In this topic:
Features in the latest release of Klocwork 2018 New analysis engine with support for latest C++ 17 language features Cross-version support for builds Licensing Improvements to supported compilers Changes to the Path API Checker improvements Taxonomy improvements Changes to system requirements Changes to commands and options

Here are the highlights for Klocwork 2018. If you're upgrading, also see the Limitations for items that affect how you use Klocwork.

Features in the latest release of Klocwork 2018

In the latest release of Klocwork 2018, we’re happy to announce the release of a new Klocwork checker, SPECTRE.VARIANT1, that detects potential occurrences of Spectre variant 1 (CVE-2017-5753) in your code. For a detailed explanation about the checker and how it works, see our video.

We've also improved support for Chromium-based browsers.

New analysis engine with support for latest C++ 17 language features

Our new analysis engine provides improved support for C++ 11, 14, and 17 language features. Improved support means you can be confident that Klocwork 2018 is performing the most complete analysis on the most complex C++ applications. For more information, see Supported C++ language specifications.

Cross-version support for builds

Klocwork 2018 has decoupled the Build Server version from the Portal and Desktop tools, up to three minor releases back. This means you can load Klocwork 2017.1, 2017.2, and 2017.3 builds into Klocwork 2018 without having to import or migrate data. For large organizations, this feature provides flexibility by allowing you to upgrade the Portal and Desktop tools to take advantage of improvements, while still analyzing some or all of your projects with a previous version of Klocwork. For more information, see Cross-version support for builds.

Licensing

2017 licenses are not compatible with Klocwork 2018. You need a new license to use the latest version of the product. Contact license@roguewave.com to obtain a new license.

In release 2017.3, we upgraded the version of FlexNet Publisher that we support for Windows, Linux, and Mac platforms to version 2016 R2 (11.14.1.2). The versions of FlexNet Publisher used with AIX and Sun Solaris are unchanged.

If you are using your own FlexNet Publisher license server, the Windows, Linux and Mac installations of Klocwork 2018.1 are compatible with FlexNet Publisher 2016 R2 (11.14.1.2) and later. The versions of FlexNet Publisher used by Solaris and AIX are not compatible; therefore, for example, a Klocwork integration build analysis on a Windows machine will not be able to check out a license from a license server running on Solaris or AIX.

For more information, see Supported versions of Flex Net Publisher.

Improvements to supported compilers

We've improved support for the following compilers:

Clang
Microsoft Visual C++
Wind River GCC

For the full list of supported C/C++ compilers, see C/C++ compilers supported for build integration.

Changes to the Path API

In Klocwork 2016, we made a number of changes to the C++ version of our Path API. Chapter 2 of the Klocwork C/C++ Path Analysis API Reference contains a list of deprecated functions and provides a proposed replacement for each. As of Klocwork 2017.1, the use of deprecated functions causes compiler errors instead of compiler warnings.

If you're using deprecated functions, we recommend you migrate to supported functions now. For more information, see Important changes to the Path API in version 11.2.

Checker improvements

From release to release, we improve issue detection to bring state-of-the-art capabilities to our customers. As a result, expect your analysis results to change as accuracy and coverage improve.

Enabled or disabled checkers

No changes were made to the default enabled field of the checker configuration files for this release.

Taxonomy improvements

As part of our installation, we offer several custom taxonomy files that map our checkers to standards such as MISRA, CWE, OWASP and DISA STIG. The following is the list of changes to these files in this release:

Note: If you've imported a custom taxonomy (for example, MISRA) in a previous release, you need to import the new taxonomy file to pick up these changes.

Taxonomy file

Changes in this release

disa_stig_10_cxx.tconf and disa_stig_10_cxx_ja.tconf

We removed references to the following checkers:

APP3570: Command injection

SV.EMAIL
SV.EXEC
SV.EXEC.DIR
SV.EXEC.ENV

APP3590.2: Buffer overflows

SV.TAINT_NATIVE

disa_stig_10_java.tconf and disa_stig_10_java_ja.tconf

We added references to the following checkers:

APP3570: Command injection vulnerabilities

SV.EMAIL
SV.EXEC
SV.EXEC.DIR
SV.EXEC.ENV

We removed references to the following checkers:

APP3760 and APP3780: Application level DoS

SV.EXEC
SV.EXEC.ENV

Changes to system requirements

This section lists changes to the System Requirements. We've added support for the following:

Debian 9.2
Fedora 27
CentOS 6.9
macOS High Sierra 10.13
Android Studio 3.0
IntelliJ IDEA 2017.2.6
Internet Explorer 11.0.47
Edge 41.16299.15
Mozilla Firefox 57
Google Chrome 62.0.3202

We've removed support for the following:

Debian 7.9, 8.5, 9.1
Red Hat Enterprise Linux 5.11, 6.8
Ubuntu 16.10, 17.04
Fedora 23, 24
OpenSUSE Enterprise 11.2, 11.4
CentOS 6.7
macOS 10.10.5
Visual Studio 2008
Internet Explorer 11.0.9600, 11.0.10240
Edge 40.15063
Mozilla Firefox 55.0.3
Google Chrome 61.0.3163
Glibc below version 2.15

Changes to commands and options

We modified the kwbuildproject command by removing the --log-file and --resume options.

We modified the kwbuildproject command by adding the --classic option. The --classic option forces Klocwork to use the previous generation (pre-Klocwork 2018) analysis engine. The previous analysis engine only provides partial support for C++11 and C++14.

For more information about Klocwork commands, see Command Reference.