In the last years the software code quality and security became increasingly important. Static code analysis is about analyzing source code without executing the code to find potential bugs, vulnerabilities and security threats. Static code analyzer look for patterns which can cause code quality problems or security vulnerabilities. A big advantage of static code analyzers is they scan all code of a project. If there are problems in corners of applications which are not even used, there is a high probability that static code analysis finds these. By using static code analysis tools, problems can be allocated early in the development process, where the cost to fix them is still low.
With Klocwork development teams can find possible errors already while they are writing their code. The on-the-fly analysis works like a spell checker. Together with the cross project impact analysis, possible risks in the code can be found at already at a very early development stage.
PC-lint is a powerful static analysis tool that checks your C/C++ source code for MISRA-C compliance.