What's new in Klocwork 2025.4
Released December 2025
Here are the highlights for Klocwork 2025.4. If you're upgrading Klocwork, see the Limitations for items that might affect your upgrade and usage.
On this page:
Klocwork and Validate enhancements
This release includes the following enhancements.
Enjoy cleaner, clearer documentation
The documentation now includes updated fonts and color schemes, along with styling upgrades like highlighted code and page-level navigation for easier browsing.
Enable backward compatibility with multi-version analysis tools
New project-level locking and a version-agnostic architecture allow you to upgrade to the latest Validate server while maintaining backward compatibility for older projects.
You can lock projects to Klocwork version 2022.4 or newer, run builds using legacy tool versions, and leverage the new unified kwanalysis executable for simplified workflows. Optional features include an analysis tool store for hosting multiple versions and wrapper scripts for quick onboarding without pre-installed tools.
For more information about project locking to a previous Validate version, see Configure backward compatibility with earlier analysis tools.
Set up the analysis tool store for multi-version management
The optional analysis tool store centralizes multiple versions of build and CI tools to improve access and management.
The tool store can run in embedded mode for simple setups, or standalone mode for large, multi-Validate environments. It supports automatic tool downloads during analysis, manual upload/list/delete operations, and persistent caching for CI pipelines. This feature simplifies multi-version workflows, accelerates onboarding, and ensures consistent tool availability across distributed environments.
For more information about setting up and using the analysis tool store, see Use the analysis tool store.
Enable zero-install analysis with the new wrapper script
You can now use a wrapper script to enable portable, zero-install onboarding for analysis in ephemeral or containerized environments.
The wrapper automatically validates credentials, downloads missing tools from the analysis tool store, and sets essential environment variables for seamless execution. It supports multiple authentication methods and works for both interactive and CI/CD workflows.
For more information, see Create and use a wrapper script.
Analyze Kotlin, Python, and JavaScript in Klocwork Desktop
Klocwork Desktop now supports analysis for Kotlin, Python, and JavaScript projects. You can generate language-specific build specifications, run analysis, and review issues directly in the Klocwork Desktop GUI, similar to existing workflows for Java.
For more information, see Getting started with Klocwork Desktop for Kotlin, Python, and JavaScript.
C, C++ and C# enhancements
You can now use the modern analysis engine to analyze code compiled natively with Green Hills compilers.
Java enhancements
This release supports up to version 17 of the Java language specification.
Plug-ins and extensions
This release includes the following improvements.
Enable AI-powered code fixes in VS Code
You can now use AI remediation for defects identified by Klocwork or QAC in VS Code.
By integrating GitHub Copilot Chat, you can generate and apply suggested fixes directly within the IDE. The feature supports bulk fixes, natural language enhancements, and interactive workflows for applying or reverting changes.
For more information, see Configure AI remediation for Visual Studio Code.
Optimize continuous analysis in VS Code
To save system resources and improve accuracy of results, the VS Code extension now performs continuous analysis only when you save a file, instead of at automatic intervals while typing.
To improve results, turn off the autosave feature when using continuous analysis.
Expanded coverage for coding standards
In this release, you'll find enhancements to the following taxonomy rules and recommendations:
- MISRA C:2023 and C:2025
- CERT C/C++
- CWE C/C++ and C#
Checker improvements
This release includes a new set of C/C++ checkers that work only with the modern analysis engine. Modern-only checkers are clearly identified in the documentation.
If you run analysis using the classic engine with modern-only checkers enabled, the analysis will stop and tell you which checkers are causing the issue. To proceed, disable those checkers for your project.
New checkers
The following checkers were added in this release:
| Checker | Description |
|---|---|
| CERT.MATH.DOMAIN.CHECK | This CERT checker flags when one or more arguments passed to a standard library math function are outside its valid domain. |
| CERT.MATH.RANGE.CHECK | This CERT checker prevents or detects domain and range errors in math functions. |
|
CERT.SIG.SIG_HANDLER.SHARED_OBJ CERT.SIG.SIG_HANDLER.SHARED_OBJ.HEAP CERT.SIG.SIG_HANDLER.SHARED_OBJ.MIGHT |
These modern-only CERT checkers check for reads and writes of data with static storage duration in signal handlers. |
| MISRA.CONV.TEMP_ARRAY_TO_PTR.2023 |
This MISRA checker flags when your code takes a pointer to an array that exists only temporarily, then uses that pointer after the temporary object no longer exists. |
| MISRA.FUNC.IDENTIFIER_USAGE.CHECK.2023 | This MISRA checker flags when a function identifier is not used with either a preceding & or with a parameterised parameter list. |
| MISRA.FUNC.TYPE.TYPE_QUALIFIED | This MISRA checker flags when a function type is type qualified. |
| MISRA.INIT.DESIGNATOR_LIST.2023 | This MISRA checker flags when an initializer using chained designators contains initializers without designators. |
| MISRA.LANG.OBSOLESCENT.ATOMIC_VAR_INIT.2023 | This MISRA checker looks for the use of the C language features deemed obsolescent, specifically the macro ATOMIC_VAR_INIT. |
| MISRA.LANG.OBSOLESCENT.BOOL_MACROS.2023 | This MISRA checker looks for the use of the C language features deemed obsolescent, specifically the ability to undefine and perhaps then redefine the macros `bool`, `true`, and `false`. |
| MISRA.LANG.OBSOLESCENT.EMPTY_PARENTHESES.2023 | This MISRA checker looks for the use of the C language features deemed obsolescent, specifically the use of function declarators with empty parentheses. |
| MISRA.LANG.OBSOLESCENT.GETS_FUNCTION.2023 | This MISRA checker looks for the use of the C language features deemed obsolescent, specifically the gets function. |
| MISRA.LANG.OBSOLESCENT.KR_FUNCTION_PARAMETERS.2023 | This MISRA checker looks for the use of the C language features deemed obsolescent, specifically the use of function definitions with separate parameter identifier and declaration lists. |
| MISRA.LANG.OBSOLESCENT.REALLOC_ZERO_SIZE.2023 | This MISRA checker looks for the use of the C language features deemed obsolescent, specifically invoking realloc with a size argument equal to zero. |
| MISRA.LANG.OBSOLESCENT.STORAGE_CLASS_POSITION.2023 | This MISRA checker looks for the use of the C language features deemed obsolescent, specifically the placement of a storage-class specifier other than at the beginning of the declaration specifiers in a declaration. |
| MISRA.MACRO.INTEGER_CONSTANT.SMALL_VARIANT.2023 | This MISRA checker flags when macro names are in the list of minimum-width integer constant macros and the size is less than size of int in the platform. |
| MISRA.NORET.2023 |
This MISRA checker flags when a function declared with a _Noreturn function specifier is returned to its caller. |
| MISRA.PTR.VAR_MOD_ARRAY.CHECK.2023 | This MISRA checker flags when a pointer to a variably-modified array type is used in the declaration of any object or parameter. |
| MISRA.PTR.VAR_MOD_ARRAY.2023 | This MISRA checker looks for the use of pointer to variably-modified array types. |
|
MISRA.STDLIB.RAND_FUNC.2023 MISRA.STDLIB.RAND_MACRO.2023 |
These MISRA checker flag when the random number generator functions of <stdlib.h> are used. |
|
MISRA.THREAD.OBJECT.CONDITION.2023 MISRA.THREAD.OBJECT.MUTEX.2023 MISRA.THREAD.OBJECT.MUTEX.ARG.2023 |
These MISRA checkers flag when thread synchronization objects are not initialized before being accessed. |
| MISRA.THREAD.STORAGE.CREATION.2023 | This MISRA checker flags when thread-specific storage pointers are not created before being accessed. |
| MISRA.STDLIB.TGMATH.MACRO.ESSENTIAL_TYPE.2023 | This MISRA checker flags when operand arguments passed to the type-generic macros defined in <tgmath.h> do not have essentially signed, essentially unsigned or essentially floating (either essentially real floating or essentially complex floating) type. |
| MISRA.STDLIB.TGMATH.MACRO.2023 | This MISRA checker flags when operand arguments passed to any of the multi-argument macros defined in <tgmath.h> do not have the same standard type. |
| MISRA.STDLIB.THREAD.BAD_ACCESS.2023 | This MISRA checker flags when thread-related objects are accessed inappropriately. |
| MISRA.THREAD.STORAGE.CREATION.2023 | This MISRA checker flags when thread-specific storage pointers are accessed before being created. |
| MISRA.UNUSED_OBJECT_DEFINITIONS.2023 | This MISRA checker flags when a project contains unused object definitions. |
Modified checkers
The following checkers were modified in this release:
| Checker | Description |
|---|---|
| JD.VNU | Finds fewer false positives |
| MISRA.MEMB.NON_STATIC | Finds fewer false positives |
Enabled or disabled checkers
No checkers were added to the default enabled field of the checker configuration files in this release.
Taxonomy improvements
As part of the installation, you will find several custom taxonomy files that map Klocwork checkers to coding standards such as MISRA, CWE, OWASP, and DISA STIG.
| Taxonomy | Improvements |
|---|---|
|
cert_c_all.tconf and cert_c_all_ja.tconf cert_c_rules.tconf and cert_c_rules_ja.tconf cert_cpp_rules.tconf and cert_cpp_rules_ja.tconf |
Added or modified checker mappings to the following rules:
|
| cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf |
Updated the category descriptions for the following rules:
|
| cwe_all_cs.tconf and cwe_all_cs_ja.tconf |
Updated the category description for rule CWE-896. |
|
disa_stig_v6_cs.tconf and disa_stig_v6_cs_ja.tconf disa_stig_v6_cxx.tconf and disa_stig_v6_cxx_ja.tconf disa_stig_v6_java.tconf and disa_stig_v6_java_ja.tconf |
Updated rule V-222589 [APSC-DV-002350](CAT 2) to rule V-222589 [APSC-DV-002350](CAT 1). |
|
helix_qac_c_cpp.tconf and helix_qac_c_cpp_ja.tconf perforce_qac_c_cpp.tconf and perforce_qac_c_cpp_ja.tconf |
Renamed the taxonomies to Perforce QAC in accordance with the Perforce brand refresh. |
|
misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf |
Added or modified checker mappings to rule 22.2. |
| misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf |
Added or modified checker mappings to the following rules:
|
| misra_c_2023_c90.tconf and misra_c_2023_c90_ja.tconf |
Added or modified checker mappings to the following rules:
|
| misra_c_2023_c99.tconf and misra_c_2023_c99_ja.tconf |
Added or modified checker mappings to the following rules:
|
| misra_c_2025_c11.tconf and misra_c_2025_c11_ja.tconf |
Added or modified checker mappings to the following rules:
|
| misra_c_2025_c90.tconf and misra_c_2025_c90_ja.tconf |
Added or modified checker mappings to the following rules:
|
| misra_c_2025_c99.tconf and misra_c_2025_c99_ja.tconf |
Added or modified checker mappings to the following rules:
|
Improvements to supported compilers
You'll find additional or improved support for the following compilers:
-
Clang
-
GCC
-
Green Hills compilers
For the full list of supported C and C++ compilers, see C/C++ compilers supported for build integration.
Licensing
Klocwork supports Reprise License Manager (RLM).
- 2024 licenses are not compatible with Klocwork 2025.1 or newer. To use the latest version of the product, obtain a new license by contacting license@perforce.com. For more information, see Supported versions of RLM and Operating systems that support RLM dongles.
- The RLM command line utility
rlmstatcan be installed from the Validate or RLM license server package.
Changes to system requirements
We added support for the following environments:
- AlmaLinux 9.7
- Amazon Linux 2 (2.0.20251121.0 Update)
- Android Studio Otter (up to 2025.2.1 Patch 1)
- CLion 2025.1 (up to 2025.1.7), 2025.2 (up to 2025.2.5)
- Debian 12.12
- Eclipse 4.37 (2025-09)
- Google Chrome 131.x to 142.x
- IntelliJ IDEA 2024.3 (up to 2024.3.7)
- Java 17
- Microsoft Edge 131.x to 142.x
- Mozilla Firefox 133.x to 145.x
- Oracle Linux 9.7
- Red Hat Enterprise Linux 9.7
- Visual Studio 2017 (up to 15.9.78), 2019 (up to 16.11.53), and 2022 (up to 17.14.21)
- VS Code 1.100.3 to 1.106.1
We ended support for the following environments:
- Windows 10 (1809 to 21H2)
- Visual Studio 2015
- Google Chrome 129.x to 130.x
- Microsoft Edge 129.x to 130.x
- Mozilla Firefox 130.x to 132.x
- VS Code 1.94.2 to 1.100.2
For the complete list of supported versions, see the System Requirements.
2025.4 End of life notice for Visual Studio 2015 plug-in
Starting in release 2025.4, the Klocwork Desktop plug-in for Visual Studio is no longer provided or supported for Visual Studio 2015 in alignment with Microsoft's end of extended support for Visual Studio 2015.
2025.2 Removal of compliance licenses for compliance reports
Starting in release 2025.2, a compliance license is no longer required to generate full (non-summary) compliance reports. To learn more about compliance reports, see Creating a compliance report.
2025.2 Removal of the kwmatch utility
Starting in release 2025.2, the kwmatch utility has been removed. If you are upgrading from a previous version, we recommend using streams to manage project branches and kwxsync for cross-project issue synchronization.
If you previously used kwmatch for specific projects and created a database for it, and then you migrate those projects to 2025.2 or later, your database will no longer be used and you can remove it.
2025.2 Removal of the dbvalidate cleanup utility
Starting in release 2025.2, you can no longer run the dbvalidate cleanup utility directly. Some dbvalidate commands for removing duplicated issues and comments remain available for use if advised specifically by Klocwork Support.
2025.1 Removal of separate licenses for streams
Starting in release 2025.1, separate licenses for streams are no longer required.