ConfigsJul 1, 2026·3 min read

Infer — Static Analyzer for Java, C, C++, and Objective-C by Meta

Open-source static analysis tool that finds null pointer exceptions, resource leaks, and concurrency bugs before code ships.

Agent ready

Review-first install path

This asset needs a review step. The copied prompt tells the agent to dry-run, show the writes, then proceed only after confirmation.

Needs Confirmation · 66/100Policy: confirm
Agent surface
Any MCP/CLI agent
Kind
Skill
Install
Single
Trust
Trust: Established
Entrypoint
Infer
Review-first command
npx -y tokrepo@latest install 93c2ed97-754b-11f1-9bc6-00163e2b0d79 --target codex

Dry-run first, confirm the writes, then run this command.

Introduction

Infer is an open-source static analysis tool developed by Meta (Facebook). It catches bugs like null pointer dereferences, resource leaks, thread safety violations, and memory issues at compile time, before code reaches production. It is used at scale inside Meta on codebases with millions of lines of code.

What Infer Does

  • Detects null pointer exceptions and null dereference bugs in Java and C
  • Finds resource leaks (unclosed streams, connections, cursors)
  • Identifies thread safety and data race issues in concurrent code
  • Reports memory leaks and use-after-free bugs in C/C++/Objective-C
  • Integrates with build systems like Gradle, Maven, Buck, and Make

Architecture Overview

Infer uses a two-phase approach: a capture phase translates source code into an intermediate representation via compiler integration, then an analysis phase applies abstract interpretation techniques (bi-abduction and separation logic) to reason about memory, nullability, and concurrency properties across procedure boundaries.

Self-Hosting & Configuration

  • Install via Homebrew on macOS or build from source on Linux
  • Wrap your build command with infer run -- to analyze compiled code
  • Configure .inferconfig to suppress false positives or tune checkers
  • Run incrementally with infer run --reactive for faster CI feedback
  • Supports differential analysis to report only bugs introduced in a diff

Key Features

  • Interprocedural analysis that follows call chains across files and modules
  • Incremental and differential modes for fast CI integration
  • Separation logic engine enables precise memory and ownership reasoning
  • Supports Java, C, C++, and Objective-C out of the box
  • Battle-tested at Meta on Android, iOS, and backend services at scale

Comparison with Similar Tools

  • SpotBugs — Java bytecode analyzer; Infer works at source level across languages
  • Clang Static Analyzer — C/C++ focused; Infer adds Java and interprocedural depth
  • SonarQube — Rule-based linter and dashboard; Infer uses formal verification techniques
  • Semgrep — Pattern-matching scanner; Infer performs deeper dataflow analysis
  • Coverity — Commercial static analysis; Infer is fully open source

FAQ

Q: What languages does Infer support? A: Java, C, C++, and Objective-C. Experimental support for C# and Erlang is in development.

Q: Can Infer run in CI pipelines? A: Yes. Its differential mode analyzes only changed files and reports new bugs, keeping CI runs fast.

Q: How does Infer compare to linters? A: Linters check style and simple patterns. Infer performs deep interprocedural analysis using formal methods to find logic and memory bugs.

Q: Does Infer produce many false positives? A: Infer is tuned for precision. At Meta, it runs on every diff and developers fix the majority of reported issues.

Sources

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets