infer
Glean
Our great sponsors
infer | Glean | |
---|---|---|
42 | 19 | |
14,688 | 892 | |
0.5% | 1.1% | |
9.9 | 9.8 | |
6 days ago | 3 days ago | |
OCaml | Hack | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
infer
-
An Introduction to Temporal Logic (With Applications to Concurrency Problems)
I think most development occurs on problems that can't be formally modeled anyway. Most developers work on things like, "can you add this feature to the e-commerce site? And can the pop-up be blue?" which isn't really model-able.
But that's not to say that formal methods are useless! We can still prove some interesting aspects of programs -- for example, that every lock that gets acquired later gets released. I think tools like Infer[0] could become common in the coming years.
[0]: https://fbinfer.com/
- Should I Rust or should I Go
-
Enforcing Memory Safety?
Using infer, someone else exploited null-dereference checks to introduce simple affine types in C++. Cppcheck also checks for null-dereferences. Unfortunately, that approach means that borrow-counting references have a larger sizeof than non-borrow counting references, so optimizing the count away potentially changes the semantics of a program which introduces a whole new way of writing subtly wrong code.
-
Interesting ocaml mention in buck2 by fb
Meta/Facebook are long time OCaml users, their logo is on the OCaml website. Their static analysis tool and its predecessor are both written in OCaml.
-
A plan for cybersecurity and grid safety
Efforts: Dependabot, CodeQL, Coverity, facebook's Infer tool, etc
-
A quick look at free C++ static analysis tools
I notice there isn't fbinfer. It's pretty cool, and is used for this library.
- OCaml 5.0 Multicore is out
-
Beyond Functional Programming: The Verse Programming Language (Epic Games' new language with Simon Peyton Jones)
TBH, there's a non-zero amount of non-"ivory tower" tools you may have used that are written in functional languages. Say, Pandoc or Shellcheck are written in Haskell; Infer and Flow are written in OCaml. RabbitMQ and Whatsapp are implemented in Erlang (FB Messenger was too, originally; they switched to the C++ servers later). Twitter backend is (or was, at least) written in Scala.
-
The State of Affine Types in C++?
- borrow-cpp which exploits some null dereference checks in the infer static analyzer to model some of borrow checking.
- Prusti: Static Analyzer for Rust
Glean
-
Is Meta decommissioning Sigma?
Even if it is true (which is an unsubstantiated gossip at the moment), Sigma is not the only Haskell project at Facebook. See https://github.com/facebookincubator/Glean for another example.
-
Codebase as Database: Turning the IDE Inside Out with Datalog
Meta uses something very much like this in production. It’s open sourced at https://glean.software/
-
11 Companies That Use Haskell in Production
Glean, a system for collecting and working with facts about source code.
- Facebook Is Down
-
Is there a tool that would allow me to query (structured search) a codebase?
Glean was recently open sourced, it might fit your needs - https://glean.software/
-
Facebook open sources Glean: a scalable code search and query engine
Cool! I would love to play around with this.
How do I write a schema and indexer for my favorite programming language that isn't currently (and won't be) supported with official releases?
For Schemas, [1] says to modify (or base new ones off) these: https://github.com/facebookincubator/Glean/tree/main/glean/s...
For Indexers, it's a little less clear but it looks like I need to write my own type checker?
Kythe has one schema, whereas with Glean each language has its own schema with arbitrary amounts of language-specific detail. You can get a language-agnostic view by defining an abstraction layer as a schema. Our current (work in progress) language-agnostic layer is called "codemarkup" https://github.com/facebookincubator/Glean/blob/main/glean/s...
For wiring up the indexer, there are various methods, it tends to depend very much on the language and the build system. For Flow for example, Glean output is just built into the typechecker, you just run it with some flags to spit out the Glean data. For C++, you need to get the compiler flags from the build system to pass to the Clang frontend. For Java the indexer is a compiler plugin; for Python it's built on libCST. Some indexers send their data directly to a Glean server, others generate files of JSON that get sent using a separate command-line tool.
References use different methods depending on the language. For Flow for example there is a fact for an import that matches up with a fact for the export in the other file. For C++ there are facts that connect declarations with definitions, and references with declarations.
There will be more indexers: we have Python, C++/Objective C, Rust, Java and Haskell. It's just a case of getting them ready to open source. You can see the schemas for most of these already in the repo: https://github.com/facebookincubator/Glean/tree/main/glean/s...
-
Facebook open sources Glean, its scalable code search and query engine
Existing schemas are here: https://github.com/facebookincubator/Glean/tree/main/glean/schema/source
What are some alternatives?
SonarQube - Continuous Inspection
Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Error Prone - Catch common Java mistakes as compile-time errors
FindBugs - The new home of the FindBugs project
PMD - An extensible multilanguage static code analyzer.
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
livegrep - Interactively grep source code. Source for http://livegrep.com/
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
fastlane-plugin-appicon - Generate required icon sizes and iconset from a master application icon.
R.swift - Strong typed, autocompleted resources like images, fonts and segues in Swift projects
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
opengrok - OpenGrok is a fast and usable source code search and cross reference engine, written in Java