What's New in Perforce QAC

Latest Features in Static Analysis

Get Email Updates
Image alt text

What’s New in Perforce QAC

Helix QAC is now Perforce QAC. You've probably noticed that Perforce recently refreshed our brand with a new logo and color palette. Now, we're taking one more step toward unifying the Perforce portfolio by simplifying some of our product names. Accordingly, Helix QAC is now simply "Perforce QAC."

While our logo and product names have changed, our commitment to providing a trusted static analysis solution remains the same. You'll see the new name rolled out gradually across our webpages, documentation, and the Perforce QAC product over the coming months. 

 

Get the full release notes, download instructions, and upgraded licenses.

Request New Release

What's New in Perforce QAC 2025.1

Helix QAC is now Perforce QAC, and the product will be updated in future releases to reflect the new name and logo. For 2025.1, the product packages still include the Helix QAC naming. 

 

Perforce QAC 2025.1 delivers 100% coverage of the newly published MISRA C:2025® guidelines with a corresponding new compliance module. This release also includes expanded coverage for CERT C Level 1 recommendations and changes to licensing related to integration with the Perforce Validate platform for use in CI/CD environments. In addition, Validate introduces new support for group synchronization with SAML/OIDC and performance improvements to reduce build load times and server storage usage. 

 

Coding Standards Coverage (MISRA C:2025®, CERT C)

MISRA C:2025

The new MC25CM compliance module is available with Perforce QAC 2025.1 and provides 100% enforcement of MISRA C:2025 which includes new rules, changes to selected existing rules, and reorganization of some guidelines between categories. 

 

CERT C Recommendations 

Perforce QAC 2025.1 includes improved coverage for CERT C with full coverage of Level 1 recommendations. Perforce QAC already provides 100% coverage of all CERT C rules. 

 

Server Analysis Licensing

The product licensing has been updated to more clearly distinguish between desktop usage and server analysis for CI/CD pipelines. This enables an appropriate mix of user and server build licenses to be chosen to meet the needs of your development workflows and environment. Please contact sales for details regarding the licenses required for the server build functionality when used with Validate.  

 

The Reprise License Manager (RLM) server has also been updated to the latest version, 16.1BL1. 

 

Language Feature Support

This release includes several improvements for handling of C and C++ language features and constructs including: 

  • Improved constant evaluation analysis for constexpr for C++ analysis.
  • Improved handling of entity names for cross module analysis in projects that include a mix of C and C++.
  • New Dataflow analysis has been added to check for whether a different member of a union than the one which was last set is accessed. 

 

Validate Platform Improvements and Functionality

Validate Groups Authorization Integration With SAML/OIDC

Validate now supports group synchronization with SAML and OIDC authentication, allowing user group memberships to be automatically fetched from the identity provider (IdP) during login.  Group synchronization is opt-in and the steps for configuring the integration is described in the documentation

 

Reduced Build Load Times and Disk Usage

Validate includes optimizations and customization options to reduce load times and disk usage for builds on the Validate server.  Testing with representative projects showed that medium to large projects load up to 40% faster, with disk usage reduced by 10-20%.  The metrics that are loaded with a build can also be customized using a new configuration file per project as described in the documentation to achieve further reductions. 

 

Configurability of Issue Statuses for Counts and Reporting 

A new configuration file has been added to the Validate server to allow customization of how issue statuses are used, namely: 

  • Modifying statuses that determine Open counts in Validate for projects, views, builds, and CI builds.
  • Defining how compliance report deviations and violations are calculated. 

 

There are also other improvements to compliance reports to include additional data about the view applied when generating the report, such as view name, search query, and module definitions. 

 

Quality of Life Enhancements 

Improved Support for Compilers 

  • TI C7000
  • Tasking carm
  • Keil armcc
  • Green Hills compiler versions earlier than 2018 

 

Build System Integration

  • Updates to the Bazel synchronization method for better handling of include folders and build arguments. 

     

Validate Integration

  • Improved support for Japanese projects and file encodings.

 

GUI

  • GUI field values/paths are persisted between sessions for improved user experience.
  • Improved syntax highlighting for C++ code. 

 

CLI

  • Performance enhancements to ‘qacli analyze’ and ‘qacli view’.
  • Improved validation of ‘qacli baseline’ arguments.

 

Eclipse IDE Plugin

  • Support for Eclipse 2024-12.

 

Visual Studio IDE Plugin

  • Improved validation of paths for report generation and project creation dialogs.

 

Operating System Support

  • Official support added for Windows 11 24H2.

 

Important Changes in Perforce QAC 2025.1

License Management Changes

The following changes to licensing have been introduced in 2025.1: 

  • A new installer for the RLM v16.1BL1 server is made available together with the Perforce QAC 2025.1 release. It is necessary to upgrade to this server version if using Perforce QAC with Validate 2025.1. Older versions of Perforce QAC can also be used with the new RLM 16.1BL1 server.
  • License features are now year-based and will show as 25.0 for versions.
  • 2024 licenses are not compatible with Perforce QAC 2025.1 or newer, and it is necessary to request a new license by contacting Perforce at [email protected].
  • Due to changes in the licensing, it is not possible to use compliance modules from 2024.4 and earlier with Perforce QAC 2025.1, and it is necessary to upgrade to the matching version of the compliance modules. 

 

End-of-Life Announcements

QACLI Command Removal 

The following commands have been removed as of 2025.1: 

  • ‘qacli upload --validate’ has been removed.  It is necessary to use ‘qacli validate build’ or ‘qacli validate cibuild’ and have a server build license to analyse and upload to Validate. 

 

Pre-Announcements 

Change of Product Name to Perforce QAC in 2025.2

From 2025.2, the product will reflect the change of the name from Helix QAC to Perforce QAC and the new logo. The installers and user interfaces will be updated to reference Perforce QAC and the installation and user data directory names will change to 'QAC-[version]' rather than 'Helix-QAC-[version]'. 

 

Deprecation of DIAGLIST, ANNSRC, and SARIF Output Types for 'qacli view'

As of 2025.1, the output types for DIAGLIST, ANNSRC and SARIF for ‘qacli view’ are deprecated and will be removed in the 2026.1 release, which is expected at the end of Q1 2026.  These types are only currently accessible when using an appropriate license.  It is recommended to prepare for this change by using projects with Validate for managing analysis results centrally and it provides a means to export selected results records using the Validate Web API. 

What's New in Perforce QAC 2024.4

Helix QAC 2024.4 brings a new build synchronization method to support the Bazel build system and improved support for several compilers for configuration generation.

This release also includes improved language feature support for C and C++ to enable more accurate analysis and many Quality of Life enhancements throughout the product. 

Analyze Projects Built With Bazel 

The 2024.4 release introduces improvements to analyze projects that use the Bazel build system. A new build synchronization method has been added to populate a Helix QAC project based upon an existing local Bazel build, with additional details provided in the documentation.

Language Feature Support 

This release includes several improvements for the handling of C and C++ language features and constructs including: 

  • Handling of the # character in arguments to an assembly language macro construct.
  • Improved support for standard (C99 and later) variadic macros.
  • New option to allow Helix QAC to be configured to match template parameters according to C++14 and earlier.
  • Added support for the GCC__attribute__ and Microsoft __declspec keywords, allowing them to be used in attribute specifiers.
  • Improved default constructor detection.
  • Improved Dataflow modeling when using strlen and atoi standard library functions.

Validate Platform Improvements and Functionality

Back Up Projects and Server Information With Minimal Downtime

To minimize downtime, you can safely back up Validate project and server data without having to stop the server. Scripts are provided to back up individual projects or Validate server configurations and restore them later as described in the documentation

Improved Workflow for Application Token Authentication

Authenticating a client in automated environments is now more streamlined and secure. This enhancement is especially useful for setups like Docker container deployments. 

You can securely authenticate a client by storing the application token in a secret storage system such as Docker Secrets, then use your system's automated interaction methods to pass the token using the validate auth -t command.

Quality of Life Enhancements

Improved Support for Compilers

  • Added support for NXP laxcc compiler for C projects.
  • Improved IAR compiler support.

Auto CCT Generation

  • Addressed issues with INJECT synchronization method for certain compilers.
  • Auto CCT corrections and additions. 

GUI

  • Support for the latest C keywords/types in GUI syntax highlighter.
  • Support added for Build Tags when uploading to Validate via the GUI.
  • The toolchain applicable to components is now shown in project by default.
  • All help documentation links can now be opened in an external browser. 

CLI

  • Additional formatting options for qacli view command.
  • Deprecated qacli commands now trigger a warning when used and can be forced to fail.

Eclipse IDE Plugin

  • Improved support for Windriver Workbench 4.
  • Support added for Build Tags when uploading to Validate.
  • Security fixes for third-party dependencies.
  • Improved performance with large projects.
  • Support for Eclipse 2024-09.

Visual Studio IDE Plugin

  • Support added for Build Tags when uploading to Validate.
  • Security fixes for third-party dependencies. 

Important Changes in Perforce QAC 2024.4

End-of-Life Announcements

QACLI Command Deprecation

The following commands have been deprecated and will be removed in a future release: 

  • qacli view --xml-indent. Replaced with qacli view --indent.
  • qacli admin --create-config-file. Replaced with qacli config file --create. 

Pre-Announcements

Licensing Changes

A new version of the RLM server v16.1 will be made available with the Helix QAC 2025.1 release. It will be necessary to upgrade the installed license server for compatibility with Helix QAC and Validate.

What's New in Perforce QAC 2024.3

Helix QAC 2024.3 ships with new Qt-based installers for Windows and Linux and enhanced support for Validate SAML/OIDC authentication. This release also includes improvements to Dataflow robustness for certain environments, and many Quality of Life enhancements throughout the product. 

C++ Analysis Enhancements

This release improves the efficiency of analysis related to pointer arithmetic, resulting in reduced analysis time for selected projects with certain files that contain a very large number of functions.

Validate Platform Improvements and Functionality 

Enhanced support for Validate SAML/OIDC authentication in the Helix QAC GUI and IDE plugins.

Dataflow

Improved Dataflow robustness in memory-constrained environments. 

Installers 

Installers have been updated to a Qt installer framework-based packages improved user experience.

  • The legacy installer (with .run extension) for Linux is still provided and required for headless installers (i.e., a Linux installation that lacks graphic libraries, or on older operating systems such as RHEL 7).
  • The command line options for unattended/silent installations have changed and additional details can be found in the documentation.

Quality of Life Enhancements

Settings

  • Common settings specified when installed as an administrator are propagated to all users.

Auto CCT Generation

  • The source language (C or C++) for Auto CCT projects is pre-selected based on the project configuration.
  • Auto CCT corrections and additions.

Eclipse IDE Plugins

  • Support for newer Eclipse version with Eclipse IDE plugin.

GUI

  • Support for the latest C++ keywords/types in GUI syntax highlighter. 

Reports 

  • Function names included in Helix QAC reports have the complete function signature for improved readability and consistency. 

Documentation

  • Various enhancements to analysis message documentation.

Validate

  • The speed of build uploads to Validate has been improved.

Important Changes in Perforce QAC 2024.3

End-of-Life Announcements

End of Support for CentOS Linux 7 and RHEL 7

As of Helix QAC 2024.3, support for CentOS Linux 7 and RHEL 7 has been deprecated. The legacy installer is required to install on CentOS Linux 7/RHEL 7.

Jenkins Plugin End-of-Life

As of Helix QAC 2024.3, the Jenkins plugin has been deprecated.  The plugin will remain in the Jenkins plugin directory but the corresponding page will be updated to indicate the deprecated status. 

Deprecation of Structure 101 Integration

As of 2024.3, the integration between Helix QAC and Structure 101 is deprecated and no longer supported. 

Installer Changes 

Qt Installer Framework

As of 2024.3, the installers have been updated to Qt Installer Framework based packages.  As a result, the commands for installation and removal for silent/unattended installs have changed and any scripts used for automation would need to be updated.

What's New in Perforce 2024.2

Helix QAC 2024.2 brings new features and functionality that add flexible options to the development process. Users get full CI/CD integration support with Validate via the new Delta Analysis — providing easy management of change-based analysis results for merge requests and pull requests. Additional improvements include new functionality for analyzing projects that use multiple compilers within the build process, better support for C++20 and C23 language features, and Helix QAC severities support in Validate (including user messages). 

New Analysis Options 
CI Analysis License

From 2024.2, Helix QAC provides integration with Validate for managing results from CI/CD analysis to identify potential defects introduced by new changes relative to the last full analysis. Helix QAC’s analysis for CI/CD pipelines capability enables your organization to identify and communicate errors faster, without waiting for nightly builds. 

Flexible Server Analysis License 

Helix QAC 2024.2 introduces a new Server Analysis license that provides maximum deployment and analysis flexibility when used in conjunction with Validate. Work beyond the desktop: results are integrated and published to Validate in a centralized store of analysis data, trends, metrics, and more for users to access across the organization. 

Contact sales for details regarding the new licenses required for the CI builds functionality and flexible server analysis options with Helix QAC/Validate. 

Validate Platform Improvements and Functionality

The Continuous Security and Code Compliance Platform provides functional safety, security, reliability, and quality assurance for embedded and mission-critical applications. In this release, Validate integration enhancements include:   

  • Support for CI builds with Validate
  • Updated licensing for analysis on a server and uploading results to Validate
  • Added initial support for modern authentication with Validate with the QAC command line tools
  • Improved handling of QAC message severities in Validate 

Language Feature Support

C++20

This release adds improved language feature support for:  

  • Allow requires-clause-opt for the member function of a lambda-expr
  • ‘typename’ optional in several commonplace contexts
  • Template parameter lists for generic lambda
  • Char8_t type 

C23

This release adds initial language feature support for: 

  • C23 enhanced enumerations
  • constexpr aggregates 

Multi-Compiler Project Support

Helix QAC now provides the ability to configure analysis settings for projects that use multiple compilers. 

  • Added support for projects with multiple CCTs in the Visual Studio and Eclipse plugins 

Support Multiple Project Creation from a Build

Automated creation of Helix QAC projects to split complex projects with multiple linkable entities. 

Dataflow

Added Dataflow modeling of floating-point values for selected analysis. 

Coding Standards Coverage (CWE, MISRA C++:2023®)

Improved enforcement of rules and directives for the following compliance modules: 

CWE for C and C++ Related to NIST 500-268 Requirements 

  • CWE-80, CWE-89
  • Improved analysis for CWE-321 

MISRA C++:2023

  • Enforced Dir 0.3.1 to complete 100% coverage of all rules and directives
  • Improved analysis for Rule 6.2.3 

Quality of Life Enhancements 

Improved Support for Additional Compilers

  • Microchip xc8/xc8cc version 2.4x
  • Green Hills cxtri
  • Improved support for Clang 15-17 with C++ 17/20
  • Improved handling of standard library headers with gcc and C++20 

Rocky Linux 9

  • Added support for Rocky Linux 9

Plugins 

  • Improved support for the latest Eclipse versions (2024-03) with the Eclipse plugin 

CLI

  • New CLI commands including:
    • qacli project roots
    • qacli validate build (require p4baseline license feature)
    • qacli validate cibuild (require p4ci license feature)
  • Modified CLI commands including:
    • qacli project create –auto-cct
    • qacli config license-server –check -P
  • Dataflow feedback via CLI 

GUI

  • Streamlined/easier creation of Auto CCT projects 

Important Changes in Perforce QAC 2024.2

End-of-Life Announcements

QACLI Admin Command Deprecation

The following commands have been deprecated for 'qacli admin' and will be removed in a future release: 

--set-project-root, --unset-project-root, -- list-project-roots, --set-source-code-root 

Pre-Announcements

End of Support for CentOS Linux 7 and RHEL 7 - Helix QAC 2024.3

CentOS Linux 7 is end-of-life and RHEL 7 is end-of-maintenance as of June 30, 2024 and support for the operating systems will be deprecated in 2024.3.  

Jenkins Plugin End-of-Life - Helix QAC 2024.3

This is a pre-announcement to inform customers of our plans to deprecate the Helix QAC custom Jenkins plugin in 2024.2 and discontinue shipping it with releases from 2024.3.

Windows Installer Changes - Helix QAC 2024.3

From 2024.3, the Windows installer will be updated from an InstallShield based package to a Qt Installer Framework based package.  As a result, the commands for installation and removal for silent/unattended installs will change and any scripts used for automation would need to be updated. 

What's New in Perforce QAC 2024.1

Helix QAC 2024.1 ships with improved support for C++20 & C23 language features and new functionality for analyzing projects that use multiple compilers. Additionally, Validate provides user experience enhancements to search functionality, role permissions, and includes a new issue list CSV download option. 

This release also includes expanded enforcement of CWE for C/C++, HKMC for C, and MISRA C++:2023® compliance modules, and many general Quality-of-Life enhancements. 

Language Enhancements

C++20

This release adds improved language features support for: 

  • C++20 concepts
  • C++20 abbreviated function templates 

C23

This release adds initial language feature support for: 

  • C23 constexpr when -c23constexpr is set

In addition to expanded language feature support, improvements have been made to enhance the user experience with GCC versions 12 & 13 and MSVC 2022. 

Multi-Compiler Project Support

Helix QAC now provides the ability to configure analysis settings for projects that use multiple compilers. 

  • Supports multiple CCTs per-language in a project.
  • Provides consistent analysis results, reducing the likelihood of false positives or negatives across various compiler environments.
  • Allows for greater flexibility of cross-platform development projects needing static analysis.
  • Helps to identify compiler specific issues.
  • Allows developers greater toolchain flexibility in compiler selection for projects. 

New Validate Platform Improvements and Functionality

Download Issue List as CSV

The new CSV download button available at the top of the Issues page will download a list of defects based on the current search query in Validate. For additonal issue information such as line number, comment, and justification, you require a subscription to the Validate Advanced Compliance Reporting package. 

Expanded Search

Regular Expression (RegEx) search capabilities for Validate Modules provides increased support for the use of * and ** wildcard characters when specifying paths to your file system. See modules documentation for more information.

New Role Permission

Added change issue owner permission that provides the ability to allow users to change issue owner without being able to change issue status. 

Preserve License Logs for Audit Purposes

You can now keep logs for auditing purposes, by appending the logs to your license server license.report.log file instead of overwriting the file after the server restarts. To learn about the append.license.logging setting, see validate service

Coding Standards Coverage (CWE, HKMC, MISRA C++:2023®)

Improved enforcement of rules and directives for the following compliance modules: 

CWE for C and C++ related to NIST 500-268 Requirements

  • CWE-259, CWE-412, CWE-367, CWE-99, CWE-321

HKMC for C

  • C-MSC-011

MISRA C++:2023

  • Dir 0.3.2

Quality of Life Enhancements

Improved Support for Additional Compilers with Auto CCT Generation

  • Keil armcc
  • Improved support for Clang 12
  • GCC 12/13
  • MSVC 2022
  • 'qainject' is now the default sync method

Performance

  • General reduction in analysis time for constructs that involve large amounts of branching. 

libc++

Enhancements made to improve support for libc++ standard library.

  • Added -iso646keywords option matching -fno-operator-names behavior.
    • When enabled, the alternative keyword names for operators are not used. 

Compiler Extensions

  • The C "compound literal" feature is now supported as an extension by QAC++. 

Symbolic References

  • Improved support for VCS and non-VCS created symlinks. 

Visual Studio and Eclipse IDE Plugins

  • General stability improvements 

CLI

  • New commands for ‘qacli project’;
    • create, modify, upgrade, config-file

Operating Systems

  • Support for Ubuntu Linux 22.04 

Important Changes in Perforce QAC 2024.1

QACLI Admin Command Deprecation

The following commands have been deprecated for 'qacli admin' and will be removed in a future release:

  • --qaf-project-config, --upgrade, --create-config-file, --edit-config-file, --list-config-files

Compliance Module Directory Change 

Reminder: As of Helix QAC 2023.4, the tool no longer reads Compliance Modules from the old "PRQA" directories. Compliance Modules will only be read from “Perforce” file directory equivalents.

The following are the now obsolete file directories:

  • %LOCALAPPDATA%\PRQA\installed_components.ini
  • %PROGRAMDATA%\PRQA\installed_components.ini
  • ${HOME}/.config/PRQA/installed_components.ini
  • /etc/prqa.d/installed_components.ini

License Management Changes

A new installer for a RLM v15.1 server is made available together with the Helix QAC 2024.1 release. This server version is mandatory if using Helix QAC with Validate 2024.1 and optional otherwise.

What's New in Perforce QAC 2023.4

Helix QAC 2023.4 launches 100% MISRA C++:2023® rule coverage for the new MISRA C++:2023 guidelines. This release also includes extended C++20 language support, performance improvements to Dataflow analysis, and many Quality-of-Life enhancements throughout the product. 

Enhanced C++20 Support

This release adds language feature support for: 

  • requires-clause constraints for template parameter lists and function declarations
  • Non-type-constrained abbreviated-function-template declarations

Improved Dataflow Performance with Caching

  • Reduced Dataflow analysis time for incremental analysis with solver caching
  • Testing of selected projects showed reduction in analysis time of more than 50% from the second analysis run
  • Dataflow is also able to complete more analysis within the function timeout period with caching

Enhanced GNU and ISO C Arithmetic Type Support

  • Improvements made to QAC's handling of literals and arithmetic types to significantly improve support for the under-used areas of the language around complex types, vendor extension types, and complex expressions with unusual operators 

Coding Standards Coverage (MISRA C++:2023®, HKMC, CERT)

MISRA C++:2023

Helix QAC releases 100% enforcement coverage for MISRA C++:2023 rules with the new MCPP Compliance Module available for 2023.3 and 2023.4. 

Updated Compliance Modules 

  • HKMC mapping updates
  • CERT categories for severity, priority, and levels have been added
  • Improvements for the Japanese translations of rules for MISRA C:2023 Compliance Module
  • Improved enforcement of selected standards:
    • MISRA C:2023 rules 9.3, 10.3, 10.5
    • AUTOSAR rules A3-8-1. AV-1-2
    • MISRA C++ rule 6-2-2

Framework

  • Improved tracking of macro expansion and template instantiation history to assist diagnosis of issues
  • Enhanced comment-based suppressions engine to allow multiple deviation reasons per line 

Quality of Life Enhancements 

Support for Additional Compilers with Auto CCT Generation

  • Synopsys Metaware
  • Cadence Tensilica
  • TI C6000
  • Qualcomm Hexagon
  • Clang 15
  • Embarcadero BCC64

Visual Studio Code IDE Plugin

  • Improvements to VS Code plugin for supporting remote analyzer execution

Visual Studio and Eclipse IDE Plugins

  • General stability improvements 

Validate

  • Support to create Validate projects from CLI and GUI

CLI

  • New qacli view option to output rule violation details
  • Enhanced %K category specifier to allow easier mapping to rule
  • Graceful failure where no HOME environment variable is present

GUI

  • New context menu item in projects list to open project location
  • Filename search in tree view panel
  • New context menu item to open preprocessed source for selected file
  • Jump to preprocessed source file from the source code 

Important Changes in Perforce QAC 2023.4

Compliance Module Directory Change

As of Helix QAC 2023.4, the tool no longer reads Compliance Modules from the old "PRQA" directories. Compliance Modules will only be read from “Perforce” file directory equivalents. 

The following are the now obsolete file directories: 

  • %LOCALAPPDATA%\PRQA\installed_components.ini
  • %PROGRAMDATA%\PRQA\installed_components.ini
  • ${HOME}/.config/PRQA/installed_components.ini
  • /etc/prqa.d/installed_components.ini 

What's New in Perforce QAC 2023.3

Helix QAC 2023.3 anticipates 100% MISRA C++:2023® rule coverage for the new MISRA C++® guidelines expected to be published in Q4 2023. 

In addition, this release includes extended C++20 language support and makes improvements to the Perforce Validate platform and integration of Helix QAC with Validate, including other quality of life and performance enhancements. 

Coding Standards Coverage (MISRA C++:2023®, MISRA C:2023®)

MISRA C++:2023®

Helix QAC anticipates 100% enforcement coverage for MISRA C++:2023.3 guidelines, which are expected to be published in Q4 2023. 

  • The new M2CPP compliance module, which will enforce MISRA C++:2023, for use with Helix QAC 2023.3, will be available when the new standard is published. 

MISRA C:2023®

Helix QAC provides 100% enforcement coverage for MISRA C:2023, which consolidates MISRA C:2012 with all four amendments and two technical corrigenda into a single, comprehensive edition.

  • The M3CM compliance module has improved enforcement for Rule 8.3.

C++20 Language Support 

This release adds language feature support for: 

  • requires-expressions — Introduced with C++20 Concepts and can be used to determine the validity of a construct without resulting in a compiler error. 

Perforce Validate

The Continuous Security & Code Compliance Platform provides functional safety, security, reliability, and quality assurance for embedded and mission-critical applications.

The Validate platform provides a centralized store of analysis data, trends, and configurations for codebases across the organization, providing a single pane of glass for all Perforce Static Analysis products. 

2023.3 provides: 

  • Support for projects using multiple compliance modules — improved analysis results when a project is enforcing additional coding standards, rules, or vulnerability types.
  • Validate, Reports, Plugins, and GUIs also include changes to reflect the new support for multiple compliance modules within a project. 

Quality of Life Enhancements 

Installers

  • Zip/tar archives are provided for Helix QAC and compliance modules which can be used as an alternative to the installers, providing further product deployment, maintenance, and upgrade flexibility. 

Auto CCT Generator 

  • Added support for automatic CCT generation when using sync types: INJECT, MONITOR, and MSVS.
  • Resolved issues with several existing supported compilers. 

Dataflow

  • Improved dataflow processing to use less memory and improve stability on machines with limited memory or swap storage.
    • GUI
  • Improved support for 4K displays when using the GUI

Plugins

  • VS Code 
    • Run analysis on file save
    • Enhancements to access help with QAC running remotely*
      • *Note: a diaglist license is required
  • Visual Studio
    • Improvements to align to GUI elements for continued integration with Validate 
  • Eclipse 
    • Improvements to align GUI elements for continued integration with Validate

Operating Systems

  • Support for Windows 11

What's New in Perforce QAC 2023.2

Helix QAC 2023.2 delivers 100% MISRA C:2012 and MISRA C:2023 rule coverage, and updates the corresponding compliance module to refer to MISRA C:2023. 

In addition, this release includes improved C23 language support, improvements to the Validate platform and integration of Helix QAC and Validate, and other quality of life enhancements.  

Coding Standards Coverage (MISRA C:2012, MISRA C:2023, and CWE)

MISRA C:2012, 2023 

Helix QAC provides 100% enforcement coverage for MISRA C:2012 AMD 4 and MISRA C:2023, which consolidates previous revisions, amendments, and technical corrigenda of the guidelines into a single, comprehensive edition. MISRA C:2023 was recently published this year. 

  • The M3CM compliance module has been updated to refer to MISRA C:2023. 

CWE

CWE C and C++ Compliance Modules align with the latest version of CWE 4.11.

Perforce Validate

The continuous Security and Code Compliance Platform provides functional safety, security, reliability, and quality assurance for embedded and mission-critical applications. 

Validate is the replacement for our "Dashboard" product and has also been known as QAC-Verify in the past. This new platform allows customers to have a single source of results for Helix QAC and Klocwork.

The Validate platform provides a centralized store of analysis data, trends, and configurations for codebases across the organization, providing a single pane of glass for all Perforce Static Analysis products. 

2023.2 provides: 

  • Support for Helix QAC metrics in Validate.
  • Updated Helix QAC Visual Studio plugin supporting integration with Validate.
  • Full support for Helix QAC custom messages in Validate.

C23 / C++23 Language Support 

This release adds language feature support for: 

  • C23 digit separators
  • C23 / C++23 #elifdef, #enlifndef and #warning directives 

Quality of Life Enhancements

CLI

  • Allow sync of diagnostics and suppressions to be enabled/disabled
  • New format specifier %M to output Rule Group Name and Rule ID

GUI

  • Allow customization of RCF name and version
  • Allow sync of diagnostics and suppressions to be enabled/disabled 

HIS Metrics

  • This release features a Helix QAC enhancement to directly generate compound HIS metrics (which were previously calculated in the report scripting). 

Important Changes in Helix QAC 2023.2

License Management Changes

A new installer for a RLM v15 server is made available together with the Helix QAC 2023.2 release.  This server version is mandatory if using Helix QAC with Validate 2023.2 and optional otherwise.

MISRA C++ 2023 — Early Release of New Compliance Module Available for Preview 

The MISRA consortium is expected to publish MISRA C++ 2023 coding guidelines later this year. A new compliance module will be introduced to enforce the new standard once it is published. With 2023.2, an early release of the compliance module, which provides 98% enforcement of rules that have been finalized so far, is available for preview upon request. Please contact your Perforce account representative to find out more.

What's New in Perforce QAC 2023.1

Helix QAC 2023.1 ships with 100% rule coverage for MISRA C:2012 AMD4 and MISRA C:2023, and 96% coverage for AUTOSAR C++ 14. It also updates compliance modules for the latest version v4.10 of CWE. 

In this release there are also major improvements to the integration of Helix QAC and the Validate Platform providing software insight across projects and Perforce Static Analysis products. 

Coding Standard Coverage (MISRA C:2012 AMD4, MISRA C:2023, AUTOSAR, and CWE)

Enforce the Motor Industry Software Reliability Association (MISRA) software development guidelines for the C programming language. These guidelines aim to facilitate code safety, security, portability, and reliability in the context of embedded systems. 

  • 100% MISRA C:2012 enforcement coverage of Amendment 4 including new rules and 3 directives plus updates for existing guidelines.
  • The new guidelines cover additional C11/18 features including use of the standard library for Threads and Atomics plus new rules for existing features. 

Helix QAC also has 100% coverage for MISRA C: 2023, which consolidates previous revisions, amendments, and technical corrigenda of the guidelines into a single, comprehensive edition. MISRA C: 2023 will be published later in the year. 

AUTOSAR

AUTOSAR C++ 14 coverage has been increased to 96%.

CWE

Updated CWE C and C++ Compliance Modules to align with latest version of CWE 4.10.

Perforce Validate 

The Continuous Security & Code Compliance Platform provides functional safety, security, reliability, and quality assurance for embedded and mission-critical applications. 

The Validate platform provides a centralized store of analysis data, trends, and configurations for codebases across the organization providing a single pane of glass for all Perforce Static Analysis products. 

2023.1 provides improved integration between Helix QAC and Validate Platform.

  • Synchronized issue suppression statuses with Validate connected projects
    • Desktop GUI and Eclipse IDE plugin
  • Project Baseline Support for latest build
  • Streams functionality provides management and efficient reporting of variants, branches, and releases for a single code base.
  • Improved MISRA compliance reports generated using Validate and QAC GUI/CLI Diagnostic consistency between Helix QAC desktop tools and Validate
  • Upload performance improvements
  • WebAPI functionality for integration with other tools and processes across the SDLC

Quality of Life Enhancements

CLI

  • Validate Baseline support for latest build (qacli baseline)
  • Validate dependency checking and the ability to ignore (qacli upload)
  • Synchronization of suppressions 

GUI

  • Validate dependency checking and the ability to ignore
  • Synchronization of suppressions to the desktop
  • Improvements to MISRA Compliance Report and Standards Compliance Report

Eclipse IDE Plugin

  • Validate connectivity support within the IDE plugin

RCMA

  • Analysis memory use and efficiency improvement 

Important Changes in Perforce QAC 2023.1

End of Life Announcements 

CCT Generator End-of-Life in 2023

Helix QAC 2023.1 will no longer support the legacy standalone CCT Generator. 

The ‘qainject’ tool introduced in Helix QAC 2021.3 will replace the current CCT Generator. As a result, CCTs generated using the legacy tool will be deprecated and no longer supported. 

Removal of Unsupported Static CCTs from the QAC Package

With improved build monitoring for a wide range of compilers using auto CCT generation with ‘qainject’, the majority of static CCTs that have previously been included in the Helix QAC package will be removed by 2023.1. The auto generated CCTs are expected to provide more accurate analysis results compared to using a static default CCT. All static CCTs have been removed apart from those for the GNU GCC, Visual Studio, and generic compilers. 

What's New in Perforce QAC 2022.4

Helix QAC 2022.4 ships 100% rule coverage for MISRA C:2012 AMD3, dataflow separated into a new component providing improved analysis performance, and upgraded language support for C++20 and C23. 

In addition, this release includes Japanese localization for the TS 17961 C Secure Compliance module, improved compiler support, and general quality of life improvements for various Helix QAC components.

Dataflow Component 

In 2022.4, Dataflow has been separated from the QAC/QAC++ engine into its own component. This change provides:

  • Improved performance of Dataflow analysis for large projects.
  • Inter-TU analysis is internalized in dataflow, and two analysis passes are no longer necessary.
  • Functions defined in header files are analyzed once per project.
  • Dataflow diagnostics are reported against the 'dataflow' component instead of 'qac' or 'qacpp'.
  • Dataflow is a separate component in the analysis toolchain with its own configuration options.

Coding Standard Coverage (MISRA C:2012 AMD3, TS 17961 C Secure)

New MISRA C:2012 Amendment 3 Compliance Module for C with 100% rule coverage

  • Enforce the Motor Industry Software Reliability Association (MISRA) software development guidelines for the C programming language. These guidelines aim to facilitate code safety, security, portability, and reliability in the context of embedded systems.
  • Additional rules related to the new C11/C18 features. 

TS 17961 C Secure 

The TS 17961 C Secure Compliance Module (SECCCM) now has a full Japanese translation. 

C++20 Language Support 

This release adds improved compatibility with C++20 language feature usage including handling of GCC headers in C++20 mode. 

C23 Language Support 

This release adds C23 language feature support for: 

  • Relax requirements for variadic parameter lists, paper N2975. 

Improved Build Process Monitoring

This release features improvements to the automated CCT generation using ‘qainject’, which streamlines build comprehension and compiler setup, and additional guidance has been provided in the manual for creating custom filters to use with new compilers based on supported compilers e.g. GNU-based compilers.

Quality of Life Enhancements 

CLI 

  • Added the ability to view diagnostics since baseline (qacli view).
  • Filter diagnostics by suppression type (qacli view --suppression-filter <type>).
  • Output CMA diagnostics in several formats: NONE, MULTIPLE, SINGLE (qacli view --multi-homed-format).
  • Enable users to upgrade existing projects to be compatible with separated Dataflow component (qacli admin --upgrade).

GUI

  • Dataflow component support.

Dashboard

  • Dataflow component support. 

Microsoft Visual Studio 2022 IDE Plugin

  • Support for multiple Helix QAC installs with VS 2022 extension. 

Important Changes in Perforce QAC 2022.4

Pre-Announcements 

CCT Generator End-of-Life in 2023 

Helix QAC 2023.1 will no longer support the legacy standalone CCT Generator.

The ‘qainject’ tool introduced in Helix QAC 2021.3 will replace the current CCT Generator. As a result, CCTs generated using the legacy tool will be deprecated and no longer supported.

Removal of unsupported static CCTs from the QAC package

With improved build monitoring for a wide range of compilers using auto CCT generation with ‘qainject’, the majority of static CCTs that have previously been included in the Helix QAC package will be removed by 2023.1. The auto generated CCTs are expected to provide more accurate analysis results compared to using a static default CCT. The intention is to remove all CCTs apart from those for the GNU gcc, Visual Studio, and generic compilers.

What’s New in Perforce QAC 2022.3

Helix QAC 2022.3 introduces support for Microsoft Visual Studio 2022, a new compliance module for BARR-C:2018, and upgraded language support for C++20 and C23.

In addition, this release includes broader compiler support and general quality of life improvements for various CLI commands.

Microsoft Visual Studio 2022 IDE Plugin

Use the new Visual Studio 2022 desktop analysis plugin to quickly and easily detect and then fix issues before check-in.

This new IDE extension supports desktop analysis of Helix QAC within MS Visual Studio for C/C++:

  • Analyze code, view, and filter results.
  • Localization for English and Japanese.
  • Support for cross-module analysis and suppressed messages.
  • Diagnostic message help.
  • Logging and output messages.

Coding Standard Coverage (BARR-C:2018, MISRA C:2012 AMD3)

New BARR-C:2018 Compliance Module for C with 83% automated rule coverage. 

Enforce Barr Group’s Embedded C Coding Standard to minimize bugs in firmware while improving the maintainability and portability of embedded software.

New MISRA C:2012 Amendment 3 Compliance Module with 100% rule coverage.

Upgraded C++20 Language Support

This release adds C++20 language feature support for:

  • Default member initializers for bit-fields.
  • Layout-compatibility and pointer-interconvertibility traits.
  • Supports g++ 11 and Visual Studio 2022.1 in C++ 20 mode.

Upgraded C23 Language Support

This release adds C23 language feature support for: 

  • Unicode identifiers in source code, both directly specified as characters and via Universal Character Names, and accompanied by checking for UAX#31 valid identifier rules.
  • Type inference for object definitions. A new option enables C23 semantics for the auto storage class specifier to infer the type of an object from its initializer (this may change behavior of existing code, so C17 semantics remain the default), while the GNU C __auto_type specifier remains unconditionally available.
  • typeof_unqual (via __typeof_unqualified__).

Improved Build Process Monitoring

This release features automated CCT generation using ‘qainject’, which streamlines build comprehension and compiler setup.

In addition, functionality has been improved to provide a user-friendly project and compiler setup for the following common compilers:

  • Green Hills 2018-2022
  • Visual Studio 2022
  • Wind River Diab v7
  • TI tiarmclang (C++98/03)
  • GNU assembler cc1/cc1plus

Quality of Life Enhancements

CLI

Separation of qacli admin commands to new standalone qacli config commands:

  • component path commands into "qacli config component-path".
  • cpu command into "qacli config cpu".
  • language commands into "qacli config language".
  • license server commands into "qacli config license-server".

Additionally, the Dashboard token commands have been separated into “qacli auth.

Important Changes in Perforce QAC 2022.3

Ongoing ‘qacli admin’ Changes

There are a large number of options associated with the ‘qacli admin’ sub-command, and these have been separated into new config and auth sub-commands covering the configuration of the system and projects. 

The corresponding ‘qacli admin’ options will be deprecated as new sub-commands are added and removed in a future release. These changes will improve the usability of the CLI, enable more consistent use of short options and default values, and enhance the readability of the associated help pages. 

Included in the release notes are details for the ‘qacli admin' options that have been deprecated in 2022.3, and the full list of previously deprecated commands is included in the Helix QAC manual.

Pre-Announcements

CCT Generator End-of-Life in 2023

Helix QAC 2023.1 will no longer support the legacy standalone CCT Generator.

The ‘qainject’ tool introduced in Helix QAC 2021.3 will replace the current CCT Generator. As a result, CCTs generated using the legacy tool will be deprecated and no longer supported.

Removal of Unsupported Static CCTs from the QAC Package

With improved build monitoring for a wide range of compilers using auto CCT generation with ‘qainject’, the majority of static CCTs that have previously been included in the Helix QAC package will be removed by 2023.1. The auto generated CCTs are expected to provide more accurate analysis results compared to using a static default CCT. The intention is to remove all CCTs apart from those for the GNU gcc, Visual Studio, and generic compilers.

Upcoming Separation of Dataflow in 2022.4

In 2022.4, Dataflow is planned to be separated from the QAC/QAC++ engine into its own component. The main differences are:

  • Improved performance of Dataflow analysis for large projects.
  • Dataflow will become a separate component in the analysis toolchain with associated configuration options.
  • Dataflow diagnostics will be reported against their own component instead of 'qac' or 'qacpp'.
  • Inter-TU analysis will be internalized in dataflow, and two analysis passes will no longer be necessary.

What’s New in Perforce QAC 2022.2

Helix QAC 2022.2 delivers greater C++ 20 language feature support, updated compliance modules for MISRA and HKMC, along with new configuration options for improved analysis results when dealing with STL headers, third-party/external source code, and more.

In addition, this release includes broader compiler support and general quality of life improvements for various plugins, CLI commands, and the QAC GUI.

Upgraded C++20 Language Support

This release adds C++20 language feature support for:

  • Consteval
  • Constinit
  • Explicit(bool)
  • Three-way comparison operator
  • Using enum

Coding Standard Coverage

Improved MISRA C:2012 AMD2 Coverage

MISRA C:2012 compliance module mapping and categorization have been improved.

Updated HKMC Compliance Module for C/C++

HKMC compliance module has been updated to reflect HKMC v4.1 category and wording changes.

Improved Build Process Monitoring

This release features automated CCT generation using ‘qainject’ streamlines build comprehension and compiler setup.

In addition, functionality has been improved to provide a user-friendly project and compiler setup for the following common compilers:

  • Texas Instruments Code Composer – v11, ArmClang
  • IAR Embedded Workbench
  • TASKING
  • Renesas
  • ARM – ArmClang
  • Wind River Diab (C++11/14)

Partial Quieting of Headers for Improved Analysis

The features improvements to Dataflow analysis. For example, code that uses types defined in the STL headers to reduce potential false positives/negatives. This is enabled through the use of a new analysis option, QuietExtended, which provides greater control over analysis of function definitions appearing in header files.

If a file is:

  • Quieted, the contents will be analyzed for parser errors, and any function definitions will be ignored.
  • QuietExtended, function definitions will be parsed if they are used from a non-quieted location.
  • Non-quieted, all definitions will be analyzed.

Framework Improvements

Improved Handling of Third-Party/External Source Code

  • Provides a means to specify elements of a code base that are from third parties and would not be modified directly, to allow results to be filtered from reporting.
  • Files/folders marked as third-party are highlighted in the desktop GUI.
  • The results of an analysis can be filtered to only show cross-module analysis.
  • Compliance reports can highlight results for third-party code.
  • Third-party source code is not uploaded to Dashboard.

Improvements for Setting Additional Component Options on a per File/Directory Basis

  • Settings will be retained after a sync.
  • Eclipse and Visual Studio plugins were updated to provide the same functionality as desktop GUI to enable additional options to be set.
  • Per file message enabling/disabling.

Quality of Life Enhancements

GUI

  • Sorting of Messages and Files in GUI.
  • Improved feedback for read-only files.

CLI

  • Additional qacli report output on success or failure.

Plugins

  • Microsoft Visual Studio
    • Analysis Options per folder/file.
    • CLI installation/removal for the plugin.
    • Disable Dashboard/S101 menus if a component is not installed.
  • Eclipse
    • Sorting of Messages and Files in Eclipse.
    • Analysis Options per folder/file.
    • CLI installation/removal for the plugin.
    • Disable Dashboard/S101 menus if a component is not installed.

Important Changes in Perforce QAC 2022.2

Ongoing ‘qacli admin’ Changes

There are a large number of options associated with the ‘qacli admin’ sub-command and these will be separated into several new sub-commands covering the configuration of the system and projects. 

The corresponding ‘qacli admin’ options will be deprecated as new sub-commands are added and removed in a future release.  These changes will improve the usability of the CLI, enable more consistent use of short options and default values, and enhance the readability of the associated help pages. 

Included in the release notes are details for the ‘qacli admin' options that have been deprecated in 2022.2 and the full list of previously deprecated commands is included in the Helix QAC manual.

Pre-Announcements

CCT Generator End-of-Life in 2023

Helix QAC 2023.1 will no longer support the legacy standalone CCT Generator.

The ‘qainject’ tool introduced in Helix QAC 2021.3 will replace the current CCT Generator. As a result, CCT’s generated using the legacy tool will be deprecated and no longer supported.

Upcoming Separation of Dataflow in H2 2022

In H2 2022, Dataflow is planned to be separated from the QAC/QAC++ engine into its own component. The main differences are:

  • Improved performance of Dataflow analysis for large projects.
  • Dataflow will become a separate component in the analysis toolchain with associated configuration options.
  • Dataflow diagnostics will be reported against their own component instead of 'qac' or 'qacpp'.
  • Inter-TU analysis will be internalized in dataflow, and two analysis passes will no longer be necessary.

What’s New in Perforce QAC 2022.1

Helix QAC 2022.1 delivers improved compliance module coverage for AUTOSAR, MISRA, and CWE with greater C++ 20 language feature support.

In addition, this release includes greater control over analysis configuration and message suppressions; provides broader compiler support; and general quality of life improvements for performance and various plugins.

Coding Standard Coverage (AUTOSAR, MISRA, CWE)

Improved AUTOSAR Coverage

AUTOSAR coverage has been increased to 95%.

Improved MISRA C:2012 (TC2) Coverage

MISRA C:2012 compliance module has been updated to reflect Technical Corrigendum 2 category and wording changes.

Improved CWE Coverage

CWE coverage for C has been expanded to include new messages for Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') to cover CWE-362.

Upgraded C++20 Language Support

This release adds C++20 language feature support for:

  • feature testing macros
  • std::is_constant_evaluated()

Framework Improvements

  • Project level options are now available on a per file/folder basis, providing more control over analysis configuration.
  • Comment based suppressions now support multi-homed messages.

Dataflow Improvements

Reduced memory usage for:

  • Large switch statements.
  • Pointers with a large number of aliased objects.

Improved Build Process Monitoring

Automated CCT generation using ‘qainject’ streamlines build comprehension and compiler setup.

In this release, functionality has been improved to provide a user-friendly project and compiler setup for the following common compilers.

  • Microchip XC8, XC8-CC
  • Wind River Diab
  • Texas Instruments Code Composer

Quality of Life Enhancements

GUI

  • Additional component options on a per file/directory basis.

CLI

  • Additional component options on a per file/directory basis.
  • Improved feedback when qacli report fails.

Performance

  • Reduced analysis memory usage for some projects.
  • Improved feedback from the CLI for certain configuration errors.

Plugins

  • Streamlined Jenkins plugin.
  • General improvements for Eclipse, Visual Studio, and Visual Studio Code.

Important Changes in Perforce QAC 2022.1

End-of-Life for ‘Met’ Output Format

Helix QAC 2022.1 will no longer support the ‘met’ output format.

The binary ‘arc’ file output format introduced in Helix QAC 2019.2, which replaced the ‘met’ file output format, is the default as of Helix QAC 2020.2. As a result, the ‘met’ file format will be deprecated and no longer supported from Helix QAC 2022.1 onward.

Pre-Announcements

CCT Generator End-of-Life in 2023

Helix QAC 2023.1 will no longer support the legacy standalone CCT Generator.

The ‘qainject’ tool introduced in Helix QAC 2021.3 will replace the current CCT Generator. As a result, CCT’s generated using the legacy tool will be deprecated and no longer supported.

Upcoming ‘qacli admin’ changes

There are a large number of options associated with the ‘qacli admin’ sub-command and these will be separated out into several new sub-commands covering configuration of the system and projects. 

The corresponding ‘qacli admin’ options will be deprecated as new sub-commands are added and removed in a future release.  These changes will improve the usability of the CLI, enable more consistent use of short options and default values, and enhance the readability of the associated help pages. 

Included in the release notes are details for the ‘qacli admin' options that have been deprecated in 2022.1 and the full list of previously deprecated commands is included in the Helix QAC manual.

What’s New in Perforce QAC 2021.3

Helix QAC 2021.3 introduces support for Visual Studio Code, new compliance modules for Hyundai Motor Group, and improved dataflow analysis capabilities with additional C++ 20 language support.

In addition, this version includes accuracy and coverage improvements for important automotive and secure coding standards, streamlined build process monitoring, and general quality of life improvements that provide better usability, security, and project setup/management options.

Visual Studio Code IDE Plugin

Use our new Visual Studio Code desktop analysis plugin to detect and fix issues quickly and easily before code check-in.

This new IDE extension supports desktop analysis of Helix QAC within Visual Studio Code for C/C++:

  • Analyze code, view, and filter results.
  • Localization for English and Japanese.
  • Support for multi-homed and suppressed messages.
  • Diagnostic message help.
  • Logging and output messages

Coding Standard Coverage (AUTOSAR, MISRA, CERT, CWE, HKMC)

Improved AUTOSAR Coverage

AUTOSAR coverage has been increased to 94% to make compliance easier along with the industry-leading precision and accuracy that Helix QAC is known for.

Improved MISRA C:2012 Coverage

MISRA C:2012 depth and accuracy have been improved.

Improved CERT Coverage

CERT C/C++ coverage has been improved to enhance depth and accuracy.

Improved CWE Coverage

CWE coverage has been expanded to include new messages related to encryption and variable use rule violations.

New HKMC Compliance Module for C/C++

Enforce Secure C/C++ Coding Guide for Automotive Embedded Systems with Helix QAC’s new compliance modules for Hyundai Motor Group and their suppliers.

Dataflow Improvements

  • Modeling of individual elements within an array provides greater analysis capabilities to find dataflow/path defects with improved accuracy.
  • Improved detection of pointer de-reference defects by additional propagation of the results of pointer arithmetic expressions.

Upgraded C++20 Language Support

This release adds C++20 language feature support for:

  • __VA_OPT__ elision operator in variadic macros

Improved Build Process Monitoring

Automated CCT generation using ‘qainject’ streamlines build comprehension and compiler setup.

This new functionality provides a user-friendly project and compiler setup for the following common compilers.

  • GNU C/C++
  • Clang
  • MS Visual Studio
  • Microchip MPLAB pic24
  • xc32
  • xc16
  • Hightec Tricore
  • QNX

Quality of Life Enhancements

Dashboard

  • Localization improvements
  • New LDAP configuration and authentication options
  • Improved SSL Certificate support

QACGUI

  • Change default view settings within the GUI
  • Automatic analysis when header files change

Framework

  • Project Roots now supported for incremental analysis
  • Dynamic analysis threads based on available resources

QACLI

  • CI/Docker install without GUI/Doc
  • Japanese translation and path fixes

Important Changes in Perforce QAC 2021.3

Helix QAC 2021.3 has upgraded to use Python 3 and removed Python 2 which has reached End-Of-Life.

  • User action is needed to upgrade existing projects. To upgrade your projects run “qacli admin --upgrade". See product documentation for more information.
    • Note this upgrade process also applies when creating a new project but reusing a CCT created using a previous version of QAC.
  • If creating a new project with the CCTs included in the Helix QAC 2021.3 package, they have been converted and tested to work under Python 3.

End of Support

The following Visual Studio artifacts have been removed from the installation packages.

  • Visual Studio 2010, 2012, and 2013

What’s New in Perforce QAC 2021.2

Helix QAC 2021.2 introduces new compliance reports for MISRA Compliance 2020 and general coding standards, complete support of the C++17 language specification, and plugin enhancements for faster analysis feedback.

In addition, this version includes increased MISRA and AUTOSAR coverage with improved accuracy, faster analysis, and quality of life improvements that provide better usability, security, and data management options.

Compliance Reports

These new reports help you determine the health of your code base and supply the information necessary to claim compliance against a coding standard. Generate reports for:

  •  MISRA Compliance 2020
  • General standards compliance

New Plugin Features

New optional features for the Visual Studio and Eclipse Plugins are introduced in this release for faster analysis feedback. Along with support for projects with multiple configurations.

Continuous Incremental Analysis

Enables analysis to be performed automatically when saving a file or after a predefined time of inactivity in a modified file.

Interactive Asynchronous Feedback

Enables diagnostic results to stream in as analysis progresses, so you can remediate issues while analysis is running.

Multi-Configuration Project Support

Projects with multiple configurations are now supported with Helix QAC IDE Plugins to provide easier project context switching.

Improved Coding Standard Coverage (AUTOSAR and MISRA)

Improved AUTOSAR Coverage

AUTOSAR coverage has been increased up to 93% to make compliance easier along with the industry-leading precision and accuracy that Helix QAC is known for.

Improved MISRA C:2012 Coverage

MISRA C:2012 compliance has been updated to include features of MISRA C:2012 TC1.

Complete C++17 Language Support

Helix QAC 2021.2 fully supports the C++17 language specification. This release adds language feature support for:

  • Extended new
  • Guaranteed copy elision

Dataflow Improvements

Improved tracking of variable usage and handling of struct/union function arguments for greater accuracy and precision of analysis results.

General performance improvements resulting in faster analysis speed by up to ~5%*.

(*based on internally benchmarked OSS projects)

Integrate Helix QAC Diagnostic Results with Klocwork

With 2021.2 we introduce the ability to export Helix QAC findings into Klocwork’s Compliance and Application Security Testing (CAST) Portal. This enables you to:

  • Use Helix QAC and Klocwork together to provide industry-leading compliance coverage across the major embedded and automotive programming languages.
  • Export and integrate Helix QAC diagnostic results with Klocwork.
  • Review and manage security and compliance issues in one place.
  • Generate compliance reports natively with Helix QAC or from the Klocwork SAC portal.

Quality of Life Enhancements

QAGUI and QACLI

  • Compliance report generation
  • Improved sync method for easier configuration

QAGUI

  • Upgraded look and feel
  • External file modification can trigger automatic analysis

QACLI

  • Option to output data in SARIF format
  • Export Helix QAC data to Klocwork portal providing a single destination to view results from both tools

Dashboard

  • LDAP Implementation
  • SSL Certificates

Important Changes in Perforce QAC 2021.2

End of Support

  • Red Hat Enterprise Linux 6
  • Visual Studio 2010, 2012, and 2013

The Visual Studio artifacts listed above will remain in the installation packages but will be removed in the next release.

What's New in Perforce QAC 2021.1?

Helix QAC 2021.1 delivers complete support for CERT C++ rules, expands AUTOSAR coverage, and adds new language support for C++17.

Improved Compliance Coverage for CERT and AUTOSAR

Full CERT C++ Coverage

Helix QAC now covers 100% of the CERT C++ rules to provide unparalleled coding standard coverage.

Improved AUTOSAR Coverage

This release increases AUTOSAR coverage to 91% with Helix QAC’s industry-leading precision and accuracy — making compliance easier.

New C++17 Language Support

Expanded support for C++17 language specification. New language features include:

  • Lambda Capture of *this by Value as [=,*this]
  • constexpr lambda
  • Allow const eval for all non-type template arguments
  • Aggregate initialization of classes with base classes

Important Upcoming Changes in Perforce QAC 2022.1

Pre-Announcement: ‘Met’ Output Format End-of-Life in 2022

Helix QAC 2022.1 will no longer support the ‘met’ output format.

The binary ‘arc’ file output format introduced in Helix QAC 2019.2, which replaced the ‘met’ file output format, is the default as of Helix QAC 2020.2. As a result, the ‘met’ file format will be deprecated and no longer supported from Helix QAC 2022.1 onward.

If the legacy 'met' format is required, then that information can either be extracted from the 'arc' files using an appropriate 'lua' script. See: Helix QAC user manuals for more detail.

What's New in Perforce QAC 2020.2?

Helix QAC 2020.2 delivers complete support for CERT C POSIX rules, adds new language support for C++ 17/20, and introduces a new compliance module for ISO/IEC TS 17961.

In addition, the latest version expands compliance coverage and features quality of life improvements that provide increased productivity and usability for Jenkins and QAGUI.

Improved Compliance Coverage (CERT, AUTOSAR, ISO/IEC TS 17961)

CERT C POSIX Rule Support

Helix QAC now covers 100% of the CERT C POSIX Rules — providing unparalleled coding standard coverage.

Improved CERT C++ Coverage

Coverage for CERT C++ has increased to 95% with this release.

New ISO/IEC TS 17961 Compliance Module

Ensure your projects are C Secure with Helix QAC’s new compliance module for ISO/IEC TS 17961. Helix QAC now provides 98% coverage for C Secure.

Improved AUTOSAR Coverage

Make compliance easier — this release increases AUTOSAR coverage up to 91% with the industry-leading precision and accuracy that Helix QAC is known for.

New C++17/20 Language Support

Helix QAC 2020.2 adds C++17 language feature support for:

  • Pack expansions and declarator lists in using declarations.
  • Typename keyword in template template parameters.
  • Non-type template parameters declared with a placeholder type.
  • UTF-8 character literals.
  • In-class definition of explicit template specializations.
  • Enumeration direct-list initialization.
  • Structured bindings.

Helix QAC 2020.2 adds C++ 20 language feature support for:

  • Storage class specifiers in structured bindings.

QAGUI New Features

Two new optional features for QAGUI are introduced in this release of Helix QAC for faster analysis feedback.

Continuous Incremental Analysis

Enables analysis to be performed automatically when saving a file or after a pre-defined time of inactivity in a modified file.

Interactive Asynchronous Feedback

Enables diagnostic results to stream in as analysis progresses so you can begin remediating issues while analysis is running.

Jenkins Pipelines

Support for Jenkins Pipelines provides an easy way to automate static analysis as part of your application lifecycle within your Continuous Integration (CI) or Continuous Delivery (CD) workflows.

Important Changes in Perforce QAC 2020.2

End of Support for Red Hat Enterprise Linux 6

Beginning with Helix QAC 2020.2, the following operating system will not be supported:

  • RHEL 6

Important Change to Default Format for Semantic Output

Helix QAC 2020.2 will use the binary 'arc' file output format by default.  If the legacy 'met' format is required, then that information can either be extracted from the 'arc' files using an appropriate 'lua' script (See: Helix QAC user manuals for more detail.), or the legacy output format can be enabled with "-metfile+". 

(Note: Features that are dependent on the 'arc' format will not work with "-metfile+".  For more information please refer to the Helix QAC 2020.2 release notes.)

If you have any questions or concerns, please contact our support team.

What’s New in Perforce QAC 2020.1?

Helix QAC 2020.1 adds support for commonly used C++17/20 language features, expands compliance coverage, accelerates performance, and enhances productivity.

Improved CERT C Coverage

Coverage of CERT C Rules has increased to 100%.

Improved CERT C++ Coverage

Coverage for CERT C++ has increased with this release.

Improved MISRA C:2012 Amendment 2 Coverage

MISRA C:2012 Amendment 2 is completely supported.

Improved AUTOSAR Coverage

Coverage for AUTOSAR has increased with this release.

New C++17/20 Language Support

Helix QAC 2020.1 adds C++17 language features support for inline variables, nested namespace definition, and selection statements with an initializer.

Helix QAC 2020.1 adds C++ 20 language features support for nested inline namespaces and range-based for statements with an initializer.

Improved Eclipse Plugin Performance

The Eclipse Plugin now features quick keyboard shortcuts for common commands and quality of life improvements for increased productivity and usability.

Improved Visual Studio Plugin Performance

The Visual Studio Plugin has quality of life improvements for increased productivity and usability.

Improved Helix QAC Dashboard

The Helix QAC Dashboard has improved upload performance, bug-fixes, and minor enhancements.

Important Changes in Perforce QAC 2020.1

End of Windows 7 Support

Windows 7 will not be supported from 2020.1 onwards. The supported operating systems going forward will be:

  • Windows 10 (64 bit)
  • Linux: RHEL 6 and 7 (64 bit)

End of Support for Legacy Visual Studio Versions

Visual Studio 2010, 2012, and 2013 versions are no longer supported by Microsoft on Windows 10. For that reason, beginning with Helix QAC 2020.1, the Helix QAC Visual Studio plugin will not support these versions.

What’s New in Perforce QAC 2019.2?

Helix QAC 2019.2 adds support for commonly used C++17 language features and Visual Studio 19. This release also expands compliance coverage, accelerates performance, and enhances productivity.

DOWNLOAD PDF

Improve CERT Coverage

Coverage for CERT C and CERT C++ has increased with this release.

Leverage C++17

Helix QAC 2019.2 includes support for C++17— including fold expressions; constexpr if; template argument deduction for class templates; and exception specifications as part of the type system.

Increase Productivity

There are several feature updates in Helix QAC 2019.2 that improve productivity. This includes support for Visual Studio 2019, and an updated and improved Eclipse plugin.

Easy selection of C90, C99 or C11 rules makes it is easier configure your MISRA projects. And, your logs can now be stored in a project-specific location.

Reduce Disk Usage

Particularly important for large projects, Helix QAC 2019.2 uses a more efficient internal storage format to significantly reduce the amount of disk space it uses.

Important Changes in Perforce QAC 2019.2

Support for Legacy Hosting Operating Systems

Support for RHEL 5, and all 32-bit Windows and Linux platforms will be removed from 2019.2 onwards. Helix QAC 2019.2 will only be supported on the following operating systems:

  • Windows: 7* and 10 (64 bit)
  • Linux: RHEL 6 and 7 (64 bit)

*We are planning to remove Windows 7 support from the subsequent release (2020.1).

What’s New in Perforce QAC 2019.1?

Helix QAC 2019.1 adds support for inter-thread defect detection. This release also expands compliance coverage, accelerates performance, and enhances productivity.

Watch this pre-recorded webinar to learn more about the new features.

DOWNLOAD PDF   WATCH NOW

Datarace image

An example of data race detection in Helix QAC.

Leverage Multithreading — Without Concurrency Defects

Helix QAC 2019.1 includes new dataflow features and enhancements — including inter-thread, intra-thread, and tainted variable analysis.

This update allows you to detect potential concurrency defects, such as deadlock and data race.

Improve Compliance Coverage (CERT, MISRA, AUTOSAR)

Helix QAC offers the best coverage of the MISRA C© and MISRA C++© coding standards. And the precision and accuracy of that coverage has increased with Helix QAC 2019.1.

Helix QAC now offers complete support for C++14. And the AUTOSAR compliance module has been updated for the October 2018 update to AUTOSAR coding guidelines.

Coverage for CERT C/C++ has also increased with this release.

Accelerate Performance (Analysis & Synchronization)

Helix QAC 2019.1 includes performance updates.

Cross-module analysis is faster with this release. Helix QAC 2019.1 also improves the desktop  integration with the web dashboard (formerly QA Verify). This accelerates project synchronization.

Increase Productivity (Searchable Help)

There are several feature updates in Helix QAC 2019.1 that improve productivity. This includes a searchable help, as well as some command line (CLI) updates.

Important Changes in Perforce QAC 2019.1

The latest release of Helix QAC (formerly QAC/QAC++/QA Verify) includes the following changes.

How Perforce QAC Is Versioned

Helix QAC will no longer use a <major>.<minor>.<patch> format. The version will be based on year and the release within the year. So, the new release will be “Helix QAC 2019.1”. This will consist of:

  • QAC 9.6
  • QAC++ 4.4
  • QA Verify (Helix QAC dashboard) 2.4

Where Helix QAC Will Be Installed

By default, Helix QAC 2019.1 will be installed into “C:\Perforce\Helix-QAC-2019.1” for Windows users or “/opt/Perforce/Helix-QAC-2019.1” for Linux users.

Where User Data Is Stored

The user data location is platform- and user privilege-specific. Here’s a table with further details:

PlatformPrivilegeLocationRegistry
Windows  Non-admin%LOCALAPPDATA%\Perforce\Helix-QAC-2019.1HKEY_CURRENT_USER\SOFTWARE\Perforce
Windows  Admin%LOCALAPPDATA%\Perforce\Helix-QAC-2019.1HKEY_LOCAL_MACHINE\SOFTWARE\Perforce
Linux Non-admin        ~/.config/Perforce/Helix-QAC-2019.1n/a
Linux    Admin/etc/Perforce.d/Helix-QAC-2019.1n/a

Where Log Files Are Stored

By default they will be in “%LOCALAPPDATA%\Perforce\Helix-QAC-2019.1” for Windows users or “~/.config/Perforce/Helix-QAC-2019.1” for Linux users.

The log file name changes to Helix-QAC_<date>T<time>_<id>.log

How the Jenkins Plug-In Will Change

Jenkins users will need to update the PRQA plug-in to v3.0.2 (or above) for Helix QAC 2019.1.

Programs That Won’t Change

The qacli and qagui will retain their names. Key folders such as the “prqa” folder and the prqaproject.xml will also remain the same.

What’s New in Perforce QAC 2.4?

Perforce QAC 2.4 adds a CWE C++ compliance module. And it updates compliance coverage, performance, and productivity.

PRQA Source Code Image

Add the New CWE C++ Compliance Module

Identify CWE C++ security weaknesses in your code. And map Helix QAC for C++ diagnostics to CWE list entries.

Additional Compliance Updates

Helix QAC 2.4 includes additional compliance updates:

  • Better coverage for AUTOSAR C++, MISRA C, and CERT C/C++.
  • Parser support for C11 and more modern C++ features.

Performance and Productivity Enhancements

Helix QAC 2.4 also includes updates for better performance and greater productivity, such as:

  • IDE plug-in support for Eclipse Photon
  • Report analysis times per file