Import external defects with kwdefectimport
| In this topic: |
Import external defects with kwdefectimport
You can use Kwdefectimport to import a list of external defects into Klocwork. These are defects that were discovered by an external tool or process, independent of Klocwork.
You run Kwdefectimport on the command line at build time after Kwbuildproject and before kwadmin -load. When run, it uses the data in the artifacts (tables and files) that are created by kwbuildproject, then creates new problem data for kwadmin to load.
Importing external defects into Klocwork involves the following steps:
- Creating or obtaining a listing of defects. Depending on your implementation, this list can be any format such as a file, a stream, or a port.
- Creating a .pconf checker configuration file onto which the defects are mapped to checkers.
- Creating a defect parser that implements the interface com.klocwork.defectimport.IDefectParser to parse the defect listing file.
- Running kwdefectimport as part of your analysis, after kwbuildproject but before kwadmin -load.
Working with source defect files
While the exact format of your defect source can vary, the data must be valid and it must contain at least the following four elements per defect:
| Element | Description |
|---|---|
| Defect code | A string representing the high-level category of the defect. In the example below, the defect code is represented by the element <ErrorId>. |
| File name |
The absolute path and file name or a relative path and file name of the source file that contains the current defect. If you specify the --working-directory argument to kwdefectimport, the file name is considered a relative link (relative to the value specified in the argument). If you don't specify a working directory, the file name must be an absolute path. In the example below, the file name is represented by the F attribute. |
| Line number |
The line number (in the source file) that contains the defect. In the example below, the file name is represented by the L attribute. |
| Message | Optional. The message explaining the defect. The message is displayed within Klocwork and provides context to the user. |
The following listing shows a typical defect source file.
<ErrorId Id="ERR_TYP_TIMER_NOT_ACTIVE" NumberOfEntries="4"> <Msg F="czagenmx.sdl" L="2786" S="C">timer t_wf_czg not activated in any path</Msg> <Msg F="czahanmx.sdl" L="5051" S="C">timer t_wf_czg_sup_ack not activated in any path</Msg> <Msg F="czahanmx.sdl" L="5074" S="C">timer t_wf_czg_sup_ack not activated in any path</Msg> <Msg F="czahanmx.sdl" L="5092" S="C">timer t_wf_czg_sup_ack not activated in any path</Msg> </ErrorId>
Create a taxonomy
Before you can import defects, you must define the defect taxonomies, categories, and defect types with which the external defects will be associated. This is done by creating a .pconf file, which is an XML file that defines the categories and severity types of the defect, and contains the error message that is displayed to the user.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<checkers version="1.4">
<severitytable max="10" warningStart="3" locale="en">
<severity name="Critical" number="1"/>
...
</severitytable>
<categories name="TN SDL SDT" locale="en">
<category name="Err.Lex.Tn">
<error id="ERR_LEX_COM_IN_COM"/>
<error id="ERR_LEX_LONG_ID"/>
<error id="ERR_LEX_RESERVED"/>
</category>
...
</categories>
<checkergroup api="none" id="TN.DEFAULT.CHECKERGROUP" language="SDL/SDT">
<checker id="ERR.LEX.TN">
<error autogroupby="0" enabled="true" id="ERR_LEX_LONG_ID" severity="3">
<title locale="en" text="ID longer than 31 characters"/>
<title locale="ja" text="ID longer than 31 characters"/>
<message locale="en" text="{0}"/>
<message locale="ja" text="{0}"/>
</error>
<error autogroupby="0" enabled="true" id="ERR_LEX_RESERVED" severity="3">
<title locale="en" text="ID is reserved in ANSI C"/>
<title locale="ja" text="ID is reserved in ANSI C"/>
<message locale="en" text="{0}"/>
<message locale="ja" text="{0}"/>
</error>
<error autogroupby="0" enabled="true" id="ERR_LEX_COM_IN_COM" severity="3">
<title locale="en" text="Missing close comment"/>
<title locale="ja" text="Missing close comment"/>
<message locale="en" text="{0}"/>
<message locale="ja" text="{0}"/>
</error>
</checker>
...
</checkergroup>
</checkers>
| Element | Description |
|---|---|
| <severitytable> | Defines the severity hierarchy. |
| <categories> | Defines a set of checker categories, where each category contains a set of related checkers. Typically categories are used to organize checkers by function. For example, "Precision loss" or "Dangerous Type casts". These are typically user-defined. |
| <checkergroup> | Defines a group of related checkers. For example, "builtin C# path checkers". These are typically user-defined. |
Create your .pconf file
Follow the walk-through below to create and import your .pconf file.
- Create an XML file to contain the checker configuration information. You can start with an existing configuration file and a text editor, or you can use the Klocwork configuration editor to create your .pconf file.
For more information about creating and modifying a taxonomy, see Configuring checkers for the integration build analysis.
- Add the <severitytable> element to your .pconf file. This is the first child of the root element. You can leave this section as is since the severity levels may be arbitrary depending on your workflow.
<severitytable max="10" warningStart="3" locale="en"> <severity name="Critical" number="1"/> <severity name="Error" number="2"/> <severity name="Warning" number="3"/> <severity name="Review" number="4"/> <severity name="Severity 5" number="5"/> <severity name="Severity 6" number="6"/> <severity name="Severity 7" number="7"/> <severity name="Severity 8" number="8"/> <severity name="Severity 9" number="9"/> <severity name="Severity 10" number="10"/> </severitytable>
- Add the <categories> element to your .pconf file:
<categories name="TN SDL SDT" locale="en"> <category name="Err.Sym.Tn"> <error id="ERR_SYM_NO_TERMINATOR"/> <error id="ERR_SYM_EXP_UNCHANGED"/> <error id="ERR_SYM_ENUM_LACK_ANSWER"/> <error id="ERR_SYM_UNREACHABLE_STATEMENT"/> </category> </categories>- The <categories> element contains <category> elements that define the actual checker categories. The name attribute of both the <categories> and <category> element and is user-defined. You should specify a name for the <category> that represents the defect types it will contain.
- The id attribute of the <error> element is a direct mapping to the <ErrorID> specified in the external defect listing.
- Add the <checkergroup> element to your .pconf file:
<checkergroup api="none" id="TN.DEFAULT.CHECKERGROUP" language="SDL/SDT"> <checker id="ERR.LEX.TN"> <error autogroupby="0" enabled="true" id="ERR_LEX_LONG_ID" severity="3"> <title locale="en" text="ID longer than 31 characters"/> <title locale="ja" text="ID longer than 31 characters"/> <message locale="en" text="{0}"/> <message locale="ja" text="{0}"/> </error> <error autogroupby="0" enabled="true" id="ERR_LEX_RESERVED" severity="3"> <title locale="en" text="ID is reserved in ANSI C"/> <title locale="ja" text="ID is reserved in ANSI C"/> <message locale="en" text="{0}"/> <message locale="ja" text="{0}"/> </error> </checker>The elements in <checkergroup> are described in the tables below:Element Attributes <checkergroup> - api
- specify "none" to indicate that no checker should be executed.
- id
- user-defined
- language
- user-defined, typically represents the programming language of the source code.
<checker> - id
- user-defined, but typically represents the name of the group of defect types it encapsulates.
<error> - autogroupby
- set to 0.
- enabled
- set to true.
- id
- the id attribute of the <error> element is a direct mapping to the <ErrorID> specified in the external defect listing.
- severity
- a value based on the interpretation of the severity levels defined in the defects listing file.
<title> - locale
- the locale code of the title string. For example, "en" or "ja".
- text
- a string that provides a simple overview of the defect.
<message> - locale
- the locale code of the title string. For example, "en" or "ja".
- text
- A string that provides a simple overview of the defect or {0} to pass the message specified in the defect listing. Since the defect messages have already been generated and the objective is just to associate the text of the message with lines in source files, the message is simply passed as a variable.
- Save your XML file and copy it to the /plugins directory in your Klocwork install path.
Create a defect parser
Iterator<SourceDefect> getDefects();Therefore, the parser must prepare this Iterator from within its constructor. In the example below, see the call to the implementation-specific method, parse(), from within the constructor.
Sample parser
In this complete example of a parser, the defects are exported as XML. The implementation of IDefectParser extends SAX's DefaultHandler:
package com.thirdparty.defectexport.parser;
import com.klocwork.defectimport.IDefectParser;
import com.klocwork.defectimport.SourceDefect;
import org.jetbrains.annotations.NonNls;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
import org.xml.sax.helpers.DefaultHandler;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import java.io.File;
import java.io.IOException;
import java.util.*;
public class ThirdPartyKlocworkDefectParser extends DefaultHandler implements IDefectParser {
//where the listing of the source defects resides (file, stream?, port?, etc)
private final String defectsSource;
//list of items discovered at the defectsSource, each of which having been converted to a SourceDefect
private final List<SourceDefect> sourceDefects = new ArrayList<SourceDefect>();
private SourceDefect sourceDefect;
private boolean inByErrorId;
private boolean inMsg;
private String currentErrorId = "";
StringBuilder buffer = new StringBuilder(1024);
public ThirdPartyKlocworkDefectParser (final String defectsSource) throws ParserConfigurationException, SAXException, IOException {
this.defectsSource = defectsSource;
parse();
}
@Override
public void startElement(final String uri, final String localName, final String qName, final Attributes atts) throws SAXException
{
buffer.setLength(0);
if(localName.equals(ELEM_BY_ERROR_ID)){
inByErrorId = true;
}
if(inByErrorId && localName.equals(ELEM_ERROR_ID)){
final String attributeId = atts.getValue(ATTR_ID);
if(!attributeId.equals(currentErrorId)){
currentErrorId = attributeId;
}
}
if(inByErrorId && localName.equals(ELEM_MSG)){
inMsg = true;
sourceDefect = new SourceDefect();
sourceDefect.setErrorId(currentErrorId);
final String fileName = atts.getValue(ATTR_FILE);
sourceDefect.setFileName(fileName);
sourceDefect.setLineNumber(Integer.valueOf(atts.getValue(ATTR_LINE)));
sourceDefect.setMessage(qName);
}
}
@Override
public void endElement (final String uri, final String localName, final String qName)
throws SAXException
{
if(inByErrorId && localName.equals(ELEM_MSG)){
sourceDefect.setMessage(buffer.toString());
sourceDefects.add(sourceDefect);
inMsg = false;
}
}
@Override
public void characters(final char[] ch, final int start, final int length) throws SAXException {
if(inByErrorId && inMsg){
buffer.append(ch, start, length);
}
}
@Override
public Iterator<SourceDefect> getDefects() {
return Collections.unmodifiableCollection(sourceDefects).iterator();
}
private void parse() throws ParserConfigurationException, SAXException, IOException {
final SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setNamespaceAware(true);
final SAXParser parser = spf.newSAXParser();
final XMLReader reader = parser.getXMLReader();
reader.setContentHandler(this);
reader.parse(new File(defectsSource).toURI().toURL().toString());
}
@Override
public void close() {
//not required for this implementation
}
@SuppressWarnings("HardCodedStringLiteral")
@NonNls
private static final String ELEM_BY_ERROR_ID = "ByErrorId";
@SuppressWarnings("HardCodedStringLiteral")
@NonNls
private static final String ELEM_ERROR_ID = "ErrorId";
@SuppressWarnings("HardCodedStringLiteral")
@NonNls
private static final String ATTR_ID = "Id";
@SuppressWarnings("HardCodedStringLiteral")
@NonNls
private static final String ELEM_MSG = "Msg";
@SuppressWarnings("HardCodedStringLiteral")
@NonNls
private static final String ATTR_FILE = "F";
@SuppressWarnings("HardCodedStringLiteral")
@NonNls
private static final String ATTR_LINE = "L";
}
Import the defects
Once you've defined your external defects file, you've mapped those defects to a checker configuration, and you've written your parser, you can run kwdefectimport to import the external defects into Klocwork. You run Kwdefectimport from the command line, after running Kwbuildproject, but before running kwadmin -load:
At runtime, kwdefectimport opens the source defects listing file, reads the defect types and maps them to the appropriate source file and line of code. In the tables directory the files file.dat, and entity.dat are modified. Defects are written to a new file called problem_ext.pbf which is then loaded by kwadmin -load.
Run kwdefectimport on the command line
The following example shows kwdefectimport run from the command line:
kwdefectimport --tables-directory "C:/Klocwork/Server XY.Z/projects_root/projects/abc_main" --working-directory "C:/_workspaces/ABC_Main/src" --parser-class com.klocwork.defectimport.parser.TNSDLDefectParser --rejected-defects C:/tables/rejecteddefects.json --ext-libs "C:/Klocwork/lib/kwdefectimport.jar" --ext-libs "C:/Klocwork/lib/another_required_library.jar" "C:\already_analyzed_defects_in_proprietary_format\defects_01.xml" "C:\already_analyzed_defects_in_proprietary_format\defects_02.xml
For more information about running kwdefectimport and for a complete description of the options, see Kwdefectimport.
Running kwdefectimport as part of an automated build
If you include kwdefectimport as a regular part of your automated Klocwork tool chain (between kwbuildproject and kwadmin -load), you will require kwdefectimport's exit code to determine whether to continue. See Kwdefectimport for a complete list of error codes.
The following example uses a DOS batch script to demonstrate how to use the exit code to determine the action to take based on the exit code. In this example, there are 2 batch files: caller.bat and run_kwdefectimport.bat The file caller.bat is responsible for executing kwdefectimport and returning its exit code to the caller. The file run_kwdefectimport.bat calls caller.bat and then makes execution decisions based on thecaller.bat's exit code.
run_kwdefectimport.bat
@echo off set errorlevel= "C:\Klocwork\Server 12.0\bin\kwdefectimport.exe" --tables-directory C:\tables\20131024 --working-directory "C:/_workspaces/Main/REP/sources/kwdefectimport/test_resources/source_dir" --parser-class com.klocwork.defectimport.parser.TNSDLDefectParser --rejected-defects C:/tables/rejecteddefects.json "C:/_workspaces/Main/REP/sources/kwdefectimport/test_resources/sdl_defects/tncheck.xml" exit /b %errorlevel%
caller.bat
caller.bat @echo off call run_kwdefectimport.bat echo Exit Code is %errorlevel% set atemp=%errorlevel% echo atemp is %atemp% set BUILD_FAILED_EXIT_CODE=1 set DEFECT_TYPES_NOT_REGISTERED_EXIT_CODE=16 set DUPLICATE_DEFECTS_FOUND_EXIT_CODE=32 set SOURCE_FILES_NOT_FOUND_EXIT_CODE=64 set SOURCE_FILES_NOT_REFERENCED_EXIT_CODE=128 set /A critical="%atemp%&%BUILD_FAILED_EXIT_CODE%" set /A dnr="%atemp%&%DEFECT_TYPES_NOT_REGISTERED_EXIT_CODE%" set /A dup="%atemp%&%DUPLICATE_DEFECTS_FOUND_EXIT_CODE%" set /A snf="%atemp%&%SOURCE_FILES_NOT_FOUND_EXIT_CODE%" set /A snr="%atemp%&%SOURCE_FILES_NOT_REFERENCED_EXIT_CODE%" echo dnr %dnr% echo dup %dup% echo snf %snf% echo snr %snr% if "%dnr%" == "%DEFECT_TYPES_NOT_REGISTERED_EXIT_CODE%" echo Defect type(s) not registered rem if "%dnr%" == 16 goto whatever_you_want_to_do_with_this_case if "%dup%" == "%DUPLICATE_DEFECTS_FOUND_EXIT_CODE%" echo Duplicate defect(s) found rem as above if "%snf%" == "%SOURCE_FILES_NOT_FOUND_EXIT_CODE%" echo Source file(s) not found rem as above if "%snr%" == "%SOURCE_FILES_NOT_REFERENCED_EXIT_CODE%" echo Source file(s) not referenced rem as above if "%critical%" == "1" echo BUILD FAILED rem You probably don't want to continue REM place actions to take here pause rem Pause would _not_ be used in a production environment