Same here. I don't have static analysis tools enabled in my build trees yet, but all unit tests get coupled with targets to run the following over them:
- Also experimental valgrind tools, but I haven't actually used them yet.
Fire off the 'valgrind' target, wait a while, come back and inspect memory leaks (mainly in Python from the bindings). Tack that on top of pretty much every warning flag GCC understands, and I am much more sure that the code is safe (though still not correct).