What's new in Klocwork 2020.1
Here are the highlights for Klocwork 2020.1. If you're upgrading, also see the Limitations for items that affect how you use Klocwork.
Community checkers and taxonomies
We've leveraged our deep ties with the wider Klocwork community to bring you a series of new taxonomies and community checkers. In doing so, we've added close to 200 community checkers to Klocwork across our supported languages: C/C++, C#, and Java. For more information, see the following:
- AUTOSAR community checker reference
- CERT community C and C++ checker reference
- Klocwork Quality Standard community C and C++ checker reference
- MISRA C:2012 community checker reference
- Klocwork Quality Standard community C# checker reference
- Klocwork Quality Standard community Java checker reference
- CERT Java IDs mapped Klocwork Java checkers
HIS metrics configuration file
The 'his_metrics_community.mconf' file may be of interest to you if your projects focus on automotive industry standards. HIS (Hersteller Initiative Software) was created from five working groups in the automotive industry whose goal is the production of agreed standards. For more information, see Adding the community HIS Metrics configuration file.
Performance improvements
We've upgraded several components in our toolchain to leverage 64-bit architecture, so Klocwork can more effectively analyze large, complex code bases, and projects.
Analysis engine enhancement
We've updated our analysis engine for accuracy and defect detection related to nested namespaces, references, and templates. On some Open Source projects that we benchmark against we've seen up to a 28% increase in defects detected.
Improved Knowledge Bases
We've overhauled the Knowledge Bases we include with Klocwork. You'll see better analysis accuracy in code using the standard C++ library related to smart pointers, utilities, and concurrency, to name a few.
MISRA checkers and taxonomies now fully integrated
In this release, we've integrated all of the MISRA taxonomies and checkers into Klocwork by default, so you no longer need to install and deploy MISRA checker packages separately. Configuring your project to validate against a MISRA taxonomy is now as easy as adding any of our other industry-specific taxonomies. For more information, see Configuring industry-specific coding standards and checkers.
Klocwork checker improvements
From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change as accuracy and coverage improve.
New Klocwork checkers
Checker | Description |
---|---|
CWARN.MOVE.CONST | Detects and reports instances of calls to the std::move() method from the C++ Standard Template Libraries (STL) where the argument is const. |
Modified Klocwork checkers
Checker | Description |
---|---|
INVARIANT_CONDITION.GEN | Fewer false positives are expected. |
MISRA.LITERAL.NULL.INT | New defects detected. |
MISRA.MEMB.NON_CONST | Fewer false positives are expected. |
MISRA.VAR.MIN.VIS | Fewer false positives are expected. |
MISRA.VAR.NEEDS.CONST | Fewer false positives are expected. |
MLK.MUST | Fewer false positives are expected. |
RH.LEAK | Fewer false positives are expected. |
STRONG.TYPE.JOIN.CONST | New defects detected. |
STRONG.TYPE.JOIN.ZERO | New defects detected. |
UNINIT.CTOR.MUST | Fewer false positives are expected. |
UNUSED.FUNC.STL_EMPTY | Fewer false positives are expected. |
Enabled or disabled checkers
- CWARN.MOVE.CONST
Taxonomy improvements
As part of our installation, we offer several custom taxonomy files that map our checkers to standards such as MISRA, CWE, OWASP, and DISA STIG.
Taxonomy | New/Updated |
---|---|
autosar_community_cpp14_19_03 and autosar_community_cpp14_19_03_ja | New taxonomy of the list of Klocwork community C/C++ checkers that map to the secure coding standard defined by the Automotive Open System Architecture (AUTOSAR), release 19-03. |
cert_c_cpp.tconf and cert_c_cpp_ja.tconf | Added references to the following rules:
|
cert_c_cpp_community.tconf and cert_c_cpp_community_ja.tconf | New taxonomy of the list of Klocwork community C/C++ checkers that map to the secure coding standard defined by the computer emergency response team (CERT). |
cert_java_community.tconf and cert_java_community_ja.tconf | New community-developed taxonomy of the list of Klocwork Java checkers that map to the secure coding standard defined by the computer emergency response team (CERT). |
cwe_10_cxx.tconf and cwe_10_cxx_ja.tconf were renamed to cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf. | Taxonomy file renamed. Added references to the following rules:
Removed references to the following rules:
|
cwe_10_java.tconf and cwe_10_java_ja.tconf were renamed to cwe_all_java.tconf and cwe_all_java_ja.tconf. |
List of Klocwork Java checkers that map to the Common Weakness Enumeration (CWE) types. Added references to the following rules:
|
cwe_cs.tconf and cwe_cs_ja.tconf were renamed to cwe_all_cs.tconf and cwe_all_cs_ja.tconf. | Taxonomy file renamed. Added references to CWE-20 and CWE-94. Removed references to CWE-248, CWE-571, and CWE-783. |
cwe_2019_top_25_cs.tconf and cwe_2019_top_25_cs_ja.tconf | New taxonomy of the list of Klocwork C# checkers that map to the 2019 CWE top 25 most dangerous software errors. |
cwe_2019_top_25_cxx.tconf and cwe_2019_top_25_cxx_ja.tconf. | New taxonomy of the list of Klocwork C/C++ checkers that map to the 2019 CWE top 25 most dangerous software errors. |
cwe_2019_top_25_java.tconf and cwe_2019_top_25_java_ja.tconf | New taxonomy of the list of Klocwork Java checkers that map to the 2019 CWE top 25 most dangerous software errors. |
cwe_25_cxx.tconf and cwe_25_cxx_ja.tconf were renamed to cwe_2011_top_25_cxx.tconf and cwe_2011_top_25_cxx_ja.tconf. | Taxonomy file renamed. |
cwe_25_java.tconf and cwe_25_java_ja.tconf were renamed to cwe_2011_top_25_java.tconf and cwe_2011_top_25_java_ja.tconf. | Taxonomy file renamed. |
misra_c_2012_community.tconf and misra_c_2012_community_ja.tconf | New taxonomy of the list of Klocwork community checkers that map to the MISRA C:2012 standard. |
quality_community_cxx.tconf and quality_community_cxx_ja.tconf | New taxonomy of the list of Klocwork community C/C++ checkers that focus on improving overall code quality. |
quality_community_cs.tconf and quality_community_cs_ja.tconf | New taxonomy of the list of Klocwork Community C# checkers that focus on improving overall code quality. |
quality_community_java and quality_community_java_ja | New taxonomy of the list of Klocwork community Java checkers that focus on improving overall code quality. |
Improvements to supported compilers
We've improved support for the following compilers:
- Clang
- GNU
- Microchip MPLAB pic32
- Tasking Tricore
For the full list of supported C/C++ compilers, see C/C++ compilers supported for build integration.
Klocwork release numbering
We've updated our release numbering strategy. Going forward, the first release each year will have the year as the major release number and 1 as the minor release number, for example, 2020.1. Subsequent planned releases will increment the minor number, for example, 2020.2, 2020.3, and 2020.4.
Licensing
2019 licenses are not compatible with Klocwork 2020.4. You need a new license to use the latest version of the product. Contact license@perforce.com to obtain a new license.
We upgraded the version of FlexNet Publisher that we support for Windows and Linux to version 2018 R4 (11.16.2). If you are using your own FlexNet Publisher license server, ensure you upgrade to this or a newer version. You can also use the license server included with Klocwork 2020.1.
Checker support levels
With the introduction of community checkers, we've developed a set of support levels that explain the types of support we offer for the checkers we provide. For more information, see checker support levels.
End of support announcements
As of this release we have ended support for the Microsoft Visual Studio addin. Our Microsoft Visual Studio Extension (kw-vsplugin.vsix) contains the complete feature set and supports Visual Studio versions 2012 to 2019.
Klocwork 2019.3 was the last supported release of the Vim plug-in.
Maintenance for Klocwork 2018 ending
Maintenance for all versions of Klocwork 2018 is ending: the end of maintenance (EOM) date is February 29, 2020; the end of sale (EOS) date is also February 29, 2020. For information about the availability of support for any release of Klocwork, see the Klocwork Product Lifecycle.
Developer Network
In October, 2018, our technical Support Center at https://techsupport.roguewave.com/ was upgraded to include Klocwork. As part of that transition, Developer Network is no longer available.
Portal licensing changes
Klocwork has implemented additional licensing checks related to running the Klocwork Server, which, among other things, underpins the Klocwork portal. We recommend you validate your licensing needs to ensure you have a sufficient number of web service licenses.
Changes to system requirements
- Debian 9.11 and 10.1
- Red Hat Enterprise Linux 7.7
- CentOS 7.7 and 8.0
- Ubuntu 18.04.3 LTS and 19.10
- Oracle Linux 7
- macOS 10.14.6
- Eclipse 4.13
- Android Studio 3.5.1
- Visual Studio 2017 up to 15.9.17
- Visual Studio 2019 up to 16.3.6
- IntelliJ IDEA 2019.4 and 2019.2.3
- QNX Momentics 6.3 SP3
- Wind River Workbench 4 SR0620 Edition 2
- Internet Explorer 11.0.155
- Microsoft Edge 44.18362
- Firefox 68.2.x and 70.x
- Safari 12.1.2
- glibc 2.30
- Gradle 3.x to 5.6.3
We no longer support the following:
- Debian 8.x to 8.11
- Windows 7 SP1
- Windows Server 2008
- Windows 10, version 1709
- Ubuntu 18.10 and 19.04
- Fedora 27 to 28
- openSUSE Leap 15
- SUSE Enterprise 12
- AIX 7.1 TL4 and 7.2 TL1
- macOS 10.12.x
- Visual Studio 2010
- Jenkins continuous integration plug-in
- TeamCity continuous integration plug-in
Changes to commands, tools, and options
We no longer support the kwconan command, or the Jenkins or TeamCity plug-ins for continuous integration. We recommend you use the kwciagent command and our concurrent licensing model instead. We're here to help! If you need assistance making this change, you can contact Static Code Analysis Professional Services to discuss assistance via a services engagement.
For more information about Klocwork commands, see Command Reference.