In this 3 part blog series I want to cover general misconceptions with static analysis coverage. This will include a discussion about:
- compiler warnings available,
- different types of style issues including coding standards, and
- your available options to fit them into your formal process.
Very often customers ask why we don’t cover specific checkers. We always get great feedback on high value checkers that they would like to see. But occasionally we get the request to find simple compiler warnings or code style issues.
For the first part of this series I want to focus on compiler warnings. These are not the compiler errors such as syntax/parse errors you get with a compiler. Instead, I want to concentrate on those pesky compiler warnings that still let you build your application, when you really know you shouldn’t. We have all experienced compiler warnings that are just plain confused with your code. But on the whole, you are guaranteed to find some pretty big blunders.
Most modern compilers focus on providing more details about compiler warnings. These can be very valuable as it helps find many of those plain dumb mistakes. It varies by compilers, but many find things such as constant expressions from conditionals, returning from a void function, assignment in condition (use = instead of ==), suspiciously-placed semi-colon and many, many more.
To find some of the issues, you usually need to provide a compiler flag -Wall. For example:
gcc -c -Wall foo.c
Given that every compiler on the market provides its own “checkers” for compiler issues, does it really make sense for static analysis to get in there and detect these issues again? I strongly believe that every developer should ALWAYS clean up their compiler warnings before going onto static analysis.
But you will still find static analysis tools providing these capabilities. Why? Well, first and foremost, not every compiler has the capability to find simple coding issues. The other reality is that not everyone checks the compiler warnings…(we all know who we are). Or sometimes you just want to run one tool. In other words get the more complex bugs with static analysis along with the compiler warnings. It is for these reasons that static analysis tools have introduced many of these low-level issues.
For the next part of this blog series, I want to go into the details of compiler warnings and some of the things that coding standards are doing as well.