What's New in Klocwork?

What's New in Klocwork 2020.2

Klocwork 2020.2 launches an improved C# analysis engine with broader language support, improved accuracy, and new defect detection by up-to 30%*. This release also includes integrations for IDEs and CI/CD deployments, improvements to C++ analysis, and expanded coding standard support.

(*based on internally benchmarked OSS projects)

Major Update to C# Analysis Engine

Expanded C# language support, 64-Bit improvements, new project support, and increased analysis accuracy with up-to 30% more defect results*.

Full support for the C# 7.0 language specification has been added to Klocwork. New language features include:

• Out variables as function arguments and discard out variables
• Pattern matching
• Tuples, tuple deconstruction, and discards in tuple deconstruction
• Local functions
• Binary literals and digit separators
• Ref locals and returns
• Generalized async return types
• Expression bodied members for members formally returning void
• Throw expressions

64-Bit improvements to the C# analysis engine allow effective analysis of large, complex code bases, and projects.

New build integration improvements now provide analysis results for mixed C/C++ and C# projects.

Added support for more Visual Studio project types such as .Net Core.

(*based on internally benchmarked OSS projects using these language features)

C++ Analysis Engine

• Improved C++ defect detection for intraprocedural function pointer resolution and cases of function pointers that are returned directly or indirectly by function calls.
• Improved support for rvalue references and override file mechanisms.
• Upgraded KB customization for virtual methods allowing behavior definition to produce greater accuracy in your system.

New Jenkins Plugin

Our new Jenkins plugin provides an easy way for you to automate industry-leading static analysis as part of your Continuous Integration (CI) or Continuous Delivery (CD) pipeline.

The plugin provides Klocwork's Differential Analysis, which uses system context data from the server to analyze only the files that were changed, while providing a diff analysis as if the entire system were analyzed, resulting in the shortest analysis times.

CLion IDE Plugin

Use our new CLion desktop analysis plugin to quickly and easily detect and fix issues before check-in.

Coding Standards

New and expanded standards coverage for Klocwork 2020.2:

• CWE & CWE 2019 Top 25 – C#
• AUTOSAR
• MISRA
• CERT – C/C++
• Community Taxonomies – PCI DSS (C/C++, Java, and C#), Joint Strike Fighter Air Vehicle (C++), CERT (C/C++), Community Quality (C++)

New Vulnerability Checkers

We have added and improved several of our checkers across our supported languages: C/C++, Java, and C#.

The new checkers find defects for:

• Dangerous implicit conversions
• Dangerous coding practices
• Out-of-boundary violations
• Identifier name clashes
• Tainted data
  • Buffer overflows using untrusted data
  • Excessive resource consumption using untrusted data
  • Integer overflows using untrusted data
  • Assignment to global variables
  • Dangerous Casts

For information on other accuracy and coverage improvements please refer to the release notes.

Important Changes in Klocwork 2020.2

Maintenance for Klocwork 2018 has Ended

Maintenance for all versions of Klocwork 2018 ended February 29, 2020. The end of maintenance (EOM) date and end of sale (EOS) date was also February 29, 2020. For information about the availability of support for any release of Klocwork, see the Klocwork Product Lifecycle.

What’s New in Klocwork 2020.1

Klocwork 2020.1 improves analysis accuracy and defect detection for C++ by up-to 28%*. This release also introduces the Klocwork Community: A set of almost 200 new checkers and coding standard taxonomies developed by partners and professional services that are widely used by the Klocwork customer base worldwide.

(*based on internally benchmarked OSS projects)

Performance

64-Bit improvements for Windows:

• Several components in our toolchain have been upgraded to leverage 64-Bit architecture, so Klocwork can more effectively analyze large, complex code bases, and projects.

Analysis Engine

Greater C++ analysis accuracy with up-to 28% more defect results*:

• Improved C++ defect detection for nested namespaces, references, and templates.
• Upgraded standard C++ library Knowledge Bases provide higher accuracy for smart pointers, utilities, concurrency libraries, and more.

(*based on internally benchmarked OSS projects using these language features)

Coding Standards

New and expanded standards coverage for Klocwork 2020.1:

• CWE 2019 Top 25 — C/C++, Java, and C#.
• Community Taxonomies — AUTOSAR C++ 14, MISRA C 2012, CERT, and General Code Quality.
• HIS Metrics for automotive projects.

MISRA checkers and taxonomies are now fully integrated into Klocwork by default. You no longer need to install and deploy MISRA checker packages separately. Making it as easy as adding a taxonomy to a project.

New Checkers

We have added close to 200 Klocwork Community checkers across our supported languages: C/C++, Java, and C#.

These new checkers find defects for:

• Memory leaks
• Concurrency issues
• Security vulnerabilities, including:
  •  SQL injection
  • Exposed fields
  • Buffer overflows
• Uninitialized data
• Unused variables
• Exception handling
• Dangerous casting
• Banned APIs
• General best coding practices

Klocwork Community

The Klocwork Community provides a framework for our users and professional services team to help shape the future of our coding standard coverage. By expanding on the certified Klocwork-developed checkers, we’re now providing access to sets of complimentary checkers and taxonomies that make the work of the wider community available within the product. All without the need to create and deploy your own.

Important Changes in Klocwork 2020.1

Klocwork Release Numbering

Going forward, the first release of each year will have the year as the major release number and 1 as the minor release number. For example, 2020.1. Subsequent planned releases will increment the minor number. For example, 2020.2, 2020.3, and 2020.4.

End of Support Announcements

As of 2020.1, we have ended support for the Microsoft Visual Studio add-in. Our Visual Studio extension contains the complete feature set and supports Visual Studio versions 2012 to 2019.

Portal Licensing Changes

Klocwork has implemented additional licensing checks related to running the Klocwork Server, which — among other things — underpins the Klocwork portal. We recommend that you validate your licensing needs to ensure that you have a sufficient number of web service licenses.

Klocwork 2019.3 delivers improvements to vulnerability detection and compliance/coding standards.

Expanded MISRA C:2012 Rules

New and improved MISRA C:2012 standard rules — Rules 5.8 and 5.9 — provide greater coverage and accelerate time-to-market for compliance projects.

Improved Compiler Support

Klocwork has made updates and improvements to the following supported compliers:

• Clang
• GNU

Enhanced Analysis Engine

Improved implementation of Linux 64-bit architecture enables Klocwork to more effectively analyze large, complex code bases and projects.

Improved Checker

Klocwork has made improvements to the accuracy and coverage of the following checkers:

New C/C++ Checkers:

• CWARN.DTOR.VOIDPTR: Detects the deletion of ‘pointer to void’ which may result in memory and resource leaks.
• UNUSED.FUNC.STL_EMPTY: Detects accidental calls to empty() method instead of clear().

Additional New Checkers:

• MISRA.IDENT.NONUNIQUE.EXTERNAL.2012
• MISRA.IDENT.NONUNIQUE.INTERNAL.2012

Enabled Checkers:

• CWARN.DTOR.VOIDPTR
• UNUSED.FUNC.STL_EMPTY

Improved Taxonomies

Klocwork has made updates and improvements to the following taxonomies:

• misra_c_2012_c90.tconf
• misra_c_2012_c90_ja.tconf
• misra_c_2012_c99.tconf
• misra_c_2012_c99_ja.tconf

Important Changes in Klocwork 2019.3

The latest release of Klocwork includes the following changes.

Developer Network

The Rogue Wave Support Center now includes Klocwork. As a result, the Developer Network will no longer be available after November 30, 2019.

End of Support

Klocwork 2019.3 will be the last release to support the Vim plug-in.

2020 Portal Licensing Changes

Beginning in 2020, Klocwork will put into effect additional licensing checks related to the Portal.

System Requirement Changes

Klocwork has added support for the following system requirements:

• Debian 10.0
• OpenSUSE Leap to 15 to 15.1
• SUSE Enterprise Leap 15 to 15.1
• Red Hat Enterprise Linux 8.0
• Ubuntu 16.04 to 16.04.6 LTS
• glibc 2.29
• Windows 10 versions 1709 to 1903
• macOS 10.12x to 10.14.5
• Microsoft Visual Studio 2017, up to version 15.9.14 and 2019, up to 16.1.6 (Visual Studio Extension only)
• Android Studio 1.0 to 3.4.2
• JetBrains IntelliJ IDEA 2019.1.1 to 2019.1.3
• TeamCity 9.1.3 to 2019.1.1
• Google Chrome 54.x to 75.x
• Mozilla Firefox 67.x.x and 68.x.x
• Apple Safari 9.1.x to 12.1.1
• Microsoft Edge 44.x to 44.18362
• Microsoft Internet Explorer 11.0.x to 11.0.135
• gradle 3.x to 5.5.1

Klocwork 2019.2 delivers improvements to security vulnerability detection, compliance/coding standards, and adds Visual Studio 2019 support.

Improved Security Vulnerability Detection

Improved security checkers that detect vulnerabilities related to the tracking of tainted data used through casting operations.

Expanded MISRA C:2012 Rules

New and improved MISRA C:2012 standard rules — Rules 21.13 and 21.19 — provide greater coverage and accelerate time-to-market for compliance projects.

Integrated ISO/IEC TS 17961 Standard

Klocwork can now ensure that C language projects are compliant with ISO/IEC TS 17961.

Improved Build Analysis

Projects using multiple compilers will see more accurate analysis results for C++ 14/17 langauge features.

Simplified Build Reporting

Improved functionality to optimize and reduce the size of the build log is now available for all C/C++ tools.

Upgraded Microsoft Visual Studio Support

The Klocwork Visual Studio Extension now supports Visual Studio 2019.

Expanded Compiler Support

Klocwork has made updates and improvements to the following supported compliers:

• Archelon CSR Kalimba C
• Clang
• GNU
• Green Hills
• IAR Systems C (compiler/linker for ARM)

Klocwork 2019.1 delivers improvements to security vulnerability detection, standards compliance, and 64-bit support for large projects.

Improved Security Vulnerability Detection

Improved security checkers that detect vulnerabilities related to the tracking of tainted data used in nested structures, stored as array elements, and through casting operations.

Expanded MISRA C:2012 Rules

New and improved MISRA C:2012 standard rules — Rules 18.1 and 19.1 — provide greater coverage and accelerate time-to-market for compliance projects.

Enhanced Analysis Engine

Integrated support for even larger and more complex projects with 64-bit build specification generation on Linux.

Simplified Build Reporting

Klocwork now makes it easier to evaluate the quality of analysis results and of the build requires review. In addition, there is new optional functionality to optimize and reduce the size of the build log.

Upgraded Microsoft Visual Studio Support

The Klocwork Visual Studio Extension now supports a broader range of Visual Studio 2017 versions and includes general performance improvements.

Added OWASP Top 10 Security Risks for 2017

A new Java taxonomy has been added that covers the OWASP Top 10 Security Risks for 2017.

Expanded Compiler Support

Klocwork has made updates and improvements to the following compiler support:

• ARM Optimizing C/C++ compiler (formerly TI tms470 C/C++ compiler)
• Clang
• GNU
• Green Hills
• Microsoft Visual C++
• Mono Headset SDK
• Nvidia CUDA
• Plan 9 C
• WinAVR