Configs2026年7月1日·1 分钟阅读

Infer — Static Analyzer for Java, C, C++, and Objective-C by Meta

Open-source static analysis tool that finds null pointer exceptions, resource leaks, and concurrency bugs before code ships.

Agent 就绪

先审查再安装

这个资产需要先审查。复制的指令会要求 Agent dry-run、列出写入项,确认后再继续。

Needs Confirmation · 66/100策略:需确认
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Single
信任
信任等级:Established
入口
Infer
先审查命令
npx -y tokrepo@latest install 93c2ed97-754b-11f1-9bc6-00163e2b0d79 --target codex

先 dry-run,确认写入项后再运行此命令。

Introduction

Infer is an open-source static analysis tool developed by Meta (Facebook). It catches bugs like null pointer dereferences, resource leaks, thread safety violations, and memory issues at compile time, before code reaches production. It is used at scale inside Meta on codebases with millions of lines of code.

What Infer Does

  • Detects null pointer exceptions and null dereference bugs in Java and C
  • Finds resource leaks (unclosed streams, connections, cursors)
  • Identifies thread safety and data race issues in concurrent code
  • Reports memory leaks and use-after-free bugs in C/C++/Objective-C
  • Integrates with build systems like Gradle, Maven, Buck, and Make

Architecture Overview

Infer uses a two-phase approach: a capture phase translates source code into an intermediate representation via compiler integration, then an analysis phase applies abstract interpretation techniques (bi-abduction and separation logic) to reason about memory, nullability, and concurrency properties across procedure boundaries.

Self-Hosting & Configuration

  • Install via Homebrew on macOS or build from source on Linux
  • Wrap your build command with infer run -- to analyze compiled code
  • Configure .inferconfig to suppress false positives or tune checkers
  • Run incrementally with infer run --reactive for faster CI feedback
  • Supports differential analysis to report only bugs introduced in a diff

Key Features

  • Interprocedural analysis that follows call chains across files and modules
  • Incremental and differential modes for fast CI integration
  • Separation logic engine enables precise memory and ownership reasoning
  • Supports Java, C, C++, and Objective-C out of the box
  • Battle-tested at Meta on Android, iOS, and backend services at scale

Comparison with Similar Tools

  • SpotBugs — Java bytecode analyzer; Infer works at source level across languages
  • Clang Static Analyzer — C/C++ focused; Infer adds Java and interprocedural depth
  • SonarQube — Rule-based linter and dashboard; Infer uses formal verification techniques
  • Semgrep — Pattern-matching scanner; Infer performs deeper dataflow analysis
  • Coverity — Commercial static analysis; Infer is fully open source

FAQ

Q: What languages does Infer support? A: Java, C, C++, and Objective-C. Experimental support for C# and Erlang is in development.

Q: Can Infer run in CI pipelines? A: Yes. Its differential mode analyzes only changed files and reports new bugs, keeping CI runs fast.

Q: How does Infer compare to linters? A: Linters check style and simple patterns. Infer performs deep interprocedural analysis using formal methods to find logic and memory bugs.

Q: Does Infer produce many false positives? A: Infer is tuned for precision. At Meta, it runs on every diff and developers fix the majority of reported issues.

Sources

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产