When choosing a compiler (which should be understood to include the linker), a C99-compliant compiler should be used whenever possible.When choosing a source code analysis tool, it is clearly desirable that the tool be able to enforce as many of the guidelines in this document as possible. Not all recommendations are enforceable; some are strictly meant to be informative.
...
The possibilities for a given guideline are outlined in the following table below.
The final possibility is that a tool has not implemented a checker for a specific guideline.
Compilers and source Source code analysis tools are trusted processes, meaning that a degree of reliance is placed on the output of the tools. Consequently, developers must ensure that this trust is not misplaced. Ideally, this should be achieved by the tool supplier running appropriate validation tests. While Although it is possible to use a validation suite to test a compiler or source code analysis toolstool, no formal validation scheme exists at this time.
False Positives
While many Many guidelines list common exceptions, but it is difficult if not impossible to develop a complete list of exceptions for each guideline. Consequently, it is important that source code comply with the intent of each guideline and, to the greatest extent possible, tools minimize false positives which positives that do not violate the intent of the guideline. The degree to which tools minimize false-positive diagnostics is a quality-of-implementation issue. 00. Introduction 01. Declarations and Initialization