What's New

From current

This release is so packed with goodness that we can't list everything here. But here are the highlights for Klocwork Insight 9.5 and Klocwork Inspect 2.5:

If you're upgrading, also see the Release Notes for changes that affect how you use Insight and Inspect.

Checker improvements

From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change from release to release, as accuracy and coverage improve.

This section describes the improvements made to checkers in this release. This information can help you plan your upgrade.

New C/C++ checkers

We've added 30 C/C++ checkers in this release. The following table lists the checker families and individual C/C++ checkers that are new in this release.

Checker Description
ABV.MEMBER The ABV.MEMBER checker flags array bounds violations related to overflows of individual member variables within a class or structure. This checker has been separated out from the ABR checker to find these specific buffer overflow situations separately. If you habitually overflow the bounds of individual members of data structures, disable this checker.
CL.ASSIGN family Three checkers have been added to the CL family to detect potentially limiting or unwise design choices in the use of the assignment operator.
CWARN family Two new checkers were added to the CWARN family, to flag potential problems when members of a class aren't initialized in the order in which they are declared, and instances in which a pointer may not be correctly aligned.
INFINITE.LOOP family The infinite loop checkers find instances of loops that have no exit.
ITER family Two new checkers have been added to the ITER family for more specific detection of problems with iterators in containers.
RN.INDEX This checker searches for instances of the suspicious use of a variable as a buffer index before it's checked for a negative value.
SV.BANNED family The SV.BANNED checkers flag the use of functions that have been banned from use because they are not considered secure.
SV.DLLPRELOAD family The SV.DLLPRELOAD checkers find insufficiently qualified pathnames that may provide a vector for binary planting or DLL-preloading attacks.
SV.LPP family The SV.LPP checkers look for functions that can use dangerous macros as parameters.
SV.PIPE family The SV.PIPE checkers flag instances of potential pipe hijacking.
SV.UNBOUND.STRING family The SV.UNBOUND_STRING checkers search for potential buffer overflows from unbound string copy functions.

Improved C/C++ checkers

You'll see a reduction in the number of false positives detected by the following checkers:

Improved traceback

We've improved the traceback for many checkers:

  • redundant conditions and most of the temporary variables used in tracebacks have been removed
  • the ABR/ABV family, which checks for potential buffer overflow conditions, now provides details on how Insight calculates the out-of-bounds access in the code, the array size and location, and the output string size for sprint-like functions
  • the UNINIT checkers now highlight calls that don't modify variables
  • the MLK checkers report leaks when the variable leaves scope
  • the UFM checkers now contain improved event descriptions

The following format-string example shows traceback information that includes

  • the length of the format string
  • the length of the non-format characters
  • the length of each conversion specification expression

9.5 traceback.PNG

Improved C/C++ checker help

We've rewritten the help for nearly all of our C/C++ checkers. We've provided additional information on vulnerability and risk, improved the examples and included fixed examples. See C and C++ checker reference.

Removed C/C++ checkers

The following table lists the checkers that have been removed or replaced in this release. If you've used any of the checkers that we've removed and not replaced, you should run a build comparison. It's best to run Insight on unchanged code to isolate the differences due to improvements in our analysis engine.

Checker Description
CL.RETURN-THIS This checker was removed in Insight 9.5. It has been replaced by the CL.ASSIGN family of checkers.
SV.BRM.CONST This checker was removed in Insight 9.5. It has been replaced by SV.LPP.CONST and SV.PIPE.CONST.
SV.BRM.VAR.MIGHT This checker was removed in Insight 9.5. It has been replaced by SV.PIPE.VAR.
SV.BRM.VAR.MUST This checker was removed in Insight 9.5. It has been replaced by SV.LPP.VAR.
SV.CUDS.MISSING_ABSOLUTE_PATH This checker was removed in Insight 9.5. It has been replaced by the SV.DLLPRELOAD family of checkers.
SV.FIU.PERMISSIONS This checker was removed in Insight 9.5. It has been replaced by SV.USAGERULES.PERMISSIONS.
SV.FIU.POOR_ENCRYPTION This checker was removed in Insight 9.5. It has been replaced by SV.WEAK_CRYPTO.WEAK_HASH.
SV.PAIRS.NO_CHECK This checker was removed in Insight 9.5.
SV.PAIRS.NO_CHECK_GLE This checker was removed in Insight 9.5.
SV.STRBO.GETS This checker was removed in Insight 9.5. It has been replaced by the SV.UNBOUND_STRING_INPUT checkers.
SV.TAINTED.GENERIC This checker was removed in Insight 9.5.
SV.USAGERULES.FILE_VARIANTS This checker was removed in Insight 9.5. It has been replaced by the SV.PCC family of checkers.
SV.USAGERULES.UNBOUNDED_STRING_COPY This checker was removed in Insight 9.5. It has been replaced by SV.UNBOUND_STRING_INPUT.CIN.
SV.USAGERULES.UNBOUNDED_STRING_COPY.INPUT This checker was removed in Insight 9.5. It has been replaced by SV.UNBOUND_STRING_INPUT.FUNC.
SV.USAGERULES.UNINTENDED_COPY This checker was removed in Insight 9.5.

MISRA checker improvements - and complete help

We've introduced a new MISRA checker, MISRA.ASSIGN.OVERLAP (An object shall not be assigned to an overlapping object), to cover MISRA C rule 18.2 and MISRA C++ rule 0-2-1.

We've improved 29 of our MISRA checkers as well. For the list, see MISRA-C checker reference and MISRA-C++ checker reference.

We now provide complete context-sensitive help for all MISRA checkers. Because this information is licensed, it is available as a part of your Klocwork installation, rather than on the public wiki.

Issues detected as you type in Visual Studio

On-the-fly analysis for C/C++ code in Visual Studio means that issues are detected as you type. And as soon as you've finished typing the correction, the issue disappears.

As you create or modify code, as soon as we have some snippet that parses reasonably, we analyze it and tell you what's wrong -- literally in milliseconds. Erroneous constructs get the typical "squiggly" underline, and a marker appears in the gutter to show exactly where the problem is found. The normal traceback window shows you the circumstances under which the bug will occur. All of this is available within the Visual Studio edit window.

Details: Getting started in Visual Studio for C/C++ projects

Big changes in Klocwork Review

On-the-fly reporting

Klocwork Review reports are now more flexible and customizable.

Reports overview.png

We've separated the process of defining reports from that of using them. Once a report has been defined, users choose how to filter the report data. For example, if the report creator specifies "severity" as a report filter, users of that report can choose which issue severities to view.

We still provide many default reports, which you can edit to suit your needs. Just drag fields onto the X-axis, series (Σ) and filters.

Once you create a report, it's available for you to use on all projects you have access to on the current Klocwork Server. Project admins can make a report public, meaning that it will be available to all users for all projects on the current Klocwork Server. And any user can share a report with other users.

Details: Reporting for the integration build

The new Cross-Project report allows you to compare the overall health of up to five projects.

Details: Tracking projects with the Cross-Project Report

Easier ways to customize how you view analysis data

Scoping functionality has been replaced with the concept of views - a better way to see exactly what you want to see in your project's defect analysis and reporting.

Generally, you don't want to see the entire analysis - you want to see only the defects in the code you're responsible for, or the most important defects, or how many defects have been fixed since the last analysis run. You probably also don't want to see defects in third-party code or test code.

You can easily set up multiple views for each of your projects and share them among your team. A view is just a search string, comprised of one or more keywords and values.

Once you set up a view, you can look at both detected issues and reports through that view. You can easily switch your view of the project at any time. Project admins can also edit the default view for a project.

Details: Customizing your view of the integration build analysis

Organize your code into modules

A module is a subset of your project's code base, reflecting the physical structure of your code. Modules help you create search queries and views, create and use reports, and control access to source code.

Details: Organizing your code into modules

Assign issue ownership

You can now assign issues to owners right in Review, from the issue details view as well as from the issue list. You can then use the owner keyword in a search query or in a view to see a list of issues by owner, or you can filter by owner in reports. This feature complements our existing ability to assign file ownership.

Details: Assigning ownership and Tracking issues by owner

Search improvements

Searching Klocwork Review is now faster and easier.

Klocwork Review keeps a history of your search activity, so you can save your complex search queries. Review is pre-populated with several useful searches. You can click the Review report icon.png Report icon to the left to instantly generate a report based on your search.

The new diff keyword allows you to compare two builds - helpful when you need to see the difference between two milestone builds, for example.

Details: Searching in Klocwork Review and Comparing two builds in Klocwork Review

On-the-fly impact analysis

Using a new command, kwmatch, you can match detected issues across projects. Identical issues in other projects are displayed in the issue details in Klocwork Review. This is useful when projects share source code, as in the case of branches. An issue that occurs in multiple projects likely has a high priority.

Details: Managing project branches

Klocwork Web API

The Klocwork Web API provides administrators with a scriptable interface to the Klocwork database. The API allows you to, for example, generate lists of detected issues, create views and create reports.

Details: Klocwork Web API cookbook

64-bit Java support for Windows and Linux

Support for 64-bit Java has been added for Windows and Linux. For Windows, the installation wizard will detect which version you are running automatically. For Linux, you will need to choose the appropriate installation package. For more information, see the appropriate installation page.

Easier administration

We've moved all administrative tasks from the KMC to Klocwork Review. Now you can create projects, manage projects and builds, and manage users and roles from an easy-to-use web interface. And with this move comes a long list of new features:

Check build status, manage builds and view logs

Klocwork Review's Project list allows you to see the status and view logs for the latest analysis runs. On the Builds page, you can view, rename and delete builds. The auto-delete feature allows you to specify how many builds to keep, and you can mark important builds so that they're never deleted. You can also view the build log right from Review.

Details: Managing integration projects and builds

View and edit configuration files

As part of the new project management area of Klocwork Review, we've introduced an editor for configuration files. You can view and edit text-based configuration files right in Review, and you can launch the improved Configuration Editor from Review.

Details: Managing configuration files for integration projects

Rename projects and builds

You can now rename projects and builds in Klocwork Review or with the new commands kwadmin rename-project and kwadmin rename-build.

Replace the path to your source files

With the new kwbuildproject option --replace-path, you can specify a different path to the source files for the integration build analysis. This is useful when the source files are located deep in the file system tree or when the source files for each analysis run are stored in a different location.

Details: Replacing the path to your source files

Improvements to desktop analysis

64-bit JVM support for Eclipse plug-in

The Eclipse plug-in is now supported on a 64-bit JVM for Windows and Linux, in addition to Mac.

IntelliJ IDEA 10/10.5 support

The Klocwork Desktop Java Plug-in is now supported in IntelliJ IDEA 10 and 10.5. See Using Klocwork Desktop Java Plug-in for IntelliJ IDEA to get started.

For the full list of supported IDEs, see Supported Integrated Development Environments.

Klocwork Desktop now supports Java projects

Klocwork Desktop provides a GUI for developers using IDEs and text editors that aren't supported by Insight in the form of an IDE plug-in. In this release, Klocwork Desktop supports Java projects in addition to C/C++. See Getting started with Klocwork Desktop for Java.

Improved C++11 support

We've added support for the following C++11 language extensions:

  • strongly typed enum
  • initializer lists
  • multi-declarator auto
  • extern templates
  • extended sizeof
  • inline namespace
  • func predefined identifier

For the full list, see Supported C++11 language extensions.

Refactoring improvements

All users of our Visual Studio C/C++ and Eclipse C/C++ plug-ins now have access to Klocwork Refactoring without a separate license. This great feature set promotes clean, maintainable code with lower long-term cost of ownership. Whether you're following a full-on Red/Green/Refactor test-driven development model, or just looking to make sense of overly complicated inherited code, Klocwork Refactoring is a great tool to add to your arsenal.

Our core refactoring engine has been updated to support many new capabilities, such as

  • extraction of declarations and initializations
  • fuzzy clone matching
  • better path extraction

Refactoring in Visual Studio

Header problems are automatically reported in the Visual Studio issue list. From the issue list, you can choose to refactor to fix the issue. Alternatively, the Optimize Headers menu option finds and refactors unnecessary or missing includes in one step, without prompting from you.

You can configure which header issues are detected by enabling or disabling the header analysis checkers. They're enabled by default.

Details: Header analysis in Visual Studio

Another new refactoring, Inline Variable, replaces all occurrences of a given variable with its initial value (the opposite of Introduce Variable).

Besides these new refactoring options, the introduction of duplicate detection for two existing refactorings, Extract Function and Introduce Variable, significantly improves C/C++ refactoring in Visual Studio. When you select code and choose either of these options, Klocwork Refactoring locates and highlights duplicate fragments of source code where you can also apply the selected refactoring.

Details: Klocwork Refactoring

Refactoring in Vim

We've added two new options to the Vim refactoring plug-in:

  • Optimize headers applies any unused header and missing transitive header changes.
  • Inline variable replaces all occurrences of a given variable with its initial value (the opposite of Introduce Variable).

Details: Klocwork Refactoring

Better code reviews

New features and improved integration make code reviews with Klocwork Inspect faster and easier.

More supported SCMs

We now support the following SCMs for both pre-checkin and post-checkin code reviews:

  • Base ClearCase 7.x
  • CVS 1.12.x
  • Git 1.7.x
  • TFS 2010
  • Perforce Visual Client 2010.x
  • Subversion 1.4.x, 1.6.x
Note that Eclipse code review supports only the Subversive plug-in.

Tighter integration with your SCM

Running both kwscm and kwcodereview feels more like running your SCM command: we've introduced SCM-specific options, so that you can specify ClearCase branches, for example, or CVS tags.

You can now load multiple branches from a single SCM, or data from multiple SCMs, into a single Klocwork project with kwscm.

Compare code to any revision

Now you can compare code with any revision in its history and control how many changes are seen.

New supported compilers

We've added support for the following C/C++ compilers:

  • Analog Devices Blackfin and TigerSHARC
  • CodeWarrior Freescale S12
  • Cosmic
  • Fujitsu FR family
  • Hexagon Tools
  • IAR Systems V850
  • Keil CA51
  • MetaWare High C/C++
  • Microchip MPLAB pic24
  • Microtec C/C++
  • MPLAB C18
  • Panasonic C
  • Renesas SuperH, R8C, M16 and V850 families
  • Tasking IFX SLE88 and Tricore
  • TI C430
  • TI C2000
  • Zilog eZ80

For the full list of supported compilers, see C/C++ compilers supported for build integration.

Performance enhancements

Klocwork Review performance is much improved, due to changes in how we store and retrieve issue data.

See also

Languages Language: 

English  • 日本語

Retrieved from "http://www.klocwork.com/products/documentation/current/What%27s_New"