0

We are using Klocwork 9.6 for static code analysis.
To perform an analysis we are using command line tools "kwcheck" command
There are some errors which we just want to filter out.
e.g 

(Local) *.cpp:134 UNINIT.STACK.ARRAY.MIGHT (1:Critical) Analyze
'FRUSerial' array elements might be used uninitialized in this function.

(Local) *.cpp:187 INFINITE_LOOP.LOCAL (2:Error) Analyze
Infinite loop

It should be achieved via Klocwork functionality not with output post processing.

Are there any particular Klocwork commands/switches suitable for this?

nonesuchnick
  • 627
  • 4
  • 17
Aleksander Fular
  • 803
  • 9
  • 18

1 Answers1

1

You can use the kwcheck set-status command to change the status of the defect from Analyze to Ignore or Not a Problem. For example, for a defect listed below:

1 (Local) foo.cpp:134 UNINIT.STACK.ARRAY.MIGHT (1:Critical) Analyze
'FRUSerial' array elements might be used uninitialized in this function.

2 (Local) foo.cpp:187 INFINITE_LOOP.LOCAL (2:Error) Analyze
Infinite loop

The number at the front of each issue above is the ID of the defect, as output from kwcheck run or kwcheck list. So to cite the second defect and set the status to ignore with a comment, you would run:

kwcheck set-status 2 --status ignore -c "we want to ignore this"

Note that by default kwcheck list displays only defects with a status of Analyze or Fix, so by setting the status to one of these other values the defects will no longer be displayed. If you want to see a list of defects with a particular status, for example the ones you've set to Ignore, you can use the -s or --status option with kwcheck list to specify which status(es) to show.

If you want to disable specific checkers entirely, you can disable them using the kwcheck disable command. This requires that you have created a local project for the analysis with the kwcheck create command. You can create a local project even as a temporary artifact to customize and control the local analysis and results. It is not required to connect it with a project on the Klocwork server. For example:

Create a local project:

kwcheck create

Disable the checkers for defects you don't want to see:

kwcheck disable UNINIT.STACK.ARRAY.MIGHT INFINITE_LOOP.LOCAL

Run the analysis:

kwcheck run -b buildspec.out
nonesuchnick
  • 627
  • 4
  • 17
  • Can this functionality be used to ignore one warning only in specific file? there is no .kwlp directory after our analysis. – Aleksander Fular Nov 15 '13 at 10:16
  • Why is there no .kwlp directory? Have you specified a different name? Or are you running kwcheck on specific files only? Can you provide the kwcheck command you are using? By creating a local project, you have a lot more control over the analysis and the ability to turn on or off specific checkers and cite defects as I showed above. – nonesuchnick Nov 17 '13 at 17:05
  • I just checked the script which runs kwcheck - we are manually removing .kwlp directory just after the generation but i dont know why. anyway I can see that your disable command tells kw not to report anything back about this error - and we cannot do that, we need to only disable these warnings in files where we reviewed the warning and explicitly said "this is a false positive!". I dont think that kw 9.6 is able to do that. – Aleksander Fular Nov 18 '13 at 07:53
  • If you don't want to disable the checker entirely, but instead want to mark and ignore false positive issues, then the way to do this for a local desktop analysis would be to use the `kwcheck set-status` command as previously mentioned. Then you only need to keep .kwlp folder around in order for this citing to persist on future analysis runs. It doesn't make sense to delete it if you want to be able to cite these defects. Alternately, you could connect the local project to an analysis loaded to a Klocwork server project, and cite the issue on the server project. – nonesuchnick Nov 18 '13 at 16:20
  • Thank you for all your time nonesuchnick - Last thing .. could you provide an example of (can this disable be localized to one certain function? ) kwcheck set-status command for this error? `(Local) example.cpp:187 INFINITE_LOOP.LOCAL (2:Error) Analyze Infinite loop` – Aleksander Fular Nov 19 '13 at 14:26
  • Using `kwcheck set-status` to cite an issue as ignore, ignores only the specific defect at the location where it was detected. It does not disable the checker or prevent other defects of the same type from being detected elsewhere in the function or file. To cite an issue using `kwcheck set-status` you need to specify the ID of the issue. See my updated answer above for an example. – nonesuchnick Nov 20 '13 at 22:24
  • Ok, then this functionality makes no sense for us - because it has to be done manually every time after kw output changes. You cannot put that into the scripts because if something changes then these ID change and we ignored different case. Thank you very much for your insight. – Aleksander Fular Nov 21 '13 at 08:31
  • Actually, as long as you don't remove the .kwlp folder the ID will be the same and you won't need to re-cite the issues, and the issue will remain as status 'Ignore' or however you marked it. The key is that the local project (.kwlp and .kwps) folders must remain and not be deleted after each run. – nonesuchnick Nov 21 '13 at 15:38