What's new in Klocwork 2025.3
Released September 2025
Here are the highlights for Klocwork 2025.3. If you're upgrading Klocwork, see the Limitations for items that might affect your upgrade and usage.
Klocwork and Validate enhancements
This release includes the following enhancements.
Explore the refreshed interface in Validate and Klocwork
To reflect the Perforce brand refresh, logos and icons have been updated for a consistent and modern experience across the Klocwork and Validate interfaces, including the Validate portal, installer, and Klocwork plug-ins.
Get a complete picture of MISRA compliance at a glance
You'll find the following improvements to MISRA reports:
- The Rule Summary section in the generic format of the compliance report now shows all rule categories—including those without mapped checkers—so you can check your compliance against the full standard.
- The MISRA compliance report contains two new compliance levels, Not enforced (Disapplied) and Not enforced (Disabled), to identify instances where all checkers mapped to a rule have been disabled. See MISRA compliance levels for details.
Take advantage of better bug-tracking
An issue with the integration for bug-tracking systems in versions 2024.2 to 2025.2 has been fixed by updating the internal implementation of review_action.py. As a result, you’ll need to migrate your review_action.py script to Python 3.
Write KAST expressions with real-time editing support
Checker Studio now includes intelligent code completion and syntax highlighting for C/C++, C#, and Java KAST patterns, similar to modern IDEs.
C, C++ and C# enhancements
KAST expressions now support single-line and multi-line comments using the (: comment :) syntax to improve the readability and maintenance of KAST checkers. To learn more, see C/C++ KAST syntax reference.
Java enhancements
The analysis engine now defaults to JDK 15 (previously JDK 1.8) when analyzing projects targeting JDK version 15 or higher. As a result, projects built with JDK version 15 or higher will see improved semantic resolution, more accurate MIR generation, and a reduction in false positives. For instance, analysis of Android 14 (compiled with JDK 17) demonstrates significant improvements in accuracy and overall analysis quality. If the Java version specified in a project is not supported, the Java analysis engine will automatically default to the latest supported Java version.
Plug-ins and extensions
Instead of having to search the Klocwork documentation or Validate portal, save time by viewing taxonomy and reference data for an issue directly in the Visual Studio plug-in. To learn more, see View more information about a detected issue.
Expanded coverage for coding standards
In this release, you'll find the following enhancements to the CERT C/C++ taxonomy rules and recommendations:
- Updated levels to align with the latest changes in the standard.
-
POSIX- and Windows-specific rules have been included to simplify comparisons and clarify enforcement.
Checker improvements
This release includes the following checker improvements.
New checkers
The following checkers were added in this release:
| Checker | Description |
|---|---|
| CXX.ARRAY_INDEX.WITHOUT_CHECK | This C/C++ community checker detects array access without previous check of index. |
| DBZ.GENERAL.FLOAT |
This C/C++ checker flags situations in which a variable that has been assigned a zero constant value locally or as the result of a function call might later be used as a divisor in a division or modulo operation, without being checked for a zero value. |
|
DBZ.ITERATOR.FLOAT |
This C/C++ checker flags situations in which a loop iterator that has been assigned a zero constant value in the execution of the loop might later be used as a divisor in a division or modulo operation, without first being checked for a zero value. |
Modified checkers
The following checkers were modified in this release:
| Checker | Description |
|---|---|
| AUTOSAR.ADD.OVERRIDE.VIRTUAL.SPECIFIER | Additional improvements to checker |
| AUTOSAR.ADD.REDEF.DERIVED.FUNC | Additional improvements to checker |
| CXX.SUSPICIOUS_INDEX_CHECK | Finds fewer false positives |
| CXX.SUSPICIOUS_INDEX_CHECK.CALL | Finds fewer false positives |
| CXX.SUSPICIOUS_INDEX_CHECK.ZERO | Finds fewer false positives |
| DBZ.GENERAL | Finds fewer false positives |
| MISRA.LOGIC.SIDEEFF | Finds additional defects |
| MISRA.MEMB.NON_CONST | Finds fewer false positives |
| MISRA.MEMB.NON_STATIC | Finds fewer false positives |
| MISRA.STDLIB.ATOI | Finds additional defects |
| MISRA.VAR.NEEDS.CONST | Finds fewer false positives |
| NNTS.TAINTED | Finds additional defects |
| NPD.GEN.MUST | Finds additional defects |
| RETVOID.GEN | Additional improvements to checker |
| STRONG.TYPE.ASSIGN.RETURN | Finds fewer false positives |
| VA_UNUSED.INIT | Finds fewer false positives |
Enabled or disabled checkers
No checkers were added to the default enabled field of the checker configuration files in this release.
Taxonomy improvements
As part of the installation, you will find several custom taxonomy files that map Klocwork checkers to coding standards such as MISRA, CWE, OWASP, and DISA STIG.
| Taxonomy | Improvements |
|---|---|
|
autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf |
Added or modified checker mappings to rule A5-6-1. |
|
cert_c_all.tconf and cert_c_all_ja.tconf |
Updated levels to align with the latest changes in the standard. POSIX- and Windows-specific rules have been included to simplify comparisons and clarify enforcement. |
|
cert_c_rules.tconf and cert_c_rules_ja.tconf cert_cpp_rules.tconf and cert_cpp_rules_ja.tconf |
Added or modified checker mappings to rule INT33-C(L2). Updated levels to align with the latest changes in the standard. POSIX- and Windows-specific rules have been included to simplify comparisons and clarify enforcement. |
| cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf |
Added or modified checker mappings to rule CWE-369. |
| hkmc_c.tconf and hkmc_c_ja.tconf |
Added or modified checker mappings to rule C-INT-005. |
| iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf |
Added or modified checker mappings to rule 5.26. |
| misra_c_2004.tconf and misra_c_2004_ja.tconf |
Added or modified checker mappings to Rule 9.1. |
|
misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf misra_c_2023_c90.tconf and misra_c_2023_c90_ja.tconf misra_c_2023_c99.tconf and misra_c_2023_c99_ja.tconf misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf misra_c_2025_c90.tconf and misra_c_2025_c90_ja.tconf misra_c_2025_c99.tconf and misra_c_2025_c99_ja.tconf misra_c_2025_c11.tconf and misra_c_2025_c11_ja.tconf |
Added or modified checker mappings to Dir. 4.1. |
Improvements to supported compilers
You'll find additional or improved support for the following compilers:
-
clang
-
GNU C compilers (GCC)
-
QNX
For the full list of supported C and C++ compilers, see C/C++ compilers supported for build integration.
Licensing
Klocwork supports Reprise License Manager (RLM).
- 2024 licenses are not compatible with Klocwork 2025.1 or newer. To use the latest version of the product, obtain a new license by contacting license@perforce.com. For more information, see Supported versions of RLM and Operating systems that support RLM dongles.
- The RLM command line utility
rlmstatcan be installed from the Validate or RLM license server package.
Changes to system requirements
We added support for the following environments:
- AlmaLinux 9.6
- Amazon Linux 2 (2.0.20250818.2 Update)
- Android Studio Narwhal (up to 2025.1.2 Patch 1)
- CLion 2024.3 (up to 2024.3.6), 2025.1 (up to 2025.1.4)
- Eclipse 4.36 (2025-06)
- glibc 2.42
- Google Chrome 129.x to 139.x
- gradle, gradlew 8.14.3
- IntelliJ IDEA 2024.3 (up to 2024.3.6)
- Jenkins 2.479.3 and newer
- Maven 3.9.11
- Microsoft Edge 129.x to 139.x
- Mozilla Firefox 130.x to 142.x
- Oracle Linux 9.6
- Red Hat Enterprise Linux 9.6
- Rocky Linux 9.6
- SUSE Enterprise 15 SP5 to 15 SP7
- Ubuntu 24.04.3 LTS
- Visual Studio 2017 (up to 15.9.76), 2019 (up to 16.11.50), and 2022 (up to 17.14.13)
- VS Code 1.94.2 to 1.103.1
We ended support for the following environments:
- Google Chrome 126.x to 128.x
- Microsoft Edge 126.x to 128.x
- Mozilla Firefox 127.x to 129.x
- VS Code 1.91.1 to 1.93.1
For the complete list of supported versions, see the System Requirements.
End of life notice for Visual Studio 2015 plug-in in 2025.4
Starting in release 2025.4, the Klocwork Desktop plug-in for Visual Studio is no longer provided or supported for Visual Studio 2015 in alignment with Microsoft's end of extended support for Visual Studio 2015.
Removal of compliance licenses for compliance reports in 2025.2
Starting in release 2025.2, a compliance license is no longer required to generate full (non-summary) compliance reports. To learn more about compliance reports, see Creating a compliance report.
Removal of the kwmatch utility in 2025.2
Starting in release 2025.2, the kwmatch utility has been removed. If you are upgrading from a previous version, we recommend using streams to manage project branches and kwxsync for cross-project issue synchronization.
If you previously used kwmatch for specific projects and created a database for it, and then you migrate those projects to 2025.2 or later, your database will no longer be used and you can remove it.
Removal of the dbvalidate cleanup utility in 2025.2
Starting in release 2025.2, you can no longer run the dbvalidate cleanup utility directly. Some dbvalidate commands for removing duplicated issues and comments remain available for use if advised specifically by Klocwork Support.
Removal of separate licenses for streams in 2025.1
Starting in release 2025.1, separate licenses for streams are no longer required.