GCC diagnostics are great, but they are not enough
A lot of developers ignore the methodology of static code analysis. This is actually a huge mistake, because they deprive themselves of the tools, which help to eliminate errors at the stage of writing the code and save time for testing and debugging the applications. One of the factors for this unreasonable behaviour is the confidence that compilers are already issuing warnings for all dangerous constructs.
Indeed, the compilers are constantly developing and gradually implement diagnostics existing in the code analyzers. But the thing is that the analyzers continue evolving too. These are programs specializing on the bug detection, which means that they will always outpace the compilers in diagnostic capabilities.
Let us look at the practical examples and read the article of Andrey Karpov, a developer of PVS-Studio static code analyzer: “Finding bugs in the code of GCC compiler with the help of PVS-Studio”.
Yes, the C++ compiler implemented in GCC, uses many useful diagnostics. These diagnostics are very helpful, but still, PVS-Studio found errors in the code of the compiler.
GCC developers, discussing this article, concluded that it would be beneficial to implement several new diagnostics, based on the PVS-Studio warnings. This is exactly the case, as it was mentioned before, when the compilers take the diagnostics from the analyzers. We should also understand that paid tools, like PVS-Studio continue developing and gaining more diagnostic abilities. That is the main task of PVS-Studio — to be ahead of the compilers.