Static analyzers are automated tools that spot bugs in source code by scanning programs without running them. They complement traditional dynamic testing: Where testing allows individual runs through a piece of software to be checked for correctness, static analysis allows multiple and sometimes even all flows to be checked at once. Infer is a static analyzer that is used internally to analyze the main Facebook apps for Android and iOS, Facebook Messenger, and Instagram, among others. Infer reports bugs which are responsible for app crashes and performance issues, such as accessing null pointers, and leaking resources such as Context instances.
Each month, hundreds of potential bugs identified by Facebook Infer are fixed by our developers before they are committed to our codebases and deployed to people’s phones. Facebook Infer is open source (http://fbinfer.com/) so you can use it yourself.
This talk will show how to use Infer as part of the development workflow, and will present some of the results obtained on some real Android apps.