once

To help ensure that your bulk changes are intentional, a confirmation box now appears when you edit multiple issues at once from the search screen.

Improved CI build logs for better visibility and troubleshooting

To provides a comprehensive view of the build process, CI build logs now contain both the analysis and the import build logs, making it easier to debug and track the progress of CI builds.

C and C++ enhancements

In this release, we:

  • Added full C and C++ support for the Bazel build system on Windows and Linux

  • Replaced existing community MISRA checkers with Klocwork supported checkers

Java enhancements

In this release, we:

  • Added full Java support for the Bazel build system on both Windows and Linux

  • Added support for differential analysis in kwciagent

  • Upgraded Jetty to version 9.4.56

Plug-ins and extensions

In this release, we:

  • Upgraded the JetBrains IDEs (IDEA, CLion, and Android Studio) plug-ins to version 2024.2

  • Added SAML/OIDC authentication to the VS Code plug-in, allowing you to authenticate securely with the Validate server and reducing the need for multiple passwords

Expanded coverage for coding standards

This release includes new and expanded coverage for the following coding standards:

  • CERT C and C++ (includes 100% coverage for the L1 rules)

  • CERT Java

  • MISRA C 2012 with Amendment 2 (includes 100% coverage)

Checker improvements

New checkers

The following checkers were added in this release:

Checker Description
ABV.NON_ARRAY This checker finds defects when any non-array object is used as an array.
CERT.EXCEPTION.OVER.BOUNDARY This CERT checker provide support for CERT ERR59-CPP: Do not throw an exception across execution boundaries.
CERT.FIO.FGETS This CERT checker provide support for CERT FIO37-C: Do not assume that fgets() or fgetws() returns a nonempty string when successful.

CERT.MEM.OBJ_LIFETIME_CTOR

CERT.MEM.OBJ_LIFETIME_DTOR

 These CERT checkers provide support for CERT MEM53-CPP: Explicitly construct and destruct objects when manually managing object lifetime.

CERT.MEM.SMART_PTR.OWNED

CERT.MEM.SMART_PTR.OWNED.THIS

 These CERT checkers provide support for CERT MEM56-CPP: Do not store an already-owned pointer value in an unrelated smart pointer.
ITER.ADVANCE.NONADJACENT This CERT checker provides support for CERT CTR55-CPP: Do not use an additive operator on an iterator if the result would overflow.

ITER.END.OUTPARAM.MIGHT

ITER.END.OUTPARAM.MUST

 These CERT checkers provide support for CERT CTR52-CPP: Guarantee that library functions do not overflow.
JAVA.ASSERT.ARG This CERT checker provides support for CERT MET01-J: Never use assertions to validate method arguments.
JAVA.BIGDEC.FLOAT This CERT checker provides support for CERT NUM10-J: Do not construct BigDecimal objects from floating-point literals.
JAVA.COMPARE.NAN This CERT checker provides support for CERT NUM07-J: Do not attempt comparisons with NaN.
JAVA.CTOR.EXCEPT This CERT checker provides support for CERT OBJ11-J: Be wary of letting constructors throw exceptions.
JAVA.DEBUG.ENTRY This CERT checker provides support for CERT ENV06-J: Production code must not contain debugging entry points.
JAVA.FINAL.STATIC.VAR This CERT checker provides support for CERT OBJ11-J: Be wary of letting constructors throw exceptions.
JAVA.INF.LOOP.EMPTY This CERT checker provides support for CERT MSC01-J: Do not use an empty infinite loop.
JAVA.LOOP.CTR.FLOAT This CERT checker provides support for CERT NUM09-J: Do not use floating-point variables as loop counters.
JAVA.NATIVE.PUBLIC This CERT checker provides support for CERT JNI00-J: Define wrappers around native methods.
JAVA.NESTED.EXPOSE This CERT checker provides support for CERT OBJ08-J: Do not expose private members of an outer class from within a nested class.
JAVA.SERIALIZE.INNER This CERT checker provides support for CERT SER05-J: Do not serialize instances of inner classes.
JAVA.THREADGROUP This CERT checker provides support for CERT THI01-J: Do not invoke ThreadGroup methods.
JAVA.WAIT.IN.LOOP This CERT checker provides support for CERT THI03-J: Always invoke wait() and await() methods inside a loop.

MISRA.MACRO.IDENT.DISTINCT.C90.2012

MISRA.MACRO.IDENT.DISTINCT.C99.2012

 This MISRA checker provides support for MISRA C 2012 Rule 5.5: Identifiers shall be distinct from macro names.

MISRA.UNUSED_MACRO.2012

 These MISRA checkers provide support for MISRA 2012 Rule 2.5 (Advisory): A project should not contain unused macro declarations.

Modified checkers

Checker Description
ABV.GENERAL Finds fewer false positives and false negatives
AUTOSAR.ADD.AUTO.SPECIFIER Finds fewer false positives
CERT.OOP.CTOR.INIT_ORDER Finds fewer false positives
MISRA.BITS.OPERAND Finds fewer false positives
MISRA.CTOR.BASE Finds fewer false positives
MLK.MUST Finds fewer false positives
NPD.FUNC.MIGHT Finds fewer false positives
RH.LEAK Finds fewer false negatives
UNINIT.STACK.MUST Finds fewer false positives

Enabled or disabled checkers

No checkers were added to the default enabled field of the checker configuration files in this release.

Taxonomy improvements

As part of the installation, you will find several custom taxonomy files that map Klocwork checkers to coding standards such as MISRA, CWE, OWASP, and DISA STIG.

Taxonomy Improvements

autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf

autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf

Added or modified checker mappings to the following rules:

  • A5-2-5
cert_c_all.tconf and cert_c_all_ja.tconf

Added or modified checker mappings to the following rules:

  • ARR30-C
  • FIO37-C
cert_c_rules.tconf and cert_c_rules_ja.tconf

Substantial reorganization of the cert_c_rules.tconf and cert_c_rules_ja.tconf taxonomies.

cert_cpp_rules.tconf and cert_cpp_rules_ja.tconf

The taxonomies were renamed from cert_cpp.tconf and cert_cpp_ja.tconf to cert_cpp_rules.tconf and cert_cpp_rules_ja.tconf, respectively.

Recommendations were removed so that the taxonomies contain only rules.
cert_java.tconf and cert_java_ja.tconf

Added or modified checker mappings to the following rules:

  • ENV06-J
  • JNI00-J
  • MET01-J
  • MSC01-J
  • NUM07-J
  • NUM09-J
  • OBJ11-J
  • SER05-J
  • THI01-J
  • THI03-J

cwe_2019_top_25_cxx.tconf and cwe_2019_top_25_cxx_ja.tconf

cwe_2020_top_25_cxx.tconf and cwe_2020_top_25_cxx_ja.tconf

cwe_2021_top_25_cxx.tconf and cwe_2021_top_25_cxx_ja.tconf

cwe_2022_top_25_cxx.tconf and cwe_2022_top_25_cxx_ja.tconf

cwe_2023_top_25_cxx.tconf and cwe_2023_top_25_cxx_ja.tconf

Added or modified checker mappings to the following rules:

  • CWE-119
  • CWE-125
  • CWE-787
cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf

Added or modified checker mappings to the following rules:

  • CWE-119
  • CWE-120
  • CWE-122
  • CWE-125
  • CWE-787
  • CWE-788
  • CWE-805
  • CWE-806

disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf

disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf

Added or modified checker mappings to the following rules:

  • APSC-DV-002590
  • APSC-DV-003170

Helix QAC taxonomies

Updated the Helix QAC taxonomies to Helix QAC version 2024.3.
helix_qac_c_cpp.tconf and helix_qac_c_cpp_ja.tconf

Added or modified checker mappings to the following categories:

  • Portability - ISO C99 Language features
  • Portability - Language Extension

hkmc_c.tconf and hkmc_c_ja.tconf

Added or modified checker mappings to the following rules:

  • C-ARR-001
  • C-ARR-008
  • C-ARR-009

hkmc_cpp.tconf and hkmc_cpp_ja.tconf

Added or modified checker mappings to the following rules:

  • P-CTR-001
  • P-CTR-003
  • P-CTR-006
  • P-MEM-004
  • P-MEM-006
iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf

Added or modified checker mappings to the following rules:

  • 5.22
kw_quality_std_cxx.tconf and kw_quality_std_cxx_ja.tconf

Added or modified checker mappings to the following categories:

  • Buffer Overflow

misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf

misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf

misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf

Added or modified checker mappings to the following rules and directives:

  • Dir 4.1
  • Rule 2.5
  • Rule 5.5

misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf

misra_c_2023_c90.tconf and misra_c_2023_c90_ja.tconf

misra_c_2023_c99.tconf and misra_c_2023_c99_ja.tconf

Added or modified checker mappings to the following rules and directives:

  • Dir 4.1
  • Rule 1.3
  • Rule 2.5
  • Rule 5.5

pci_3_2_1_cxx.tconf and pci_3_2_1_cxx_ja.tconf

Added or modified checker mappings to the following categories:

  • 6.5.1
  • 6.5.2

Improvements to supported compilers

You'll find additional or improved support for the following compilers:

  • Clang

  • GNU

For the full list of supported C and C++ compilers, see C/C++ compilers supported for build integration.

Licensing

Klocwork supports Reprise License Manager (RLM).

2023 licenses are not compatible with Klocwork 2024.1 or newer. To use the latest version of the product, obtain a new license by contacting Perforce at license@perforce.com.

For more information, see Supported versions of RLM and Operating systems that support RLM dongles.

Changes to system requirements

In this release, we added support for:

  • Amazon Linux 2 (2.0.20241014.0 Update)
  • Android Studio Jellyfish (up 2023.3.1 Patch 1), Ladybug (up to 2024.2.1 Patch 1)
  • CLion 2024.2 (up to 2024.2.3)
  • Debian 12.0 to 12.7

  • Google Chrome 119.x to 131.x

  • IntelliJ IDEA 2024.2 (up to 2024.2.4)

  • Microsoft Edge 119.x to 131.x

  • Mozilla Firefox 120.x to 132.x

  • Ubuntu 24.04 to 24.04.1 LTS
  • Visual Studio 2017 (up to v 15.9.68), 2019 (up to v 16.11.42), 2022 (up to 17.12.1)
  • VS Code 1.85.2 to 1.95.3
  • Windows 11 (v 24H2)

In this release, we ended support for:

  • Debian 10.0 to 10.13

  • Google Chrome 117.x to 118.x

  • Microsoft Edge 117.x to 118.x

  • Mozilla Firefox 118.x to 119.x

  • SUSE Enterprise 12 SP4 to 12 SP5, 15 SP1 to SP4

  • VS Code 1.85.1 to 1.84.2

  • Windows Server 2012 to R2

For the complete list of supported versions, see System Requirements.

Discontinuation of NIS access control starting in Klocwork 2024.3

Starting in Klocwork 2024.3, NIS access control will no longer be supported. Some functionalities may be affected in Klocwork 2024.2.

When migrating from an earlier version to Klocwork 2024.2, you will need to switch to a different authentication method. It is recommended that you switch authentication methods before migrating, to ensure that you can continue to sign in after the upgrade. For migration information, see Setting up NIS access control.

End of life notice for CentOS Linux 7 starting in Klocwork 2024.3

Starting in Klocwork 2024.3, the following operating systems and installers are not supported:

  • CentOS Linux 7

Removal of the Jenkins plug-in starting in 2024.2

Starting in Klocwork 2024.2, the Jenkins plug-in has been removed from Klocwork and the installation package is no longer provided.

Removal of Validate Code Review starting in 2024.2

Starting in Klocwork 2024.2, the Code Review function and its associated command line tools have been removed from Validate.

Discontinuation of docs.roguewave.com in 2024

The docs.roguewave.com site was discontinued in early 2024. For Klocwork versions 2021 and earlier, see the offline documentation that is included with the product.

Discontinuation of Klocwork Server installations in release 2023.4

Starting in release 2023.4, Klocwork Server installations have been discontinued. You can transition to a Validate installation, which is designed to provide a more streamlined and integrated experience.

When transitioning from Klocwork to Validate:

  • Stop your Klocwork instance and back up the projects_root directory.

  • During Validate install, set the projects_root directory location to your current projects_root directory.

  • If you are currently using non-default values for ports or license server, be sure to set the same values when you install Validate.