I develop commercial unmanaged C++ app on Visual Studio 2008, and I want to add a static-code analysis tool.
Any recommendations?
I think it would be real nice if the tool can be integrated into MSVC.
I'm thinking about PC-Lint + Visual Lint
However, I have been taking a hard look at Coverity, Understand, and Klockwork as well.
Price isnt really the issue. I want opinions from people who actually used the tool for unmanaged C++ on MSVC, and they just absolutely loved it.
Lastly, VSTS and Intel Parallel Studio now also offer static code analysis. Nice~
Note: related post suggest Coverity is the best (?) (see last 2 posts)
I work for RedLizard building Goanna, a C++ static analysis plugin for Visual Studio. Its focus is on desktop use by a programmer. You can run it on individual files, just as you do the compiler, and it can give you results quickly.
There is a trial available. Right-click a file, select Run Goanna, and the results appear in the Visual Studio warnings list.
Beyond all those you mentioned, VS Team Developer edition comes bundled with a nice static analysis tool called prefast. Its (obviously..) well integrated into the IDE, and accessible via the menus.
Its in fact a public release of an MS internal tool - a thin version of a tool called Prefix they run on their builds. Personally, when I faced the same decision, prefast sufficed.
You can try CppDepend, a pretty complete c and c++ static analyzer, well integrated with VS 2008, 2010, 2012, 2013 and 2015.
I just started using cppcheck which I like very much due to the low noise.
Although it does not integrate directly with Visual Studio 2008, VS can be customized and you should be able to integrate it directly into the IDE.
I use PVS-Studio static code analyzer.
This static code analyzer good integrated with Visual Studio 2005, 2008, 2010, 2012, 2013.
It has many additional features:
Verification of files which were recently modified several days ago;
Verification of files by their filenames from within the text file
list;
version control systems integration; ability to operate fro m command line
interface;
«False Alarms» marking; saving and loading of analysis
results;
utilizing all available cores and processors;
etc...