infer
Error Prone
Our great sponsors
infer | Error Prone | |
---|---|---|
24 | 8 | |
13,281 | 5,951 | |
1.1% | 0.8% | |
9.8 | 9.8 | |
6 days ago | 5 days ago | |
OCaml | Java | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
infer
-
How to use Coq and C in practical software development for "verified C"?
Also, a much more realistic approach would be to use static analyzers, such as fbinfer: https://fbinfer.com/
-
How to make develop C application easier?
There are also static analyzers, for example PVS-Studio which is commercial and solid: https://pvs-studio.com/en/ The GCC compiler, starting with version 10, has a static analyzer that you activate with the “-fanalyzer” option. It’s still quite limited but I use it. Be sure the get GCC version 11.2 or later because the analyzer got much better after version 10. Facebook has a no-cost analyzer, but I haven’t tried it yet: https://fbinfer.com/
-
Meta Open-Sources A Compositional Deadlock Detector for Android Java
The research team at Meta has developed a new static analyzer that catches deadlocks in Java code for Android without ever running the app. What distinguished this work from past efforts is its ability to analyze revisions within large software libraries with hundreds of millions of lines–enough time and space so problems can be found before they manifest themselves as bugs or crashes. The proposed analyzer is open-sourced and forms part of the Infer static analysis framework.
- infer - A static analyzer for Java, C, C++, and Objective-C open-sourced by Facebook
-
Hacker News top posts: Mar 5, 2022
A tool to detect bugs in Java and C/C++/Objective-C code before it ships\ (22 comments)
Error Prone
-
A guide on how to improve your coding skills with static code analysis.
How to build a static analysis plugin. Google has a framework for Java with a good tutorial.
- Error Prone 2.11.0 Released. Requires JDK11+
-
Is there a tool to track CVEs for the software that we use?
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
Get rid of those boolean function parameters (2015)
Linters can check for this sort of thing, for example Error Prone[0] has a lint[1] for this.
Totally agree this is better to be in the language proper so we don't need this extra tooling.
-
Top 5 Java Linters
5. Error Prone
- Break backward compatibility
-
Introducing Astra: A Tool for Refactoring Java Programs at Scale
As Refaster has some limitations on what you can achieve (e.g., you can't perform exception type migrations), then you have to implement your own ErrorProne check operating on the AST (e.g., TryFailRefactoring to get you to assertThrows from pre-JUnit 4.13 idiom of try/fail/catch/verify).
-
Is Lombok in danger of becoming incompatible with future JDK's?
https://github.com/google/error-prone/issues/1157#issuecomment-769289564
What are some alternatives?
Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
SonarQube - Continuous Inspection
PMD - An extensible multilanguage static code analyzer.
FindBugs - The new home of the FindBugs project
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Lombok - Very spicy additions to the Java programming language.
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security