Dealing with static code analysis in Fedora

[Richard W.M. Jones]

A long time ago I looked at automating some of the invariants in
libvirt.  I didn't get very far, but you can see what I did here:

http://people.redhat.com/~rjones/cil-analysis-of-libvirt/

The thing that is interesting about libvirt is there are two classes
of static error.  The first is stuff like freeing pointers twice along
paths, already very well covered by static analysis tools.

But the second are very libvirt-specific invariants.  For example, the
virError* functions must only be called exactly once along error
paths, and never along normal return paths.  Or another example:
libvirt has its own memory allocation functions, and those must be
used, in a certain way, and not say C functions like 'malloc'.

Other large projects probably have similar requirements.  The kernel
certainly does, and has its own checker for them.  Your Python
ref-counting checker is kind of an example of this, albeit one that
applies to a larger selection of projects, not just a single one.

For these project-specific tests, I think the only way we're ever
going to be able to automate it is to allow custom tests to be
written.

For the analysis above, I was attempting (and mostly failing) to use
OCaml + CIL.  CLANG + custom C++ (gord help us) might be another way
to do this.

--

Agreed about the rest of it, and static analysis is definitely
something that should be welcomed to Fedora.  By the way I think the
wiki page should at least mention Coverity because it's such a big
player in this area, even though it'll be rejected because it doesn't
fit the Free Software requirement that you listed.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org