To get the most out of Code Analysis for C/C++, you should be aware of its limitations. Here is a list of important considerations to take into account:
High noise ratio: Code Analysis for C/C++ will misidentify a variety of errors because it has been designed to test as many execution paths as possible. You can get around the problem by using Visual Studio 2005 code coverage features to single out the important functions. You can then ignore the errors generated for noncovered code.
Completeness: Code Analysis for C/C++ is not the "be all, end all" testing tool. It is most effective when used in combination with AppVerifier, unit tests, and other varieties of tests (see Chapter 13 for more details).
Programmer skill: Code Analysis for C/C++ provides a "brute force" approach to finding defects. The true effectiveness of the tool depends on the skill of the programmer to identify noise, filtering the results using annotations, and so on.
Global state: Code Analysis for C/C++ cannot recognize problems relating to the global state of an application. See the section "Identifying and Minimizing Noise" earlier in the chapter.