Analysis updated 2026-06-24
Add a static analysis gate to a C++ project that blocks PRs introducing null derefs
Scan an Android codebase for memory and concurrency bugs before release
Run a one off audit of a legacy Objective-C iOS app for resource leaks
Wrap an existing make or gradle build with infer capture and analyze
| facebook/infer | semgrep/semgrep | reasonml/reason | |
|---|---|---|---|
| Stars | 15,600 | 15,130 | 10,307 |
| Language | OCaml | OCaml | OCaml |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 4/5 | 3/5 | 3/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Java support pulls additional GPL components that must be installed separately from the MIT core.
Infer is a static analysis tool for Java, C++, Objective-C, and C, written in OCaml and originally developed at Facebook. Static analysis means it examines your source code without actually running it, looking for bugs such as null pointer dereferences (trying to use a variable that has no value), memory leaks (allocating memory that never gets freed), and other common coding errors. This kind of tool can catch problems before code is tested or deployed. Infer is licensed under the MIT License, though enabling Java support may require downloading additional components under the GPL. The README does not provide further detail beyond pointing to the documentation website at fbinfer.com for installation and getting-started guides.
Static analysis tool from Facebook that scans Java, C, C++, and Objective-C source for null derefs, memory leaks, and other bugs without running the code.
Mainly OCaml. The stack also includes OCaml, LLVM, Java.
MIT for the core tool. Some optional Java analysis components are GPL and need to be downloaded separately.
Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.