Clang-Tidy

Overview

Open-source C/C++ static analyzer and linter built on Clang's AST. Ships hundreds of checks across bugprone patterns, modernize-* refactors, performance issues, and coding-standard conformance (CERT-C, partial MISRA via plugins). Free, fast, and integrates cleanly into CMake, VS Code, and CI pipelines.

Benefits

• No license cost and active LLVM-cadence maintenance
• Catches issues compiler warnings and cppcheck miss
• Custom check authoring is feasible for project-specific rules
• First-class VS Code, clangd, and CI integration

Limitations & Risks

• Cross-compilation flag handling needs care to avoid spurious warnings
• Full MISRA coverage requires third-party plugins or commercial extensions
• Performance scales with project size — needs check tuning

Recommended Actions

Enable on a curated check set in CI, gate on violation delta rather than zero, and grow the check list incrementally as the codebase tightens up. Pair with clang-format for style and with cppcheck for complementary bug detection.

Additional Notes

Most teams run clang-tidy alongside cppcheck because the two catch different classes of issue. Pairs with #20 Automated Code Review and #4 DevSecOps.

References & Links

• https://clang.llvm.org/extra/clang-tidy/
• https://github.com/llvm/llvm-project