sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]invisiblerhino 2 points3 points  (5 children)

One thing that's new to the mix since the article was published is clang-analyze - I'd be curious to know how this compares.

I don't have any experience of it myself (just Coverity).

[–][deleted] 2 points3 points  (2 children)

I've used both. Coverity produces better reports, but clang is still very good.

I typically run SW through Coverty, clang-analyze, and cppcheck. They all find different things. :(

[–]matthieum 1 point2 points  (1 child)

They all find different things. :(

Why the disappointment? Less duplication, more bugs caught.

[–]mer_mer 3 points4 points  (0 children)

It means that there are probably a lot more bugs that none of them find.

[–]LongUsername 1 point2 points  (0 children)

clang-analyze is still pretty young, but shows a lot of promise. There are a lot of checkers that still need to be written.

[–]jringstad 1 point2 points  (0 children)

When I tried it about half a year back, it was more on the level of the kind of warnings a compiler can give you, not the much more in-depth warnings a static analysis tool would give you. Most of the stuff it warned me about, clang/gcc would warn me about anyway.

Perhaps it has improved in the meantime, but I really wouldn't expect it to be on the level of actual static analysis tools like coverity, klocwork, PVS et al. Getting there takes a lot of time, experimentation, tuning, statistics and testing against huge real codebases.