What's new in Klocwork 2022.3

Here are the highlights for Klocwork 2022.3. If you're upgrading, also see the Limitations for items that affect how you use Klocwork.

C/C++ analysis engine

We've added the following new checkers:

  • DBZ.ITERATOR.CALL detects cases where division by zero might occur in a function call.
  • NUM.OVERFLOW.DF detects possible cases of numeric overflow or wraparound in an arithmetic operation.

We've also updated mappings to many of the standards we support, as listed below in the Taxonomies improvements section.

C#

In this release we added support for C# 7.2. More specifically, we now support

  • readonly references, such as in parameters and ref readonly locals

  • non-trailing named arguments

  • conditional ref expressions

  • the private protected access modifier

  • leading underscores in numeric literals

  • initializers on stackalloc arrays

We also updated the OWASP Top 10 2021 taxonomy for C#.

Java

This release includes support for Java 13. We've also enhanced the following areas:

  • We've added new API points to our knowledge base. We're detecting more defects and have enhanced the quality of our analysis.
  • The kwandroid command now supports all kwinject options.
  • We've tidied some java build messages by moving sourcegraph messages under the debug category.
  • We've mapped checkers to weaknesses CWE-1032 and CWE-1035.
  • And we've reduced false positives for the checker RLK.SQLOBJ.

OSS static analyzers

We've upgraded the analysis engines for Eslint, Kotlin, and Python. These upgrades include many new checkers.

You can also tune JavaScript and Python checkers. For more information, see Tuning JavaScript analysis and Tuning Python analysis.

Visual Studio

You can now run your C# analysis in Visual Studio by using the kwcheck command. Using kwcheck can significantly improve analysis performance.

Coding standards

This release includes new and expanded standards coverage for the following coding standards:

  • AUTOSAR
  • CERT
  • CWE for C/C++, Java
  • HKMC
  • ISO/IEC TS 17961
  • JSF AV C++
  • MISRA
  • OWASP Top 10 2021 for C#

Klocwork checker improvements

From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change as accuracy and coverage improve.

New Klocwork checkers

Checker Description
DBZ.ITERATOR.CALL This C/C++ checker detects cases where division by zero might occur in a function call.

NUM.OVERFLOW.DF

This C/C++ checker detects possible cases of numeric overflow or wraparound in an arithmetic operation.

Modified Klocwork checkers

Checker Description
ABV.GENERAL Reduced false positives
ABV.GENERAL.MULTIDIMENSION New defects detected
AUTOSAR.ADD.NULLPTR Reduced false positives
AUTOSAR.OP.BINARY.RETVAL Reduced false positives
CERT.CONC.ATOMIC_TWICE_EXPR Overall improvements to the checker
CONC.NO_UNLOCK Reduced false positives
CONC.UNLOCK. GLOBAL Reduced false positives
INVARIANT_CONDITION.UNREACH Reduced false positives
MISRA.ASSIGN.OVERLAP Reduced false positives
MISRA.INCGUARD New defects detected
MLK.MUST New defects detected
RLK.SQLOBJ Reduced false positives
UNREACH.GEN Reduced false positives
VA_UNUSED.INIT Reduced false positives

Enabled or disabled checkers

No checkers were added to the default enabled field of the checker configuration files for this release.

Taxonomy improvements

As part of our installation, we offer several custom taxonomy files that map our checkers to standards such as MISRA, CWE, OWASP, and DISA STIG.

Taxonomy New/updated

autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf

autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf

Modified checker mapping for the following rule:

  • A5-6-1

cert_c_all.tconf and cert_c_all_ja.tconf

cert_c_rules.tconf and cert_c_rules_ja.tconf

Added or modified checker mappings to the following rules:

  • INT30-C

  • INT32-C

cert_cpp.tconf and cert_cpp_ja.tconf Added or modified checker mappings to the following rules:
  • CERT EXP60-CPP

  • CERT INT32-C

  • CERT POS35-C

  • CERT STR30-C

cwe_2019_top_25_cxx.tconf and cwe_2019_top_25_cxx_ja.tconf

cwe_2020_top_25_cxx.tconf and cwe_2020_top_25_cxx_ja.tconf

cwe_2021_top_25_cxx.tconf and cwe_2021_top_25_cxx_ja.tconf

Added or modified checker mappings to the following weaknesses:

  • CWE-190

cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf

Added or modified checker mappings to the following weaknesses:

  • CWE-119
  • CWE-124

  • CWE-125

  • CWE-190

  • CWE-369

  • CWE-481

  • CWE-482

  • CWE-484

  • CWE-783

  • CWE-787

  • CWE-806

cwe_all_java.tconf and cwe_all_java_ja.tconf

Added or modified checker mappings to the following weaknesses:

  • CWE-1032

  • CWE-1035

cwe_all_py2.tconf and cwe_all_py2_ja.tconf

These taxonomies were removed.

disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf

disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf

Significant changes to the checker mappings.
Helix QAC taxonomies The Helix QAC taxonomies have been updated to Helix QAC version 2022.3.

hkmc_c.tconf and hkmc_c_ja.tconf

hkmc_cpp.tconf and hkmc_cpp_ja.tconf

New taxonomies that map C/C++ checkers to the Hyundai-Kia Motor Corp (HKMC) Coding Standard for Automotive Development.
iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf

Added or modified checker mappings to the following rules:

  • 5.26

  • 5.30

js.base.tconf and js.base_ja.tconf Updated to version 8.20.
js.react.tconf and js.react_ja.tconf Updated to version 7.30.0.

js.ts.tconf and js.ts_ja.tconf

Updated to version 5.32.0.
js.vue.tconf and js.vue_ja.tconf Updated to version 9.1.0.
jsf_av_rev_c_cpp.tconf and jsf_av_rev_c_cpp_ja.tconf

Added or modified checker mappings to the following rules:

  • 203

kt.base.tconf and kt.base_ja.tconf Updated to version 1.21.0.

owasp_2021_10_py2.tconf and owasp_2021_10_py2_ja.tconf

These taxonomies were removed.
misra_c_2004_certified.tconf and misra_c_2004_certified_ja.tconf

Added or modified checker mappings to the following rules:

  • 12.11

misra_c_2012_c90_all_checkers.tconf and misra_c_2012_c90_all_checkers_ja.tconf

misra_c_2012_c90_certified.tconf and misra_c_2012_c90_certified_ja.tconf

misra_c_2012_c99_all_checkers.tconf and misra_c_2012_c99_all_checkers_ja.tconf

misra_c_2012_c99_certified.tconf and misra_c_2012_c99_certified_ja.tconf

misra_c_2012_with_amd1_c90_all_checkers.tconf and misra_c_2012_with_amd1_c90_all_checkers_ja.tconf

misra_c_2012_with_amd1_c90_certified and misra_c_2012_with_amd1_c90_certified_ja.tconf

misra_c_2012_with_amd1_c99_all_checkers.tconf and misra_c_2012_with_amd1_c99_all_checkers_ja.tconf

misra_c_2012_with_amd1_c99_certified.tconf and misra_c_2012_with_amd1_c99_certified_ja.tconf

misra_c_2012_with_amd2_c11_all_checkers.tconf and misra_c_2012_with_amd2_c11_all_checkers_ja.tconf

misra_c_2012_with_amd2_c11_certified.tconf and misra_c_2012_with_amd2_c11_certified_ja.tconf

Added or modified checker mappings to the following rules:

  • Dir 4.1

  • 18.1

owasp_2021_10_cs.tconf and owasp_2021_10_cs_ja.tconf

Significant changes to the checker mappings.

owasp_2021_10_py2.tconf and owasp_2021_10_py2_ja.tconf

These taxonomies were removed.

python.py2.tconf and python.py2_ja.tconf

These taxonomies were removed.

python.py3.tconf and python.py3_ja.tconf

Updated to version 3.

Improvements to supported compilers

We've added or improved support for the following compilers:

  • HI-TECH C
  • Synopsys ARC MetaWare

For the full list of supported C/C++ compilers, see C/C++ compilers supported for build integration.

Licensing

Klocwork now supports Reprise License Manager (RLM). FLEXlm/FlexNet Publisher support is deprecated, but will continue to work until the release of Klocwork 2023.1. You can continue to use your existing FLEX license files for the remainder of the Klocwork 2022 releases. If you need new license files, please contact license@perforce.com.

2021 licenses are not compatible with Klocwork 2022.3. You need a new license to use the latest version of the product. Contact license@perforce.com to obtain a new license.

Changes to system requirements

In this release, we've added support for

  • Debian 10.12, 11.4
  • Red Hat Enterprise Linux 8.6
  • Oracle Linux 8.6
  • Amazon Linux 2 (2.0.20220805.0 Update)

  • Ubuntu 18.04.6 LTS, 20.04.5 LTS

  • Fedora 36

  • SUSE Enterprise 15 SP4

  • Eclipse 4.24

  • Android Studio Chipmunk (2021.2.1 Patch 2)

  • Visual Studio 2017 version 15.9.50

  • Visual Studio 2019 version 16.11.18

  • Visual Studio 2022 version 17.3.4

  • Visual Studio Code 1.71

  • IntelliJ IDEA 2021.3 (up to 2021.3.3)

  • Microsoft Edge 99.x, 100.x, 101.x, 102.x, 103.x, 104.x, 105.x

  • Firefox 98.x, 99.x, 100.x, 101.x, 102.x, 103.x, 104.x

  • Chrome 93.x to 105.x

  • Jenkins 2.366

  • Gradle 7.5.1

In this release, we've ended support for

  • Python 2 analysis

  • CentOS 8.0 to 8.5
  • Ubuntu 21.04

  • Fedora 34

  • OpenSUSE Leap 15.4

  • Microsoft Edge 89.x, 90.x, 91.x, 92.x

  • Firefox78.x, 86.x, 87.x, 88.x, 89.x, 90.x, 91.x

  • Chrome 88.x-92.x

For the complete list of supported versions, see System Requirements.

Maintenance for Klocwork 2020 ended

Maintenance for all versions of Klocwork 2020 ended March 31, 2022. The end of maintenance (EOM) date and end of sale (EOS) date was also March 31, 2022. For information about the availability of support for any release of Klocwork, see the Klocwork Product Lifecycle.

Pre-announcements

Take note of the following changes we have planned for upcoming releases.

Path API version upgrade in Klocwork 2022.4

After Klocwork 2022.4 is released, we recommend you review your custom checkers for potential race conditions and recompile by using the 2022.4 Klocwork Path API headers and library. Old custom checkers that are not recompiled will continue to work, but will not be able to use the parallelization feature improvements.

End of Life notice for FLEXlm/FlexNet Publisher as of Klocwork 2023.1

This is a six-month notice for the End-Of-Life and support for FLEXlm/FlexNet Publisher license files.

Klocwork is changing its license management tool by moving from FLEXlm/FlexNet Publisher to Reprise License Manager (RLM) as of Klocwork 2023.1.

New product license files will be generated for Reprise, and if you require a FLEX license file for older Klocwork versions we will provide this for you.

End of Life notice for macOS as of Klocwork 2023.1

Beginning with Klocwork 2023.1, the following operating systems and installers will not be supported:

  • macOS