A long time ago I looked at automating some of the invariants in libvirt. I didn't get very far, but you can see what I did here: http://people.redhat.com/~rjones/cil-analysis-of-libvirt/ The thing that is interesting about libvirt is there are two classes of static error. The first is stuff like freeing pointers twice along paths, already very well covered by static analysis tools. But the second are very libvirt-specific invariants. For example, the virError* functions must only be called exactly once along error paths, and never along normal return paths. Or another example: libvirt has its own memory allocation functions, and those must be used, in a certain way, and not say C functions like 'malloc'. Other large projects probably have similar requirements. The kernel certainly does, and has its own checker for them. Your Python ref-counting checker is kind of an example of this, albeit one that applies to a larger selection of projects, not just a single one. For these project-specific tests, I think the only way we're ever going to be able to automate it is to allow custom tests to be written. For the analysis above, I was attempting (and mostly failing) to use OCaml + CIL. CLANG + custom C++ (gord help us) might be another way to do this. -- Agreed about the rest of it, and static analysis is definitely something that should be welcomed to Fedora. By the way I think the wiki page should at least mention Coverity because it's such a big player in this area, even though it'll be rejected because it doesn't fit the Free Software requirement that you listed. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel