Infer version v1.2.0

This is a binary release of Infer for Linux and MacOS. To use it follow these instructions.

Changes

A lot has happened in the years since 1.1.0 so these are just the highlights. Full Changelog: v1.1.0...v1.2.0.

Checkers

• Pulse is now enabled by default and replaces Biabduction as the default memory and value analysis engine for Infer. Pulse powers a lot of issue types historically reported by other checkers, such as null dereferences, memory/resource leaks, reads of uninitialised values, as well as a range of new issue types such as (user-configurable) tainted data flows and C++ unnecessary object copies.

• The Resource Leak checker for .NET and Uninitialized Value checkers have been removed and their functionality moved to Pulse for improved precision.

• The linter framework ASTLanguage (AL) has been removed (previously deprecated). Other clang-based linter frameworks such as clang-tidy can be used instead.

• Eradicate has been removed (previously deprecated).

• Two other checkers have been deleted: Config Checks between Markers (previously experimental) and Immutable Cast (previously deprecated).

• Biabduction is now deprecated in favour of Pulse.

• Quandary is now deprecated in favour of Pulse's taint analysis.

• New checker: Lineage produces inter-procedural data flow graphs for Erlang code and provides commands to query taint paths in it.

• New checker: Parameter Not Null Checked for Objective-C, replacing the PARAMETER_NOT_NULL_CHECKED bug type reported by biabduction.

• New checker: Scope Leakage for Java and Kotlin, verifying that certain classes can never retain others in a configurable way.

• Annotation Reachability: support for C++ was dropped and Java support was improved to support using regexps to model annotated functions, and having field accesses as sinks.

Languages

• New Erlang frontend. You can analyse Erlang code compiling with erlc, rebar3 or buck2.

• New Hack frontend, based on hackc.

• New "Textual" intermediate frontend. Textual is a new input format that frontend writers may use to emit SIL, either in text form or from OCaml directly. It is currently used by the Hack frontend. Textual can also be used to write analysis models, i.e. stubs for certain functions that will be used during the analysis as if they were these functions' implementations.

Build System Integrations

• Clang upgraded to version 18.

• buck2 support.

Backend

• Incremental mode much improved, see the new --incremental-analysis flag in the updated workflow for CI document.

Command Line Interface

• infer report now generates the report files (eg infer-out/report.json) afresh from the stored analysis summaries on disk. The command doesn't dump the summaries to the console anymore, you can use infer debug --procedures --procedures-summary to do so.

• New option to dump a SARIF report of the issues found by infer: --sarif.

Downloads

The sha256 checksums of the tarballs are:

$ shasum -a 256 infer-*-v1.2.0.tar.xz
21504063fb3a1dbc7919f34dc6e50ca0d35f50b996d91deb7b8bea8243d52d82  infer-linux-x86_64-v1.2.0.tar.xz
dbbb27fade30a2ce26fc65cb6e0c722afaaa0fc3f38cec3f1bd6c35215a60b79  infer-osx-arm64-v1.2.0.tar.xz
59f08689f912c5da57cfa630938e3305afa45a732b0e269a02e38fa599f95013  infer-osx-x86_64-v1.2.0.tar.xz