Klocwork Review

It provides a good set of checks for static code analysis and cybersecurity. While coding, developers see code violations. Global variables sometimes generate false positives.


Valuable Features

  • Good set of checkers for static code analysis, cyber security
  • Possibility of creating custom checkers- Good and easy integration into continuous integration (CI)
  • The whole package offers a lot of possibilities: add-ons for Eclipse, standalone clients, access via web site, support, documentation, command line.

Improvements to My Organization

More and more departments are targeting static code analysis now, as they see the benefits. Klocwork with its capabilities is helping with this, providing the integration. The advantage is that while coding, developers see code violations.

Room for Improvement

  • Global variables sometimes generate false positives. Variables with global scopes sometimes produce False Positives. It means, I get violations from KW which after personal analysis turn out to be not true. At the moment it seems Klocwork is not able to track the values of variables with global scope. Thus the tool makes assumptions for the value range. It occurs that I get violations due to values which simply cannot occur > as the global variables are not tracked. This is annoying and time consuming. One simpler thing on variables with global scope: unused variables with global scope cannot be detected by checkers. This is highly recommended to have it in order to clean the code.
  • The preprocessor needs better integration for custom checkers as the tool focuses more on static code analysis; after preprocessing the file.- Updating from one version to the other takes too much time. The process somehow needs too much CPU power.
  • Once there are bugs detected and accepted by KW, it takes some time to integrate the changes. This means that what does not fit on the Rogue Wave road map is not definitely considered.

Use of Solution

I have used it for four years.

Stability Issues

I did not encounter any stability issues; only that the update process takes too long. Here, the process could be speeded up.

Scalability Issues

Scalability is good, from small teams to multisite project teams.

Customer Service and Technical Support

Technical support is good (7/10).

Previous Solutions

I previously used PC-lint. I switched because KW is more mature.

Initial Setup

Initial setup is going well; very straightforward and following its documentation.

Other Solutions Considered

I evaluated QAC/QAC++, LDRA Testbed.

Other Advice

A good thing is that you are rapidly ramped up and can use the tool.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email