Automatic Bug Detection
Infer analyzes code to automatically detect potential bugs, saving developers time and reducing human error in the bug detection process.
Open Source
Being open source, Infer allows developers to contribute to its enhancement and customize its functionality to fit their specific needs.
Wide Language Support
Supports a variety of languages such as Java, C, C++, and Objective-C, which makes it a versatile tool for mixed-language codebases.
Pre-commit Validation
Can be integrated into CI/CD pipelines for pre-commit checks, helping to maintain high code quality by catching issues early in the development cycle.
I think most development occurs on problems that can't be formally modeled anyway. Most developers work on things like, "can you add this feature to the e-commerce site? And can the pop-up be blue?" which isn't really model-able. But that's not to say that formal methods are useless! We can still prove some interesting aspects of programs -- for example, that every lock that gets acquired later gets released. ... - Source: Hacker News / about 1 year ago
Using infer, someone else exploited null-dereference checks to introduce simple affine types in C++. Cppcheck also checks for null-dereferences. Unfortunately, that approach means that borrow-counting references have a larger sizeof than non-borrow counting references, so optimizing the count away potentially changes the semantics of a program which introduces a whole new way of writing subtly wrong code. Source: almost 2 years ago
Then this idea that the US government will tell tech companies how to write secure software. Let's get this straight, the private sector, especially big tech is miles ahead of US government in this regard. Microsoft literally invented threat modelling and modern exploit mitigations. Facebook has the best appsec processes pretty much in the whole world, including their own cutting edge code analyzer. AWS uses... Source: about 2 years ago
I notice there isn't fbinfer. It's pretty cool, and is used for this library. Source: about 2 years ago
"Move fast, break stuff" is a great approach when you aren't pushing the broken bits to production. Fuck, even Facebook, the big "move fast, break stuff" company, uses tools to detect errors in its continuous integration toolchain. https://fbinfer.com/. Source: over 2 years ago
TBH, there's a non-zero amount of non-"ivory tower" tools you may have used that are written in functional languages. Say, Pandoc or Shellcheck are written in Haskell; Infer and Flow are written in OCaml. RabbitMQ and Whatsapp are implemented in Erlang (FB Messenger was too, originally; they switched to the C++ servers later). Twitter backend is (or was, at least) written in Scala. Source: over 2 years ago
- borrow-cpp which exploits some null dereference checks in the infer static analyzer to model some of borrow checking. Source: over 2 years ago
Infer kind of does this, it has multiple frontends and provides linting capabilities https://fbinfer.com. - Source: Hacker News / over 2 years ago
Do you know an article comparing Infer by Facebook to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Infer by Facebook. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.
