I don’t know if there is a policy yet on using static code checkers on the Boost code base as part of the release cycle. Given that the Visual Studio 2012 Analyzer tool I’m using just picked up 3 issues in the 1.57 release (I’ve posted
TRAC items on them already), I suspect not.
I would like to encourage such a policy. Boost is, among other things, about quality. This is a way to enhance quality. For people like me who work in safety critical fields, it is vital. I cannot use Boost libraries if they can’t be
certified. Static analyzers can help insure quality, which makes it easier to qualify these tools.
There are many tools available. Some, like CppCheck, are open source. Others are built into development environments (aforementioned VS Analyzer, Clang tools, etc.). Further, I suspect that tool vendors could be convinced it would be good
PR to have their tools used by Boost, so I suspect even those with paid licenses can be made available for free.
Steve Hickman
System Architect, Flight Deck of the Future
480-236-8367