Kwcheck output reference

Default output

Each line in the kwcheck plain-text output contains at least the following fields:

<issue_ID> (System:<system_ID>) <origin> <file>:<line_number> <issue_code> (<severity_number>:<severity_label>) <status> <message>

where

  • <issue_ID> is a number assigned to the detected issue
  • <origin> is the issue origin. For system issues, the system ID appears in parentheses after the local ID.

    To see system issues, use the --system option with kwcheck list.

  • <issue_code> is a short name for the issue type. For descriptions of issue types, see C and C++ checker reference or Java checker reference.
  • <severity_number> and <severity_label> indicate severity
  • <status> is the current issue status
  • <message> identifies key statements in the code, by line number, that contribute to the detected issue

Example: 

5 (Local) C:\zlib\trees.c:777 ABR (1:Critical) Analyze Buffer overflow, array index of 'bl_tree' may be out of bounds. Array 'bl_tree' of size 39 may use index value(s) 39..65535. Also there are 2 similar errors on line(s) 777.

Detailed output

Use -F detailed with kwcheck list or with kwcheck run to get traceback and comment details about detected issues.

<local_ID> (System:<system_ID>) <origin> <file>:<line_number> <issue_code> (<severity_number>:<severity label>) <status>
<message>
<traceback_lines>
<issue_status>
<comment>

Example: 

5 (System: 22) /testing/myproj/trees.c:777 ABR (1:Critical) Fix
Buffer overflow, array index of 'bl_tree' may be out of bounds. Array 'bl_tree'
of size 39 may use index value(s) 39..65535. Also there are 2 similar errors on
line(s) 777.
* foo.c:760: ...:=tree[0] .dl.len
* foo.c:768: n<=max_code is true
* foo.c:769: ...:=tree[n+1] .dl.len
* foo.c:769: curlen:=nextlen
* foo.c:789: nextlen==0 is false
* foo.c:776: curlen!=prevlen is true
* foo.c:777: The array 'bl_tree' size is 39.
* deflate.h:194: The array 'bl_foo' size is 39.
* foo.c:777: Array 'bl_foo' may use the 39..65535 index.
Current status 'Fix'
Comment:Needs to be fixed immediately

JSON output

Use -F json with kwcheck list or kwcheck run to generate JSON output.

JSON output example

Copy 
  {
    "severity": "Critical",
    "severityCode": 1,
    "supportLevel": "Klocwork Certified",
    "supportLevelCode": 1,
    "taxonomies": [
      {
        "name": "C and C++",
        "metaInfo": ""
      }
    ],
    "id": 5,
    "isSystem": false,
    "isCiDefect": false,
    "fileId": 2,
    "file": "C:\\space\\Projects\\smallC\\0-3.cpp",
    "line": 7,
    "column": 4,
    "code": "ABV.GENERAL",
    "parent": "main",
    "message": "Array 'arr' of size 1 may use index value(s) 1",
    "anchor": 96865,
    "trace": {
      "traceBlocks": [
        {
          "id": 0,
          "method": "main",
          "fileId": 2,
          "file": "C:\\space\\Projects\\smallC\\0-3.cpp",
          "lines": [
            {
              "line": 2,
              "column": 0,
              "text": "Array 'arr' size is 1.",
              "type": "EVENT"
            },
            {
              "line": 7,
              "column": 0,
              "text": "Possible attempt to access element 1 of array 'arr'.",
              "type": "EVENT"
            }
          ]
        }
      ]
    },
    "prefix": "efect-ABV1arr[1]=1;//Defect-ABV2",
    "postfix": "return0;}",
    "alive": true,
    "state": "NEW",
    "citingStatus": "ANALYZE",
    "statusChanged": false,
    "creationTime": 0,
    "groupingCode": 0,
    "starScore": 0
  }
]

XML output

Use -F xml with kwcheck list or kwcheck run to generate XML output.

XML output example

<?xml version="1.0" encoding="UTF-8" ?> 
- <errorList xmlns="http://www.klocwork.com/inForce/report/1.0">
 - <problem>
    <problemID>3</problemID> 
    <isSystem>true</isSystem>
    <file>/space/temp/b1.cc</file> 
    <method>bar</method>
    <code>LV_UNUSED.GEN</code> 
   <message>Local variable 'm' is never used</message> 
    <citingStatus>Analyze</citingStatus> 
    <owner>unowned</owner>
    <severity>Review</severity> 
    <severitylevel>4</severitylevel> 
    <displayAs>Warning</displayAs> 
 - <taxonomies>
    <taxonomy name="C and C++" metaInf="" /> 
    <taxonomy name="alpha" metaInf="" /> 
    <taxonomy name="tax1" metaInf="" /> 
    </taxonomies>
   </problem>
 - <problem>
    <problemID>4</problemID> 
    <file>/space/temp/b1.cc</file> 
    <method>main</method>
    <code>UNREACH.GEN</code> 
    <message>Code is unreachable</message> 
    <citingStatus>Analyze</citingStatus> 
    <owner>unowned</owner>
    <severity>Review</severity> 
    <severitylevel>4</severitylevel> 
    <displayAs>Error</displayAs> 
 - <taxonomies>
    <taxonomy name="C and C++" metaInf="" /> 
    <taxonomy name="alpha" metaInf="" /> 
    </taxonomies>
    </problem>
    </errorList>

XML output file format

The XML Klocwork output contains one <errorList> element with zero or more <problem> elements inside. Each problem description contains the following tags:

  • <problemID> is a number assigned to the issue
  • <isSystem> identifies if it is a system issue
  • <file> is the file name
  • <method> is where the statement occurs in the file
  • <code> is the issue code. See C and C++ checker reference or Java checker reference.
  • <message> identifies key statements in the code that contribute to the issue
  • <citingStatus> is the issue status
  • <owner> is the owner of the file
  • <state> is the issue state
  • <history> is the status update history: the user who changed the status, the status the issue was changed to, the timestamp (in milliseconds) and comments. Appears for an issue only when the issue's status has been changed twice.
  • <severity> and <severitylevel> represent issue severity
  • <displayAs> is Error or Warning. Options determine whether or not warnings are shown in output.
  • <taxonomies> is the taxonomies this issue type is part of

Error message fields for metric threshold violations

The error message field for metric threshold violations contains these additional fields:

<issue_ID> <file>: <line> <metric> <status> Violated metric "<description>": <entity> <real_value> <operation> <threshold>

where

  • <metric> is a metric name
  • <description> is a brief description of the violated metric
  • <software_entity> is the name of the specific software entity that contains the metric violation
  • <real_value> is the detected value of the metric in the code object
  • <operation> is the logical comparison of the real value with the threshold value -- an expression such as less than (<), equal to (=), or greater than (>)
  • <threshold_value> is the threshold set in the metric thresholds configuration file

Example: 

6 (Local) /test_files/TC00000192.c:3 METRICS.E.cyclomatic_complexity Analyze
Violated metric "cyclomaticcomplexity": foo1 21>20

The output indicates that the file TC00000192.c in line 3 violates the metric for Cyclomatic Complexity. The violation occurred because foo1 has a complexity rating of 21, which is higher than the threshold of 20.