Experience with static code analysis tools in C++ for quant development
Hi, did anyone have a long-term experience in integrating static code analysis tools into large C++ projects’ development process?
I’d like to get some feedback and any statistics if possible. Sales from PVS-studio reached me some time ago, I ran a trial which showed rather good but I’m not sure about long-term thing (we managed to fix a lot of hidden problems during bug rush done during 30-day trial 🙂 )
I tried it one time, though that project was a Java codebase, not C++. It is too long ago for me to remember the specifics, but I do remember that we found doing useful integration quite challenging. It was difficult to even select the metrics we wanted to focus on, because there were so many possible ones (once we got into the reports) and it is not obvious which ones give you the best ROI. I think what we ended up doing was selecting a handful and sent it out with the daily build report, and we never got further than that. The experience to me was such that I became sceptical of code analysis tools. Not in the sense that they don’t add value, they do, but most development teams will have other things they can do (other tools to integrate) that gives them a better return per hour spent.
I’ll recapitulate my recent status update. 😉
There’s a great article on static code analysis by John Carmack here:
If nothing else, you should be using /analyze on Visual C++ builds and clang on OS X/iOS builds.
thank you for your comment. Do you mind going into more detail about ‘other tools’ you’ve mentioned?
Currently I’m thinking about integrating static analysis, but might consider other options if they prove to be more efficient.
NOTE I now post my TRADING ALERTS into my personal FACEBOOK ACCOUNT and TWITTER. Don't worry as I don't post stupid cat videos or what I eat!