Klocwork provides comprehensive ‘always on’ detection of critical security vulnerabilities, quality defects and coding standards violations quickly and accurately, and throughout the development life cycle.
The Klocwork analysis engine is the culmination of over 15 years of static analysis research. At the core of its technology is the ability to monitor the lifecycles of objects and infer their run time behaviour without executing the code. This allows a broad range of quality, reliability, security, and maintainability issues to be identified, with high accuracy.
How it Helps:
Shift Left | At the developer desktop, Klocwork will seamlessly connect to the IDE, text editor, CI platform or command line interface. It provides continuous ‘on-the-fly’ analysis of developers’ code, allowing any defective code to be instantly rectified.
Developer Learning | Having an easy to use, ‘always on’, analysis engine looking out for your mistakes in a non-conflictive and automated review process, makes Klocwork the perfect platform for developer learning. Couple that with comprehensive help, including text and references from industrially and internationally recognized coding guidelines and even links to specialist security material such as Security Innovation Team Professor, and you have the perfect ‘on-the-job’ training school for developers.
Security Standards | Klocwork has out of the box support for a range of industrially and internationally recognized security standards, including: CERT, CWE, OWASP, DISA-STIG (DoD), PCI and more, to assist in the development of secure code from the ground up.
MISRA Conformance | Klocwork has out of the box support for MISRA C 2004, MISRA C++ 2008, MISRA C 2012 (C90 and C99) and MISRA C 2012 Amendment 1 (C90 and C99).
Functional Safety | This complementary technology has led to Klocwork’s success in safety-critical and high-integrity embedded systems where system faults are simply not acceptable and, in many cases, compliance with industry standards is required (IEC 61508, ISO 26262, EN 51208, IEC 62304, DO-178B/C, etc).
Extensibility | The Klocwork checkers can complemented with your own specific rules, perhaps to enforce an organisational, departmental or project coding standard, and these rules can be built up to form the overall project requirements.
Metrics | The Klocwork engine provides hundreds of coding metrics to give a deeper insight into the quality, maintainability and cleanliness of your code. It also supports the checking of specific metrics thresholds, such as is defined by the HIS Metriken set.
How Klocwork Works:
In today’s modern age of complex, safety-critical embedded software systems, utilising static code analysis techniques that can detect potential critical runtime issues should be considered as a fundamental practice in staying ahead of the market. Klocwork’s approach to this can be summarised with the following steps:
Build Comprehension | The core of any accurate static code analysis rests on the ability to reproduce a native build environment (e.g. compiler, includes, macro definitions). Klocwork reproduces your build process to ensure a build-identical analysis.
Model Extraction | Klocwork’s internal parser utilizes the build comprehension to accurately extract abstract model representations of your entire system.
Intermediate Representation (IR) | Klocwork’s unique IR enables a “run-time simulation” analysis to detect complex issues which would otherwise only be found through program execution.
Analysis | Klocwork’s dual analysis engine enables detection of both syntactical and logical issues. This covers the full range of checks; from coding guidelines compliance (e.g. MISRA-C/C++, in-house) to whole-program path analysis.
Results | An SQL database is used to manage and report whole-program analysis results. Complementing this are integrated developer tools used to identify, fix and suppress issues as the code is being written.
For more information, get in touch via the form below:
More information is also available from the Klocwork product website, here