What’s New in Helix QAC?

Helix QAC 2023.4 launches 100% MISRA C++:2023® rule coverage for the new MISRA C++:2023 guidelines. This release also includes extended C++20 language support, performance improvements to Dataflow analysis, and many Quality-of-Life enhancements throughout the product. 

Enhanced C++20 Support

This release adds language feature support for: 

• requires-clause constraints for template parameter lists and function declarations
• Non-type-constrained abbreviated-function-template declarations

Improved Dataflow Performance with Caching

• Reduced Dataflow analysis time for incremental analysis with solver caching 
• Testing of selected projects showed reduction in analysis time of more than 50% from the second analysis run
• Dataflow is also able to complete more analysis within the function timeout period with caching

Enhanced GNU and ISO C Arithmetic Type Support

• Improvements made to QAC's handling of literals and arithmetic types to significantly improve support for the under-used areas of the language around complex types, vendor extension types, and complex expressions with unusual operators 

Coding Standards Coverage (MISRA C++:2023®, HKMC, CERT)

MISRA C++:2023

Helix QAC releases 100% enforcement coverage for MISRA C++:2023 rules with the new MCPP Compliance Module available for 2023.3 and 2023.4. 

Updated Compliance Modules 

• HKMC mapping updates
• CERT categories for severity, priority, and levels have been added
• Improvements for the Japanese translations of rules for MISRA C:2023 Compliance Module
• Improved enforcement of selected standards:
  • MISRA C:2023 rules 9.3, 10.3, 10.5
  • AUTOSAR rules A3-8-1. AV-1-2
  • MISRA C++ rule 6-2-2

Framework

• Improved tracking of macro expansion and template instantiation history to assist diagnosis of issues 
• Enhanced comment-based suppressions engine to allow multiple deviation reasons per line 

Quality of Life Enhancements 

Support for Additional Compilers with Auto CCT Generation

• Synopsys Metaware 
• Cadence Tensilica 
• TI C6000
• Qualcomm Hexagon
• Clang 15
• Embarcadero BCC64

Visual Studio Code IDE Plugin

• Improvements to VS Code plugin for supporting remote analyzer execution

Visual Studio and Eclipse IDE Plugins

• General stability improvements 

Validate

• Support to create Validate projects from CLI and GUI

CLI

• New qacli view option to output rule violation details 
• Enhanced %K category specifier to allow easier mapping to rule
• Graceful failure where no HOME environment variable is present

GUI

• New context menu item in projects list to open project location
• Filename search in tree view panel
• New context menu item to open preprocessed source for selected file
• Jump to preprocessed source file from the source code 

Important Changes in Helix QAC 2023.4

Compliance Module Directory Change

As of Helix QAC 2023.4, the tool no longer reads Compliance Modules from the old "PRQA" directories. Compliance Modules will only be read from “Perforce” file directory equivalents. 

The following are the now obsolete file directories: 

• %LOCALAPPDATA%\PRQA\installed_components.ini 
• %PROGRAMDATA%\PRQA\installed_components.ini 
• ${HOME}/.config/PRQA/installed_components.ini 
• /etc/prqa.d/installed_components.ini 

Helix QAC 2023.3 anticipates 100% MISRA C++:2023® rule coverage for the new MISRA C++® guidelines expected to be published in Q4 2023. 

In addition, this release includes extended C++20 language support and makes improvements to the Perforce Validate platform and integration of Helix QAC with Validate, including other quality of life and performance enhancements. 

Coding Standards Coverage (MISRA C++:2023®, MISRA C:2023®)

MISRA C++:2023®

Helix QAC anticipates 100% enforcement coverage for MISRA C++:2023.3 guidelines, which are expected to be published in Q4 2023. 

• The new M2CPP compliance module, which will enforce MISRA C++:2023, for use with Helix QAC 2023.3, will be available when the new standard is published. 

MISRA C:2023®

Helix QAC provides 100% enforcement coverage for MISRA C:2023, which consolidates MISRA C:2012 with all four amendments and two technical corrigenda into a single, comprehensive edition.

• The M3CM compliance module has improved enforcement for Rule 8.3.

C++20 Language Support 

This release adds language feature support for: 

• requires-expressions — Introduced with C++20 Concepts and can be used to determine the validity of a construct without resulting in a compiler error. 

Perforce Validate

The Continuous Security & Code Compliance Platform provides functional safety, security, reliability, and quality assurance for embedded and mission-critical applications.

The Validate platform provides a centralized store of analysis data, trends, and configurations for codebases across the organization, providing a single pane of glass for all Perforce Static Analysis products. 

2023.3 provides: 

• Support for projects using multiple compliance modules — improved analysis results when a project is enforcing additional coding standards, rules, or vulnerability types. 
• Validate, Reports, Plugins, and GUIs also include changes to reflect the new support for multiple compliance modules within a project. 

Quality of Life Enhancements 

Installers

• Zip/tar archives are provided for Helix QAC and compliance modules which can be used as an alternative to the installers, providing further product deployment, maintenance, and upgrade flexibility. 

Auto CCT Generator 

• Added support for automatic CCT generation when using sync types: INJECT, MONITOR, and MSVS. 
• Resolved issues with several existing supported compilers. 

Dataflow

• Improved dataflow processing to use less memory and improve stability on machines with limited memory or swap storage. 
  • GUI
• Improved support for 4K displays when using the GUI

Plugins

• VS Code 

  • Run analysis on file save 
  • Enhancements to access help with QAC running remotely*
    • *Note: a diaglist license is required

• Visual Studio

  • Improvements to align to GUI elements for continued integration with Validate 

• Eclipse 

  • Improvements to align GUI elements for continued integration with Validate

Operating Systems

• Support for Windows 11

Helix QAC 2023.2 delivers 100% MISRA C:2012 and MISRA C:2023 rule coverage, and updates the corresponding compliance module to refer to MISRA C:2023. 

In addition, this release includes improved C23 language support, improvements to the Validate platform and integration of Helix QAC and Validate, and other quality of life enhancements.  

Coding Standards Coverage (MISRA C:2012, MISRA C:2023, and CWE)

MISRA C:2012, 2023 

Helix QAC provides 100% enforcement coverage for MISRA C:2012 AMD 4 and MISRA C:2023, which consolidates previous revisions, amendments, and technical corrigenda of the guidelines into a single, comprehensive edition. MISRA C:2023 was recently published this year. 

• The M3CM compliance module has been updated to refer to MISRA C:2023. 

CWE

CWE C and C++ Compliance Modules align with the latest version of CWE 4.11.

Perforce Validate

The continuous Security and Code Compliance Platform provides functional safety, security, reliability, and quality assurance for embedded and mission-critical applications. 

Validate is the replacement for our "Dashboard" product and has also been known as QAC-Verify in the past. This new platform allows customers to have a single source of results for Helix QAC and Klocwork.

The Validate platform provides a centralized store of analysis data, trends, and configurations for codebases across the organization, providing a single pane of glass for all Perforce Static Analysis products. 

2023.2 provides: 

• Support for Helix QAC metrics in Validate. 
• Updated Helix QAC Visual Studio plugin supporting integration with Validate. 
• Full support for Helix QAC custom messages in Validate.

C23 / C++23 Language Support 

This release adds language feature support for: 

• C23 digit separators
• C23 / C++23 #elifdef, #enlifndef and #warning directives 

Quality of Life Enhancements

CLI

• Allow sync of diagnostics and suppressions to be enabled/disabled 
• New format specifier %M to output Rule Group Name and Rule ID

GUI

• Allow customization of RCF name and version
• Allow sync of diagnostics and suppressions to be enabled/disabled 

HIS Metrics

• This release features a Helix QAC enhancement to directly generate compound HIS metrics (which were previously calculated in the report scripting). 

Important Changes in Helix QAC 2023.2

License Management Changes

A new installer for a RLM v15 server is made available together with the Helix QAC 2023.2 release.  This server version is mandatory if using Helix QAC with Validate 2023.2 and optional otherwise.

MISRA C++ 2023 — Early Release of New Compliance Module Available for Preview 

The MISRA consortium is expected to publish MISRA C++ 2023 coding guidelines later this year. A new compliance module will be introduced to enforce the new standard once it is published. With 2023.2, an early release of the compliance module, which provides 98% enforcement of rules that have been finalized so far, is available for preview upon request. Please contact your Perforce account representative to find out more.

What's New in Helix QAC 2022.4

Helix QAC 2022.4 ships 100% rule coverage for MISRA C:2012 AMD3, dataflow separated into a new component providing improved analysis performance, and upgraded language support for C++20 and C23. 

In addition, this release includes Japanese localization for the TS 17961 C Secure Compliance module, improved compiler support, and general quality of life improvements for various Helix QAC components.

Dataflow Component 

In 2022.4, Dataflow has been separated from the QAC/QAC++ engine into its own component. This change provides:

• Improved performance of Dataflow analysis for large projects.
• Inter-TU analysis is internalized in dataflow, and two analysis passes are no longer necessary.
• Functions defined in header files are analyzed once per project.
• Dataflow diagnostics are reported against the 'dataflow' component instead of 'qac' or 'qacpp'.
• Dataflow is a separate component in the analysis toolchain with its own configuration options.

Coding Standard Coverage (MISRA C:2012 AMD3, TS 17961 C Secure)

New MISRA C:2012 Amendment 3 Compliance Module for C with 100% rule coverage

• Enforce the Motor Industry Software Reliability Association (MISRA) software development guidelines for the C programming language. These guidelines aim to facilitate code safety, security, portability, and reliability in the context of embedded systems. 
• Additional rules related to the new C11/C18 features. 

TS 17961 C Secure 

The TS 17961 C Secure Compliance Module (SECCCM) now has a full Japanese translation. 

C++20 Language Support 

This release adds improved compatibility with C++20 language feature usage including handling of GCC headers in C++20 mode. 

C23 Language Support 

This release adds C23 language feature support for: 

• Relax requirements for variadic parameter lists, paper N2975. 

Improved Build Process Monitoring

This release features improvements to the automated CCT generation using ‘qainject’, which streamlines build comprehension and compiler setup, and additional guidance has been provided in the manual for creating custom filters to use with new compilers based on supported compilers e.g. GNU-based compilers.

Quality of Life Enhancements 

CLI 

• Added the ability to view diagnostics since baseline (qacli view).
• Filter diagnostics by suppression type (qacli view --suppression-filter <type>).
• Output CMA diagnostics in several formats: NONE, MULTIPLE, SINGLE (qacli view --multi-homed-format).
• Enable users to upgrade existing projects to be compatible with separated Dataflow component (qacli admin --upgrade).

GUI

• Dataflow component support.

Dashboard

• Dataflow component support. 

Microsoft Visual Studio 2022 IDE Plugin

• Support for multiple Helix QAC installs with VS 2022 extension. 

Important Changes in Helix QAC 2022.4

Pre-Announcements 

CCT Generator End-of-Life in 2023 

Helix QAC 2023.1 will no longer support the legacy standalone CCT Generator.

The ‘qainject’ tool introduced in Helix QAC 2021.3 will replace the current CCT Generator. As a result, CCTs generated using the legacy tool will be deprecated and no longer supported.

Removal of unsupported static CCTs from the QAC package

With improved build monitoring for a wide range of compilers using auto CCT generation with ‘qainject’, the majority of static CCTs that have previously been included in the Helix QAC package will be removed by 2023.1. The auto generated CCTs are expected to provide more accurate analysis results compared to using a static default CCT. The intention is to remove all CCTs apart from those for the GNU gcc, Visual Studio, and generic compilers.

What’s New in Helix QAC 2022.3

Helix QAC 2022.3 introduces support for Microsoft Visual Studio 2022, a new compliance module for BARR-C:2018, and upgraded language support for C++20 and C23.

In addition, this release includes broader compiler support and general quality of life improvements for various CLI commands.

Microsoft Visual Studio 2022 IDE Plugin

Use the new Visual Studio 2022 desktop analysis plugin to quickly and easily detect and then fix issues before check-in.

This new IDE extension supports desktop analysis of Helix QAC within MS Visual Studio for C/C++:

• Analyze code, view, and filter results.
• Localization for English and Japanese.
• Support for cross-module analysis and suppressed messages.
• Diagnostic message help.
• Logging and output messages.

Coding Standard Coverage (BARR-C:2018, MISRA C:2012 AMD3)

New BARR-C:2018 Compliance Module for C with 83% automated rule coverage. 

Enforce Barr Group’s Embedded C Coding Standard to minimize bugs in firmware while improving the maintainability and portability of embedded software.

New MISRA C:2012 Amendment 3 Compliance Module with 100% rule coverage.

Upgraded C++20 Language Support

This release adds C++20 language feature support for:

• Default member initializers for bit-fields.
• Layout-compatibility and pointer-interconvertibility traits.
• Supports g++ 11 and Visual Studio 2022.1 in C++ 20 mode.

Upgraded C23 Language Support

This release adds C23 language feature support for: 

• Unicode identifiers in source code, both directly specified as characters and via Universal Character Names, and accompanied by checking for UAX#31 valid identifier rules.
• Type inference for object definitions. A new option enables C23 semantics for the auto storage class specifier to infer the type of an object from its initializer (this may change behavior of existing code, so C17 semantics remain the default), while the GNU C __auto_type specifier remains unconditionally available.
• typeof_unqual (via __typeof_unqualified__).

Improved Build Process Monitoring

This release features automated CCT generation using ‘qainject’, which streamlines build comprehension and compiler setup.

In addition, functionality has been improved to provide a user-friendly project and compiler setup for the following common compilers:

• Green Hills 2018-2022
• Visual Studio 2022
• Wind River Diab v7
• TI tiarmclang (C++98/03)
• GNU assembler cc1/cc1plus

Quality of Life Enhancements

CLI

Separation of qacli admin commands to new standalone qacli config commands:

• component path commands into "qacli config component-path".
• cpu command into "qacli config cpu".
• language commands into "qacli config language".
• license server commands into "qacli config license-server".

Additionally, the Dashboard token commands have been separated into “qacli auth.

Important Changes in Helix QAC 2022.3

Ongoing ‘qacli admin’ Changes

There are a large number of options associated with the ‘qacli admin’ sub-command, and these have been separated into new config and auth sub-commands covering the configuration of the system and projects. 

The corresponding ‘qacli admin’ options will be deprecated as new sub-commands are added and removed in a future release. These changes will improve the usability of the CLI, enable more consistent use of short options and default values, and enhance the readability of the associated help pages. 

Included in the release notes are details for the ‘qacli admin' options that have been deprecated in 2022.3, and the full list of previously deprecated commands is included in the Helix QAC manual.

Pre-Announcements

CCT Generator End-of-Life in 2023

Helix QAC 2023.1 will no longer support the legacy standalone CCT Generator.

The ‘qainject’ tool introduced in Helix QAC 2021.3 will replace the current CCT Generator. As a result, CCTs generated using the legacy tool will be deprecated and no longer supported.

Removal of Unsupported Static CCTs from the QAC Package

With improved build monitoring for a wide range of compilers using auto CCT generation with ‘qainject’, the majority of static CCTs that have previously been included in the Helix QAC package will be removed by 2023.1. The auto generated CCTs are expected to provide more accurate analysis results compared to using a static default CCT. The intention is to remove all CCTs apart from those for the GNU gcc, Visual Studio, and generic compilers.

Upcoming Separation of Dataflow in 2022.4

In 2022.4, Dataflow is planned to be separated from the QAC/QAC++ engine into its own component. The main differences are:

• Improved performance of Dataflow analysis for large projects.
• Dataflow will become a separate component in the analysis toolchain with associated configuration options.
• Dataflow diagnostics will be reported against their own component instead of 'qac' or 'qacpp'.
• Inter-TU analysis will be internalized in dataflow, and two analysis passes will no longer be necessary.

What’s New in Helix QAC 2022.2

Helix QAC 2022.2 delivers greater C++ 20 language feature support, updated compliance modules for MISRA and HKMC, along with new configuration options for improved analysis results when dealing with STL headers, third-party/external source code, and more.

In addition, this release includes broader compiler support and general quality of life improvements for various plugins, CLI commands, and the QAC GUI.

Upgraded C++20 Language Support

This release adds C++20 language feature support for:

• Consteval
• Constinit
• Explicit(bool)
• Three-way comparison operator
• Using enum

Coding Standard Coverage

Improved MISRA C:2012 AMD2 Coverage

MISRA C:2012 compliance module mapping and categorization have been improved.

Updated HKMC Compliance Module for C/C++

HKMC compliance module has been updated to reflect HKMC v4.1 category and wording changes.

Improved Build Process Monitoring

This release features automated CCT generation using ‘qainject’ streamlines build comprehension and compiler setup.

In addition, functionality has been improved to provide a user-friendly project and compiler setup for the following common compilers:

• Texas Instruments Code Composer – v11, ArmClang
• IAR Embedded Workbench
• TASKING
• Renesas
• ARM – ArmClang
• Wind River Diab (C++11/14)

Partial Quieting of Headers for Improved Analysis

The features improvements to Dataflow analysis. For example, code that uses types defined in the STL headers to reduce potential false positives/negatives. This is enabled through the use of a new analysis option, QuietExtended, which provides greater control over analysis of function definitions appearing in header files.

If a file is:

• Quieted, the contents will be analyzed for parser errors, and any function definitions will be ignored.
• QuietExtended, function definitions will be parsed if they are used from a non-quieted location.
• Non-quieted, all definitions will be analyzed.

Framework Improvements

Improved Handling of Third-Party/External Source Code

• Provides a means to specify elements of a code base that are from third parties and would not be modified directly, to allow results to be filtered from reporting.
• Files/folders marked as third-party are highlighted in the desktop GUI.
• The results of an analysis can be filtered to only show cross-module analysis.
• Compliance reports can highlight results for third-party code.
• Third-party source code is not uploaded to Dashboard.

Improvements for Setting Additional Component Options on a per File/Directory Basis

• Settings will be retained after a sync.
• Eclipse and Visual Studio plugins were updated to provide the same functionality as desktop GUI to enable additional options to be set.
• Per file message enabling/disabling.

Quality of Life Enhancements

GUI

• Sorting of Messages and Files in GUI.
• Improved feedback for read-only files.

CLI

• Additional qacli report output on success or failure.

Plugins

• Microsoft Visual Studio
  • Analysis Options per folder/file.
  • CLI installation/removal for the plugin.
  • Disable Dashboard/S101 menus if a component is not installed.
• Eclipse
  • Sorting of Messages and Files in Eclipse.
  • Analysis Options per folder/file.
  • CLI installation/removal for the plugin.
  • Disable Dashboard/S101 menus if a component is not installed.

Important Changes in Helix QAC 2022.2

Ongoing ‘qacli admin’ Changes

There are a large number of options associated with the ‘qacli admin’ sub-command and these will be separated into several new sub-commands covering the configuration of the system and projects. 

The corresponding ‘qacli admin’ options will be deprecated as new sub-commands are added and removed in a future release.  These changes will improve the usability of the CLI, enable more consistent use of short options and default values, and enhance the readability of the associated help pages. 

Included in the release notes are details for the ‘qacli admin' options that have been deprecated in 2022.2 and the full list of previously deprecated commands is included in the Helix QAC manual.

Pre-Announcements

CCT Generator End-of-Life in 2023

Helix QAC 2023.1 will no longer support the legacy standalone CCT Generator.

The ‘qainject’ tool introduced in Helix QAC 2021.3 will replace the current CCT Generator. As a result, CCT’s generated using the legacy tool will be deprecated and no longer supported.

Upcoming Separation of Dataflow in H2 2022

In H2 2022, Dataflow is planned to be separated from the QAC/QAC++ engine into its own component. The main differences are:

• Improved performance of Dataflow analysis for large projects.
• Dataflow will become a separate component in the analysis toolchain with associated configuration options.
• Dataflow diagnostics will be reported against their own component instead of 'qac' or 'qacpp'.
• Inter-TU analysis will be internalized in dataflow, and two analysis passes will no longer be necessary.

What’s New in Helix QAC 2022.1

Helix QAC 2022.1 delivers improved compliance module coverage for AUTOSAR, MISRA, and CWE with greater C++ 20 language feature support.

In addition, this release includes greater control over analysis configuration and message suppressions; provides broader compiler support; and general quality of life improvements for performance and various plugins.

Coding Standard Coverage (AUTOSAR, MISRA, CWE)

Improved AUTOSAR Coverage

AUTOSAR coverage has been increased to 95%.

Improved MISRA C:2012 (TC2) Coverage

MISRA C:2012 compliance module has been updated to reflect Technical Corrigendum 2 category and wording changes.

Improved CWE Coverage

CWE coverage for C has been expanded to include new messages for Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') to cover CWE-362.

Upgraded C++20 Language Support

This release adds C++20 language feature support for:

• feature testing macros
• std::is_constant_evaluated()

Framework Improvements

• Project level options are now available on a per file/folder basis, providing more control over analysis configuration.
• Comment based suppressions now support multi-homed messages.

Dataflow Improvements

Reduced memory usage for:

• Large switch statements.

• Pointers with a large number of aliased objects.

Improved Build Process Monitoring

Automated CCT generation using ‘qainject’ streamlines build comprehension and compiler setup.

In this release, functionality has been improved to provide a user-friendly project and compiler setup for the following common compilers.

• Microchip XC8, XC8-CC
• Wind River Diab
• Texas Instruments Code Composer

Quality of Life Enhancements

GUI

• Additional component options on a per file/directory basis.

CLI

• Additional component options on a per file/directory basis.
• Improved feedback when qacli report fails.

Performance

• Reduced analysis memory usage for some projects.
• Improved feedback from the CLI for certain configuration errors.

Plugins

• Streamlined Jenkins plugin.
• General improvements for Eclipse, Visual Studio, and Visual Studio Code.

Important Changes in Helix QAC 2022.1

End-of-Life for ‘Met’ Output Format

Helix QAC 2022.1 will no longer support the ‘met’ output format.

The binary ‘arc’ file output format introduced in Helix QAC 2019.2, which replaced the ‘met’ file output format, is the default as of Helix QAC 2020.2. As a result, the ‘met’ file format will be deprecated and no longer supported from Helix QAC 2022.1 onward.

Pre-Announcements

CCT Generator End-of-Life in 2023

Helix QAC 2023.1 will no longer support the legacy standalone CCT Generator.

The ‘qainject’ tool introduced in Helix QAC 2021.3 will replace the current CCT Generator. As a result, CCT’s generated using the legacy tool will be deprecated and no longer supported.

Upcoming ‘qacli admin’ changes

There are a large number of options associated with the ‘qacli admin’ sub-command and these will be separated out into several new sub-commands covering configuration of the system and projects. 

The corresponding ‘qacli admin’ options will be deprecated as new sub-commands are added and removed in a future release.  These changes will improve the usability of the CLI, enable more consistent use of short options and default values, and enhance the readability of the associated help pages. 

Included in the release notes are details for the ‘qacli admin' options that have been deprecated in 2022.1 and the full list of previously deprecated commands is included in the Helix QAC manual.

What’s New in Helix QAC 2021.3

Helix QAC 2021.3 introduces support for Visual Studio Code, new compliance modules for Hyundai Motor Group, and improved dataflow analysis capabilities with additional C++ 20 language support.

In addition, this version includes accuracy and coverage improvements for important automotive and secure coding standards, streamlined build process monitoring, and general quality of life improvements that provide better usability, security, and project setup/management options.

Visual Studio Code IDE Plugin

Use our new Visual Studio Code desktop analysis plugin to detect and fix issues quickly and easily before code check-in.

This new IDE extension supports desktop analysis of Helix QAC within Visual Studio Code for C/C++:

• Analyze code, view, and filter results.
• Localization for English and Japanese.
• Support for multi-homed and suppressed messages.
• Diagnostic message help.
• Logging and output messages

Coding Standard Coverage (AUTOSAR, MISRA, CERT, CWE, HKMC)

Improved AUTOSAR Coverage

AUTOSAR coverage has been increased to 94% to make compliance easier along with the industry-leading precision and accuracy that Helix QAC is known for.

Improved MISRA C:2012 Coverage

MISRA C:2012 depth and accuracy have been improved.

Improved CERT Coverage

CERT C/C++ coverage has been improved to enhance depth and accuracy.

Improved CWE Coverage

CWE coverage has been expanded to include new messages related to encryption and variable use rule violations.

New HKMC Compliance Module for C/C++

Enforce Secure C/C++ Coding Guide for Automotive Embedded Systems with Helix QAC’s new compliance modules for Hyundai Motor Group and their suppliers.

Dataflow Improvements

• Modeling of individual elements within an array provides greater analysis capabilities to find dataflow/path defects with improved accuracy.
• Improved detection of pointer de-reference defects by additional propagation of the results of pointer arithmetic expressions.

Upgraded C++20 Language Support

This release adds C++20 language feature support for:

• __VA_OPT__ elision operator in variadic macros

Improved Build Process Monitoring

Automated CCT generation using ‘qainject’ streamlines build comprehension and compiler setup.

This new functionality provides a user-friendly project and compiler setup for the following common compilers.

• GNU C/C++
• Clang
• MS Visual Studio
• Microchip MPLAB pic24
• xc32
• xc16
• Hightec Tricore
• QNX

Quality of Life Enhancements

Dashboard

• Localization improvements
• New LDAP configuration and authentication options
• Improved SSL Certificate support

QACGUI

• Change default view settings within the GUI
• Automatic analysis when header files change

Framework

• Project Roots now supported for incremental analysis
• Dynamic analysis threads based on available resources

QACLI

• CI/Docker install without GUI/Doc
• Japanese translation and path fixes

Important Changes in Helix QAC 2021.3

Helix QAC 2021.3 has upgraded to use Python 3 and removed Python 2 which has reached End-Of-Life.

• User action is needed to upgrade existing projects. To upgrade your projects run “qacli admin --upgrade". See product documentation for more information.
  • Note this upgrade process also applies when creating a new project but reusing a CCT created using a previous version of QAC.
• If creating a new project with the CCTs included in the Helix QAC 2021.3 package, they have been converted and tested to work under Python 3.

End of Support

The following Visual Studio artifacts have been removed from the installation packages.

• Visual Studio 2010, 2012, and 2013

What’s New in Helix QAC 2021.2

Helix QAC 2021.2 introduces new compliance reports for MISRA Compliance 2020 and general coding standards, complete support of the C++17 language specification, and plugin enhancements for faster analysis feedback.

In addition, this version includes increased MISRA and AUTOSAR coverage with improved accuracy, faster analysis, and quality of life improvements that provide better usability, security, and data management options.

Compliance Reports

These new reports help you determine the health of your code base and supply the information necessary to claim compliance against a coding standard. Generate reports for:

•  MISRA Compliance 2020
• General standards compliance

New Plugin Features

New optional features for the Visual Studio and Eclipse Plugins are introduced in this release for faster analysis feedback. Along with support for projects with multiple configurations.

Continuous Incremental Analysis

Enables analysis to be performed automatically when saving a file or after a predefined time of inactivity in a modified file.

Interactive Asynchronous Feedback

Enables diagnostic results to stream in as analysis progresses, so you can remediate issues while analysis is running.

Multi-Configuration Project Support

Projects with multiple configurations are now supported with Helix QAC IDE Plugins to provide easier project context switching.

Improved Coding Standard Coverage (AUTOSAR and MISRA)

Improved AUTOSAR Coverage

AUTOSAR coverage has been increased up to 93% to make compliance easier along with the industry-leading precision and accuracy that Helix QAC is known for.

Improved MISRA C:2012 Coverage

MISRA C:2012 compliance has been updated to include features of MISRA C:2012 TC1.

Complete C++17 Language Support

Helix QAC 2021.2 fully supports the C++17 language specification. This release adds language feature support for:

• Extended new
• Guaranteed copy elision

Dataflow Improvements

Improved tracking of variable usage and handling of struct/union function arguments for greater accuracy and precision of analysis results.

General performance improvements resulting in faster analysis speed by up to ~5%*.

(*based on internally benchmarked OSS projects)

Integrate Helix QAC Diagnostic Results with Klocwork

With 2021.2 we introduce the ability to export Helix QAC findings into Klocwork’s Compliance and Application Security Testing (CAST) Portal. This enables you to:

• Use Helix QAC and Klocwork together to provide industry-leading compliance coverage across the major embedded and automotive programming languages.
• Export and integrate Helix QAC diagnostic results with Klocwork.
• Review and manage security and compliance issues in one place.
• Generate compliance reports natively with Helix QAC or from the Klocwork SAC portal.

Quality of Life Enhancements

QAGUI and QACLI

• Compliance report generation
• Improved sync method for easier configuration

QAGUI

• Upgraded look and feel
• External file modification can trigger automatic analysis

QACLI

• Option to output data in SARIF format
• Export Helix QAC data to Klocwork portal providing a single destination to view results from both tools

Dashboard

• LDAP Implementation
• SSL Certificates

Important Changes in Helix QAC 2021.2

End of Support

• Red Hat Enterprise Linux 6
• Visual Studio 2010, 2012, and 2013

The Visual Studio artifacts listed above will remain in the installation packages but will be removed in the next release.

Helix QAC 2021.1 delivers complete support for CERT C++ rules, expands AUTOSAR coverage, and adds new language support for C++17.

Improved Compliance Coverage for CERT and AUTOSAR

Full CERT C++ Coverage

Helix QAC now covers 100% of the CERT C++ rules to provide unparalleled coding standard coverage.

Improved AUTOSAR Coverage

This release increases AUTOSAR coverage to 91% with Helix QAC’s industry-leading precision and accuracy — making compliance easier.

New C++17 Language Support

Expanded support for C++17 language specification. New language features include:

• Lambda Capture of *this by Value as [=,*this]
• constexpr lambda
• Allow const eval for all non-type template arguments
• Aggregate initialization of classes with base classes

Pre-Announcement: ‘Met’ Output Format End-of-Life in 2022

Helix QAC 2022.1 will no longer support the ‘met’ output format.

The binary ‘arc’ file output format introduced in Helix QAC 2019.2, which replaced the ‘met’ file output format, is the default as of Helix QAC 2020.2. As a result, the ‘met’ file format will be deprecated and no longer supported from Helix QAC 2022.1 onward.

If the legacy 'met' format is required, then that information can either be extracted from the 'arc' files using an appropriate 'lua' script. See: Helix QAC user manuals for more detail.

Helix QAC 2020.2 delivers complete support for CERT C POSIX rules, adds new language support for C++ 17/20, and introduces a new compliance module for ISO/IEC TS 17961.

In addition, the latest version expands compliance coverage and features quality of life improvements that provide increased productivity and usability for Jenkins and QAGUI.

Improved Compliance Coverage (CERT, AUTOSAR, ISO/IEC TS 17961)

CERT C POSIX Rule Support

Helix QAC now covers 100% of the CERT C POSIX Rules — providing unparalleled coding standard coverage.

Improved CERT C++ Coverage

Coverage for CERT C++ has increased to 95% with this release.

New ISO/IEC TS 17961 Compliance Module

Ensure your projects are C Secure with Helix QAC’s new compliance module for ISO/IEC TS 17961. Helix QAC now provides 98% coverage for C Secure.

Improved AUTOSAR Coverage

Make compliance easier — this release increases AUTOSAR coverage up to 91% with the industry-leading precision and accuracy that Helix QAC is known for.

New C++17/20 Language Support

Helix QAC 2020.2 adds C++17 language feature support for:

• Pack expansions and declarator lists in using declarations.
• Typename keyword in template template parameters.
• Non-type template parameters declared with a placeholder type.
• UTF-8 character literals.
• In-class definition of explicit template specializations.
• Enumeration direct-list initialization.
• Structured bindings.

Helix QAC 2020.2 adds C++ 20 language feature support for:

• Storage class specifiers in structured bindings.

QAGUI New Features

Two new optional features for QAGUI are introduced in this release of Helix QAC for faster analysis feedback.

Continuous Incremental Analysis

Enables analysis to be performed automatically when saving a file or after a pre-defined time of inactivity in a modified file.

Interactive Asynchronous Feedback

Enables diagnostic results to stream in as analysis progresses so you can begin remediating issues while analysis is running.

Jenkins Pipelines

Support for Jenkins Pipelines provides an easy way to automate static analysis as part of your application lifecycle within your Continuous Integration (CI) or Continuous Delivery (CD) workflows.

End of Support for Red Hat Enterprise Linux 6

Beginning with Helix QAC 2020.2, the following operating system will not be supported:

• RHEL 6

Important Change to Default Format for Semantic Output

Helix QAC 2020.2 will use the binary 'arc' file output format by default.  If the legacy 'met' format is required, then that information can either be extracted from the 'arc' files using an appropriate 'lua' script (See: Helix QAC user manuals for more detail.), or the legacy output format can be enabled with "-metfile+". 

(Note: Features that are dependent on the 'arc' format will not work with "-metfile+".  For more information please refer to the Helix QAC 2020.2 release notes.)

If you have any questions or concerns, please contact our support team.

Helix QAC 2020.1 adds support for commonly used C++17/20 language features, expands compliance coverage, accelerates performance, and enhances productivity.

Improved CERT C Coverage

Coverage of CERT C Rules has increased to 100%.

Improved CERT C++ Coverage

Coverage for CERT C++ has increased with this release.

Improved MISRA C:2012 Amendment 2 Coverage

MISRA C:2012 Amendment 2 is completely supported.

Improved AUTOSAR Coverage

Coverage for AUTOSAR has increased with this release.

New C++17/20 Language Support

Helix QAC 2020.1 adds C++17 language features support for inline variables, nested namespace definition, and selection statements with an initializer.

Helix QAC 2020.1 adds C++ 20 language features support for nested inline namespaces and range-based for statements with an initializer.

Improved Eclipse Plugin Performance

The Eclipse Plugin now features quick keyboard shortcuts for common commands and quality of life improvements for increased productivity and usability.

Improved Visual Studio Plugin Performance

The Visual Studio Plugin has quality of life improvements for increased productivity and usability.

Improved Helix QAC Dashboard

The Helix QAC Dashboard has improved upload performance, bug-fixes, and minor enhancements.

End of Windows 7 Support

Windows 7 will not be supported from 2020.1 onwards. The supported operating systems going forward will be:

• Windows 10 (64 bit)
• Linux: RHEL 6 and 7 (64 bit)

End of Support for Legacy Visual Studio Versions

Visual Studio 2010, 2012, and 2013 versions are no longer supported by Microsoft on Windows 10. For that reason, beginning with Helix QAC 2020.1, the Helix QAC Visual Studio plugin will not support these versions.

Helix QAC 2019.2 adds support for commonly used C++17 language features and Visual Studio 19. This release also expands compliance coverage, accelerates performance, and enhances productivity.

Download PDF

Improve CERT Coverage

Coverage for CERT C and CERT C++ has increased with this release.

Leverage C++17

Helix QAC 2019.2 includes support for C++17— including fold expressions; constexpr if; template argument deduction for class templates; and exception specifications as part of the type system.

Increase Productivity

There are several feature updates in Helix QAC 2019.2 that improve productivity. This includes support for Visual Studio 2019, and an updated and improved Eclipse plugin.

Easy selection of C90, C99 or C11 rules makes it is easier configure your MISRA projects. And, your logs can now be stored in a project-specific location.

Reduce Disk Usage

Particularly important for large projects, Helix QAC 2019.2 uses a more efficient internal storage format to significantly reduce the amount of disk space it uses.

Support for Legacy Hosting Operating Systems

Support for RHEL 5, and all 32-bit Windows and Linux platforms will be removed from 2019.2 onwards. Helix QAC 2019.2 will only be supported on the following operating systems:

• Windows: 7* and 10 (64 bit)
• Linux: RHEL 6 and 7 (64 bit)

*We are planning to remove Windows 7 support from the subsequent release (2020.1).

Helix QAC 2019.1 adds support for inter-thread defect detection. This release also expands compliance coverage, accelerates performance, and enhances productivity.

Watch this pre-recorded webinar to learn more about the new features.

DOWNLOAD PDF   WATCH NOW

Leverage Multithreading — Without Concurrency Defects

Helix QAC 2019.1 includes new dataflow features and enhancements — including inter-thread, intra-thread, and tainted variable analysis.

This update allows you to detect potential concurrency defects, such as deadlock and data race.

Improve Compliance Coverage (CERT, MISRA, AUTOSAR)

Helix QAC offers the best coverage of the MISRA C© and MISRA C++© coding standards. And the precision and accuracy of that coverage has increased with Helix QAC 2019.1.

Helix QAC now offers complete support for C++14. And the AUTOSAR compliance module has been updated for the October 2018 update to AUTOSAR coding guidelines.

Coverage for CERT C/C++ has also increased with this release.

Accelerate Performance (Analysis & Synchronization)

Helix QAC 2019.1 includes performance updates.

Cross-module analysis is faster with this release. Helix QAC 2019.1 also improves the desktop  integration with the web dashboard (formerly QA Verify). This accelerates project synchronization.

Increase Productivity (Searchable Help)

There are several feature updates in Helix QAC 2019.1 that improve productivity. This includes a searchable help, as well as some command line (CLI) updates.

The latest release of Helix QAC (formerly QAC/QAC++/QA Verify) includes the following changes.

How Helix QAC Is Versioned

Helix QAC will no longer use a <major>.<minor>.<patch> format. The version will be based on year and the release within the year. So, the new release will be “Helix QAC 2019.1”. This will consist of:

• QAC 9.6
• QAC++ 4.4
• QA Verify (Helix QAC dashboard) 2.4

Where Helix QAC Will Be Installed

By default, Helix QAC 2019.1 will be installed into “C:\Perforce\Helix-QAC-2019.1” for Windows users or “/opt/Perforce/Helix-QAC-2019.1” for Linux users.

Where User Data Is Stored

The user data location is platform- and user privilege-specific. Here’s a table with further details:

Where Log Files Are Stored

By default they will be in “%LOCALAPPDATA%\Perforce\Helix-QAC-2019.1” for Windows users or “~/.config/Perforce/Helix-QAC-2019.1” for Linux users.

The log file name changes to Helix-QAC_<date>T<time>_<id>.log

How the Jenkins Plug-In Will Change

Jenkins users will need to update the PRQA plug-in to v3.0.2 (or above) for Helix QAC 2019.1.

Programs That Won’t Change

The qacli and qagui will retain their names. Key folders such as the “prqa” folder and the prqaproject.xml will also remain the same.

Helix QAC 2.4 adds a CWE C++ compliance module. And it updates compliance coverage, performance, and productivity.