Klocwork documentation

Learning

Klocwork University
View detailed technical videos on Klocwork tools on the Klocwork Universtity page.

Klocwork 101 - Introduction to Klocwork tools

The what, why and how of Klocwork tools

Updated: Jan. 17, 2012

No matter what you know about the principles of source code analysis (SCA), you need specifics of a real-world product suite and how you can expect that suite to work for you. This article describes Klocwork’s implementation of SCA and how desktop tools, and team collaboration, metrics and reporting tools strategically enhance software development for any C/C++, Java or C# shop.

Klocwork Products

Klocwork Insight™ includes components for analyzing source code on the desktop and in integration builds, collecting metrics and reporting on both code analysis and code fixing activity, refactoring code, and browsing code architecture.  Klocwork Inspect also includes components for mediating collaborative code reviews. For a complete comparison of products and their components, see

http://www.klocwork.com/products/product-comparison-matrix/

Code analysis tool integration with your development environment

Of course, how you implement code analysis tools and how they operate depends heavily on your development environment. Klocwork tools operate well in a wide range of arrangements, from UNIX command-lines and edge-market IDEs to straight-up deployments of popular IDEs.

We provide deep tool integration for C/C++ developers using Visual Studio and Eclipse, and for Java developers using Eclipse and IntelliJ IDEA. We also integrate well in Visual Studio for C# developers. When using these IDEs, developers’ interactions with Klocwork tools are conducted directly in the IDE.

There are many IDEs (which we don’t support directly) that permit a certain level of integration with external command-line tools; this is where Klocwork tools fit nicely. In pure command-line environments, such as UNIX-based desktop users editing in VI and executing build scripts by hand, we provide a GUI interface to provide desktop Klocwork tool assistance.

The key objective: Developer productivity

The driving force behind using code analysis is the great value in making developers more productive while creating defect-free code. If you can remove defects from source code as early as possible, you will save considerable time and costs from later project stages. If you can understand and improve your code structurally, it will be easier to maintain and it will live longer.

Detecting code issues, fixing defects and citing

No matter your desktop environment (Klocwork supported or unsupported IDE, command-line), efficiently removing potential defects before they leave the desktop, or at least citing them for review, is your goal. As developers create new code or obtain code for modification, they can either initiate code analysis manually or, if they’re using a supported IDE, the code analysis can start automatically when they save their source files. With Insight 9.5, C/C++ developers using Visual Studio see defects as they create them using on-the-fly analysis. Each developer is presented with a list of local code issues, which might be defects they can correct immediately or cite. Citing allows developers to add a comment pertaining to the identified issue and classify the issue according to whether they believe the issue can be safely ignored or should be worked on later.

Refactoring code

Refactoring code first involves identifying commonly used code segments that should be turned into distinct methods, and, inversely, methods that are rarely used and unnecessarily induce stack overhead. Making such structural changes manually is labour intensive. Using Klocwork Refactoring™, much of the work is done by clicking a mouse button and reviewing the results.

Exploring code architecture

An important architectural view of your code depicts the deployed relationships of the code modules and the paths and branching invoked by the myriad decision points. This structural view, provided by Klocwork Architect™, highlights dependencies on heavily used modules and helps you assess overall complexity. Armed with this information, you can make better strategic decisions about the quality of highly-evolved and aging code bases and acquired source code.

Beyond the desktop

Beyond the primacy of developer desktop productivity, there is another level of tooling and collaborative capabilities for teams and development managers to further enhance your return on the time and money you invest in source code analysis. There are two key concepts to take away from this:

1. The difference between a desktop project and an integration project - A desktop project contains information gathered by individual developers, working independently, who run code analysis tools on the code they are working with. An integration project contains information gathered and collated by Klocwork tools that monitor your integration build and analyse your code base. Building your project’s integration database is a major step when first adopting source code analysis. Then you tune code analysis to detect only those code issues that you want to see and run incremental integration analyses along with your integration build schedule.

2. Desktop-Integration project synchronization - Using Klocwork’s Connected Desktop, which enables desktop-integration project synchronization, developers share their desktop project information with other team members and acquire both integration project information and desktop project information shared by other team members. This synchronization is a game-changer, enabling valuable team-level functionality and collaboration tools.

Exploiting the connected desktop

The connected desktop allows individual developers to access analysis information generated by Klocwork integration build projects and to share desktop analyses. Operationally, this means that developers can work, on their desktops, with their own code analysis and that of other developers working on the same project, even before anyone has submitted code for the integration build. They can see each other’s’ citations and converse asynchronously through shared commentary and, thus, conduct pre-checkin code reviews. Consider that reviewing code is a widely recognized quality measure that is often foregone because of prohibitive time and cost constraints. The connected desktop upends those economics to make a team’s collective scrutiny of all the code a team produces a viable prospect. 

Tuning source code analysis

Analysis tuning is not a consequence of or aspect of teamwork so much a problem for teams if tuning is not undertaken. The SCA industry is full of stories of the mountains of code issues emitted by a first-pass analysis of a large, mature code base. The truth is that you have to pick your battles. Each team and each project suffer from relatively common coding problems as well as unique ones, so Klocwork allows you to decide which potential issues should be detected both at the integration project level and at the desktop. You can also enforce issue detection settings on teams. SCA tuning makes issue identification viable, given your time and resource constraints.

Metrics and reporting

A welcome feature for managers and others responsible for the economics of software development is the level of instrumentation, metrics gathering and reporting that Klocwork provides with the tool suite. Without intruding on developers’ work or the efficiency of integration builds, you can easily understand exactly how much defect fixing and citing is actually taking place at any time and progressively over the life of a project. You can also set reporting thresholds so you can focus on problems instead of minutia.

SCA metrics and reporting enables a different kind of involvement in software quality for the hands-on development manager. By seeing problems come and go, by understanding trends in issue identification and fixing, you can see coding issues pass into history, and ultimately release code for verification, confident in the knowledge that problems will more likely be about requirements-versus-functionality than coding errors.

Plug-in checkers

And, finally, it is possible that you want to identify and fix code issues that Klocwork engineers did not predict. Klocwork Insight includes an API for developing your own checkers, the parts of SCA tools that understand coding issues and identify them to developers.

Conclusion

Klocwork’s source code analysis tools are amenable to a wide variety of development environments. The chief benefit of adopting code analysis is developer productivity while producing defect-free code, both on the desk top and in collaboration with team members. Beyond preventing defects, code restructuring tools enhance maintainability and improve product longevity. Information from Klocwork metrics and reporting brings management closer to the development process.