There are several very effective static source code analyzers on
the market today, and quite a few freeware tools as well.
There is no excuse for any serious software development effort not
to make use of this technology.
It should be considered routine practice, especially for critical
The rule of zero warnings applies even in cases where the compiler
or the static analyzer gives an erroneous warning: if the compiler
or the static analyzer gets confused, the code causing the confusion
should be rewritten so that it becomes more trivially valid.
Many have been caught in the assumption that a warning
was likely invalid, only to realize much later that the report
was in fact valid for less obvious reasons.
Static analyzers originally had
a bad reputation due to the limited capabilities of
early versions (e.g., the early Unix tool lint).
The early tools produced mostly invalid messages, but this is not the case
for the current generation of commercial tools.
The best static analyzers today are fast, and they produce selective
and accurate messages.
For an overview of static source code analyzers for C,
Recommended tools include
and uno (roughly in that order).