Infer : Experimental Checkers

Infer contains a number of experimental checkers that can be run using just like the normal infer analysis infer -a checkers --<checker_name> -- <your build command>. checker_name can be bufferoverrun, siof, or quandary. We'll explain the capabilities of each experimental checker, its level of maturity (on a scale including "in development", "medium", and "probably deployable"), and the language(s) it targets.

Inferbo

  • Languages: C (but should be easy to adapt to Objective-C/C++, and possibly Java.)
  • Maturity: Medium

Inferbo is a detector for out-of-bounds array accesses. You can read all about it in this blog post. It has been tuned for C, but we are planning to adapt it to other languages in the near future.

Quandary

  • Languages: Java, C/C++
  • Maturity: Medium

Quandary is a static taint analyzer that identifies a variety of unsafe information flows. It has a small list of built-in sources and sinks, and you can define custom sources and sinks in your .inferconfig file (see example here).