What's new in Klocwork 2025.3

Released September 2025

Here are the highlights for Klocwork 2025.3. If you're upgrading Klocwork, see the Limitations for items that might affect your upgrade and usage.

Klocwork and Validate enhancements

This release includes the following enhancements.

Explore the refreshed interface in Validate and Klocwork

To reflect the Perforce brand refresh, logos and icons have been updated for a consistent and modern experience across the Klocwork and Validate interfaces, including the Validate portal, installer, and Klocwork plug-ins.

Get a complete picture of MISRA compliance at a glance

You'll find the following improvements to MISRA reports:

  • The Rule Summary section in the generic format of the compliance report now shows all rule categories—including those without mapped checkers—so you can check your compliance against the full standard.
  • The MISRA compliance report contains two new compliance levels, Not enforced (Disapplied) and Not enforced (Disabled), to identify instances where all checkers mapped to a rule have been disabled. See MISRA compliance levels for details.

Take advantage of better bug-tracking

An issue with the integration for bug-tracking systems in versions 2024.2 to 2025.2 has been fixed by updating the internal implementation of review_action.py. As a result, you’ll need to migrate your review_action.py script to Python 3.

Write KAST expressions with real-time editing support

Checker Studio now includes intelligent code completion and syntax highlighting for C/C++, C#, and Java KAST patterns, similar to modern IDEs.

C, C++ and C# enhancements

KAST expressions now support single-line and multi-line comments using the (: comment :) syntax to improve the readability and maintenance of KAST checkers. To learn more, see C/C++ KAST syntax reference.

Java enhancements

The analysis engine now defaults to JDK 15 (previously JDK 1.8) when analyzing projects targeting JDK version 15 or higher. As a result, projects built with JDK version 15 or higher will see improved semantic resolution, more accurate MIR generation, and a reduction in false positives. For instance, analysis of Android 14 (compiled with JDK 17) demonstrates significant improvements in accuracy and overall analysis quality. If the Java version specified in a project is not supported, the Java analysis engine will automatically default to the latest supported Java version.

Plug-ins and extensions

Instead of having to search the Klocwork documentation or Validate portal, save time by viewing taxonomy and reference data for an issue directly in the Visual Studio plug-in. To learn more, see View more information about a detected issue.

Expanded coverage for coding standards

In this release, you'll find the following enhancements to the CERT C/C++ taxonomy rules and recommendations:

  • Updated levels to align with the latest changes in the standard.
  • POSIX- and Windows-specific rules have been included to simplify comparisons and clarify enforcement.

Checker improvements

This release includes the following checker improvements.

New checkers

The following checkers were added in this release:

Checker Description
CXX.ARRAY_INDEX.WITHOUT_CHECK This C/C++ community checker detects array access without previous check of index.
DBZ.GENERAL.FLOAT

This C/C++ checker flags situations in which a variable that has been assigned a zero constant value locally or as the result of a function call might later be used as a divisor in a division or modulo operation, without being checked for a zero value.

DBZ.ITERATOR.FLOAT

This C/C++ checker flags situations in which a loop iterator that has been assigned a zero constant value in the execution of the loop might later be used as a divisor in a division or modulo operation, without first being checked for a zero value.

Modified checkers

The following checkers were modified in this release:

Checker Description
AUTOSAR.ADD.OVERRIDE.VIRTUAL.SPECIFIER Additional improvements to checker
AUTOSAR.ADD.REDEF.DERIVED.FUNC Additional improvements to checker
CXX.SUSPICIOUS_INDEX_CHECK Finds fewer false positives
CXX.SUSPICIOUS_INDEX_CHECK.CALL Finds fewer false positives
CXX.SUSPICIOUS_INDEX_CHECK.ZERO Finds fewer false positives
DBZ.GENERAL Finds fewer false positives
MISRA.LOGIC.SIDEEFF Finds additional defects
MISRA.MEMB.NON_CONST Finds fewer false positives
MISRA.MEMB.NON_STATIC Finds fewer false positives
MISRA.STDLIB.ATOI Finds additional defects
MISRA.VAR.NEEDS.CONST Finds fewer false positives
NNTS.TAINTED Finds additional defects
NPD.GEN.MUST Finds additional defects
RETVOID.GEN Additional improvements to checker
STRONG.TYPE.ASSIGN.RETURN Finds fewer false positives
VA_UNUSED.INIT Finds fewer false positives

Enabled or disabled checkers

No checkers were added to the default enabled field of the checker configuration files in this release.

Taxonomy improvements

As part of the installation, you will find several custom taxonomy files that map Klocwork checkers to coding standards such as MISRA, CWE, OWASP, and DISA STIG.

Taxonomy Improvements

autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf

autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf

Added or modified checker mappings to rule A5-6-1.

cert_c_all.tconf and cert_c_all_ja.tconf

Updated levels to align with the latest changes in the standard.

POSIX- and Windows-specific rules have been included to simplify comparisons and clarify enforcement.

cert_c_rules.tconf and cert_c_rules_ja.tconf

cert_cpp_rules.tconf and cert_cpp_rules_ja.tconf

Added or modified checker mappings to rule INT33-C(L2).

Updated levels to align with the latest changes in the standard.

POSIX- and Windows-specific rules have been included to simplify comparisons and clarify enforcement.

cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf

Added or modified checker mappings to rule CWE-369.

hkmc_c.tconf and hkmc_c_ja.tconf

Added or modified checker mappings to rule C-INT-005.

iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf

Added or modified checker mappings to rule 5.26.

misra_c_2004.tconf and misra_c_2004_ja.tconf

Added or modified checker mappings to Rule 9.1.

misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf

misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf

misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf

misra_c_2023_c90.tconf and misra_c_2023_c90_ja.tconf

misra_c_2023_c99.tconf and misra_c_2023_c99_ja.tconf

misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf

misra_c_2025_c90.tconf and misra_c_2025_c90_ja.tconf

misra_c_2025_c99.tconf and misra_c_2025_c99_ja.tconf

misra_c_2025_c11.tconf and misra_c_2025_c11_ja.tconf

Added or modified checker mappings to Dir. 4.1.

Improvements to supported compilers

You'll find additional or improved support for the following compilers:

  • clang

  • GNU C compilers (GCC)

  • QNX

For the full list of supported C and C++ compilers, see C/C++ compilers supported for build integration.

Licensing

Klocwork supports Reprise License Manager (RLM).

Changes to system requirements

We added support for the following environments:

  • AlmaLinux 9.6
  • Amazon Linux 2 (2.0.20250818.2 Update)
  • Android Studio Narwhal (up to 2025.1.2 Patch 1)
  • CLion 2024.3 (up to 2024.3.6), 2025.1 (up to 2025.1.4)
  • Eclipse 4.36 (2025-06)
  • glibc 2.42
  • Google Chrome 129.x to 139.x
  • gradle, gradlew 8.14.3
  • IntelliJ IDEA 2024.3 (up to 2024.3.6)
  • Jenkins 2.479.3 and newer
  • Maven 3.9.11
  • Microsoft Edge 129.x to 139.x
  • Mozilla Firefox 130.x to 142.x
  • Oracle Linux 9.6
  • Red Hat Enterprise Linux 9.6
  • Rocky Linux 9.6
  • SUSE Enterprise 15 SP5 to 15 SP7
  • Ubuntu 24.04.3 LTS
  • Visual Studio 2017 (up to 15.9.76), 2019 (up to 16.11.50), and 2022 (up to 17.14.13)
  • VS Code 1.94.2 to 1.103.1

We ended support for the following environments:

  • Google Chrome 126.x to 128.x
  • Microsoft Edge 126.x to 128.x
  • Mozilla Firefox 127.x to 129.x
  • VS Code 1.91.1 to 1.93.1

For the complete list of supported versions, see the System Requirements.

End of life notice for Visual Studio 2015 plug-in in 2025.4

Starting in release 2025.4, the Klocwork Desktop plug-in for Visual Studio is no longer provided or supported for Visual Studio 2015 in alignment with Microsoft's end of extended support for Visual Studio 2015.

Removal of compliance licenses for compliance reports in 2025.2

Starting in release 2025.2, a compliance license is no longer required to generate full (non-summary) compliance reports. To learn more about compliance reports, see Creating a compliance report.

Removal of the kwmatch utility in 2025.2

Starting in release 2025.2, the kwmatch utility has been removed. If you are upgrading from a previous version, we recommend using streams to manage project branches and kwxsync for cross-project issue synchronization.

If you previously used kwmatch for specific projects and created a database for it, and then you migrate those projects to 2025.2 or later, your database will no longer be used and you can remove it.

Removal of the dbvalidate cleanup utility in 2025.2

Starting in release 2025.2, you can no longer run the dbvalidate cleanup utility directly. Some dbvalidate commands for removing duplicated issues and comments remain available for use if advised specifically by Klocwork Support.

Removal of separate licenses for streams in 2025.1

Starting in release 2025.1, separate licenses for streams are no longer required.