We’ve used static analyzers in the past. Sometimes they have been successful; more often than not, they raise more false positives than actual bugs.
A good example of this would be Asterisk’s
ao2_callback function. That function can return both a pointer to an allocated ref counted object (which must be decremented with
NULL, depending on whether or not
OBJ_NODATA is passed to the function. Static analysis tools almost always flag every usage of that as leaking memory as the function technically can return an allocated object, despite the fact that the function cannot leak memory with that flag being absent. They aren’t smart enough to recognize that a lack of
OBJ_NODATA will always return
Because these tools typically produce vast amounts of false reports, integrating them into our CI processes has a substantially high developer cost that - so far - has not been deemed to be worthwhile. Going through vast reams of data looking for one valid bug is not a good use of developer time.
That being said, all of our CI processes are also open source, so if someone wanted to integrate a static analysis tool into them, they could propose that on Gerrit.
If you feel like a static analysis tool has found a valid issue, please feel free to report that on the issue tracker. It would be highly preferred if you also provided patches to fix said issues, as - again - most static analysis tools raise false positives with Asterisk, and the development team is highly unlikely to spend any time to investigate a report for you.