Alex's Alliterative Adventures

If your non-trivial C++ code hasn’t been statically analyzed, you’re missing out. Your codebase is likely to contain subtle bugs. Fortunately, static analyzers can expose a large number of bugs without breaking a sweat.

Static analyzers scan your code for suspicious patterns that almost always lead to bugs. Reading from uninitialized local variables, passing polymorphic objects by value, probable buffer overflows, and other things that can easily escape your notice. The best of the bunch is widely accepted to be Lint (more specifically, PC-Lint/Flexe-Lint). These tools don’t come cheap (389 USD Windows / 998 USD *nix), but they’re arguably the best investment a programmer can make (since there are lots of free compilers available). PC/Flexe-Lint can also be used to clean up your source code by identifying unneeded header files, reporting on comment style, or enforcing const correctness.

PC-Lint is even smart enough to understand Visual Studio project files. Unfortunately it doesn’t understand solution files, so that’s where LintProject comes in. LintProject is a free, open source program that parses solution files and spits out a fancy html report. Unlike its counterpart, Visual Lint, it doesn’t integrate with Visual Studio, but it’s much easier on the wallet and it gets the job done. My patch to make LintProject do more parsing when reading incremental build directories was accepted a few weeks ago and will be included in version 1.4.1.11 and later, so it will soon be one step closer to perfect.