Open-sourcing Facebook Infer: Identify bugs before you ship

Today, we’re open-sourcing Facebook Infer, a static program analyzer that Facebook uses to identify bugs before mobile code is shipped. Static analyzers are automated tools that spot bugs in …

Peter O'Hearn
7 min readintermediate
--
View Original

Overview

Facebook has open-sourced Facebook Infer, a static program analyzer designed to identify bugs in mobile code before deployment. This tool enhances the software development process by allowing developers to catch issues such as null pointer access and memory leaks early, ultimately improving the quality of applications like Facebook, Messenger, and Instagram.

What You'll Learn

1

How to use Facebook Infer to identify bugs in mobile applications

2

Why static analysis is crucial for mobile software development

3

When to implement static analysis in your development workflow

Key Questions Answered

What is Facebook Infer and how does it work?
Facebook Infer is a static program analyzer that identifies bugs in source code without executing it. It uses mathematical logic for symbolic reasoning about program execution, allowing developers to catch issues like null pointer access and memory leaks before shipping their code.
How does Facebook Infer improve mobile app development?
Facebook Infer helps developers by automatically identifying potential bugs in code modifications before they are committed. This process saves time and enhances product quality, as hundreds of bugs are fixed each month before reaching users.
What techniques does Facebook Infer use for analysis?
Facebook Infer employs separation logic and bi-abduction to efficiently analyze large codebases. Separation logic allows the tool to reason about independent parts of memory, while bi-abduction helps discover properties of code behavior, speeding up the analysis process.
What challenges does Facebook Infer address in software verification?
The tool tackles the challenge of analyzing millions of lines of code quickly, aiming to provide feedback on code modifications within approximately 10 minutes. This is crucial for maintaining the fast-paced development environment at Facebook.

Key Statistics & Figures

Fix rate for issues reported
80 percent
This high fix rate indicates the effectiveness of Facebook Infer in helping developers address potential problems quickly.
Number of modifications submitted for review daily
more than a thousand
This volume of changes underscores the need for efficient tools like Facebook Infer to manage the rapid pace of development.

Technologies & Tools

Static Program Analyzer
Facebook Infer
Used to identify bugs in mobile applications before they are shipped.

Key Actionable Insights

1
Integrate Facebook Infer into your development workflow to catch bugs early.
Using a static analyzer like Facebook Infer can significantly reduce the time spent on bug fixing, allowing developers to focus on building features rather than troubleshooting issues after deployment.
2
Utilize separation logic and bi-abduction techniques to enhance your own static analysis tools.
Understanding these advanced techniques can help in developing more efficient analyzers that can handle large codebases, improving the overall reliability of software products.
3
Adopt a continuous development and deployment model to keep pace with rapid changes.
This approach allows for quicker iterations and updates, which are essential in mobile app development where user expectations for performance and reliability are high.

Common Pitfalls

1
Relying solely on manual testing can lead to undetected bugs in mobile applications.
Manual testing is often not sufficient for identifying all potential issues, especially in complex codebases. Implementing automated tools like Facebook Infer can help mitigate this risk.

Related Concepts

Static Analysis
Program Verification
Software Development Best Practices