What's new in Klocwork 2023.4

Here are the highlights for Klocwork 2023.4. If you're upgrading, see the Limitations for items that affect how you use Klocwork.

Command options for exact match and overrides file

In this release, we have introduced new functionalities for exact match and overrides file options in both kwcheck and kwciagent.

  • Exact File Matching:

    Enable exact file matching by setting the enable_exact_file_match option to true when using kwcheck or kwciagent.

  • File Overrides:

    Run the --overrides-file option with kwcheck or kwciagent to apply file matching overrides.

Clean command for kwcheck and kwciagent

In this release, we have introduced the command "clean" in both kwcheck and kwciagent to clean your local Klocwork project and/or settings directories.

Deprecation of docs.roguewave.com in 2024

The docs.roguewave.com site will be deprecated in early 2024. Refer to the offline help documentation that is included with the product for versions 2021 and earlier.

Klocwork/Validate Server

In this release, Apache Tomcat has been upgraded to version 8.5.96, with enhanced performance, security features, and additional optimizations for a more efficient and reliable server environment.

Plugins and extensions

From Klocwork 2023.4, the Klocwork Desktop Analysis plugins for IntelliJ IDEA, Android Studio, and CLion will work when using version 2023.1 or higher of the IDEs.

In release 2023.4, stability fixes have been completed for the Klocwork extension for Visual Studio Code and Klocwork Desktop plug-in for Visual Studio. Several customer issues have also been fixed, including:

  • In Visual Studio Code, the error notification on startup will appear only if the workspace contains Klocwork analysis folders.

  • In Visual Studio Code, the status options are ordered consistently in different areas of the extension.

  • In Visual Studio, the infobar will be enabled immediately and updated after Klocwork options are saved.

  • In Visual Studio, the defects of server taxonomies will disappear after being disconnected from the server.


In this release we

  • improved tracking of array values when using constant indices

  • improved the desktop analysis tools (kwcheck/kwciagent) to match more closely the results of the server analysis tool (kwbuildproject).

  • improved the C/C++ analysis engine for stability and accuracy

  • significantly updated the HKMC taxonomy for more accurate coverage of rules


In this release we

  • added a new taxonomy for CWE 2023 Top 25 for C#


In this release we

  • added a new taxonomy for CWE 2023 Top 25 for Java
  • added support for Gradle 8.3
  • improved CERT Java coverage
  • expanded analysis and identification of potential issues for enhanced code security

Coding standards

This release includes new and expanded standards coverage for the following coding standards:

  • CWE IDs and 2023 Top 25 for C/C++, C#, and Java
  • CERT Secure Coding Standard
  • HKMC Secure Coding Standard
  • Klocwork Quality
  • MISRA 2012 AMD3
  • Payment Card Industry Data Security Standard

Checker improvements

From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change as accuracy and coverage improve.

New checkers

Checker Description
CXX.SUSPICIOUS_INDEX_CHECK This C/C++ checker detects when a suspicious index check is present before accessing an array at a specific index.
CXX.SUSPICIOUS_INDEX_CHECK.CALL This C/C++ checker detects when a suspicious index check is present before accessing an array in another function.
CXX.SUSPICIOUS_INDEX_CHECK.ZERO This C/C++ checker detects when a suspicious index check against zero is present before accessing an array, but the index value is not checked against the upper array boundary.
MISRA.BITFIELD.UNION This MISRA checker detects when a union contains bit field(s) as member(s).
MISRA.INTEGER_CONSTANT.MACRO.FLOAT_VALUE This MISRA checker detects when the argument of an integer-constant macro is not a floating-point number.
MISRA.INTEGER_CONSTANT.MACRO.RANGE This MISRA checker detects when the argument of an integer-constant macro is not within the range.
MISRA.INTEGER_CONSTANT.MACRO.SUFFIX This MISRA checker detects when the argument of an integer-constant macro is not an unsuffixed integer constant.

Modified checkers

Checker Description
ABV checkers Overall improvements to the checkers

Updated the documentation and reduced false positives

AUTOSAR.OP.BINARY.RETVAL Reduced false positives
CS.HIDDEN.MEMBER checkers Reduced false positives
CS.RLK Reduced false positives
CWARN.IMPLICITINT Reduced false positives

Updated the documentation with sample codes

INFINITE_LOOP.GLOBAL Reduced false positives

Updated the documentation with clarification

MISRA.ASSIGN.OVERLAP Reduced false positives
MISRA.FLOAT_EQUAL New defects detected
MISRA.MEMB.NON_CONST Reduced false positives
MISRA.ONEDEFRULE.VAR Reduced false positives
MISRA.VAR.HIDDEN Reduced false positives
MLK checkers Reduced false positives
NNTS.MUST Overall improvements to the checker
NNTS.TAINTED New defects detected
NPD checkers New defects detected
RABV.CHECK Reduced false positives
RLK checkers Reduced false positives
RN.INDEX Reduced false positives


New defects detected


New defects detected
SV.TAINTED.GLOBAL New defects detected
UNINIT.CTOR.MUST Reduced false positives
UNUSED.FUNC.GEN Reduced false positives
UFM checkers New defects detected

Enabled or disabled checkers

No checkers were added to or removed from the default enabled field of the checker configuration files for this release.

Taxonomy improvements

As part of our installation, we offer several custom taxonomy files that map our checkers to standards such as MISRA, CWE, OWASP, and DISA STIG.

Taxonomy New/updated
cert_cpp.tconf and cert_c_pp_ja.tconf

Added or modified checker mappings to the following rules:


cert_java.tconf and cert_java_ja.tconf

The cert_java.tconf and cert_java_ja.tconf taxonomies were renamed from cert_java_community.tconf and cert_java_community_ja.tconf, respectively.

Added a substantial number of mappings to the cert_java.tconf and cert_java_ja.tconf taxonomies.

cwe_2019_top_25_cxx.tconf and cwe_2019_top_25_cxx_ja.tconf

cwe_2020_top_25_cxx.tconf and cwe_2020_top_25_cxx_ja.tconf

cwe_2021_top_25_cxx.tconf and cwe_2021_top_25_cxx_ja.tconf

cwe_2022_top_25_cxx.tconf and cwe_2022_top_25_cxx_ja.tconf

cwe_2023_top_25_cxx.tconf and cwe_2023_top_25_cxx_ja.tconf

Added or modified checker mappings to the following weaknesses:

  • CWE-119

  • CWE-125

  • CWE-787

cwe_2023_top_25_cs.tconf and cwe_2023_top_25_cs_ja.tconf

cwe_2023_top_25_java.tconf and cwe_2023_top_25_java_ja.tconf

Added new taxonomies that map Klocwork checkers to the 2023 CWE Top 25 Most Dangerous Software Weaknesses.
cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf

Added or modified checker mappings to the following weaknesses:

  • CWE-119

  • CWE-124

  • CWE-125

  • CWE-787

disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf

disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf

Added or modified checker mappings to the following rules:

  • APSC-DV-002590

  • APSC-DV-003170

disa_stig_v5_java.tconf and disa_stig_v5_java_ja.tconf

Added or modified checker mappings to the following rules:

  • APSC-DV-001540

hkmc_c.tconf and hkmc_c_ja.tconf

hkmc_cpp.tconf and hkmc_cpp_ja.tconf

Substantial reorganization of the hkmc_c.tconf and hkmc_c_ja.tconf taxonomies.

iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf

Added or modified checker mappings to the following rules:

  • 5.22

kw_quality_std_cxx.tconf and kw_quality_std_cxx_ja.tconf

Added or modified checker mappings to the following categories:

  • Buffer Overflow

misra_c_2023_c11_all_checkers.tconf and misra_c_2023_c11_all_checkers_ja.tconf

misra_c_2023_c11_certified.tconf and misra_c_2023_c11_certified_ja.tconf

Added or modified checker mappings to the following categories:

  • Mandatory Rules

  • Required Rules

misra_c_2023_c90_all_checkers.tconf and misra_c_2023_c90_all_checkers_ja.tconf

misra_c_2023_c90_certified.tconf and misra_c_2023_c90_certified_ja.tconf

Added or modified checker mappings to the following categories:

  • Required Rules

misra_c_2023_c99_all_checkers.tconf and misra_c_2023_c99_all_checkers_ja.tconf

misra_c_2023_c99_certified.tconf and misra_c_2023_c99_certified_ja.tconf

Added or modified checker mappings to the following categories:

  • Mandatory Rules

  • Required Rules

pci_3_2_1_cxx.tconf and pci_3_2_1_cxx_ja.tconf

Added or modified checker mappings to the following rules:

  • 6.5.2

Improvements to supported compilers

We've added or improved support for the following compilers:

  • Clang

  • Clang-cl

  • GNU

  • Green Hills

  • Microsoft Visual C++

  • Windriver GCC

For the full list of supported C/C++ compilers, see C/C++ compilers supported for build integration.


Klocwork supports Reprise License Manager (RLM).

2022 licenses are not compatible with Klocwork 2023.4. You need a new license to use the latest version of the product. Contact license@perforce.com to obtain a new license.

In this release, we have added information about using RLM dongles with Klocwork. For more information, see Supported versions of RLM and Operating systems that support RLM dongles.

End of Life notice for FLEXlm/FlexNet Publisher as of Klocwork 2023.1

Klocwork has changed its license management tool by moving from FLEXlm/FlexNet Publisher to Reprise License Manager (RLM) as of Klocwork 2023.1. FLEXlm/FlexNet Publisher is no longer supported.

New product license files will be generated for Reprise; if you require a FLEXlm license file for older Klocwork versions, we can provide this for you.

To learn more about transitioning, see Transition license from FlexLM to Reprise.

Changes to system requirements

In this release, we've added support for:

  • Windows 11 (version 23H2)

  • Debian 11.8

  • Amazon Linux 2 (2.0.20231101.0 Update)

  • Ubuntu 20.04.6 LTS, 22.04.3 LTS

  • openSUSE Leap 15.5

  • SUSE Enterprise 15 SP5

  • Eclipse 4.29 (2023-09)

  • Android Studio Giraffe (2022.3.1 Patch 3)

  • Visual Studio 2017 version 15.9.58

  • Visual Studio 2019 version 16.11.31

  • Visual Studio 2022 version 17.7.6

  • Visual Studio Code 1.84.1 (minimum supported version is 1.74.3)

  • IntelliJ IDEA 2023.1.5, 2023.2.4

  • CLion 2023.2 (up to 2023.2.2)

  • Microsoft Edge 108.x to 119.x

  • Firefox 119.x, 115.x ESR

  • Chrome 119.x

  • Jenkins 2.431

  • Gradle 8.3

  • Windows RLM v15.1BL2

  • Linux RLM v15.1BL2

In this release, we've ended support for

  • Ubuntu 16.04

  • Visual Studio 2022 versions 1.72.2 to 1.74.2

  • IntelliJ IDEA 2019.1, 2019.2

  • Microsoft Edge 105.x to 107.x

  • Firefox 105.x to 106.x

  • Chrome 106.x to 108.x

For the complete list of supported versions, see System Requirements.

Discontinuation of Klocwork Server installations in release 2023.4

Starting from release 2023.4, Klocwork Server installations have been discontinued. We recommend transitioning to Validate installation for a more streamlined and integrated experience.

When transitioning from Klocwork to Validate:

  • Stop your Klocwork instance and back up the projects_root.

  • During Validate install, set the projects_root location to your current projects_root.

  • If you are currently using non-default values for ports or license server, be sure to set the same values during Validate install.

Deprecation of issue grouping

Issue grouping is deprecated as of Klocwork 2023.3. If you are upgrading from a previous version, we recommend turning off issue grouping before performing a migration.

Maintenance for Klocwork 2021 ended

Maintenance for all versions of Klocwork 2021 ended March 31, 2023. The end of maintenance (EOM) date and end of sale (EOS) date was also March 31, 2023. For information about the availability of support for any release of Klocwork, see the Klocwork Product Lifecycle.

Path API version upgrade in Klocwork 2023.1

We upgraded the Path API version to accommodate multi-threaded execution within path analysis instances. The upgraded API is not backward compatible with previous versions. All custom checkers using the Path API need to be updated and recompiled by using the 2023 Klocwork Path API headers and library. To learn more, see the Path API documentation.

End of Life notice for macOS as of Klocwork 2023.1

Beginning with Klocwork 2023.1, the following operating systems and installers are not supported:

  • macOS