Last Friday’s rant about C++ static and dynamic analysis tools was picked up by Reddit and I have had quite a few helpful suggestions for other tools to try. Thanks!
Microsoft’s Application Verifier.
Microsoft’s CRT Debug heap.
CLang - various options, especially using AddressSanitizer.
So far I’ve had a quick look at Dr. Memory, which seems to be pretty good. Free, easy to download and install and it’s faster than DevPartner and ‘just works’. Suppressing errors that aren’t really errors is easy. Running it is easy and it feels like it will just fit into my work process without me having to conform to its idea of how I should be working. I can see me integrating it into my build server’s workflow and running all of my tests through it. So far it has found a few obscure leaks for me; locale leaks (!) in some string format conversion code that nothing else has noticed. To me it feels like the tool BoundsChecker should have been and it doesn’t have a pointless GUI, it’s just a command line tool that does the job and produces easy to understand reports.
CppDepend also ‘just works’. It’s easy to get hold of a trial version and it installs and runs without issue. I’ve used it before and whilst it does spot some of the issues that something like Gimpel PC-Lint will spot it’s much more geared towards enforcing corporate coding guidelines. Yes it’s very configurable, but, out of the box it doesn’t give me enough static analysis and gives me too much of other people’s style rule infringements.
Microsoft’s Application Verifier is better than I remember it being the last time I tried it (many years ago) but it’s not as usable as Dr Memory.
I haven’t downloaded PVS Studio as I figure that it doesn’t really matter how good it is, the licensing is of the “we don’t tell you how much it is until you ask us” variety of Enterpricey and the minimum license is for a team of 9…
The CLang options looks interesting but I haven’t had the time to investigate fully yet.
So thank you Reddit. I now have a tool in my tool box that should help with my current client problems and several other tools to explore.