Getting started with Klocwork Desktop Java Plug-in for Eclipse

From current

Contents 1 Prerequisites and setup considerations 2 Connect to a project on the Klocwork Server 3 Run Klocwork on your project 4 Review and investigate 5 Locate and fix local issues 6 Cite the remaining issues 7 Before you check in 8 Setup troubleshooting 8.1 Specify your build settings in Klocwork for Java 9 What's next?

Information and instructions below also apply to IBM Rational Application Developer for WebSphere and may also apply to other Eclipse-based IDEs.

For more information about supported IDEs, see System requirements.

Prerequisites and setup considerations

Installation

Before you can run Klocwork Desktop Analysis on your source code, you need to

• install the Klocwork User package
• install the Klocwork plug-in from the Eclipse update site

An integration project to connect to

Connected desktop is a key step in harnessing the power of Klocwork Insight. Before you can connect, an integration project must be set up and analyzed on the Klocwork Server.

If you don't connect to an integration project, this is referred to as standalone desktop.

Linux only: Add the bin directory to your path

On Windows, the Klocwork user bin directory is added to your machine's PATH environment variable during installation. Klocwork recommends adding the Klocwork user bin directory to your machine's PATH environment variable on Linux. This eliminates path-specific entries in the following procedures and therefore makes it easier to share project files between developers.

Example directory: /opt/tools/Klocwork/user9.5/bin

The following steps assume you have added the bin directory to your path.

Note: If your Java source files are not part of the Java Development Toolkit (JDT) project, and you build with ant, then you need to specify your build settings before you can run an analysis.

Connect to a project on the Klocwork Server

Note: If you see a login dialog, enter the credentials provided by your Klocwork administrator, or your LDAP or NIS user name and password.

The maximum benefit of static code analysis is achieved when a small local desktop project is connected to a larger project on the Klocwork Server. The small local project is analyzed quickly while incorporating Klocwork knowledge bases generated on the server where additional source files were analyzed (for example, shared libraries). Connecting to a server project also allows you to share issue citing information with the integration build analysis and among team members. Contact your Klocwork administrator for more information about available server projects.

You can run desktop analysis without synchronizing with a server project. However, a standalone analysis can only derive knowledge from the local project's source files.

Note: If you see a login dialog, enter the credentials provided by your Klocwork administrator, or your LDAP or NIS user name and password.

1. In the Project Explorer:

   • right-click the project and select Properties, or
   • click the project and select File > Properties.

2. In the Properties view navigator, expand Klocwork, and check Enable project specific settings.
3. Click the Synchronization tab.
4. Ensure that the Klocwork Server host and port information is correct.
5. In the Project name list, select the integration project you want to connect to.

   Optional: To view an updated list of integration projects available on the Klocwork Server, click Refresh .

6. Enable the Use secure connection checkbox if a secure connection to the Klocwork Server has been set up.
7. Click OK.

   When you set up your connection, synchronization occurs between the integration project and your desktop project, pulling configuration information from the integration project.

   Tip: You only have to do this step once for each project.

Run Klocwork on your project

1. Click the project you want to analyze.
2. Click Run Klocwork analysis on selected project from your toolbar.

When the analysis is complete, the Klocwork Issues view shows the analysis results.

Review and investigate

Traceback is a key investigative tool for dealing with detected issues.

To access traceback for a detected issue in your current file:

• click the orange rectangle to the right of the line of source code that contains the error, or
• click the orange chevron to the left
• click an issue in the list in the Klocwork Issues view

Traceback information displays in the Klocwork Details view. After you investigate the issue and determine how it should be handled, you can change the issue's status and add comments by using the Current statuslist, which is also in the Klocwork Details view. More information about when and why you'd cite issues is described in Cite the remaining issues below.

In the Klocwork Issues view, you can:

• Sort by columns. Two-column sorting is supported; the most recently selected column becomes your primary sorting criterion. Sorting by origin and severity can give you a quick view of the most severe issues that originated locally.

  Note: Sorting by origin is only relevant for connected projects.

• Group issues by type to get a sense of the variety of issues detected in your project. Click the View Menu icon to the far right, and select Group by > Issue Type. You can also group by category, severity, status, package or owner.

  Tip: You can also group by taxonomy, severity, status, directory and owner. Select None to ungroup the issues. If you've grouped by taxonomy and the same issue was detected in each taxonomy, you'll see that one issue listed twice (in each applicable taxonomy). This is the only time you'd see the same issue listed twice.

• Get more information on an issue by right-clicking it and selecting More information.

Locate and fix local issues

If you have a connected desktop project, you may want to focus on only the issues you've injected into your project, so that you can fix them before checking in your code.

By default, Klocwork shows all detected issues whether their origin is Local or System. Local issues are those you've introduced since the last integration build analysis; System issues are those that exist in the integration build.

Simply change your filter settings to "Show Local issues only".

1. Click to access your filter settings.
2. Add a check to Local issues only when you want to see issues that were exclusively detected in your local project. When this is checked, you only see "Local" listed under the Origin column in the Klocwork Issues view because the "System" issues in the integration build are filtered out. This setting is relevant only for connected desktop projects.
3. Fix the issue and re-run the analysis.

   When the issue disappears from the list, it's fixed.

For more information about filters, see Filtering issues on the desktop.

Cite the remaining issues

Citing refers to changing the status for detected issues and/or adding comments. You can cite issues one at a time or in batches. Issue statuses are a way of notifying others that you have reviewed the issue and made a recommendation about how it should be handled. It’s a good idea to add a comment to provide more detail.

Typically, you cite issues that:

• you've tried to fix but were unable to
• occur in third-party code and feel should be ignored
• false positives
• issues that can wait until a later release to be fixed

For instance, if there’s an issue that you just don’t care about, you can change its status to Ignore. To change the status of an issue:

1. Either:

   • Right-click an issue in the list and select Change Status.
   • Alternatively, you can change that status in the Klocwork Details view, using the Current status list.

2. Select a status from the list.
3. Enter a comment in the Comments field.
4. Save your change.

   Tip: Default filter settings mean that only issues with the status of Analyze and Fix are shown in the Klocwork Issues view. To narrow your focus or add issues to the view that are currently hidden by the filters, change the Filtering options. Click at the far right of the Klocwork Issues view.

   The list of Klocwork issues updates to reflect the changes you made.

   If you're connected to a project on the Klocwork Server, your changes are now visible to other developers, and in Klocwork Review. Your desktop project is also updated with any changes made by other developers. This happens even before another build analysis has been run.

Before you check in

Now that your desktop analysis and issue citing is up to date, you may want to set up a pre-checkin code review from your IDE. For instructions, see Setting up a pre-checkin code review.

Setup troubleshooting

Specify your build settings in Klocwork for Java

Specify your build settings if:

• your Java source files are not part of the Java Development Toolkit (JDT) project, and
• you build with ant

Prerequisite: You need to create a build specification with kwant.

To specify your settings:

1. Right-click a project in the Project Explorer and, from the pop-up menu, choose Properties.
2. Select Klocwork Build Settings.
3. Select Use build specification file and browse to the build specification you created from the command line.

The properties are saved for the selected project and used when you run your next Klocwork analysis.

What's next?

Now that you've run your first Klocwork desktop analysis, you may want to check out additional help resources:

• Cheat sheet for Klocwork Desktop Java Plug-in for Eclipse - use Klocwork Insight day to day
• Customizing your desktop analysis - customize Klocwork Insight for your project
• Tuning Java analysis in Eclipse - tune out false positives from your results
• Writing custom Java checkers - write custom checkers and include them in every analysis run