What's new in Klocwork 2018
Here are the highlights for Klocwork 2018. If you're upgrading, also see the Limitations for items that affect how you use Klocwork.
Features in the latest release of Klocwork 2018
In the latest release of Klocwork 2018, we’re happy to announce the release of a new Klocwork checker, SPECTRE.VARIANT1, that detects potential occurrences of Spectre variant 1 (CVE-2017-5753) in your code. For a detailed explanation about the checker and how it works, see our video.
We've also improved support for Chromium-based browsers.
New analysis engine with support for latest C++ 17 language features
Our new analysis engine provides improved support for C++ 11, 14, and 17 language features. Improved support means you can be confident that Klocwork 2018 is performing the most complete analysis on the most complex C++ applications. For more information, see Supported C++ language specifications.
Cross-version support for builds
Klocwork 2018 has decoupled the Build Server version from the Portal and Desktop tools, up to three minor releases back. This means you can load Klocwork 2017.1, 2017.2, and 2017.3 builds into Klocwork 2018 without having to import or migrate data. For large organizations, this feature provides flexibility by allowing you to upgrade the Portal and Desktop tools to take advantage of improvements, while still analyzing some or all of your projects with a previous version of Klocwork. For more information, see Cross-version support for builds.
2017 licenses are not compatible with Klocwork 2018. You need a new license to use the latest version of the product. Contact firstname.lastname@example.org to obtain a new license.
In release 2017.3, we upgraded the version of FlexNet Publisher that we support for Windows, Linux, and Mac platforms to version 2016 R2 (126.96.36.199). The versions of FlexNet Publisher used with AIX and Sun Solaris are unchanged.
If you are using your own FlexNet Publisher license server, the Windows, Linux and Mac installations of Klocwork 2018.3 are compatible with FlexNet Publisher 2016 R2 (188.8.131.52) and later. The versions of FlexNet Publisher used by Solaris and AIX are not compatible; therefore, for example, a Klocwork integration build analysis on a Windows machine will not be able to check out a license from a license server running on Solaris or AIX.
For more information, see Supported versions of Flex Net Publisher.
Improvements to supported compilers
- Microsoft Visual C++
- Wind River GCC
For the full list of supported C/C++ compilers, see C/C++ compilers supported for build integration.
Changes to the Path API
In Klocwork 2016, we made a number of changes to the C++ version of our Path API. Chapter 2 of the Klocwork C/C++ Path Analysis API Reference contains a list of deprecated functions and provides a proposed replacement for each. As of Klocwork 2017.1, the use of deprecated functions causes compiler errors instead of compiler warnings.
If you're using deprecated functions, we recommend you migrate to supported functions now. For more information, see Important changes to the Path API in version 11.2.
From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change as accuracy and coverage improve.
Enabled or disabled checkers
No changes were made to the default enabled field of the checker configuration files for this release.
|Taxonomy file||Changes in this release|
|disa_stig_10_cxx.tconf and disa_stig_10_cxx_ja.tconf||We removed references to the following checkers:|
APP3570: Command injection
APP3590.2: Buffer overflows
|disa_stig_10_java.tconf and disa_stig_10_java_ja.tconf||
We added references to the following checkers:
APP3570: Command injection vulnerabilities
We removed references to the following checkers:
APP3760 and APP3780: Application level DoS
Changes to system requirements
- Debian 9.2
- Fedora 27
- CentOS 6.9
- macOS High Sierra 10.13
- Android Studio 3.0
- IntelliJ IDEA 2017.2.6
- Internet Explorer 11.0.47
- Edge 41.16299.15
- Mozilla Firefox 57
- Google Chrome 62.0.3202
- Debian 7.9, 8.5, 9.1
- Red Hat Enterprise Linux 5.11, 6.8
- Ubuntu 16.10, 17.04
- Fedora 23, 24
- OpenSUSE Enterprise 11.2, 11.4
- CentOS 6.7
- macOS 10.10.5
- Visual Studio 2008
- Internet Explorer 11.0.9600, 11.0.10240
- Edge 40.15063
- Mozilla Firefox 55.0.3
- Google Chrome 61.0.3163
- Glibc below version 2.15
Changes to commands and options
We modified the kwbuildproject command by removing the --log-file and --resume options.
We modified the kwbuildproject command by adding the --classic option. The --classic option forces Klocwork to use the previous generation (pre-Klocwork 2018) analysis engine. The previous analysis engine only provides partial support for C++11 and C++14.
For more information about Klocwork commands, see Command Reference.