Some training material on Facebook's Infer tool. Infer is a static analysis bug finding tool.
Upon completion of this training, the student will be able to:
- Understand static analysis and its applications and limitations to bug finding
- Install Infer on a Linux machine
- Run Infer against a C/C++ source code target
- Enable different Infer Checkers, including Inferbo and Quandary
- Generate Infer HTML and JSON reports
- Read and understand Infer bug reports for code audit purposes
- Understand and develop Infer linters for syntactic bug finding
- How to use Infer with a compilation database
- How to generate CFGs and other front end compilation data for system understanding and debugging
- How to use Infer with CMake
- Knowledge and some profiiency in C and C++ coding, compilation and debugging
- Knowledge of C/C++ bug classes and Code Review principles and practice (TODO list some)
- Knowledge of Linux Shell commands and operating system operation
- Basic analysis of a target
- Inferbo: Buffer Overflow and Integer Bugs
- Quandary: Static Taint Analysis and Command Injection Bugs
- Linters: How to write a Linter in AL
- Feedback please...
- TODO