infer

A static analyzer for Java, C, C++, and Objective-C (by facebook)

Infer Alternatives

Similar projects and alternatives to infer

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better infer alternative or higher similarity.

infer reviews and mentions

Posts with mentions or reviews of infer. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-11-22.
  • The State of Affine Types in C++?
    2 projects | reddit.com/r/cpp | 22 Nov 2022
    - borrow-cpp which exploits some null dereference checks in the infer static analyzer to model some of borrow checking.
  • Prusti: Static Analyzer for Rust
    8 projects | news.ycombinator.com | 13 Oct 2022
  • Programming Breakthroughs We Need
    17 projects | news.ycombinator.com | 17 Aug 2022
    > Maybe you could write tests as queries that would test a whole set of possible programs, not only the current version of your program at the moment.

    I think that the future of programming is more sophisticated static analysis. Programmers will write statements like, "every code path that writes to the Payments database must have called validate_user()." Then, the tooling will confirm that rule with every commit.

    We kind of have this already (for example, Facebook's Infer tool [0]), but I think it will become much more important in the coming decade.

    0: https://github.com/facebook/infer

  • Formally Verifying Industry Cryptography
    2 projects | news.ycombinator.com | 14 Jul 2022
    Great question! Formal methods groups in industry are growing rapidly and popping up in surprising places. Amazon's group is probably the most famous, but I think pretty much every big tech company has something going on in the formal verification / static analysis space. There's also a lot going on in blockchain . It's definitely becoming harder to hire people with FM skills, so in that sense, I think it's a great space to get into.

    The downside is that the space is quite fragmented and a lot of tools have a high skill bar. If I was starting out, I'd probably focus on static analysis (eg. Infer or something similar - https://github.com/facebook/infer) because those tools tend to be easier to learn, and they have the potential to scale to really big systems. In contrast, Coq is a fine tool, but most people learn it by going to grad school which isn't useful short term career advice.

    There are lot of great interviews with practitioners on the Galois podcast, Building Better Systems - that might be a good place to start exploring: https://www.stitcher.com/show/building-better-systems

  • Hard Things in Computer Science
    2 projects | news.ycombinator.com | 28 Jun 2022
    > The only reliable way to have bug-free code is to prove it. It requires solid mathematical foundations and a programming language that allows formal proofs.

    I'm going to be the "actually" guy and say that, actually, you can formally verify some studff about programs written in traditional/mainstream languages, like C. Matter of fact, this is a pretty lively research area, with some tools like CBMC [0] and Infer [1] also getting significant adoption in the industry.

    [0]: https://github.com/diffblue/cbmc

    [1]: https://fbinfer.com/

  • How to make develop C application easier?
    2 projects | reddit.com/r/C_Programming | 28 Mar 2022
    There are also static analyzers, for example PVS-Studio which is commercial and solid: https://pvs-studio.com/en/ The GCC compiler, starting with version 10, has a static analyzer that you activate with the “-fanalyzer” option. It’s still quite limited but I use it. Be sure the get GCC version 11.2 or later because the analyzer got much better after version 10. Facebook has a no-cost analyzer, but I haven’t tried it yet: https://fbinfer.com/
  • infer - A static analyzer for Java, C, C++, and Objective-C open-sourced by Facebook
    3 projects | reddit.com/r/programming | 5 Mar 2022
  • Hacker News top posts: Mar 5, 2022
    2 projects | reddit.com/r/hackerdigest | 5 Mar 2022
    A tool to detect bugs in Java and C/C++/Objective-C code before it ships\ (22 comments)
  • A tool to detect bugs in Java and C/C++/Objective-C code before it ships
    4 projects | news.ycombinator.com | 4 Mar 2022
  • Formal Verification Methods in industry
    4 projects | reddit.com/r/compsci | 31 Jan 2022
    When you say "formal verification methods", what kind of techniques are you interested in? While using interactive theorem provers will most likely not become very widespread, there are plenty of tools that use formal techniques to give more correctness guarantees. These tools might give some guarantees, but do not guarantee complete functional correctness. WireGuard (VPN tunnel) is I think a very interesting application where they verified the protocol. There are also some tools in use, e.g. Mythril and CrossHair, that focus on detecting bugs using symbolic execution. There's also INFER from Facebook/Meta which tries to verify memory safety automatically. The following GitHub repo might also interest you, it lists some companies that use formal methods: practical-fm
  • A note from our sponsor - Scout APM
    scoutapm.com | 1 Dec 2022
    Scout APM is great for developers who want to find and fix performance issues in their applications. With Scout, we'll take care of the bugs so you can focus on building great things 🚀. Learn more →

Stats

Basic infer repo stats
32
13,680
9.9
6 days ago
Static code analysis for 29 languages.
Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
www.sonarqube.org