Getting started with Klocwork Desktop for C/C++

From current

Contents 1 Prerequisites and setup considerations 2 Set up a Klocwork project 3 Continuous analysis while you work 4 Focus on your own issues and track your performance 5 Cite the remaining issues 6 What's next?

Klocwork Desktop is a GUI alternative to the command-line desktop analysis tool, kwcheck. Like kwcheck, Klocwork Desktop is for developers using IDEs and text editors that aren't supported by Klocwork Insight in the form of an IDE plug-in.

This article will walk you through:

• setting up a local Klocwork project
• analyzing your code
• investigating detected issues

Note: If you access your source code and compilers remotely, then you need to use Klocwork Desktop in remote mode.

Prerequisites and setup considerations

Installation

Before you can analyze your source code, you need to install the Klocwork User package.

An integration project to connect to

Connected desktop is a key step in harnessing the power of Insight. Before you can connect, an integration project must be set up and analyzed on the Klocwork Server. For more information about integration projects, see Integration build analysis.

If you don't connect to an integration project, this is referred to as standalone desktop.

Set up a Klocwork project

For each module that you're working on, you create a Klocwork local project. A local project is a respository for your analysis results and settings. The default name for your Klocwork local project is .kwlp. You only need to create this project once for each module you're working on.

The setup steps below diverge, depending on how you'll be providing build settings to Klocwork Insight for analysis purposes.

For a diagram of the project setup workflow, see Klocwork Desktop for C/C++ project setup overview.

1. From the command line, type kwgcheck or use the desktop shortcut.

   Mac notes:

   • Symbolic links are set up in /usr/local/kw/, so you can access command-line tools more easily.
   • Or access Klocwork Desktop by double-clicking kwgcheck in /Applications/Klocwork User 9.5

   Note: If you see a login dialog, enter the credentials provided by your Klocwork administrator, or your LDAP or NIS user name and password.

2. From the toolbar, click .
3. Type a name for your project.
4. If desired, specify a location for your project.

   By default, Klocwork Insight creates the project in <home_directory>/klocwork_projects/<project_name>. You can choose a different location. Make sure the location you choose has sufficient storage space, because the project can become large over time.

5. In the Type section, Connected project is automatically selected. If your project won't be connected to a project on the Klocwork Server, select Standalone.

   If you entered the Klocwork Server host and port information during installation, then the Host and Port fields will be populated.

6. Enter the information if required and click Next.

   Note: If you selected Standalone above, enter the License Server host and port information.

7. In the Server project name list, select the server project to connect to. If you can’t see the project, click Refresh to update the list.
8. Enable the Use secure connection checkbox if a secure connection to the Klocwork Server has been set up.
9. Click Next.

   The Build Settings dialog appears. Your next steps depend on which method you’ll be using to collect and update vital build settings for Klocwork Truepath^™:

   • If you see the message: "The project has no build settings. To capture build settings: - If you are using make to build the project, start kwshell using the command line '<your_project_location>/kwlp'. Run your native build in kwshell", continue to Automated capture of build settings with kwshell.
   • If you see the message: "Configure build specification variables", you need to replace variables with paths to your source files.
   • If you don't see either message, you're using a build specification template, and no template variables need to be set. You're ready for the next step.

When your build settings are in place (using one of the two methods described above), you'll see a list of grayed out files in the Project Navigator. Now, it's time to see Continuous analysis in action.

Continuous analysis while you work

Continuous analysis provides automatic issue detection and error highlighting while you work.

You can watch a demo of continuous analysis here.

1. Double-click a file in the Project Navigator to open it in the viewer.

   This launches the analysis. If issues are detected, you'll see them highlighted in the viewer. See the example below:

   

   
   

2. To get an issue count for the file, mouse over the icon in the upper right corner:

   

3. Click a navigation icon on the right to locate the issue in the file.

   You'll see the issue marker on the left and traceback information for the selected issue in the Klocwork Details view on the right.

   Tip: Mousing over the navigation icon or issue marker will display the full issue message.

4. Use Traceback information to investigate the issue. Traceback lines link to events that contributed to the issue you're viewing.
5. To get more information about an issue, right-click the issue in the Klocwork issues view and select More information.
6. Fix the issue in your editor and save your changes.

   The file is automatically re-analyzed and if the issue disappears from the viewer, it's fixed.

Tips:

• From time to time, you may want to analyze an entire component. To do this, create a working set.
• You can view the list of detected issues for the current file in the Klocwork Issues view. The Klocwork Issues view has sortable columns and allows you to group issues.

Focus on your own issues and track your performance

Filtering by taxonomy and origin isolates issues in your list according to:

• a coding standard or an internal coding policy (such as one focusing on null-pointer dereferences), so you can see how you're performing against the policy or standard. If there are no custom taxonomies in place, the default taxonomies are C and C++, C# and Java.
• only those issues you're responsible for injecting into your project. These are local issues. In contrast, system issues are those that were detected in the file in the last integration project analysis and are present in your desktop project. By default, Klocwork Desktop shows both local and system issues.

If your organization hasn't set up custom taxonomies, you can still filter to show local issues.

Tip: You can also group issues by taxonomy, or sort by taxonomy and origin.

1. From the Klocwork Issues view, click to access your filter settings.
2. Under Taxonomy, make sure that only the taxonomy of interest is checked.
3. To make sure you only see new issues you're responsible for injecting into the project, add a check to Show local issues only, which is under Origin, the last setting in the dialog.

   

   When this is checked, you only see "Local" listed under the Origin column in the Klocwork Issues view. This setting is relevant only for connected desktop projects.

   Your filtering changes take effect immediately.

Tip: If you want to see system issues in the list (and your viewer), you'll need to disable Show local issues only in your filter settings.

Continue with the edit, fix and re-analyze cycle as described in above. If there are issues you aren't going to fix immediately, then cite them. See below.

Cite the remaining issues

Citing refers to changing the status for detected issues and/or adding comments that indicate you have reviewed the issue and made a recommendation about how it should be handled. For example, if there’s an issue that you just don’t care about, you can change its status to Ignore.

You can cite issues one at a time or in batches from the Klocwork Issues view.

1. Right-click an issue in the list and select Change Status.
2. Select a status from the list.
3. Enter a comment in the Comments field.
4. Click OK.

   The issue list updates to reflect the changes you made.

   Tips:

   • Default filter settings mean that only issues with the status of Analyze and Fix are shown in the Klocwork Issues view. Once you change an issue's status (to something other than Analyze and Fix), it disappears from the list. To add issues to the view that are currently hidden by the filters, change the Filtering options. Click at the far right of the Klocwork Issues view.
   • If you group by issue type, you can change the status of all issues of that type in one step. To access your grouping controls, click and select Issue type. Then go to your issue list, right-click the issue type category, select Change Status and choose a status from the list.
   • Sort by column to locate issues of interest in the list. Two-column sorting is supported.

What's next?

Now that you've run your first Klocwork Insight desktop analysis, you may want to check out additional help resources:

• Cheat sheet for Klocwork Desktop with kwshell - how to use Klocwork day to day with your own build settings
• Cheat sheet for Klocwork Desktop for C/C++ with build specification templates - how to use Klocwork Insight day-to-day with the integration project's build settings
• Enabling and disabling specific Klocwork checkers in Klocwork Desktop - how to specify which checkers will be run
• Tuning C/C++ analysis - how to tune Klocwork Insight analysis to your specific software project
• Writing custom C/C++ checkers - how to write custom checkers and include them in every analysis run