The lint utility, which is shipped with some versions of Unix, traces its roots back to the days when compiling even modest programs took a long time. The utility was designed to check code for obvious errors and typos and remove them (as one would remove lint from clothing -- hence the name), so that an entire compilation cycle would not be wasted due to a spurious comma or semicolon.
As systems became faster, the cost of lost compilations decreased and developers used compilations as a way of performing syntax checking. In addition, compilers became better at identifying and warning about suspect constructions. Eventually, most developers stopped using lint and relied entirely on the compilers to do all checking. So much so that, several years ago, the GNU toolchain dropped lint entirely. Today, it does not ship on Linux platforms.
It's clear from the need for the tools in this review, that lint should have been improved rather than dropped. Fortunately, one great version of lint is still available today for all platforms. That is PC-Lint from Gimpel Software. The Unix version is called FlexeLint. At $239 per seat, PC-Lint is the best bargain in software development tools this side of open source. It catches just about every suspicious aspect possible. After you've configured it to fit your style, it delivers jewels.
For this review, I prepared a small C file with obvious bugs in it and asked each vendor to run it at the most sensitive bug-sniffing levels. Coverity, due to its detection philosophy, found zero; Klocwork found five. PC-Lint generated 15 warnings. Here, however, is the critical difference: Only PC-Lint correctly identified a miscoded function call. All vendors agreed this call could generate a null-pointer exception, which is a showstopper in C and C++ and a specific target of the reviewed suites.
Lint is particularly useful for locating a bug in code that compiles correctly -- syntactically correct code that does not behave as expected almost always has an error that lint will catch. What lint does not do is walk every possible execution path across a large code base to find cross-functional errors. However, if you're looking at static code analysis tools for the first time, start with PC-Lint.
Ultimately, if you use either Coverity Prevent or Klocwork K7, keep running lint on your code base. It will catch important details these tools and your compiler will miss.