On Thursday, June 11th, Facebook open-sourced a new software development tool called Infer–a next generation static analyzer. Static analysis is the process of using a tool to scan for bugs in source code without actually running a program. Infer has the ability to detect null pointer access errors, as well as resource and memory leaks. Facebook estimates that Infer can catch up to 80% of these errors.
At wolfSSL we were quick to adopt this new opportunity to validate our code, and we ran Infer against the wolfSSL embedded SSL/TLS library codebase. The results were good:
$ inferTraceBugs
No issues found
As you can see, infer did not find any additional errors in wolfSSL`s codebase, giving us one more reason to be confident in the safety and quality of our code.
Going forward, we will integrate Facebook`s Infer into our arsenal of code analysis and testing tools. We run these tools throughout the development cycle to help ensure that we only release the safest possible product.
To read more about infer, visit fbinfer.com.