Over the last few weeks, working with Jonathan, I have been running daily analysis of Coverity (a proprietary static analyzer tool) It is running on a Debian amd64 with the options: --with-gnu-as --with-gnu-ld --disable-bootstrap --enable-languages=jit,c,c++,fortran,lto,objc --enable-host-shared
Coverity finds about 4300 defects. The defect density is 1.67 for 2.5 millions line of code. As a comparison, the llvm toolchain (llvm, clang, lldb, etc) has 3223 defects (0.62 of defect density for 5.1M loc). Most of the defect are detected as resource leaks (1681 defects). I had a quick look and many of them are actual issues (in many cases minor), I took the opportunity to fix some of them. To access to the list of results, you can apply https://scan.coverity.com/projects/gcc, please try to prove that you are a gcc contributor. Thanks, Sylvestre
