C++ – Are C++ static code analyis tools worth it

cstatic analysis

Our management has recently been talking to some people selling C++ static analysis tools. Of course the sales people say they will find tons of bugs, but I'm skeptical.

How do such tools work in the real world? Do they find real bugs? Do they help more junior programmers learn?

Are they worth the trouble?

Best Answer

Static code analysis is almost always worth it. The issue with an existing code base is that it will probably report far too many errors to make it useful out of the box.

I once worked on a project that had 100,000+ warnings from the compiler... no point in running Lint tools on that code base.

Using Lint tools "right" means buying into a better process (which is a good thing). One of the best jobs I had was working at a research lab where we were not allowed to check in code with warnings.

So, yes the tools are worth it... in the long term. In the short term turn your compiler warnings up to the max and see what it reports. If the code is "clean" then the time to look at lint tools is now. If the code has many warnings... prioritize and fix them. Once the code has none (or at least very few) warnings then look at Lint tools.

So, Lint tools are not going to help a poor code base, but once you have a good codebase it can help you keep it good.

Edit:

In the case of the 100,000+ warning product, it was broken down into about 60 Visual Studio projects. As each project had all of the warnings removed it was changed so that the warnings were errors, that prevented new warnings from being added to projects that had been cleaned up (or rather it let my co-worker righteously yell at any developer that checked in code without compiling it first :-)