[This is a more general question and banks upon the experience with both setting the compiler options and usage of static code analysis tools.]
Currently, I use the -Werror to flag all warning as errors during compilation.
I am planning on using the static code analysis tools for c++. To start with I will be using CppCheck, which has got features as listed here: http://cppcheck.sourceforge.net/#features and are as below:
- Dead pointers
- Division by zero
- Integer overflows
- Invalid bit shift operands
- Invalid conversions
- Invalid usage of STL Memory management
- Null pointer dereferences
- Out of bounds checking
- Uninitialized variables
- Writing const data
My question is, if I resolve all the errors (detected via -Werror) flagged by the compiler, then won't all these problems(features) listed by CppCheck, get covered already during the compilation stage of the build-deploy workflow?
More generally, does setting the compiler options to a "strictest" level (like in this answer https://stackoverflow.com/a/401276/712248) flag all problems (including/excluding false positives) that could be detected by static analysis tools like CppCheck? So, in essence, if I use the strictest compiler options, I then do not need to use static analysis tools?