Klocwork documentation

Learning

Klocwork University
View detailed technical videos on Klocwork tools on the Klocwork Universtity page.

Tips for Java developers

 

 

Troubleshooting the "kwant: ERROR: cannot find installed JVM" error

You may encounter this error when trying to use kwant to generate a buildpec for your Java code, or when trying to run the “csvtosql” example project which also uses kwant for this purpose. kwant will actually return this error for a number of reasons. Like most of our tools, it is Java-based so it needs to be able to find a JVM in your system path. Furthermore, kwant requires that both the JDK (path to javac - the java compiler) and the Ant binaries are also in your path, and that Ant is configured properly. Below is a quick guide to the prerequisites and steps to double check in order to get past this error:

  1. A 32-bit Java Development kit (JDK) must be installed
  2. A 32-bit Java Runtime Environment (JRE) must be installed
  3. Ant must be properly configured, including:
    • Environment variable ANT_HOME is set such that ANT_HOME=<path where Ant is installed>
    • Environment variable JAVA_HOME is set such that JAVA_HOME=<path where JDK is installed>
    • NOTE: for Kwant to work JAVA_HOME must point to a 32-bit JDK. A requirement for Ant itself to work is that JAVA_HOME must contain no spaces or quotes! ie. on Windows you MUST use the DOS 8.3 path like C:\Progra~1\Java\jdk1.6.0_25
    • ANT_HOME\bin MUST be in the path
    • For more complete information on installing and configuring Ant, see the Apache Ant documentation.
  4. JAVA_HOME\bin (path to the “javac” binary) must also be in the path

When you are able to execute kwant correctly, it should print the name of the tool and the version number to the console, and if you haven’t passed any arguments, complain about a missing build.xml file:

C:\>kwant
kwant - Klocwork Ant integration utility Version 9.2.3 (Build 17187) 
C:\build.xml (The system cannot find the file specified)

If you are still encountering this error after following the steps above and double checking your JAVA_HOME and ANT_HOME environment variables, then please contact Klocwork Support for further assistance.

Tuning Java analysis

A knowledge base file is the mechanism used to customize specific checkers by providing Java Path checkers with more context about your code system in order to:

  • reduce false positives in Klocwork analysis results, or
  • increase the reporting of specific issues of concern

Using a Java knowledge base file (.jkb), you "mark up" your source to provide these checkers with the context they need to:

  • evaluate the validity of a particular issue along specified code paths to reduce false positives, or
  • identify code paths that need to be taken into consideration to detect issues of interest that were previously undetected (false negatives).

Java Path knowledge base files are written in JKB format, which is a Java-like declarative language for knowledge base specification. Learn more about the Java knowledge base in Tuning Java analysis with knowledge bases.

To reduce false positives, the traceback feature in Klocwork analysis results helps you pinpoint the source to include in your .jkb file in order to achieve your objective.

Tuning to reduce false positives is by far the most common tuning scenario. Tuning to reduce false negatives is more of an extensibility activity. For more information about creating your own Java Path checkers, see Creating Java Path checkers.

Note: Tuning is available only for Java Path checkers. For a list of default Java Path checkers that can be tuned, see Java Path checkers that can be tuned.

 

Submitting a false positive report to Klocwork Customer Support

False Positives - a critical resource in ongoing checker improvement.

Submitting your false positive reports to Customer Support helps Klocwork identify new use cases, and contributes to ongoing checker improvement.

When reporting false positives to Klocwork Customer Support, the first step in the process is to send a file which specifies the information needed to reproduce them. This file is generated from the command line. Attaching this file when you submit your CSR can greatly reduce the amount of time it will take for support to respond to your issue.

Create the file with the following command:

kwsupport pack-fp –fp<file>:<line> <issue_type> <build_log>

where:

•      <file> is the file name where the false positive is reported

•      <line> is the line number it is found

•      <issue_type> is the kind of issue (ABR, NPD, etc.)

•      <build_log> is the path to the build.log file

For example, to collect all the information for the reported ABV.STACK issue in the file main.c at line 10, you would run the following command:

kwsupport pack-fp –fp main.c:10 ABV.STACK /path/to/build.log

A file called archive.kwz will be generated in your working directory. This is the file you need to attach to your CSR.

You can find more information on the kwsupport pack-fp command on the documentation wiki.