Klocwork documentation

Learning

Klocwork University
View detailed technical videos on Klocwork tools on the Klocwork Universtity page.

Tips for C/C++ developers

Suppress Klocwork warnings in the system .h files

Klocwork generates warnings in the system .h files, which are out of the scope of the codebase. Is there a way to tell Klocwork to not generate warnings in particular files or beyond particular directories?

These system header files are important as part of the analysis. Instead, you should filter out these system files after analysis, so that when someone goes into Klocwork Review they only see what matters to them. Use modules and views to filter system files. For example, create a module that has your system files in it (hopefully in some sort of directory structure you can specify). Then when you create the view, use the "-" (dash) to exclude your module. Such as: -module:mymodule. Now this view will not show any warnings from the system files.


Supporting QT objects

Klocwork does understand QT objects and how they are disposed, but to get the correct behaviour you need to add the knowledge base to your system build. To do that, do the following:

1. Create and build a project for the version of the QT library you are using

2. Find the file "generated.kb" for QT project:

a. normally at tables/clef directory (if the build is done with kwbuildproject) or

b. projects_root/projects/<project_name>/rules (if the build is done with KMC)

3. Rename the file "generated.kb" to "qt.kb"

4. Import file "qt.kb" into all projects which use the QT library

This should eliminate issues for all the QT objects that you build.


Tuning C/C++ analysis

You can increase the accuracy of Klocwork Insight code issue detection by tuning Insight to your code base. Through tuning, you can find code issues that would otherwise go undetected and reduce the number of issues that Insight reports incorrectly in the context of your source code.

You can tune both the integration build analysis and desktop analysis (if you have permission to change your local configuration). You should be at the expert level with Klocwork Insight and your organization's software to tune Klocwork analysis.

Klocwork analysis uses two sources of information for issue detection: your source code and the Klocwork knowledge base. The knowledge base is a repository of information about how functions interact in a software system. This information lets Insight assess apparent code issues in context to determine if they are true code issues. With this knowledge, Insight is able to find code issues that would otherwise go undetected.

For example, knowledge base entries can help identify how a function uses parameters passed to it, or whether a function is a part of a memory allocation/deallocation pair. Native system function behavior is specified in the default knowledge bases. Manually adding knowledge base entries can significantly increase the accuracy of issue detection and improve the productivity of Insight users, particularly when third-party libraries are used.

You can tune the analysis through macro simplification and through the use of knowledge base files.

Learn more about macro simplification in Tuning C/C++ analysis through macro simplification.

Learn more about the knowledge base and tuning analysis in Tuning C/C++ analysis through knowledge bases.

 

Submitting a false positive report to Klocwork Customer Support

False Positives - a critical resource in ongoing checker improvement.

Submitting your false positive reports to Customer Support helps Klocwork identify new use cases, and contributes to ongoing checker improvement.

When reporting false positives to Klocwork Customer Support, the first step in the process is to send a file which specifies the information needed to reproduce them. This file is generated from the command line. Attaching this file when you submit your CSR can greatly reduce the amount of time it will take for support to respond to your issue.

Create the file with the following command:

kwsupport pack-fp –fp<file>:<line> <issue_type> <build_log>

where:

•      <file> is the file name where the false positive is reported

•      <line> is the line number it is found

•      <issue_type> is the kind of issue (ABR, NPD, etc.)

•      <build_log> is the path to the build.log file

For example, to collect all the information for the reported ABV.STACK issue in the file main.c at line 10, you would run the following command:

kwsupport pack-fp –fp main.c:10 ABV.STACK /path/to/build.log

A file called archive.kwz will be generated in your working directory. This is the file you need to attach to your CSR ticket.

You can find more information on the kwsupport pack-fp command on the documentation wiki.