Logo
1.800.487.3217
info@roguewave.com
Need Support Click here
Skip to main content
  • Home
  • Support
  • Videos

Search

  • Release notes
    • What's new in Klocwork 2020.4
      • What's new in Klocwork 2020.3
      • What's new in Klocwork 2020.2
      • What's new in Klocwork 2020.1
    • Fixed issues in Klocwork 2020.4
      • Fixed issues in Klocwork 2020.3
      • Fixed issues in Klocwork 2020.2
      • Fixed issues in Klocwork 2020.1
    • Limitations
  • System Requirements
    • Supported platforms
    • Disk space requirements
    • Processor and RAM requirements
    • Java Virtual Machine requirements
    • Ports used by the Klocwork servers
    • Supported IDEs
    • Supported continuous integration servers
    • Supported browsers
    • Supported source code management systems for Klocwork Code Review
    • Supported Java build tools
    • C/C++ compilers supported for build integration
    • Supported C++ language specifications
    • Supported C# language specifications
    • Supported Java language specifications
    • Application servers supported by Klocwork JSP scanning
    • Supported versions of Flex Net Publisher
    • Supported versions of MariaDB
    • Supported LDAP servers
  • Install
    • About the Klocwork packages and components
    • Upgrading from a previous version
      • Import your existing projects into a new projects root
        • Validate your database (mandatory)
      • Migrate your projects_root directory
    • Installing Klocwork
      • Installing the Klocwork Server package on Windows
      • Installing the Klocwork Server package on Windows -- Upgrade only
      • Installing the Klocwork Server package on Linux
      • Installing the Klocwork Server package on Linux -- Upgrade only
      • Installing the Build Tools package
      • Installing the Build Tools package -- Upgrade only
      • Installing the continuous integration (kwciagent) package
      • Klocwork Server Configuration for Mac/AIX/Solaris
      • Downloading and deploying the desktop analysis plug-ins
      • Downloading and deploying additional resources to your Klocwork Portal
      • Installing a desktop analysis plug-in
        • Install your plug-in
        • Installing the Klocwork plug-in from the Eclipse update site
        • Installing the IntelliJ IDEA/Android Studio/CLion plugins
        • Installing the Visual Studio Code extension
        • Troubleshooting
    • Running a custom installation for new or upgraded IDEs
    • Installing the Distributed Analysis package
    • Unattended installation on Windows
    • After you install
      • Testing your installation
      • Troubleshooting your installation
      • What to communicate to the team
    • Uninstalling Klocwork
  • Administer and Deploy
    • Klocwork Administration
      • Managing the Klocwork Servers
      • Moving or creating additional projects root directories
        • Moving a projects_root directory
        • Creating an additional projects_root directory
        • Licensing with multiple projects_root directories
        • Example: Setting up multiple projects_root directories
        • Special steps for Windows
        • What's next?
      • Cross-version support for builds
      • Viewing and changing Klocwork server settings
      • Optimizing server performance
      • Server log files
      • Licensing
        • Get a license
        • Changing the vendor daemon port in your license file
        • How licensing works
          • Web service license
        • Reserving licenses
        • Finding out how many licenses are in use
        • Switching the licensing debug log to reduce file size
        • Releasing stuck licenses
        • Resolving conflicts with other tools that use FlexNet Publisher licensing
        • Using your organization's FlexNet Publisher server
        • Setting up redundant license servers
      • Security and permissions
        • Setting up access control
          • Setting up single sign-on
          • Setting up LDAP access control
          • Setting up NIS access control
          • Setting up Basic access control
          • Authentication using the ltoken
        • Enabling access to Klocwork projects
        • Using a secure Klocwork Server connection
        • Setting a password for the Klocwork database
        • Permissions for Klocwork administrators and build engineers
        • Permissions for users
      • Integrating bug tracking with Klocwork Static Code Analysis
        • Creating the Python script
        • Displaying links and comments from the bug tracker
      • Improving database performance
      • Backing up Klocwork data
      • Klocwork support for non-ASCII encoding
      • Configuring email notifications
      • Configuration files you can edit
    • Deployment
      • Deployment questions
      • Deployment Phase I - Deployment decisions
      • Deployment Phase I worksheet
      • Deployment Phase II - Implementation steps
      • Deployment Phase II worksheet
      • Deployment Phase III - Expanding Klocwork usage
      • Deployment Phase III worksheet
  • Checkers
    • C and C++ checker reference
      • Attempt to use Memory after Free
        • CL.FFM.ASSIGN
        • CL.FFM.COPY
        • CL.SELF-ASSIGN
        • CL.SHALLOW.ASSIGN
        • CL.SHALLOW.COPY
        • LOCRET.ARG
        • LOCRET.GLOB
        • LOCRET.RET
        • UFM.DEREF.MIGHT
        • UFM.DEREF.MUST
        • UFM.FFM.MIGHT
        • UFM.FFM.MUST
        • UFM.RETURN.MIGHT
        • UFM.RETURN.MUST
        • UFM.USE.MIGHT
        • UFM.USE.MUST
      • Banned recommended APIs
        • SV.BANNED.RECOMMENDED.ALLOCA
        • SV.BANNED.RECOMMENDED.NUMERIC
        • SV.BANNED.RECOMMENDED.OEM
        • SV.BANNED.RECOMMENDED.PATH
        • SV.BANNED.RECOMMENDED.SCANF
        • SV.BANNED.RECOMMENDED.SPRINTF
        • SV.BANNED.RECOMMENDED.STRLEN
        • SV.BANNED.RECOMMENDED.TOKEN
        • SV.BANNED.RECOMMENDED.WINDOW
      • Banned required APIs
        • SV.BANNED.REQUIRED.CONCAT
        • SV.BANNED.REQUIRED.COPY
        • SV.BANNED.REQUIRED.GETS
        • SV.BANNED.REQUIRED.ISBAD
        • SV.BANNED.REQUIRED.SPRINTF
      • Buffer overflow
        • ABV.ANY_SIZE_ARRAY
        • ABV.GENERAL
        • ABV.ITERATOR
        • ABV.MEMBER
        • ABV.STACK
        • ABV.TAINTED
        • ABV.UNICODE.BOUND_MAP
        • ABV.UNICODE.FAILED_MAP
        • ABV.UNICODE.NNTS_MAP
        • ABV.UNICODE.SELF_MAP
        • ABV.UNKNOWN_SIZE
        • NNTS.MIGHT
        • NNTS.MUST
        • NNTS.TAINTED
        • RABV.CHECK
        • RN.INDEX
        • SV.FMT_STR.BAD_SCAN_FORMAT
        • SV.STRBO.BOUND_COPY.OVERFLOW
        • SV.STRBO.BOUND_COPY.UNTERM
        • SV.STRBO.BOUND_SPRINTF
        • SV.STRBO.UNBOUND_COPY
        • SV.STRBO.UNBOUND_SPRINTF
        • SV.UNBOUND_STRING_INPUT.CIN
        • SV.UNBOUND_STRING_INPUT.FUNC
      • C/C++ Warnings
        • CWARN.ALIGNMENT
        • CWARN.BITOP.SIZE
        • CWARN.COPY.NOASSIGN
        • CWARN.DTOR.NONVIRT.DELETE
        • CWARN.DTOR.NONVIRT.NOTEMPTY
        • CWARN.DTOR.VOIDPTR
        • CWARN.INCL.ABSOLUTE
        • CWARN.INCL.NO_INTERFACE
        • CWARN.MEM.NONPOD
        • CWARN.MEMBER.INIT.ORDER
        • CWARN.MOVE.CONST
        • CWARN.NOEFFECT.OUTOFRANGE
        • CWARN.NOEFFECT.SELF_ASSIGN
        • CWARN.NOEFFECT.UCMP.GE.MACRO
        • CWARN.NOEFFECT.UCMP.GE
        • CWARN.NOEFFECT.UCMP.LT.MACRO
        • CWARN.NOEFFECT.UCMP.LT
        • CWARN.NULLCHECK.FUNCNAME
        • CWARN.OVERRIDE.CONST
        • CWARN.PASSBYVALUE.ARG
        • CWARN.PASSBYVALUE.EXC
      • COM defects
        • BSTR.CAST.C
        • BSTR.CAST.CPP
        • BSTR.FUNC.ALLOC
        • BSTR.FUNC.FREE
        • BSTR.FUNC.LEN
        • BSTR.FUNC.REALLOC
        • BSTR.IA.ASSIGN
        • BSTR.IA.INIT
        • BSTR.OPS.ARITHM
        • BSTR.OPS.COMP
        • BSTR.OPS.EQS
      • Calculated values never used
        • VA_UNUSED.GEN
        • VA_UNUSED.INIT
      • Concurrency
        • CONC.DL
        • CONC.NO_UNLOCK
        • CONC.SLEEP
      • DNS spoofing
        • SV.BFC.USING_STRUCT
        • SV.USAGERULES.SPOOFING
      • Hard-coded credentials
        • HCC
        • HCC.PWD
        • HCC.USER
      • Ignored return values
        • SV.RVT.RETVAL_NOTTESTED
      • Improper memory deallocation
        • CL.FMM
        • FMM.MIGHT
        • FMM.MUST
        • FNH.MIGHT
        • FNH.MUST
        • FUM.GEN.MIGHT
        • FUM.GEN.MUST
      • Inappropriate iterator usage
        • ITER.CONTAINER.MODIFIED
        • ITER.END.DEREF.MIGHT
        • ITER.END.DEREF.MUST
        • ITER.INAPPROPRIATE.MULTIPLE
        • ITER.INAPPROPRIATE
      • Invalid Arithmetic Operations
        • DBZ.CONST
        • DBZ.CONST.CALL
        • DBZ.GENERAL
        • DBZ.ITERATOR
      • Localized string
        • LS.CALL
        • LS.CALL.STRING
      • Lowest possible privilege
        • SV.LPP.CONST
        • SV.LPP.VAR
        • SV.SIP.CONST
        • SV.SIP.VAR
      • Memory leaks
        • CL.MLK.VIRTUAL
        • CL.MLK.ASSIGN
        • CL.MLK
        • FREE.INCONSISTENT
        • MLK.MIGHT
        • MLK.MUST
        • MLK.RET.MIGHT
        • MLK.RET.MUST
      • Mismatched return types
        • CL.ASSIGN.NON_CONST_ARG
        • CL.ASSIGN.RETURN_CONST
        • CL.ASSIGN.VOID
        • FUNCRET.GEN
        • FUNCRET.IMPLICIT
        • RETVOID.GEN
        • RETVOID.IMPLICIT
        • VOIDRET
      • Null pointer dereference
        • NPD.CHECK.CALL.MIGHT
        • NPD.CHECK.CALL.MUST
        • NPD.CHECK.MIGHT
        • NPD.CHECK.MUST
        • NPD.CONST.CALL
        • NPD.CONST.DEREF
        • NPD.FUNC.CALL.MIGHT
        • NPD.FUNC.CALL.MUST
        • NPD.FUNC.MIGHT
        • NPD.FUNC.MUST
        • NPD.GEN.CALL.MIGHT
        • NPD.GEN.CALL.MUST
        • NPD.GEN.MIGHT
        • NPD.GEN.MUST
        • RNPD.CALL
        • RNPD.DEREF
      • Parse warning defects
        • CWARN.BAD.PTR.ARITH
        • CWARN.BOOLOP.INC
        • CWARN.CAST.VIRTUAL_INHERITANCE
        • CWARN.CMPCHR.EOF
        • CWARN.CONSTCOND.DO
        • CWARN.CONSTCOND.IF
        • CWARN.CONSTCOND.SWITCH
        • CWARN.CONSTCOND.TERNARY
        • CWARN.CONSTCOND.WHILE
        • CWARN.EMPTY.LABEL
        • CWARN.EMPTY.TYPEDEF
        • CWARN.FUNCADDR
        • CWARN.HIDDEN.PARAM
        • CWARN.IMPLICITINT
        • CWARN.INLINE.NONFUNC
        • CWARN.MEMSET.SIZEOF.PTR
        • CWARN.PACKED.TYPEDEF
        • CWARN.RET.MAIN
        • CWARN.SIGNEDBIT
      • Pipe hijacking
        • SV.PIPE.CONST
        • SV.PIPE.VAR
      • Porting issues
        • PORTING.BITFIELDS
        • PORTING.BSWAP.MACRO
        • PORTING.BYTEORDER.SIZE
        • PORTING.CAST.FLTPNT
        • PORTING.CAST.PTR.FLTPNT
        • PORTING.CAST.PTR.SIZE
        • PORTING.CAST.PTR
        • PORTING.CAST.SIZE
        • PORTING.CMPSPEC.EFFECTS.ASSIGNMENT
        • PORTING.CMPSPEC.TYPE.BOOL
        • PORTING.CMPSPEC.TYPE.LONGLONG
        • PORTING.MACRO.NUMTYPE
        • PORTING.OPTS
        • PORTING.PRAGMA.ALIGN
        • PORTING.PRAGMA.PACK
        • PORTING.SIGNED.CHAR
        • PORTING.STORAGE.STRUCT
        • PORTING.STRUCT.BOOL
        • PORTING.UNIONS
        • PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE
        • PORTING.UNSIGNEDCHAR.OVERFLOW.TRUE
        • PORTING.UNSIGNEDCHAR.RELOP
        • PORTING.VAR.EFFECTS
      • Possible DLL hijacks
        • SV.DLLPRELOAD.NONABSOLUTE.DLL
        • SV.DLLPRELOAD.NONABSOLUTE.EXE
        • SV.DLLPRELOAD.SEARCHPATH
      • Print functions format
        • SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD
        • SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED
        • SV.FMT_STR.PRINT_IMPROP_LENGTH
        • SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW
        • SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY
        • SV.FMT_STR.UNKWN_FORMAT
      • Registry manipulation
        • SV.BRM.HKEY_LOCAL_MACHINE
      • Resource handling issues
        • RH.LEAK
        • SV.INCORRECT_RESOURCE_HANDLING.URH
        • SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS
      • Scan functions format
        • SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD
        • SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED
        • SV.FMT_STR.SCAN_IMPROP_LENGTH
        • SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW
        • SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY
        • SV.FMT_STR.UNKWN_FORMAT.SCAN
      • Speculative execution issues
        • SPECTRE.VARIANT1
      • Strong type checkers
        • STRONG.TYPE.ASSIGN
        • STRONG.TYPE.ASSIGN.ARG
        • STRONG.TYPE.ASSIGN.CONST
        • STRONG.TYPE.ASSIGN.INIT
        • STRONG.TYPE.ASSIGN.RETURN
        • STRONG.TYPE.ASSIGN.ZERO
        • STRONG.TYPE.EXTRACT
        • STRONG.TYPE.JOIN.CMP
        • STRONG.TYPE.JOIN.CONST
        • STRONG.TYPE.JOIN.EQ
        • STRONG.TYPE.JOIN.OTHER
        • STRONG.TYPE.JOIN.ZERO
      • Suspicious code practices
        • ASSIGCOND.CALL
        • ASSIGCOND.GEN
        • BYTEORDER.HTON.SEND
        • BYTEORDER.HTON.WRITE
        • BYTEORDER.NTOH.READ
        • BYTEORDER.NTOH.RECV
        • EFFECT
        • INCONSISTENT.LABEL
        • INCORRECT.ALLOC_SIZE
        • LA_UNUSED
        • NUM.OVERFLOW
        • PRECISION.LOSS.CALL
        • PRECISION.LOSS
        • SEMICOL
        • SV.CODE_INJECTION.SHELL_EXEC
        • SV.FIU.PROCESS_VARIANTS
        • SV.FMTSTR.GENERIC
        • SV.TOCTOU.FILE_ACCESS
        • SV.USAGERULES.PERMISSIONS
        • SV.USAGERULES.PROCESS_VARIANTS
        • UNUSED.FUNC.STL_EMPTY
        • UNUSED.FUNC.WARN
      • Unnecessary or missing includes
        • HA.DUPLICATE
        • HA.OPTIMIZE
        • HA.UNUSED
      • Unreachable code
        • INFINITE_LOOP.GLOBAL
        • INFINITE_LOOP.LOCAL
        • INFINITE_LOOP.MACRO
        • INVARIANT_CONDITION.GEN
        • INVARIANT_CONDITION.UNREACH
        • UNREACH.GEN
        • UNREACH.SIZEOF
        • UNUSED.FUNC.GEN
        • UNREACH.RETURN
      • Unused local variables
        • LV_UNUSED.GEN
      • Unvalidated user input
        • SV.STR_PAR.UNDESIRED_STRING_PARAMETER
        • SV.TAINTED.ALLOC_SIZE
        • SV.TAINTED.BINOP
        • SV.TAINTED.CALL.BINOP
        • SV.TAINTED.CALL.DEREF
        • SV.TAINTED.CALL.GLOBAL
        • SV.TAINTED.CALL.INDEX_ACCESS
        • SV.TAINTED.CALL.LOOP_BOUND
        • SV.TAINTED.DEREF
        • SV.TAINTED.FMTSTR
        • SV.TAINTED.GLOBAL
        • SV.TAINTED.INDEX_ACCESS
        • SV.TAINTED.INJECTION
        • SV.TAINTED.LOOP_BOUND
        • SV.TAINTED.PATH_TRAVERSAL
        • SV.TAINTED.SECURITY_DECISION
        • SV.TAINTED.XSS.REFLECTED
      • Use of uninitialized data
        • UNINIT.CTOR.MIGHT
        • UNINIT.CTOR.MUST
        • UNINIT.HEAP.MIGHT
        • UNINIT.HEAP.MUST
        • UNINIT.STACK.ARRAY.MIGHT
        • UNINIT.STACK.ARRAY.MUST
        • UNINIT.STACK.ARRAY.PARTIAL.MUST
        • UNINIT.STACK.MIGHT
        • UNINIT.STACK.MUST
      • Weak encryption
        • RCA
        • RCA.HASH.SALT.EMPTY
        • SV.PCC.CONST
        • SV.PCC.INVALID_TEMP_PATH
        • SV.PCC.MISSING_TEMP_CALLS.MUST
        • SV.PCC.MISSING_TEMP_FILENAME
        • SV.PCC.MODIFIED_BEFORE_CREATE
        • SV.WEAK_CRYPTO.WEAK_HASH
    • AUTOSAR community checker reference
    • CERT community C and C++ checker reference
      • CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED
      • CERT.CONC.UNSAFE_COND_VAR
      • CERT.CONC.WAKE_IN_LOOP
      • CERT.DCL.AMBIGUOUS_DECL
      • CERT.DCL.REF_TYPE.CONST_OR_VOLATILE
      • CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC
      • CERT.DCL.STD_NS_MODIFIED
      • CERT.ERR.ABRUPT_TERM
      • CERT.ERR.CONV.STR_TO_NUM
      • CERT.EXPR.DELETE_ARR.BASE_PTR
      • CERT.EXPR.DELETE_PTR.INCOMPLETE_TYPE
      • CERT.EXPR.PASS_NON_STD_LAYOUT
      • CERT.EXPR.VOLATILE.ADDR.PARAM
      • CERT.EXPR.VOLATILE.ADDR
      • CERT.EXPR.VOLATILE.PTRPTR
      • CERT.MEM.OVERRIDE.DELETE
      • CERT.MEM.OVERRIDE.NEW
      • CERT.MSC.NORETURN_FUNC_RETURNS
      • CERT.MSC.SIG_HANDLER.POF
      • CERT.MSC.STD_RAND_CALL
      • CERT.OOP.COPY_MUTATES
      • CERT.OOP.CSTD_FUNC_USE
      • CERT.OOP.CTOR.INIT_ORDER
      • CERT.OOP.PTR_MEMBER.NO_MEMBER
      • CERT.POS.THREAD.ASYNC_CANCEL
      • CERT.STR.ARG.CONST_TO_NONCONST
      • CERT.STR.ASSIGN.CONST_TO_NONCONST
    • Klocwork Quality Standard community C and C++ checker reference
      • CXX.BSTR.LITERAL
      • CXX.CWARN.DTOR.NONVIRT
      • CXX.CWARN.HARDCODED_LOOP_BOUND
      • CXX.CWARN.ITER.EXTERN
      • CXX.CWINAPP.INIT
      • CXX.FUNC.CSTRING.FORMAT
      • CXX.FUNC.MEMSET.BUILTIN
      • CXX.FUNC.T2OLE.LOOP
      • CXX.FUNC.T2OLE.RETURN
    • MISRA-C 2012 with Amendment 2 (C11) checker reference
    • MISRA-C 2012 with Amendment 1 checker reference
    • MISRA-C 2012 checker reference
    • MISRA-C 2012 community checker reference
    • MISRA-C++ 2008 checker reference
    • MISRA-C 2004 checker reference
    • C# checker reference
      • CS.ASSIGN.SELF
      • CS.CMP.VAL.NULL
      • CS.CONSTCOND.DO
      • CS.CONSTCOND.IF
      • CS.CONSTCOND.SWITCH
      • CS.CONSTCOND.TERNARY
      • CS.CONSTCOND.WHILE
      • CS.CTOR.VIRTUAL
      • CS.DBZ.CONST
      • CS.DBZ.CONST.CALL
      • CS.DBZ.GENERAL
      • CS.DBZ.ITERATOR
      • CS.EMPTY.CATCH
      • CS.FLOAT.EQCHECK
      • CS.FRACTION.LOSS
      • CS.HIDDEN.MEMBER.LOCAL.CLASS
      • CS.HIDDEN.MEMBER.LOCAL.STRUCT
      • CS.HIDDEN.MEMBER.PARAM.CLASS
      • CS.HIDDEN.MEMBER.PARAM.STRUCT
      • CS.IFACE.EMPTY
      • CS.INFORMATION_EXPOSURE.ALL
      • CS.INFORMATION_EXPOSURE.ATTR
      • CS.LOOP.STR.CONCAT
      • CS.NPS
      • CS.NRE.CHECK.CALL.MIGHT
      • CS.NRE.CHECK.CALL.MUST
      • CS.NRE.CHECK.MIGHT
      • CS.NRE.CHECK.MUST
      • CS.NRE.CONST.CALL
      • CS.NRE.CONST.DEREF
      • CS.NRE.FUNC.CALL.MIGHT
      • CS.NRE.FUNC.CALL.MUST
      • CS.NRE.FUNC.MIGHT
      • CS.NRE.FUNC.MUST
      • CS.NRE.GEN.CALL.MIGHT
      • CS.NRE.GEN.CALL.MUST
      • CS.NRE.GEN.MIGHT
      • CS.NRE.GEN.MUST
      • CS.OVRD.EQUALS
      • CS.RCA
      • CS.RESOURCE.AUTOBOXING
      • CS.RESOURCE.LOOP
      • CS.RESOURCE.UNBOXING
      • CS.RLK
      • CS.RNRE
      • CS.SQL.INJECT.LOCAL
      • CS.SV.TAINTED.ALLOC_SIZE
      • CS.SV.TAINTED.BINOP
      • CS.SV.TAINTED.CALL.BINOP
      • CS.SV.TAINTED.CALL.GLOBAL
      • CS.SV.TAINTED.CALL.INDEX_ACCESS
      • CS.SV.TAINTED.CALL.LOOP_BOUND
      • CS.SV.TAINTED.CALL.LOOP_BOUND.RESOURCE
      • CS.SV.TAINTED.DESERIALIZATION
      • CS.SV.TAINTED.FMTSTR
      • CS.SV.TAINTED.GLOBAL
      • CS.SV.TAINTED.INDEX_ACCESS
      • CS.SV.TAINTED.INJECTION
      • CS.SV.TAINTED.LOOP_BOUND
      • CS.SV.TAINTED.LOOP_BOUND.RESOURCE
      • CS.SV.TAINTED.PATH_TRAVERSAL
      • CS.SV.USAGERULES.PERMISSIONS
      • CS.UNCHECKED.CAST
      • CS.UNCHECKED.LOOPITER.CAST
      • CS.WRONG.CAST
      • CS.WRONG.CAST.MIGHT
      • CS.WRONGSIG.CMPTO
      • CS.WRONGUSE.REFEQ
    • Klocwork Quality Standard community C# checker reference
      • CS.BANNED.CONSOLE_WRITE
      • CS.BANNED.GC_COLLECT
      • CS.BANNED.INVOKE
      • CS.BANNED.PARSE
      • CS.BOXING
      • CS.DB.CLOSE.FINALLY
      • CS.EXCEPT.NO_LOG
      • CS.EXCEPT.RETHROW
      • CS.EXPR.EQ.STR
      • CS.IDISP.DISPOSE
      • CS.IDISP.DTOR
      • CS.IDISP.USING
      • CS.LA_UNUSED
      • CS.LV_UNUSED.GEN
      • CS.MAGIC.CHAR
      • CS.MAGIC.NUMBER
      • CS.MAGIC.STRING
      • CS.MEMB.NOT_SERIALIZABLE
      • CS.METHOD.EMPTY
      • CS.METHOD.NEW
      • CS.METHOD.RETURN.REF_MEMBER
      • CS.METHOD.STRUCT.NO_REF_OUT
      • CS.METHOD.UNUSED_PRIVATE
      • CS.PROP.LOCK
      • CS.STMT.CONTROL.EMPTY
      • CS.STMT.DO.BLOCK
      • CS.STMT.FOR.BLOCK
      • CS.STMT.IFELSE.BLOCK
      • CS.STMT.WHILE.BLOCK
      • CS.SV.CRITICAL_CONST
      • CS.SV.CRITICAL_LVL
      • CS.SV.EXPOSED_FIELD
      • CS.SV.HIDDEN_FORM
      • CS.SV.LINK_DEMAND.INHERITANCE
      • CS.SV.LINK_DEMAND.LEVEL2
      • CS.SV.LINK_DEMAND.TRANSP
      • CS.SV.SER_CTOR
      • CS.SV.SQL_QUERY
      • CS.SV.TRANSP.ASSEMBLY_LOAD
      • CS.SV.TRANSP.ASSERT
      • CS.SV.TRANSP.CONFLICT
      • CS.SV.TRANSP.HPCE
      • CS.SV.TRANSP.SEC_DMD
      • CS.SV.TRANSP.SUCSA
      • CS.SV.TYPE_EQVL
      • CS.SWITCH.DEFAULT.POSITION
      • CS.SWITCH.NODEFAULT
      • CS.UNINIT.LOCAL_VAR
      • CS.UNINIT.LOOP_COUNTER
    • Java checker reference
      • ANDROID.LIFECYCLE.SV.FRAGMENTINJ
      • ANDROID.LIFECYCLE.SV.GETEXTRA
      • ANDROID.NPE
      • ANDROID.RLK.MEDIAPLAYER
      • ANDROID.RLK.MEDIARECORDER
      • ANDROID.RLK.SQLCON
      • ANDROID.RLK.SQLOBJ
      • ANDROID.UF.BITMAP
      • ANDROID.UF.CAMERA
      • ANDROID.UF.MEDIAPLAYER
      • ANDROID.UF.MEDIARECORDER
      • CMP.CLASS
      • CMPF.FLOAT
      • CMP.OBJ
      • CMP.STR
      • COV.CMP
      • ECC.EMPTY
      • EHC.EQ
      • EHC.HASH
      • ESCMP.EMPTYSTR
      • EXC.BROADTHROWS
      • FIN.EMPTY
      • FIN.NOSUPER
      • FSC.PRT
      • FSC.PRV
      • FSC.PUB
      • JD.BITCMP
      • JD.BITMASK
      • JD.BITR
      • JD.CALL.WRONGSTATIC
      • JD.CAST.COL.MIGHT
      • JD.CAST.COL.MUST
      • JD.CAST.DOWNCAST
      • JD.CAST.KEY
      • JD.CAST.SUSP.MIGHT
      • JD.CAST.SUSP.MUST
      • JD.CAST.UPCAST
      • JD.CATCH
      • JD.CONCUR
      • JD.EQ.ARR
      • JD.EQ.UTA
      • JD.EQ.UTC
      • JD.FINRET
      • JD.IFBAD
      • JD.IFEMPTY
      • JD.INF.ALLOC
      • JD.INF.AREC
      • JD.INST.TRUE
      • JD.LIST.ADD
      • JD.LOCK
      • JD.LOCK.NOTIFY
      • JD.LOCK.SLEEP
      • JD.LOCK.WAIT
      • JD.METHOD.CBS
      • JD.NEXT
      • JD.OVER
      • JD.RC.EXPR.CHECK
      • JD.RC.EXPR.DEAD
      • JD.ST.POS
      • JD.SYNC.DCL
      • JD.SYNC.IN
      • JD.THREAD.RUN
      • JD.UMC.FINALIZE
      • JD.UMC.RUNFIN
      • JD.UMC.WAIT
      • JD.UNCAUGHT
      • JD.UN.MET
      • JD.UNMOD
      • JD.UN.PMET
      • JD.VNU
      • JD.VNU.NULL
      • MNA.CAP
      • MNA.CNS
      • MNA.SUS
      • NPE.COND
      • NPE.CONST
      • NPE.RET
      • NPE.RET.UTIL
      • NPE.STAT
      • REDUN.DEF
      • REDUN.EQ
      • REDUN.EQNULL
      • REDUN.FINAL
      • REDUN.NULL
      • REDUN.OP
      • RI.IGNOREDCALL
      • RI.IGNOREDNEW
      • RLK.AWT
      • RLK.FIELD
      • RLK.HIBERNATE
      • RLK.IMAGEIO
      • RLK.IN
      • RLK.JNDI
      • RLK.MAIL
      • RLK.MICRO
      • RLK.NIO
      • RLK.OUT
      • RLK.SOCK
      • RLK.SQLCON
      • RLK.SQLOBJ
      • RLK.SWT
      • RLK.ZIP
      • RNU.THIS
      • RR.IGNORED
      • RTC.CALL
      • STRCON.LOOP
      • SV.CLASSDEF.INJ
      • SV.CLASSLOADER.INJ
      • SV.CLEXT.CLLOADER
      • SV.CLEXT.POLICY
      • SV.CLLOADER
      • SV.CLONE.SUP
      • SV.CSRF.GET
      • SV.CSRF.ORIGIN
      • SV.CSRF.TOKEN
      • SV.DATA.BOUND
      • SV.DATA.DB
      • SV.DATA.FILE
      • SV.DOS.ARRINDEX
      • SV.DOS.ARRSIZE
      • SV.DOS.TMPFILEDEL
      • SV.DOS.TMPFILEEXIT
      • SV.ECV
      • SV.EMAIL
      • SV.EXEC
      • SV.EXEC.DIR
      • SV.EXEC.ENV
      • SV.EXEC.LOCAL
      • SV.EXEC.PATH
      • SV.EXPOSE.FIELD
      • SV.EXPOSE.FIN
      • SV.EXPOSE.IFIELD
      • SV.EXPOSE.MUTABLEFIELD
      • SV.EXPOSE.RET
      • SV.EXPOSE.STORE
      • SV.HASH.NO_SALT
      • SV.HTTP_SPLIT
      • SV.IL.DEV
      • SV.IL.FILE
      • SV.INT_OVF
      • SV.LDAP
      • SV.LOADLIB.INJ
      • SV.LOG_FORGING
      • SV.PASSWD.HC
      • SV.PASSWD.HC.EMPTY
      • SV.PASSWD.PLAIN
      • SV.PATH
      • SV.PATH.INJ
      • SV.PERMS.HOME
      • SV.PERMS.WIDE
      • SV.PRIVILEGE.MISSING
      • SV.RANDOM
      • SV.SCRIPT
      • SV.SENSITIVE.DATA
      • SV.SENSITIVE.OBJ
      • SV.SERIAL.INON
      • SV.SERIAL.NOFINAL
      • SV.SERIAL.NON
      • SV.SERIAL.NOREAD
      • SV.SERIAL.NOWRITE
      • SV.SERIAL.OVERRIDE
      • SV.SERIAL.SIG
      • SV.SHARED.VAR
      • SV.SOCKETS
      • SV.SQL
      • SV.SQL.DBSOURCE
      • SV.STRBUF.CLEAN
      • SV.STRUTS.NOTRESET
      • SV.STRUTS.NOTVALID
      • SV.STRUTS.PRIVATE
      • SV.STRUTS.RESETMET
      • SV.STRUTS.STATIC
      • SV.STRUTS.VALIDMET
      • SV.TAINT
      • SV.TAINT_NATIVE
      • SV.TMPFILE
      • SV.UMC.EXIT
      • SV.UMC.JDBC
      • SV.UMC.THREADS
      • SV.UMD.MAIN
      • SV.USE.POLICY
      • SV.WEAK.CRYPT
      • SV.XPATH
      • SV.XSS.COOKIE
      • SV.XSS.DB
      • SV.XSS.REF
      • SV.XXE.DBF
      • SV.XXE.SF
      • SV.XXE.SPF
      • SV.XXE.TF
      • SV.XXE.XIF
      • SV.XXE.XRF
      • SYNCH.NESTED
      • SYNCH.NESTEDS
      • UC.BOOLB
      • UC.BOOLS
      • UC.STRS
      • UC.STRV
      • UF.IMAGEIO
      • UF.IN
      • UF.JNDI
      • UF.MAIL
      • UF.MICRO
      • UF.NIO
      • UF.OUT
      • UF.SOCK
      • UF.SQLCON
      • UF.SQLOBJ
      • UF.ZIP
      • UMC.EXIT
      • UMC.GC
      • UMC.SYSERR
      • UMC.SYSOUT
      • UMC.TOSTRING
      • Conventions used in reported Java issue messages
    • Klocwork Quality Standard community Java checker reference
      • JAVA.DANGEROUS_CAST
      • JAVA.HIDDEN.MEMBER.LOCAL
      • JAVA.HIDDEN.PARAM.LOCAL
      • JAVA.MAGIC.CHAR
      • JAVA.MAGIC.NUMBER
      • JAVA.MAGIC.STRING
      • JAVA.STMT.DO.BLOCK
      • JAVA.STMT.FOR.BLOCK
      • JAVA.STMT.IFELSE.BLOCK
      • JAVA.STMT.WHILE.BLOCK
      • JAVA.SWITCH.DEFAULT.POSITION
      • JAVA.SWITCH.NOBREAK
      • JAVA.SWITCH.NODEFAULT
      • JAVA.UNINIT.LOCAL_VAR
      • JAVA.UNINIT.LOOP_COUNTER
    • Coding standards mapped to Klocwork checkers
      • 2020 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers
      • 2019 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers
      • Payment Card Industry Data Security Standard IDs mapped to Klocwork checkers
      • C/C++ coding standards
        • AUTOSAR 18-10 Standard mapped to Klocwork and community C and C++ checkers
        • CERT C and C++ IDs mapped to Klocwork C and C++ checkers
        • CERT C and C++ IDs mapped to Klocwork and Klocwork community C and C++ checkers
        • CWE IDs mapped to Klocwork C and C++ checkers
        • DISA STIG version 3 IDs mapped to Klocwork C and C++ checkers
        • DISA STIG version 4 IDs mapped to Klocwork C and C++ checkers
        • Joint Strike Fighter Air Vehicle C++ IDs mapped to Klocwork C++ checkers
        • ISO/IEC TS 17961 C rules mapped to Klocwork checkers
        • Klocwork Quality Standard mapped to Klocwork C and C++ checkers
        • Klocwork Quality Standard mapped to Klocwork community C and C++ checkers
        • MISRA-C 2012 with Amendment 2 rules mapped to Klocwork checkers
        • MISRA-C 2012 with Amendment 1 rules mapped to Klocwork checkers
        • MISRA-C 2012 rules mapped to Klocwork checkers
        • MISRA-C 2012 rules mapped to Klocwork MISRA-C 2012 community checkers
        • MISRA-C++ 2008 rules mapped to Klocwork checkers
        • MISRA-C 2004 rules mapped to Klocwork checkers
        • NASA: Ten Rules for Safety Critical Coding mapped to Klocwork checkers
      • C# coding standards
        • CWE IDs mapped to Klocwork C# checkers
        • Klocwork Quality Standard mapped to Klocwork C# checkers
        • Klocwork Quality Standard mapped to Klocwork community C# checkers
      • Java coding standards
        • CERT Java IDs mapped Klocwork Java checkers
        • CWE IDs mapped to Klocwork Java checkers
        • DISA STIG version 3 IDs mapped to Klocwork Java checkers
        • DISA STIG version 4 IDs mapped to Klocwork Java checkers
        • Klocwork Quality Standard mapped to Klocwork Java checkers
        • Klocwork Quality Standard mapped to Klocwork community Java checkers
        • OWASP Top 10 Security Risks for 2013 mapped to Klocwork Java checkers
        • OWASP Top 10 Security Risks for 2017 mapped to Klocwork Java checkers
    • Writing and deploying new checkers
      • Writing custom C/C++ checkers
        • Which type of checker to create: KAST or Path?
        • Important changes to the Path API in version 11.2
        • Important changes to the KAST API in version 10.0
        • C/C++ KAST checkers
          • Creating C/C++ KAST checkers
          • C/C++ KAST syntax reference
          • C/C++ KAST examples
          • Tutorial 1 - Creating a C/C++ KAST checker
          • Tutorial 2 - Creating a C/C++ KAST checker with built-in functions
          • Tutorial 3 - Creating a C/C++ KAST checker with custom functions
          • Creating and testing C/C++ KAST custom functions
            • Understanding the workflow
            • Example 1: 'Hello world'
            • Example 2: Modifying error messages
            • Example 3: Listing classes and members
            • Example 4: Accessing inheritance information
            • Example 5: Traversing the AST tree
            • Example 6: Emulating simple KAST expressions in a custom function
            • Example 7: Using node traversal in a custom function
            • Example 8: Designing a 'descendent::' search
        • Creating C/C++ Path checkers
      • Writing custom C# checkers
        • Tutorial - Creating a C# KAST checker
        • Creating C# KAST checkers
      • Writing custom Java checkers
        • Java KAST checkers
          • Creating Java KAST checkers
          • Anatomy of a Java KAST checker
            • help.xml: Defining help for your checker
            • checkers.xml: Java KAST configuration
            • Testcase.java: Using a test case
            • MyFunc.java: Using custom functions
            • plugin_functions.xml: Using custom functions
          • Java KAST examples
          • Java KAST syntax reference
            • Syntax
            • Qualifiers
            • Conditions
            • Variables
            • Other extensions
            • Built-in functions
            • Java custom functions
            • Checker performance
          • Java KAST workflow diagram
          • Tutorial - Creating a Java KAST checker
        • Java Path checkers
          • Anatomy of a Java Path checker
            • Knowledge base entries
            • checkers.xml: Defining the category, severity, and error message
            • help.xml: Defining help for your checker
          • Java knowledge base reference
          • Creating Java Path checkers
            • Types of Java Path checkers
            • Java Path checker creation process
          • Java Path workflow diagram
          • Tutorial - Creating a Java Path checker
      • Deploying custom checkers
        • Deploying the checker package to the Server and build machines
        • Deploying the checker package to your desktop
        • Uninstalling checkers from the Server and build machines
        • Uninstalling checkers from your desktop
  • Configure
    • Build configuration
      • Continuous integration and Klocwork analysis
        • Klocwork Jenkins CI plugin
      • Using Klocwork with Containers
        • Setting up Klocwork with Containers (Linux)
      • Alternate build integration methods for Visual Studio C/C++ projects
      • Build properties displayed by kwadmin
      • Tuning C/C++ analysis
        • C/C++ knowledge base reference
      • Tuning Java analysis
        • Creating a JKB file
        • Editing a JKB file
        • Tuning Java analysis through knowledge bases
        • Tuning Java analysis in Eclipse
          • Create a Java Knowledge Base file in Eclipse
          • Example: Tuning in Eclipse
        • Tuning Java analysis in IntelliJ IDEA
          • Walk-through: Handling an NPE.RET false positive
          • Troubleshooting JKB annotation errors
        • Tutorials - Tuning Java analysis
          • Java tuning tutorials 1 and 2 - Tuning SV.XSS.REF to reduce false positives
          • Java tuning tutorial 3 - Tuning NPE.RET to reduce false positives
          • Java tuning tutorial 4 - Tuning NPE.RET to detect additional issues (Advanced)
      • Adding an unsupported C/C++ compiler
    • Project configuration
      • Configuring checkers for the integration build analysis
        • Opening the Configuration Editor in Klocwork Static Code Analysis
        • Configuring taxonomies and categories
        • Configuring industry-specific coding standards and checkers
        • Using the standalone Configuration Editor
        • Applying a global checker configuration to all new projects
        • Copying the checker configuration to an existing project
        • When do your changes take effect?
        • Tutorial - Creating a taxonomy and viewing the results
      • Changing the thresholds for reported metrics
        • Adding the community HIS Metrics configuration file
      • Setup integration project C-sharp flowchart
      • Setup integration project C/C++ flowchart
      • Setup integration project Java flowchart
      • Reference for integration project and build properties
      • Localization details
      • Import your projects and server settings
  • Analyze
    • Creating a build specification
      • Desktop analysis
      • Build specification file format
        • Format of the build specification file for C/C++ projects
        • Format of the build specification file for Java projects
        • Format of the build specification file for .jsp files
        • Format of the build specification file for C# projects
      • Creating a C/C++ build specification
      • Creating a Java build specification
      • Creating a C-sharp build specification
      • Analyzing mixed C/C++ and C-sharp projects
      • Using kwwrap plus kwinject to generate a build specification
      • Using a build trace to troubleshoot build specification problems
        • Troubleshooting an incomplete kwinject build specification
        • Build trace file format
          • Example
        • Compiler mapping file format (kwfilter.conf)
          • Filter binding lines
          • Attach and detach keywords (Windows only)
          • Deploying kwfilter.conf
    • Running the C and C++ integration build analysis
      • Running your first integration build analysis
      • Running your next integration build analysis
      • What's next?
      • C/C++ integration build analysis - Cheat sheet
    • Running the Java integration build analysis
      • Running your first integration build analysis
      • Running your next integration build analysis
      • What's next?
      • Java integration build analysis - Cheat sheet
    • Running the C-sharp integration build analysis
      • Running your first integration build analysis
      • Running your next integration build analysis
      • What's next?
      • C-sharp integration build analysis - Cheat sheet
    • Running a distributed Klocwork C/C++ analysis
      • How distributed analysis works
      • Running a distributed analysis
    • Tracking issues by owner
    • Managing project branches
      • Synchronizing status changes and comments across projects
      • Matching issues across projects
    • Speeding up the analysis
      • Running Klocwork in an IncrediBuild environment
    • Integrating Klocwork with Electric Cloud
      • Deployment considerations
      • Generate a build specification for Electric Cloud
      • Run a distributed Klocwork analysis in Electric Cloud
    • Replacing the path to your source files
    • Viewing integration build log files
    • C/C++ Path Analysis errors
  • Desktop Analysis Tools
    • Using Klocwork Desktop
      • Klocwork Desktop for C/C++ project setup overview
      • Detect issues while you code
      • Filtering issues on the desktop
      • Providing a build specification template for your developers
        • Example: Creating and using a build specification template
        • Creating a build specification template for C/C++ projects
        • Creating a build specification template for Java projects
        • Using a build specification template with kwcheck
        • Using a build specification template with kwbuildproject
    • Klocwork Refactoring
      • Using Klocwork Refactoring in your coding environment
      • Header Analysis
      • Header analysis in Visual Studio
      • Removing unused functions in Visual Studio
      • Refactoring shortcuts in Visual Studio
      • Header analysis in Eclipse
      • Refactoring shortcuts in Eclipse
    • Getting started with Klocwork Desktop plug-in for Visual Studio
      • Tips and tricks for Klocwork Desktop Plug-in for Visual Studio
      • Visual Studio dialogs
        • Authentication dialog in Visual Studio
        • General Options dialog
          • Analysis and Appearance tabs
          • Data tab
          • Logging tab
        • Klocwork Solution Properties dialog in Visual Studio
    • Getting started with Klocwork extension for Visual Studio Code
    • Getting started with the Klocwork Desktop C/C++ plugin for Eclipse
    • Getting started with Klocwork Desktop Java Plug-in for Eclipse
    • Tips and tricks for Klocwork Desktop Plug-in for Eclipse
      • Customize the analysis
    • Getting started with Klocwork Desktop Java Plug-in for IntelliJ IDEA/Android Studio
      • Tips and tricks for Klocwork Desktop Java Plug-in for IntelliJ IDEA/Android Studio
    • Getting started with Klocwork Desktop plugin for CLion
      • Tips and tricks for the Klocwork Desktop plugin for CLion
        • Change server settings
    • Configure build specification variables - Klocwork Desktop
    • Connected desktop and synchronization
      • How connected desktop works
    • Customizing your desktop analysis
    • Klocwork Desktop command line
      • Getting started with kwcheck for C/C++
      • Getting started with kwcheck for Java
    • Klocwork Desktop GUI
      • Getting started with Klocwork Desktop for Java
      • Getting started with Klocwork Desktop for C/C++
      • Getting started with Klocwork Desktop in remote mode
        • Before you begin
        • Create a remote configuration file
          • Remote configuration file format
          • Format of the configuration file using port forwarding
        • Open the remote project
        • Investigate issues
        • Fix defects and ignore the rest
        • Monitor new issues
        • Troubleshooting
      • Tips and tricks for Klocwork Desktop
        • Start and connect to your remote project in one step
        • Locate system issues
    • Integrating Klocwork with Wind River Workbench
    • Capturing your build settings for QNX Momentics
  • Measure and Manage
    • Accessing Klocwork Static Code Analysis
    • Reporting and metrics
      • Getting started with reports in Klocwork Static Code Analysis
        • Viewing reports
        • Filtering reports
        • Available fields
        • Creating a report
        • Report types
        • Editing reports
        • Sharing reports
        • What's next?
      • Advanced reporting for the integration build
        • Adding external documents to Klocwork Static Code Analysis
      • About Builds/Dates
      • The reporting timeline
      • Default reports in Klocwork Static Code Analysis
      • Creating a Compliance Report
      • Customizing metrics reports in Klocwork Static Code Analysis
        • The metrics.xml file
        • Simple walk-through: Customizing the default Size and Complexity reports
        • Walk-through: Adding custom reports based on Klocwork metrics
        • Adding custom reports based on metrics you define
        • Supported entity types
    • Searching in Klocwork Static Code Analysis
    • Comparing two builds in Klocwork Static Code Analysis
    • Investigating and citing issues in the integration build
      • Viewing a list of issues in your integration build
      • Handling a long list of issues
      • Using SmartRank to prioritize issues
      • Investigating issues
      • Reporting false positives
      • Changing an issue's status to show how it should be handled
      • Assigning ownership
      • Viewing the history of an issue
      • Getting email notification of new issues
      • What's next?
    • How issues are mapped between versions and builds
    • Source Cross-Referencing
      • Searching in source cross-reference
      • Accessing the issue list for a selected entity
      • Viewing source code
      • Using the source viewer in Klocwork Static Code Analysis
    • Managing integration projects and builds
    • Managing configuration files for integration projects
    • Customizing your view of the integration build analysis
      • All about views
      • The default view
      • Public and shared views
      • Supported keywords
      • Tutorial 1: Creating a view for a group of developers
      • Tutorial 2: Excluding issues in test code from view
      • Organizing your code into modules
    • Tracking projects with the Cross-Project Report
  • Code Review
    • What is Klocwork Code Review?
    • Code Review administration guide
      • Configuring permission policies
      • Import code reviews from an existing Code Review Server
      • Configuring live links in Klocwork reviews
      • Cleaning up stalled code reviews
    • Working with Klocwork Code Review
      • Log in to Code Review
      • Submitting your review
        • Setting up a pre-checkin code review
          • Pre-checkin code review: administrator setup
          • Creating a code review from your IDE
          • Creating a code review on the command line
          • Viewing a diff of your file in Visual Studio
          • Changing your Klocwork Server settings
          • Configuring your SCM
          • Fixing and re-submitting your code review
        • Setting up a post-checkin code review
          • Integrating a project with your SCM
          • Creating a code review on the command line
          • Loading new revisions from your SCM
      • Hanging out in Code Review
        • Your Code Review headquarters: your feed page
          • Getting notified of changes in Klocwork
        • Searching in Code Review
          • Using Keywords to filter search results
      • Creating reports in Code Review
        • Creating a new report
        • Editing reports
        • Accessing reports in Code Review
        • Filtering your reports
        • Pre-defined reports in Code Review
      • Participating in code reviews
        • As a committer
        • As a reviewer
      • Viewing the Code Review Action and Revision Status reports
        • Getting more data from the reports
      • Viewing the User Activity report
      • Select Server Project dialog in Eclipse
    • Reference
    • Troubleshooting
      • Troubleshooting code review setup
      • Can't create a new user message
      • Cannot run program git
      • Failed to create code review
      • Prompted to download a file
      • Upload failed - Unknown username error
      • No data is available for selected feed
      • Project not available when trying to set up a Klocwork feed
      • Insufficient permissions
      • Code Review encoding error
      • Can't see Klocwork issues in my code review
      • No source code management system is detected
      • Error 1723: There is a problem with this Windows installer package
      • Error occurred during SSL handshake
      • Diffs are incorrect or unavailable, and reviews appear out of order
    • Limitations for Code Review
  • Reference
    • Command Reference
      • Kwadmin
      • Kwagent
      • Kwandroid
      • Kwant
      • Kwauth
      • Kwbuildproject
        • Linker options for kwbuildproject
        • Compiler options for kwbuildproject
        • Kwbuildproject throws java.lang.ExceptionInInitializerError
      • Kwchangestatus
      • Kwcheck
        • Kwcheck output reference
        • Kwcheck tips and tricks
          • Adding compiler options to kwcheck
          • Connect to a different server project
          • Switch between standalone and connected desktop
          • Delete a local project
          • Enable and disable checkers
          • Change project settings
          • Override incremental analysis
          • Filter issues in the list
          • Locate and fix 'System' issues
      • Kwciagent
      • Kwcodereview
      • Kwcollect
      • Kwconv
      • Kwcreatechecker
        • Example help.xml file for custom checkers
      • Kwcscollect
      • Kwcsprojparser
      • Kwdefectimport
        • Import external defects with kwdefectimport
      • Kwdeploy
      • Kwdiscover
      • Kwdist
      • Kwdistadmin
      • Kwdtagent
      • Kwecbuild
      • Kwgcheck
      • Kwgradle
      • Kwgradlew
      • Kwinject
        • How kwinject works
          • Interception
          • Filtering
          • How kwinject handles a command line from your build
          • Determining which build commands should be intercepted by Klocwork
          • Environment variables used by kwinject
          • Example: Caching temporary source files
      • Kwjava
      • Kwlogparser
      • Kwmatch
      • Kwmaven
      • Kwmavenw
      • Kwprojcopy
      • Kwscm
      • Kwservice
      • Kwshell
      • Kwstruct101
        • Integrating with Structure101
          • How Structure101 licensing works
      • Kwupdate
      • Kwuser
      • Kwvcprojparser
        • Kwvcprojparser message Project file is not found. Skipping
      • Kwwebappscan
      • Kwwrap
      • Kwxsync
        • Renaming a project URL in a kwxsync storage file
        • Remove a project from kwxsync storage
    • Concepts
      • Abstract syntax tree (AST)
      • Analysis profile
      • Build specification
      • Build specification template
      • Build trace
      • Code problem certainty
      • Complexity Index Metric
      • Configuration Editor
      • Continuous analysis
      • Distributed analysis
      • Entity
      • Header analysis
      • Incremental analysis
      • Integration build analysis
        • How to run the analysis
      • Issue category
      • Issue citing
      • Issue code
      • Issue grouping
      • Issue ID
      • Issue severity
      • Issue states
      • Issue statuses
      • Java knowledge base (JKB)
      • Klocwork administrator
      • Klocwork Product Portal
      • Klocwork Servers
      • Knowledge base
      • Local project directory (.kwlp)
      • McCabe Cyclomatic Complexity
      • Migration
      • MIR
      • Model (user and system)
      • Module
      • Origin (local or system)
      • Owner
      • Parallel analysis
      • Projects_root directory
      • Propagation
      • Reference (taxonomy)
      • SmartRank
      • Source ownership file (.sow)
      • Standalone desktop
      • Tables directory
      • Taxonomy
      • Taxonomy Editor
      • Traceback information
        • C/C++ traceback example in Klocwork Static Code Analysis
        • C/C++ traceback example in Eclipse
        • C/C++ traceback example in Visual Studio
      • Tuning
      • User profile
      • Using tags
        • Using fbkb_tags
      • View
      • Working sets
    • Klocwork Web API cookbook
      • Reference information
      • Formatting requests to the API
      • Understanding the API response
      • Specifying drilldown for the report action
      • Access control API examples
      • Issue and metric API examples
    • Klocwork Code Review Web API cookbook
      • Reference information
      • Formatting requests to the API
      • Using the search API
    • Metrics reference
      • File-level metrics
      • Class-level metrics
      • Function- and method-level metrics
    • Legal information
      • FOSS
      • JDOM license
      • License Agreement for Sun JIMI Software Development Kit
        • Sun Microsystems, Inc. Binary Code License Agreement
        • JIMI SDK, Version 2.0 SUPPLEMENTAL LICENSE TERMS
      • SUN license for JavaHelp
      • Third-party copyright notices
      • Voluntary Product Accessibility Template (VPAT)
  • Troubleshoot
    • General troubleshooting issues
      • Accessing your desktop build.log and parse errors.log
      • Can't change issue status on desktop
      • Cannot display the web page error when clicking some links in plug-in help
      • Cannot display the web page or Failed to Connect messages
      • Cannot run two sets of the Klocwork Servers as Windows Services
      • Error indicating that a previous version of the Klocwork user package is installed
      • Error reading setup initialization file during installation
      • Errors printed in the Output window of Checker Studio
      • Failed to connect to server due to missing PKI certificate
      • Failed to lock file or directory: No locks available
      • Import fails when importing projects with a large number of builds
      • Installation fails when path contains multibyte characters
      • Java memory problems when running Klocwork applications
      • java.util.concurrent.RejectedExecutionException
      • Klocwork clients cannot access servers after disconnecting Windows computer from network
      • Klocwork buttons or menu items grayed out in IDE plug-ins
        • Managed C++
        • Supported configuration types
        • Continuous analysis is enabled
      • Klocwork clients cannot connect to Klocwork Server
      • Kwinject error - Compiler can't be configured
      • Offline product documentation not loaded properly
      • Remote clients cannot connect
      • Remote host closed connection during handshake
      • Unable to restart Klocwork Servers
      • Unable to run MariaDB as root user
      • Unable to start Klocwork Servers following Windows installation
      • Unable to start or check the Klocwork Servers because of LDAP error
      • Unable to start the Database Server because the path to the socket file is too long
      • Unable to stop Klocwork Servers
      • We hit StackOverflowError in MySQL driver
    • Authentication issues
      • Authentication unstable when switching between 32-bit and 64-bit Java
      • Cannot use the Remember me option on a server with multiple server instances
      • LDAP server not detected
      • Simple bind failed error when trying to connect to Active Directory
    • Build issues
      • Analysis fails with exited and exception messages
      • Authentication failed message
      • Kwadmin load of build fails; portal shows status as in progress
      • kwant: ERROR: Cannot retrieve main class 'com/klocwork/kwant/KWAnt'
      • kwcsprojparser generates error(s) when folder names use special characters
      • kwgradle fails to generate a build specification
      • kwinject fails to work with processes spawned under sudo
      • Kwinject will not produce a build specification when run in a 4NT shell
      • Local build processes failing in kwinject-enabled builds
      • Message about UnsupportedClassVersionError
      • Missing temporary files cause errors during Klocwork analysis
      • SemaRuntimeExceptions when running java analysis with Android Lollipop
      • Tables fail to load when Windows Indexer or antivirus program accesses temporary MariaDB files
      • Tables fail to load when there are more than 5000 of the same defect in a file
      • Troubleshooting include errors in the integration build log
    • Custom checkers issues
      • Help for my custom C# checker doesn't display in Klocwork Desktop help
    • Database issues
      • Database connection error
      • Database loading and propagation errors
      • Database loading stage failed
      • Lost connection to MySQL server at 'XXX', system error
      • Migration error: Database server fails to start
    • Desktop synchronization troubleshooting
      • Cannot connect to server - server is not available
      • Cannot connect to server - Unable to get Klocwork Server - Incompatible client version
      • Cannot perform project synchronization - Failed to read the buildspec file - Variable is not defined
      • Cannot perform project synchronization - Failed to synchronize - No files found
      • Cannot perform project synchronization - No common files with a project on the Klocwork Server
      • Cannot perform project synchronization - No system builds exist for the project
      • Desktop and server file mapping
      • Recreate your build specification
    • Eclipse troubleshooting
      • Eclipse 3.6.0 with LDAP crashes if Reviewers field is clicked after selecting a reviewer name
      • Eclipse hangs when trying to install Klocwork plug-in on machine with no internet access
      • Eclipse plug-in requires the MSVC redistributable package
      • Eclipse update site fails when downloading from a secure server
      • Installing the Eclipse update site after upgrading Eclipse
      • Path to installation is not set - Eclipse
      • Toolbar on views does not display properly on 64-bit Ubuntu
    • IntelliJ IDEA troubleshooting
      • Cannot access issue help from IntelliJ IDEA 11.1.1 or 11.1.2
      • Cannot find Japanese version of IntelliJ IDEA plug-in
      • Cannot start analysis - the JDK is not specified for selected modules (IntelliJ IDEA)
      • Error trying to import taxonomy file using IDEA 2020.2
      • Help links for detected issues don't work in IntelliJ IDEA 11.1
      • Klocwork icons may not appear on menu bars in IntelliJ IDEA 12
      • PDF links don't work in the help for IntelliJ IDEA
      • Server settings are not specified error message in IntelliJ IDEA
      • URLs to external sites don't work in the help for IntelliJ IDEA
    • Klocwork Desktop issues
      • Failed to start agent on port
      • Project name not saved when using non-default location
      • Why are my files grayed out in the Project Navigator?
      • Why can't I analyze my files or project in Klocwork Desktop?
    • Licensing issues
      • Can't connect to License Server
      • Desktop licensing problems
      • kwlef error states license is not valid
      • License Server error when shutting down host Windows machine
      • Why can't I get a license?
    • Multibyte character issues
      • Cannot connect to the Klocwork server and host name contains multibyte characters
      • Installation fails when path contains multibyte characters
    • Static Code Analysis issues
      • Cannot edit custom folder names for reports
      • Cannot search for severities in Klocwork Static Code Analysis
      • Empty report or issue list in Klocwork Static Code Analysis
      • Internet Explorer does not list project names if Server host name contains underscore
      • No legend printed with Klocwork Static Code Analysis reports
      • Slow performance in Klocwork Static Code Analysis
      • Unable to log in to Klocwork Static Code Analysis after setting up basic access control
    • Visual Studio troubleshooting
      • Cannot access issue help with F1 in Visual Studio
      • Cannot access Klocwork Properties in Visual Studio
      • Cannot create a file when that file already exists
      • Cannot see Klocwork windows in Visual Studio
      • Klocwork Help registration could not acquire the location of the Help Viewer
      • Kwvcprojparser message Project file is not found. Skipping
      • Package Load Failure occurs in Visual Studio after I install patch
      • This project item is not a candidate for analysis

   EN   JP   CN

What's new in Klocwork 2020.3

In this topic:
  • Java
  • CWE Top 25
  • C# enhancements
  • C/C++ analysis improvements
  • MISRA C 2012 Amendment 2 (C11)
  • Option to rebuild Lucene index
  • Klocwork checker improvements
  • Taxonomy improvements
  • Improvements to supported compilers
  • Changes to the Path API
  • Solaris and AIX support
  • Licensing
  • Maintenance for Klocwork 2018 ended
  • Portal licensing changes
  • Changes to system requirements

Here are the highlights for Klocwork 2020.3. If you're upgrading, also see the Limitations for items that affect how you use Klocwork.

Java

Building on our improvements to have full support for Java 9 in Klocwork 2020.2, we have added partial support up to Java 11.

We've made improvements to better support for Java constructions such as
  • enums
  • interfaces
  • annotations
  • lambda functions
  • wildcards
We've added a substantial number of new checkers that map to the 2019 CWE Top 25 Most Dangerous Software Errors:
  • CWE-611: SV.XXE.DBF, SV.XXE.SF, SV.XXE.SPF, SV.XXE.TF, SV.XXE.XIF, SV.XXE.XRF
  • CWE-426: SV.EXEC.PATH
  • CWE-400: JD.INF.ALLOC
  • CWE-20: SV.LOADLIB.INJ

We improved the 2019 top-25 CWE taxonomy for Java by simplifying the mapping structure, mapping existing checkers SV.PASSWD.PLAIN and SV.WEAK.CRYPT to CWE-287, and correcting a small number of incorrect mappings.

We've also made improvements to existing checkers:
  • split JD.CAST.COL into JD.CAST.COL.MIGHT and JD.CAST.COL.MUST
  • reduced false positives for SV.EXPOSE.MUTABLEFIELD

CWE Top 25

The checkers we've developed for Java and C# add coverage for several additional 2019 CWE Top 25 Most Dangerous Software Errors. For more information, see 2019 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers.

C# enhancements

In this release we've continued improving support for C# by
  • developing six new security-focused checkers that map to the 2019 CWE Top 25 Most Dangerous Software Errors
  • improving analysis accuracy
  • adding support for custom Path checkers in C# analysis. For help developing custom Path checkers, contact Static Code Analysis Professional Services to discuss assistance via a services engagement.

C/C++ analysis improvements

We have updated our C/C++ Logical Error Finder to 64-bit on Windows, which enables Klocwork analysis to run to completion on very large and complex compilation units. We also now support 64-bit custom checkers.

We have seen minor performance improvements on some of our OSS test projects.

We've also improved how we handle new and delete keywords and initializer lists.

MISRA C 2012 Amendment 2 (C11)

We've added a new taxonomy that maps Klocwork checkers to MISRA C 2012 Amendment 2 (C11). For more information, see MISRA-C 2012 with Amendment 2 (C11) checker reference.

Option to rebuild Lucene index

We've added an option to the dbvalidate tool that rebuilds the Lucene index for the specified project, which often reduces the size of the index. For more information, see Validate your database (mandatory).

Klocwork checker improvements

From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change as accuracy and coverage improve.

New Klocwork checkers

Checker Description
CS.INFORMATION_EXPOSURE.ALLThis C# checker flags potentially unintended logging or printing to the console of any program data.
CS.INFORMATION_EXPOSURE.ATTRThis C# checker flags potentially unintended logging or printing to the console of data fields specifically marked with the attribute [SecurityCritical] or [SecuritySafeCritical].
CS.RESOURCE.LOOP This C# checker reports a defect whenever any object is created inside the body of a loop that has no explicit exit condition.
CS.SV.TAINTED.CALL.GLOBALThis C# checker flags whenever tainted data is used to assign a globally visible data field via a function call.
CS.SV.TAINTED.GLOBALThis C# checker flags whenever tainted data is used to assign a globally visible data field.
CS.SV.TAINTED.LOOP_BOUND.RESOURCEThis C# checker flags code where an unvalidated argument is used as a loop boundary while any resource, managed or unmanaged, is allocated within the loop.
JD.CAST.COL.MIGHTThis Java checker flags when more than one type is stored in the same collection (Map or List) and at least one of the stored types is related to the type used for a type cast.
JD.CAST.COL.MUSTThis Java checker flags when none of the types used to store values in collections is related to the type used in an immediate cast.
JD.INF.ALLOCThis Java checker flags when large sections of memory are consumed within an infinite loop and there is no verification of available memory.
SV.EXEC.PATHThis Java checker flags when an application searches for critical resources by using a short or relative path that can point to resources that are not under the application's direct control.
SV.LOADLIB.INJThis Java checker flags the use of ‘System.loadLibrary’ or ‘Runtime.loadLibrary’, both of which are vulnerable to environment injection.

SV.TAINTED.XSS.REFLECTED

This C/C++ checker flags potential cross-site scripting issues for CGI scripts (web servers that use a Common Gateway Interface).
SV.XXE.DBFThis Java checker flags when XML input is processed by a weakly-configured XML parser, DocumentBuilderFactory.
SV.XXE.SFThis Java checker flags when XML input is processed by a weakly-configured XML parser, SchemaFactory.
SV.XXE.SPFThis Java checker flags when XML input is processed by a weakly-configured XML parser, SAXParserFactory.
SV.XXE.TFThis Java checker flags when XML input is processed by a weakly-configured XML parser, TransformerFactory.
SV.XXE.XIFThis Java checker flags when XML input is processed by a weakly-configured XML parser, XMLInputFactory.
SV.XXE.XRFThis Java checker flags when XML input is processed by a weakly-configured XML parser, XMLReaderFactory.

Modified Klocwork checkers

Checker Description
CWARN.BITOP.SIZEFewer false positives are expected
LV_UNUSED.GENFewer false positives are expected
MISRA.COMP.WRAPAROUNDFewer false positives are expected
MISRA.CVALUE.IMPL.CASTNew defects detected and fewer false positives are expected
MISRA.ETYPE.ASSIGN.2012New defects detected
MISRA.FUNC.NOPROT.CALLFewer false positives are expected
NPD.FUNC.MUSTNew defects detected and fewer false positives are expected
STRONG.TYPE.ASSIGN.INITFewer false positives are expected
STRONG.TYPE.ASSIGN.RETURNFewer false positives are expected
SV.EXPOSE.MUTABLEFIELDFewer false positives are expected
UNINIT.STACK.MUSTFewer false positives are expected

Enabled or disabled checkers

The following checkers were added to the default enabled field of the checker configuration files for this release:
  • CS.INFORMATION_EXPOSURE.ATTR
  • CS.RESOURCE.LOOP
  • CS.SV.TAINTED.LOOP_BOUND.RESOURCE
  • JD.CAST.COL.MUST
  • JD.INF.ALLOC
  • SV.EXEC.PATH
  • SV.LOADLIB.INJ
  • SV.XXE.DBF
  • SV.XXE.SF
  • SV.XXE.SPF
  • SV.XXE.TF
  • SV.XXE.XIF
  • SV.XXE.XRF

The checker JD.CAST.COL is deprecated; use JD.CAST.COL.MIGHT and JD.CAST.COL.MUST instead.

The checkers CS.WRONG.CAST and CS.WRONG.CAST.MIGHT are no longer enabled by default.

Taxonomy improvements

As part of our installation, we offer several custom taxonomy files that map our checkers to standards such as MISRA, CWE, OWASP, and DISA STIG.

Taxonomy New/Updated
  • cwe_2019_top_25_cs.tconf and cwe_2019_top_25_cs_ja.tconf
  • cwe_all_cs.tconf and cwe_all_cs_ja.tconf

We added references to the following checkers:

CWE-20
  • CS.SV.TAINTED.CALL.GLOBAL
  • CS.SV.TAINTED.GLOBAL
  • CS.SV.TAINTED.LOOP_BOUND.RESOURCE
CWE-200:
  • CS.INFORMATION_EXPOSURE.ALL
  • CS.INFORMATION_EXPOSURE.ATTR
CWE-400
  • CS.RESOURCE.LOOP
  • CS.SV.TAINTED.LOOP_BOUND.RESOURCE
  • cwe_2019_top_25_java.tconf and cwe_2019_top_25_java_ja.tconf
  • cwe_all_java.tconf and cwe_all_java_ja.tconf

We added references to the following checkers:

CWE-20
  • SV.STRUTS.NOTVALID
  • SV.STRUTS.VALIDMET
  • SV.DOS.ARRINDEX
  • SV.LOADLIB.INJ
CWE-200
  • SV.IL.DEV
  • SV.IL.FILE
CWE-287
  • SV.PASSWD.PLAIN
  • SV.WEAK.CRYPT
CWE-400
  • JD.INF.ALLOC
CWE-426
  • SV.EXEC.PATH
CWE-611
  • SV.XXE.DBF
  • SV.XXE.SF
  • SV.XXE.SPF
  • SV.XXE.TF
  • SV.XXE.XIF
  • SV.XXE.XRF

Updated the reference for SV.CSRF.GET to map to CWE-352.

We updated the reference for RLK.FIELD to map to CWE-772.

For cwe_all_java.tconf and cwe_all_java_ja.tconf we also mapped the checker SV.LOADLIB.INJ to CWE-114.

misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconfThese are new taxonomies that map Klocwork checkers to MISRA C:2012 Amendment 2.

Improvements to supported compilers

We've improved support for the following compilers:

  • Clang
  • GNU

For the full list of supported C/C++ compilers, see C/C++ compilers supported for build integration.

Changes to the Path API

In Klocwork 2016, we made a number of changes to the C++ version of our Path API. Chapter 2 of the Klocwork C/C++ Path Analysis API Reference contains a list of deprecated functions and provides a proposed replacement for each. As of Klocwork 2020.3, these functions are fully deprecated and checkers will fail to load if one of the deprecated methods is used. For more information, see Important changes to the Path API in version 11.2.

Solaris and AIX support

Downloads for Solaris and AIX are now by request. To obtain Solaris or AIX product downloads, please contact Klocwork Customer Support.

Solaris installation packages, build tools, and desktop tools are available for Klocwork release 2020.1. Downloads are not available for later releases.

Licensing

2019 licenses are not compatible with Klocwork 2020.4. You need a new license to use the latest version of the product. Contact license@perforce.com to obtain a new license.

We upgraded the version of FlexNet Publisher that we support for Windows and Linux to version 2018 R4 (11.16.2). If you are using your own FlexNet Publisher license server, ensure you upgrade to this or a newer version. You can also use the license server included with Klocwork 2020.1 and beyond.

Maintenance for Klocwork 2018 ended

Maintenance for all versions of Klocwork 2018 ended February 29, 2020. The end of maintenance (EOM) date and end of sale (EOS) date was also February 29, 2020. For information about the availability of support for any release of Klocwork, see the Klocwork Product Lifecycle.

Portal licensing changes

Klocwork has implemented additional licensing checks related to running the Klocwork Server, which, among other things, underpins the Klocwork portal. We recommend you validate your licensing needs to ensure you have a sufficient number of web service licenses.

Changes to system requirements

This section lists changes to the system requirements. For the complete list of supported versions, see System Requirements. We've added support for the following:
  • Windows 10 versions above 1909 to 2004
  • Debian 10.4
  • Red Hat Enterprise Linux versions 7.8 and 8.2
  • Oracle Linux versions 7.8 and 8.2
  • CentOS versions 7.8 and 8.2
  • Ubuntu 20.04 LTS
  • Fedora 32
  • OpenSUSE Leap 15.2
  • Eclipse version 4.16
  • Android Studio versions above 3.6 to 4.0
  • Visual Studio 2017 versions up to 15.9.24
  • Visual Studio 2019 versions up to 16.6.3
  • IntelliJ IDEA 2019 versions above 19.3.3 to 19.3.5
  • IntelliJ IDEA 2020.1 versions up to 2020.1.2
  • Wind River Workbench 4 SR0640
  • CLion 2020.1 version 2020.1.2
  • Internet Explorer versions above 11.0.175 to 11.0.195
  • Edge versions 81.x and 83.x
  • Firefox versions 78.x
  • Chrome versions above 80.x to 83.x
  • Jenkins versions above 2.204.5 to 2.243
  • Gradle versions above 6.2.1 to 6.5.1
We no longer provide support for the following:
  • Windows 10, version 1803
  • Ubuntu version 19.10
  • Fedora 30
  • SUSE Enterprise 12 SP1
  • Eclipse versions 3.4 to 3.7
Parent topic: What's new in Klocwork 2020.4
Next topic: What's new in Klocwork 2020.2

Company

  • Visit Rogue Wave.com
  • Company News
  • Privacy
  • FAQ
  • Sitemap
  • Contact Rogue Wave Support
  • For problems with this website contact support@roguewave.com
  • Phone support: 1.303.545.3205
  • US and Canada: 1.800.404.4767
  • Japan: +81 (0) 3 5211 7761

© Perforce Software, Inc. All rights reserved.