On Mon, 2017-06-26 at 06:36 -0700, Sylvestre Ledru wrote: > Over the last few weeks, working with Jonathan, I have been running > daily analysis of Coverity (a proprietary static analyzer tool) > It is running on a Debian amd64 with the options: > --with-gnu-as --with-gnu-ld --disable-bootstrap > --enable-languages=jit,c,c++,fortran,lto,objc --enable-host-shared > > Coverity finds about 4300 defects. The defect density is 1.67 for 2.5 > millions line of code. > > As a comparison, the llvm toolchain (llvm, clang, lldb, etc) has 3223 > defects (0.62 of defect density for 5.1M loc). > > Most of the defect are detected as resource leaks (1681 defects). I > had > a quick look and many of them are actual issues (in many cases > minor), I > took the > opportunity to fix some of them. > > To access to the list of results, you can apply > https://scan.coverity.com/projects/gcc, please try to prove that you > are > a gcc contributor. > > Thanks, > Sylvestre
Thanks. The most recent one, and thus the first one I looked at (CID=1412982) was a supposed "Resource Leak" in the get_cast_suggestion function I introduced in r249461, where the local variable "trial" is supposedly leaked (leading to 3 issues within Coverity overall, if I'm reading things right, for the 3 ways in which a non-NULL value can be generated and then fall out of scope). But this is a tree, and will eventually be GC-ed. So is there a way to teach Coverity about GTY and our garbage collector? I'm wondering how many of the resource leak defects are similar false positives. Dave
