What's New

From current

Insight 10.0

Contents

Here are the highlights for Klocwork Insight 10.0 and Klocwork Cahoots. If you're upgrading, also see the Release Notes for changes that affect how you use Insight and Cahoots.

If you're upgrading from version 9.6 or earlier, see What's New in Insight 9.6 for a list of features from our previous release.

Changes in Klocwork Insight 10.0 Service Release 6

In addition to various defect fixes, the following changes were made for Klocwork Insight 10.0, Service Release 6:

  • The entity_id field was added to the Web API output for the Metrics action. The entity_id represents the ueid of the entity to which the metric applies. This allows entity metrics to be compared from build to build.

Changes in Klocwork Insight 10.0 Service Release 5

In addition to various defect fixes, the following changes were made for Klocwork Insight 10.0, Service Release 5:

  • General performance improvements made to the Visual Studio plug-in:
    • improved start-up and load times for large projects
    • on-the-fly analysis no longer impacts editor performance
    • easier access to the log file and simpler error report creation
  • Upgrade and migration issues resolved for specific customers
  • False positive and parse error fixes for specific customers
  • Additional compiler support (see C/C++ compilers supported for build integration for the complete list of supported compilers)
  • Support for building with JDK 1.8 (on code bases that are lower than Java 8)
  • Improved support for C++ 11
  • Android KitKat build Improvements
  • MISRA checker improvements:
    • including changes that result in defect propagation fixes and faster build times when using MISRA Checkers
  • Improved server build times (for some instances) when using the Visual Studio 2013 complier
  • Improvements to the trace file format:
    • including changes that result in significantly less memory usage and reduction in file size

Changes in Klocwork Insight 10.0 Service Release 4

In addition to various defect fixes, the following changes were made for Klocwork Insight 10.0, Service Release 4:

  • Two new actions have been added to the Insight Web API, as follows:
    • You can check your Klocwork Server version using the version action.
    • You can list the status of each task running on your Klocwork Server using the task_status action.
  • The 'version' action has also been added to the Cahoots Web API. See Klocwork Cahoots Web API cookbook for more details.
  • The command option '--sync-citing' was added to kwmatch, which dictates that the specified project synchronizes issue citation histories with other projects in the same group. See kwmatch for more details.

Changes in Klocwork Insight 10.0 Service Release 3

In addition to various defect fixes, the following changes were made for Klocwork Insight 10.0, Service Release 3:

  • Support for Visual Studio 2013
  • Support for IntelliJ IDEA 13

Changes in Klocwork Insight 10.0 Service Release 2

In addition to various defect fixes, the following changes were made for Klocwork Insight 10.0, Service Release 2:

  • Support for Gradle was added with the kwgradle command

Changes in Klocwork Insight 10.0 Service Release 1

In addition to various defect fixes, the following changes were made for Klocwork Insight 10.0, Service Release 1:

  • The 'revision' search keyword now returns pre-commit IDs along with revision IDs. For more information, see Using Keywords to filter search results.
  • Product and product documentation are now available in Japanese.

Service Release 1 installation limitation

Starting with 10.0 SR1, Klocwork will no longer provide patch installers for Insight. To install the service release, use the full product installer. The full product installer will install the service release correctly, when the previous version of Klocwork Insight is already installed.

Checker improvements

From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change from release to release, as accuracy and coverage improve.

This section describes the improvements made to checkers in this release. This information can help you plan your upgrade.

New C/C++ checkers

Checker Description
CWARN.BITOP.SIZE A new checker has been added to the CWARN family to look for code in which bitwise operations have operands with different sizes.
CWARN.INCL.NO_INTERFACE A new checker has been added to the CWARN family to look for any source file that does not include its interface header
CWARN.MEMSET.SIZEOF.PTR A new checker has been added to the CWARN family to look for memset-type functions in which sizeof is applied to a pointer instead of a pointed object.
CWARN.MEM.NONPOD A new checker has been added to the CWARN family to look for memory manipulation routines applied to non-POD objects.
SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD
SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED
The SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD and SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED checkers look for incompatible types of scan function parameters. These checkers have been separated from the SV.FMT_STR.SCAN_FORMAT_MISMATCH checker to find these specific types separately.
SV.STRBO.BOUND COPY.OVERFLOW
SV.STRBO.BOUND COPY.UNTERM
The SV.STRBO.BOUND COPY.OVERFLOW and SV.STRBO.BOUND COPY.UNTERM checkers look for buffer overflow violations. These checkers have been separated from the SV.STRBO.BOUND_COPY checker to find these specific buffer overflow situations separately.

Removed C/C++ checkers

The following table lists the checkers that have been removed or replaced in this release. If you've used any of the checkers that we've removed and not replaced, you should run a build comparison. It's best to run Insight on unchanged code to isolate the differences due to improvements in our analysis engine.

Checker Description
CCOMBSTR.OPS.TERN This checker was removed in Insight 10.0. For documentation on this checker, see http://www.klocwork.com/products/documentation/Insight-9.6/Checkers:CCOMBSTR.OPS.TERN
SYM.MLK This checker was removed in Insight 10.0. For documentation on this checker, see http://www.klocwork.com/products/documentation/Insight-9.6/Checkers:SYM.MLK
SV.STRBO.BOUND_COPY SV.STRBO.BOUND_COPY has been replaced by SV.STRBO.BOUND_COPY.OVERFLOW and SV.STRBO.BOUND_COPY.UNTERM.
SV.FMT_STR.SCAN_FORMAT_MISMATCH SV.FMT_STR.SCAN_FORMAT_MISMATCH has been replaced by SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD and SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED.

Changes to the KAST API

We're constantly doing our best to improve the KAST API. Unfortunately, sometimes these improvements are not always backwards compatible with your custom checkers. The following article describes important changes that we've made to the KAST API for 10.0:

Important changes to the KAST API in version 10.0

Changes to the API

The following type was added as part of the 10.0 release:

typedef void (*ktc_eventHook_t)(void);

The following functions were added:

ktc_registerStartTraverseHook(ktc_eventHook_t p_hook)
ktc_registerStopTraverseHook(ktc_eventHook_t p_hook)
ktc_registerSaveContextHook(ktc_eventHook_t p_hook)
ktc_registerRestoreContextHook(ktc_eventHook_t p_hook)

The KAST API is documented in Klocwork C/C++ AST API Reference.

Changes to the build trace file output format

The build trace file is now created in JSON format. The information contained within the file has changed as well. For more information, see Build trace file format.

Structure101 integration

Klocwork Insight now integrates with Structure101. Structure101 is a code visualization and organization tool that helps you to improve the organization and structure of your codebase. The kwstruct101 command generates a Structure101 import file from your raw analysis data, which you can then open in Structure101. For more information, see Integrating with Structure101 .

New project import functionality

You can now use Klocwork Review to import existing projects, server configuration settings, and code reviews into your new projects_root. You can choose which projects to import or you can import all projects at once by selecting them from a list. See Import your existing projects into a new projects root for more information.

Note: This is the preferred method for upgrading from a previous release.

You can use the corresponding actions in the web API to perform the import operations from the command line. See Klocwork Insight Web API cookbook for more information.

New Desktop Analysis plug-in installation architecture

For 10.0, the single Klocwork User package installer has been replaced by individual installers for each of the Desktop Analysis plug-ins. The Klocwork Administrator must download the desktop plug-ins from http://developer.klocwork.com/support/downloads and place them in the clients folder in the server installation. Users can download the Desktop Analysis plug-ins from the portal. See Installing a desktop analysis plug-in for more information.

Desktop analysis

Improvements to the Visual Studio plug-in

  • The number of threads dedicated to Klocwork analysis can now be configured in the Klocwork options. For more information on how to configure this, click here.
  • Parse errors and messages from the Klocwork analysis engine can now be forwarded to Visual Studio’s Error List.
  • The On-The-Fly analysis engine now supports analysis of header files, or included files with no assigned compiler.
  • Code reviews can now be submitted right from the editor context menu by right-clicking anywhere in your active file.
  • Multiple solutions can now reside in the same directory without conflict.
  • Added support for per-project, per-platform, and per-configuration Makefile build specification creation and maintenance for Makefile projects.
  • Added support for the Dark theme.
  • Added support for ClearCase.
  • Several stability fixes for code review have been implemented that improve general performance of the plug-in.

Improvements to the Eclipse plug-in

  • Support for Perforce has been added.
  • If you have a previous Eclipse Perforce plug-in installed and configured, Klocwork Cahoots will automatically detect it and integrate it for you. If you don't have an existing Perforce plug-in installed at the time of installation, you'll need to manually edit your Perforce settings in the Project Properties Dialog.

New supported compilers

We've added support for the following C/C++ compilers:

  • Archelon C compiler
  • CEVA compiler (NVIDIA)
  • IAR 78k compiler
  • IAR H8 compiler
  • IAR M32C compiler
  • IAR SH compiler/linker
  • Marvell C compiler/linker
  • Microchip MPLAB pic32 compiler
  • Microware Ultra C for OS-9 compiler
  • Renesas CX compiler
  • Renesas M32R family compiler/linker
  • Rowley Crossworks for MSP430 compiler
  • SN Systems compiler for Sony
  • TI tms320C3x/4x C compiler
  • Target Chess compiler
  • Tasking 68K Toolset compiler/linker
  • Tasking ARM Toolset compiler/linker
  • Watcom compiler/linker

For the full list of supported compilers, see C/C++ compilers supported for build integration.

New Commands

We've added the following commands:

Improvements to code reviews with Klocwork Cahoots

The Klocwork Cahoots documentation has moved.

Dashboard reports in Klocwork Review

You can now create configurable multi-chart summary reports, which allows you to create a customized version of the default Klocwork summary report. For more information, see Reporting for the integration build

Changes to the Configuration Editor

We've split the Configuration Editor into two separate editors. The Configuration Editor (kwconfigeditor) allows you to enable, disable and organize checkers. The new Taxonomy Editor (kwtaxonomyeditor) allows you to create and/or edit taxonomies, then add new custom checkers to taxonomies or categories. You can also add reference information to existing checkers. For more information, see Configuring checkers for the integration build analysis.

Klocwork Web API improvements

You can now use the Web API to import projects, server configuration settings, and code reviews. See Klocwork Insight Web API cookbook for more information.

A new "warnings" section in the JSON output is now being returned as part of the search and report in the Review API.

See also