Bugs get introduced into source code in a variety of ways, even by the most experienced of developers. Let’s face it, people are imperfect; so can be the code, especially if that developer is using languages that grant a lot of rope to hang yourself such as C/C++. Due to this problem companies pay millions of dollars every year to whole Quality Assurance teams to test whatever one developer may write. Developers themselves spend thousands of hours writing code that is never meant to be releasable to customers, but whose sole purpose in life is to test other code (unit tests). Even then, bugs can be found in the field damaging a company’s reputation in a hurry, many of which just needed a very simple fix. What else can be done to stop this? Thankfully, in recent years a new tool has been added to the development tool belt: Static Code Analysis.
Static Code Analysis consists of special software that runs on source code to look for potential problems, weaknesses, and security threats. It can point out problems that compilers will miss. For example, use of possible NULL pointers, divide by zero, and memory corruption. Another bonus is that the analyzing software can be run on an automated basis like unit tests. Thereby helping to point out problems soon after then have been committed into the source.
Now-a-days there are many different analyzer products. In fact, Wikipedia provides a whole wiki page dedicated to simply list them (http://en.wikipedia.org/wiki/