[vladd]

In case you want to try out static analysis on your own code-base, here's a link with the list of most popular tools in this field, grouped by language: http://en.wikipedia.org/wiki/List_of_tools_for_static_code_a...

[LVB]

Visual Studio now ships with a reasonably good static analyzer built in. We're using it more than our aging copy of PC-Lint.

(Carmack's review: http://www.altdevblogaday.com/2011/12/24/static-code-analysi...)

[ygra]

Can you tell VS by now to ignore warnings in 3rd-party libs? Everything that's in Qt's headers is pretty much out of my control but those were by far the most common warnings (or at least I didn't see many real warnings amidst them). At least that's how it's in VS 2010 and it kept me from turning code analysis on more often.

[TwoBit]

VC++ analysis is useful aside from the fact that it mistakenly thinks every pointer usage is a potential null pointer, but I've gotten better results with clang static analysis.

[marshray]

Every pointer is potentially null, until proven otherwise (which in the general case means solving the halting problem).

[Joeri]

I configured jshint inspection in a pre-commit hook on my team's code repository. Yesterday I checked the logs and in the last 10 days it prevented 15 commits, a few of which were actual bugs. For me static analysis is a no-brainer. The only challenge is finding the right set of settings that you don't get too many false positives.

[Eridrus]

Coverity also has a free trial you can do online with your own code: http://softwareintegrity.coverity.com/free-trial-coverity.ht...