What's new with Klocwork

Klocwork 2017.3

Klocwork 2017.3 offers improved analysis performance and greater coverage of compliance standards to make the delivery of secure, high-quality code easier than ever. This release features an even more powerful analysis engine, improved defect-finding accuracy, and improved coverage of industry compliance standards.

Analysis engine accuracy and performance

Klocwork 2017.3 builds on the reputation for high-performance analysis, by extending the ability to analyze very large and complex code bases by supporting 64-bit platforms for Linux and Mac.

This release also improves checker accuracy, including Array Bounds Violation (ABV), Infinite Loop, and some MISRA checkers.

MISRA 2012 improved or added coverage:

  • Rule 3.2: Line splicing shall not be used in // comments
  • Rule 17.3: A function shall not be declared implicitly
  • Rule 20.4: A macro shall not be defined with the same name as a keyword
  • Rule 21.15: The pointer arguments to the Standard Library functions memcpy, memmove, and memcmp shall be pointers to qualified or unqualified versions of compatible types (Amendment 1)

Improved and additional compiler support

  • Keil CA51
  • NXP StarCore Freescale


This release upgrades the version of FlexNet Publisher support for Windows, Linux, and Mac platforms to version 2016 R2 ( The versions of FlexNet Publisher used with AIX and Sun Solaris are unchanged.

Klocwork 2017.2

Klocwork 2017.2 introduces the new Klocwork Quality Standard, developed by our in-house static code analysis experts to help you quickly and easily improve the quality of your software using Klocwork.

This new standard is available for C/C++, Java and C#, and can be used as the basis for the new built-in Klocwork Quality Report. This built-in report provides an at-a-glance health check for your software project. Review items such as the trend of the top three quality issues, areas of source code with the most quality concerns, and more.

Video: Introducing the Klocwork Quality Report

Coverage of latest DISA-STIG security standards

Providing the latest in security standard coverage, Klocwork 2017.2 includes a new taxonomy for the latest version of the DISA-STIG standard.

New and updated MISRA 2012 rules

  • Rule 12.5: The size of operator shall not have an operand which is a function parameter declared as "array of type".
  • Rule 20.7: Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses.
  • Rule 20.8: The controlling expression of a #if or #elif preprocessing directive shall evaluate to 0 or 1.

Advanced issue filtering in the Microsoft Visual Studio extension

Filtering issues by severity or by status directly in the MS Visual Studio extension improves developer efficiency when working with Klocwork on the desktop. It also makes it easier to find the issues you are looking for.

Improved and additional compiler support

  • Renesas CC-RL
  • TI tms320c28x

Klocwork 2017.1

Introducing Klocwork security reports

Klocwork 2017.1 introduces new built-in security reports to easily visualize the security status and vulnerability trends in your most important software projects. These reports are ideal for including in project status reports to management and other stakeholders.

  • Easily create security reports based on the most popular security rules, such as the CWE Top 25, CERT-C, DISA-STIG, and more
  • Each report provides vulnerability trends, top 3 new vulnerabilities, and identifies riskiest areas of code

Video: Reporting with Klocwork

Support for Visual Studio 2017

  • Find and fix defects quickly and easily with the latest IDEs, including Visual Studio 2017

Detect the most critical security vulnerabilities

Klocwork 2017.1 includes coverage for additional Java security vulnerabilities:

  • CWE-311: Missing Encryption of Sensitive Data
  • CWE-352: Cross Site Request Forgery

Klocwork 2017.1 features expanded coverage of the CERT-C security standard, with the addition of 49 new rules.

New MISRA 2012 support

New MISRA 2012 Rules added:

  • Rule 4.1: Octal and hexadecimal escape sequences shall be terminated.
  • Rule 5.4: Macro identifiers shall be distinct.
  • Rule 17.6: The declaration of an array parameter shall not contain the static keyword between the [ ].
  • Rule 22.4: There shall be no attempt to write to a stream which has been opened as read-only.

100% coverage of C#6.0 language features

The following C#6.0 features have been added in Klocwork 2017.1:

  • Overload resolution
  • Exception filters

Improved and additional compiler support

  • Microchip MPLAB XC8 C
  • GNU
  • Synopsys ARC MetaWare

Recent features introduced by Klocwork 2017

Introducing SmarkRank - find and prioritize defects fast

Klocwork SmartRank helps developers prioritize issues and select which defects they will work on first. SmartRank provides a recommendation on which issues should be investigated first – the most valuable issues are at the top of the SmartRank list.

  • A defect recommendation engine to help developers prioritize and select which issues to work on first
  • Based on a sophisticated analysis of each individual defect during the (regardless of defect type or severity)
  • Use SmartRank with views, modules, and filters to improve developer efficiency when correcting quality and security issues

Launch of upgraded Analysis Engine

  • A number of algorithmic improvements have been made over the last few releases and are now completely integrated
  • Latest development includes improved tracking of numeric intervals for symbolic expressions
  • The results is increased accuracy and a 10 percent faster analysis times
  • The accuracy of the following checkers has been improved:
    • RCA

New Visual Studio extension

  • New terminology introduced: Desktop and server issues
  • Faster loading and sorting of issues in the IDE

New MISRA 2012 and Amendment 1 support:

  • 2 new taxonomies added which include Amendment 1
  • New MISRA 2012 Rules added:
    • Directive 4.14 (Added for Amendment 1)
    • Rule 8.4
    • Rule 13.3
    • Rule 17.8
    • Rule 18.4
    • Rule 21.8 (Updated for Amendment 1)
    • Rule 21.12
    • Rule 21.17 (Added for Amendment 1)
    • Rule 21.18 (Added for Amendment 1)
    • Rule 22.6

New C#6.0 language features:

  • Auto-property initializers
  • Function members with expression-bodies
  • Getter-only auto-properties
  • Index initializers
  • Using static

New C++11 features:

  • Alignment support
  • Strongly-typed enums

Klocwork continuous integration supports Jenkins plugin for MacOS

Improved and additional compiler support

  • Clang
  • GNU
  • HI-CROSS+ Motorola HC16 (new!)
  • Intel C++
  • MPLAB XC16 C (new!)
  • Nintendo N32 and N64 (new!)
  • Synopsys ARC MetaWare
  • WindRiver GCC