You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1439 lines
68 KiB

NAME
infer - static analysis for Java and C/C++/Objective-C/Objective-C++
SYNOPSIS
infer analyze [options]
infer capture [options]
infer compile [options]
infer help [options]
infer explore [options]
infer report [options]
infer reportdiff [options]
infer run [options]
infer --compilation-database[-escaped] file [options]
infer [options] -- compile command
infer [options]
DESCRIPTION
Infer is a static analyzer. Given a collection of source files written
in Java or in languages of the C family, and a command to build them,
infer produces a list of potential issues.
Infer consists of a collection of tools referenced in the SEE ALSO
section of this manual. See their respective manuals for more
information.
When run without a subcommand, and if a compilation command is
specified via the -- option or one of the
--clang-compilation-database[-escaped] options, then infer behaves as
infer-run(1). Otherwise, infer behaves as infer-analyze(1).
OPTIONS
Every infer command accepts the arguments from all the other infer
commands.
Options are read from the .inferconfig file, then from the INFER_ARGS
environment variable, then from the command line. Options in
INFER_ARGS take precedence over options in .inferconfig, and options
passed on the command line take precedence over options in INFER_ARGS.
See the ENVIRONMENT and FILES sections of this manual for more
information.
Options can be specified inside an argument file file by passing @file
as argument. The format is one option per line, and enclosing single '
and double " quotes are ignored.
Options without a default value (e.g., --linter) and options with
list-like values (e.g., --Xbuck) all have a corresponding
--option-reset flag that resets their values to nothing or the empty
list, respectively. For instance, --Xbuck-reset will cancel any
previous --Xbuck option passed to infer.
See the manuals of individual infer commands for details about their
supported options. The following is a list of all the supported
options (see also --help-full for options reserved for internal use).
--annotation-reachability
Activates: checker annotation-reachability: Given a pair of source
and sink annotation, e.g. `@PerformanceCritical` and `@Expensive`,
this checker will warn whenever some method annotated with
`@PerformanceCritical` calls, directly or indirectly, another
method annotated with `@Expensive` (Conversely:
--no-annotation-reachability) See also infer-analyze(1).
--annotation-reachability-custom-pairs json
Specify custom sources/sink for the annotation reachability
checker Example format: for custom annotations
com.my.annotation.{Source1,Source2,Sink1}
{ "sources" : ["Source1", "Source2"], "sink" : "Sink1" }
See also infer-analyze(1).
--annotation-reachability-cxx json
Specify annotation reachability analyses to be performed on
C/C++/ObjC code. Each entry is a JSON object whose key is the
issue name. "sources" and "sinks" can be specified either by
symbol (including regexps) or path prefix. "sinks" optionally can
specify "overrides" (by symbol or path prefix) that block the
reachability analysis when hit. Example: {
"ISOLATED_REACHING_CONNECT": {
"doc_url":
"http:://example.com/issue/doc/optional_link.html",
"sources": {
"desc": "Code that should not call connect [optional]",
"paths": [ "isolated/" ]
},
"sinks": {
"symbols": [ "connect" ],
"overrides": { "symbol_regexps": [ ".*::Trusted::.*" ] }
}
}
}
This will cause us to create a new ISOLATED_REACHING_CONNECT
issue for every function whose source path starts with "isolated/"
that may reach the function named "connect", ignoring paths that
go through a symbol matching the OCaml regexp ".*::Trusted::.*".
See also infer-analyze(1).
--annotation-reachability-cxx-sources json
Override sources in all cxx annotation reachability specs with the
given sources spec See also infer-analyze(1).
--annotation-reachability-only
Activates: Enable annotation-reachability and disable all other
checkers (Conversely: --no-annotation-reachability-only)
See also infer-analyze(1).
--append-buck-flavors +string
Additional Buck flavors to append to targets discovered by the
--buck-compilation-database option. See also infer-capture(1).
--no-biabduction
Deactivates: checker biabduction: This analysis deals with a range
of issues, many linked to memory safety. (Conversely:
--biabduction) See also infer-analyze(1).
--biabduction-only
Activates: Enable biabduction and disable all other checkers
(Conversely: --no-biabduction-only) See also infer-analyze(1).
--biabduction-unsafe-malloc
Activates: Assume that malloc(3) never returns null. (Conversely:
--no-biabduction-unsafe-malloc) See also infer-analyze(1).
--biabduction-write-dotty
Activates: Produce dotty files for specs and retain cycles reports
in infer-out/captured. (Conversely: --no-biabduction-write-dotty)
See also infer-analyze(1).
--bo-debug int
Debug level for buffer-overrun checker (0-4) See also infer-analyze(1).
--bo-field-depth-limit int
Limit of field depth of abstract location in buffer-overrun
checker See also infer-analyze(1).
--bootclasspath string
Specify the Java bootclasspath See also infer-capture(1).
--buck-blacklist +regex
Skip capture of files matched by the specified regular expression.
Only the clang, non-compilation-database Buck integration is supported, not Java.
See also infer-capture(1) and infer-run(1).
--buck-clang
Activates: Buck integration for clang-based targets
(C/C++/Objective-C/Objective-C++). (Conversely: --no-buck-clang)
See also infer-capture(1).
--buck-clang-use-toolchain-config
Activates: Suppress setting buck config values for the infer
binary and other values in the buck-clang-flavor integration and
instead rely on buck toolchain configuration options. (Conversely:
--no-buck-clang-use-toolchain-config) See also infer-capture(1).
--buck-compilation-database { no-deps | deps }
Buck integration using the compilation database, with or without
dependencies. Only includes clang targets, as per Buck's
#compilation-database flavor. See also infer-capture(1).
--buck-compilation-database-depth int
Depth of dependencies used by the --buck-compilation-database deps
option. By default, all recursive dependencies are captured.
See also infer-capture(1).
--buck-java-flavor
Activates: Buck integration for Java which uses the buck flavor
#infer-java-capture instead of genrules like buck-java.
(Conversely: --no-buck-java-flavor) See also infer-capture(1).
--buck-java-flavor-suppress-config
Activates: Suppress setting buck config values for the infer
binary and its version in the buck-java-flavor integration.
(Conversely: --no-buck-java-flavor-suppress-config)
See also infer-capture(1).
--buck-java-heap-size-gb int
Explicitly set the size of the Java heap of Buck processes, in
gigabytes. See also infer-capture(1).
--buck-merge-all-deps
Activates: Find and merge all infer dependencies produced by buck.
Use this flag if infer doesn't find any files to analyze after a
successful capture. Only valid for --buck-clang. (Conversely:
--no-buck-merge-all-deps) See also infer-capture(1).
--buck-targets-blacklist +regex
Skip capture of buck targets matched by the specified regular
expression. Only valid for --buck-compilation-database.
See also infer-capture(1) and infer-run(1).
--bufferoverrun
Activates: checker bufferoverrun: InferBO is a detector for
out-of-bounds array accesses. (Conversely: --no-bufferoverrun)
See also infer-analyze(1).
--bufferoverrun-only
Activates: Enable bufferoverrun and disable all other checkers
(Conversely: --no-bufferoverrun-only) See also infer-analyze(1).
--capture-blacklist regex
Skip capture of files matched by the specified OCaml regular
expression (only supported by the javac integration for now).
See also infer-capture(1) and infer-run(1).
--censor-report +string
Specify a filter for issues to be censored by adding a
'censored_reason' field in the json report. Infer will not report
censored issues on the console output and in report.txt, but tools
that post-process the json report can take them into account. If
multiple filters are specified, they are applied in the order in
which they are specified. Each filter is applied to each issue
detected, and only issues which are accepted by all filters are
reported. Each filter is of the form:
`<issue_type_regex>:<filename_regex>:<reason_string>`. The first
two components are OCaml Str regular expressions, with an optional
`!` character prefix. If a regex has a `!` prefix, the polarity is
inverted, and the filter becomes a "blacklist" instead of a
"whitelist". Each filter is interpreted as an implication: an
issue matches if it does not match the `issue_type_regex` or if it
does match the `filename_regex`. The filenames that are tested by
the regex are relative to the `--project-root` directory. The
`<reason_string>` is a non-empty string used to explain why the
issue was filtered. See also infer-report(1) and infer-run(1).
--cfg-json file
Path to CFG json file See also infer-analyzejson(1).
--changed-files-index file
Specify the file containing the list of source files from which
reactive analysis should start. Source files should be specified
relative to project root or be absolute See also infer-analyze(1).
--clang-biniou-file file
Specify a file containing the AST of the program, in biniou
format. Please note you still need to provide a compilation
command. See also infer-capture(1).
--clang-blacklisted-flags +string
Clang flags to filter out See also infer-capture(1).
--clang-blacklisted-flags-with-arg +string
Clang flags (taking args) to filter out See also infer-capture(1).
--clang-compound-literal-init-limit int
Limit after which initialization of compound types (structs and
arrays) is not done element by element but using a builtin
function that each analysis has to model. See also infer-analyze(1) and infer-capture(1).
--clang-yojson-file file
Specify a file containing the AST of the program, in yojson
format. Please note you still need to provide a compilation
command. See also infer-capture(1).
--compilation-database +path
File that contain compilation commands (can be specified multiple
times) See also infer-capture(1).
--compilation-database-escaped +path
File that contain compilation commands where all entries are
escaped for the shell, eg coming from Xcode (can be specified
multiple times) See also infer-capture(1).
--config-checks-between-markers
Activates: checker config-checks-between-markers: [EXPERIMENTAL]
Collects config checks between marker start and end. (Conversely:
--no-config-checks-between-markers) See also infer-analyze(1).
--config-checks-between-markers-only
Activates: Enable config-checks-between-markers and disable all
other checkers (Conversely:
--no-config-checks-between-markers-only) See also infer-analyze(1).
--config-impact-analysis
Activates: checker config-impact-analysis: [EXPERIMENTAL] Collects
function that are called without config checks. (Conversely:
--no-config-impact-analysis) See also infer-analyze(1).
--config-impact-analysis-only
Activates: Enable config-impact-analysis and disable all other
checkers (Conversely: --no-config-impact-analysis-only)
See also infer-analyze(1).
--config-impact-current path
Config impact report of the latest revision See also infer-reportdiff(1).
--config-impact-data-file file
[ConfigImpact] Specify the file containing the config data
See also infer-report(1).
--config-impact-issues-tests file
Write a list of config impact issues in a format suitable for
config impact tests to file See also infer-report(1).
--config-impact-max-callees-to-print int
Specify the maximum number of unchecked callees to print in the
config impact checker See also infer-report(1) and infer-reportdiff(1).
--config-impact-previous path
Config impact report of the base revision to use for comparison
See also infer-reportdiff(1).
--continue
Activates: Continue the capture for the reactive analysis,
increasing the changed files/procedures. (If a procedure was
changed beforehand, keep the changed marking.) (Conversely:
--no-continue) See also infer-capture(1).
--continue-analysis
Activates: Continue the analysis after more targets are captured
by --continue. The other analysis options should be given the same
before. Not compatible with --reanalyze and
--incremental-analysis. (Conversely: --no-continue-analysis)
See also infer-analyze(1).
--cost
Activates: checker cost: Computes the time complexity of functions
and methods. Can be used to detect changes in runtime complexity
with `infer reportdiff`. (Conversely: --no-cost) See also infer-analyze(1).
--cost-issues-tests file
Write a list of cost issues in a format suitable for cost tests to
file See also infer-report(1).
--cost-only
Activates: Enable cost and disable all other checkers (Conversely:
--no-cost-only) See also infer-analyze(1).
--no-cost-suppress-func-ptr
Deactivates: Suppress printing function pointers in cost reports
(Conversely: --cost-suppress-func-ptr) See also infer-analyze(1).
--cost-tests-only-autoreleasepool
Activates: [EXPERIMENTAL] Report only autoreleasepool size results
in cost tests (Conversely: --no-cost-tests-only-autoreleasepool)
See also infer-report(1) and infer-reportdiff(1).
--costs-current path
Costs report of the latest revision See also infer-reportdiff(1).
--costs-previous path
Costs report of the base revision to use for comparison
See also infer-reportdiff(1).
--custom-symbols json
Specify named lists of symbols available to rules See also infer-analyze(1).
--no-cxx
Deactivates: Analyze C++ methods (Conversely: --cxx)
See also infer-capture(1).
--cxx-scope-guards json
Specify scope guard classes that can be read only by destructors
without being reported as dead stores. See also infer-analyze(1).
--debug,-g
Activates: Debug mode (also sets --debug-level 2,
--developer-mode, --print-buckets, --print-types,
--reports-include-ml-loc, --no-only-cheap-debug, --trace-error,
--write-html) (Conversely: --no-debug | -G) See also infer-analyze(1), infer-analyzejson(1),
infer-capture(1), infer-compile(1), infer-report(1),
infer-reportdiff(1), and infer-run(1).
--debug-level level
Debug level (sets --bo-debug level, --debug-level-analysis level,
--debug-level-capture level, --debug-level-linters level):
- 0: only basic debugging enabled
- 1: verbose debugging enabled
- 2: very verbose debugging enabled
See also infer-analyze(1), infer-analyzejson(1),
infer-capture(1), infer-compile(1), infer-report(1),
infer-reportdiff(1), and infer-run(1).
--debug-level-analysis int
Debug level for the analysis. See --debug-level for accepted
values. See also infer-analyze(1), infer-analyzejson(1),
infer-capture(1), infer-compile(1), infer-report(1),
infer-reportdiff(1), and infer-run(1).
--debug-level-capture int
Debug level for the capture. See --debug-level for accepted
values. See also infer-analyze(1), infer-analyzejson(1),
infer-capture(1), infer-compile(1), infer-report(1),
infer-reportdiff(1), and infer-run(1).
--debug-level-linters int
Debug level for the linters. See --debug-level for accepted
values. See also infer-analyze(1), infer-analyzejson(1),
infer-capture(1), infer-compile(1), infer-report(1),
infer-reportdiff(1), and infer-run(1).
--no-deduplicate
Deactivates: Apply issue-specific deduplication during analysis
and/or reporting. (Conversely: --deduplicate) See also infer-analyze(1), infer-report(1), and
infer-reportdiff(1).
--no-default-checkers
Deactivates: Default checkers: --biabduction,
--fragment-retains-view, --inefficient-keyset-iterator, --linters,
--liveness, --racerd, --dotnet-resource-leak, --siof,
--self-in-block, --starvation (Conversely: --default-checkers)
See also infer-analyze(1).
--no-default-linters
Deactivates: Use the default linters for the analysis.
(Conversely: --default-linters) See also infer-capture(1).
--dependencies
Activates: Translate all the dependencies during the capture. The
classes in the given jar file will be translated. No sources
needed. (Conversely: --no-dependencies) See also infer-capture(1).
--differential-filter-files string
Specify the file containing the list of source files for which a
differential report is desired. Source files should be specified
relative to project root or be absolute See also infer-report(1).
--disable-issue-type +issue_type
Do not show reports coming from this type of issue. Each checker
can report a range of issue types. This option provides
fine-grained filtering over which types of issue should be
reported once the checkers have run. In particular, note that
disabling issue types does not make the corresponding checker not
run. Available issue types are as follows:
ARBITRARY_CODE_EXECUTION_UNDER_LOCK (enabled by default),
ARRAY_OUT_OF_BOUNDS_L1 (disabled by default),
ARRAY_OUT_OF_BOUNDS_L2 (disabled by default),
ARRAY_OUT_OF_BOUNDS_L3 (disabled by default),
ASSIGN_POINTER_WARNING (enabled by default),
AUTORELEASEPOOL_SIZE_COMPLEXITY_INCREASE (enabled by default),
AUTORELEASEPOOL_SIZE_COMPLEXITY_INCREASE_UI_THREAD (enabled by
default),
AUTORELEASEPOOL_SIZE_UNREACHABLE_AT_EXIT (disabled by default),
Abduction_case_not_implemented (enabled by default),
Array_of_pointsto (enabled by default),
Assert_failure (enabled by default),
BAD_POINTER_COMPARISON (enabled by default),
BIABDUCTION_ANALYSIS_STOPS (disabled by default),
BIABDUCTION_MEMORY_LEAK (disabled by default),
BUFFER_OVERRUN_L1 (enabled by default),
BUFFER_OVERRUN_L2 (enabled by default),
BUFFER_OVERRUN_L3 (enabled by default),
BUFFER_OVERRUN_L4 (disabled by default),
BUFFER_OVERRUN_L5 (disabled by default),
BUFFER_OVERRUN_S2 (enabled by default),
BUFFER_OVERRUN_U5 (disabled by default),
Bad_footprint (enabled by default),
CAPTURED_STRONG_SELF (enabled by default),
CHECKERS_ALLOCATES_MEMORY (enabled by default),
CHECKERS_ANNOTATION_REACHABILITY_ERROR (enabled by default),
CHECKERS_CALLS_EXPENSIVE_METHOD (enabled by default),
CHECKERS_EXPENSIVE_OVERRIDES_UNANNOTATED (enabled by default),
CHECKERS_FRAGMENT_RETAINS_VIEW (enabled by default),
CHECKERS_IMMUTABLE_CAST (enabled by default),
CHECKERS_PRINTF_ARGS (enabled by default),
CLASS_CAST_EXCEPTION (disabled by default),
COMPONENT_WITH_MULTIPLE_FACTORY_METHODS (enabled by default),
CONDITION_ALWAYS_FALSE (disabled by default),
CONDITION_ALWAYS_TRUE (disabled by default),
CONFIG_CHECKS_BETWEEN_MARKERS (disabled by default),
CONFIG_IMPACT (disabled by default),
CONSTANT_ADDRESS_DEREFERENCE (disabled by default),
CREATE_INTENT_FROM_URI (enabled by default),
CROSS_SITE_SCRIPTING (enabled by default),
CXX_REFERENCE_CAPTURED_IN_OBJC_BLOCK (enabled by default),
Cannot_star (enabled by default),
DANGLING_POINTER_DEREFERENCE (disabled by default),
DANGLING_POINTER_DEREFERENCE_MAYBE (disabled by default),
DEADLOCK (enabled by default),
DEAD_STORE (enabled by default),
DIRECT_ATOMIC_PROPERTY_ACCESS (enabled by default),
DISCOURAGED_WEAK_PROPERTY_CUSTOM_SETTER (enabled by default),
DIVIDE_BY_ZERO (disabled by default),
DOTNET_RESOURCE_LEAK (enabled by default),
DO_NOT_REPORT (enabled by default),
EMPTY_VECTOR_ACCESS (enabled by default),
ERADICATE_ANNOTATION_GRAPH (enabled by default),
ERADICATE_BAD_NESTED_CLASS_ANNOTATION (enabled by default),
ERADICATE_CONDITION_REDUNDANT (enabled by default),
ERADICATE_FIELD_NOT_INITIALIZED (enabled by default),
ERADICATE_FIELD_NOT_NULLABLE (enabled by default),
ERADICATE_FIELD_OVER_ANNOTATED (enabled by default),
ERADICATE_INCONSISTENT_SUBCLASS_PARAMETER_ANNOTATION (enabled
by default),
ERADICATE_INCONSISTENT_SUBCLASS_RETURN_ANNOTATION (enabled by
default),
ERADICATE_META_CLASS_CAN_BE_NULLSAFE (disabled by default),
ERADICATE_META_CLASS_IS_NULLSAFE (disabled by default),
ERADICATE_META_CLASS_NEEDS_IMPROVEMENT (disabled by default),
ERADICATE_NULLABLE_DEREFERENCE (enabled by default),
ERADICATE_PARAMETER_NOT_NULLABLE (enabled by default),
ERADICATE_REDUNDANT_NESTED_CLASS_ANNOTATION (enabled by
default),
ERADICATE_RETURN_NOT_NULLABLE (enabled by default),
ERADICATE_RETURN_OVER_ANNOTATED (enabled by default),
ERADICATE_UNCHECKED_USAGE_IN_NULLSAFE (enabled by default),
ERADICATE_UNVETTED_THIRD_PARTY_IN_NULLSAFE (enabled by
default),
EXECUTION_TIME_COMPLEXITY_INCREASE (enabled by default),
EXECUTION_TIME_COMPLEXITY_INCREASE_UI_THREAD (enabled by
default),
EXECUTION_TIME_UNREACHABLE_AT_EXIT (disabled by default),
EXPENSIVE_AUTORELEASEPOOL_SIZE (disabled by default),
EXPENSIVE_EXECUTION_TIME (disabled by default),
EXPENSIVE_LOOP_INVARIANT_CALL (enabled by default),
EXPOSED_INSECURE_INTENT_HANDLING (enabled by default),
Failure_exe (enabled by default),
GLOBAL_VARIABLE_INITIALIZED_WITH_FUNCTION_OR_METHOD_CALL
(disabled by default),
GUARDEDBY_VIOLATION (enabled by default),
GUARDEDBY_VIOLATION_NULLSAFE (enabled by default),
IMPURE_FUNCTION (enabled by default),
INEFFICIENT_KEYSET_ITERATOR (enabled by default),
INFERBO_ALLOC_IS_BIG (enabled by default),
INFERBO_ALLOC_IS_NEGATIVE (enabled by default),
INFERBO_ALLOC_IS_ZERO (enabled by default),
INFERBO_ALLOC_MAY_BE_BIG (enabled by default),
INFERBO_ALLOC_MAY_BE_NEGATIVE (enabled by default),
INFINITE_AUTORELEASEPOOL_SIZE (disabled by default),
INFINITE_EXECUTION_TIME (disabled by default),
INHERENTLY_DANGEROUS_FUNCTION (enabled by default),
INSECURE_INTENT_HANDLING (enabled by default),
INTEGER_OVERFLOW_L1 (enabled by default),
INTEGER_OVERFLOW_L2 (enabled by default),
INTEGER_OVERFLOW_L5 (disabled by default),
INTEGER_OVERFLOW_U5 (disabled by default),
INTERFACE_NOT_THREAD_SAFE (enabled by default),
INVARIANT_CALL (disabled by default),
IPC_ON_UI_THREAD (enabled by default),
IVAR_NOT_NULL_CHECKED (enabled by default),
Internal_error (enabled by default),
JAVASCRIPT_INJECTION (enabled by default),
LAB_RESOURCE_LEAK (enabled by default),
LOCKLESS_VIOLATION (enabled by default),
LOCK_CONSISTENCY_VIOLATION (enabled by default),
LOGGING_PRIVATE_DATA (enabled by default),
Leak_after_array_abstraction (enabled by default),
Leak_in_footprint (enabled by default),
Leak_unknown_origin (disabled by default),
MEMORY_LEAK (enabled by default),
MISSING_REQUIRED_PROP (enabled by default),
MIXED_SELF_WEAKSELF (enabled by default),
MODIFIES_IMMUTABLE (enabled by default),
MULTIPLE_WEAKSELF (enabled by default),
MUTABLE_LOCAL_VARIABLE_IN_COMPONENT_FILE (enabled by default),
Missing_fld (enabled by default),
NIL_BLOCK_CALL (enabled by default),
NIL_INSERTION_INTO_COLLECTION (enabled by default),
NIL_MESSAGING_TO_NON_POD (enabled by default),
NONEXHAUSTIVE_PATTERN_MATCH (enabled by default),
NULLPTR_DEREFERENCE (enabled by default),
NULL_DEREFERENCE (enabled by default),
OPTIONAL_EMPTY_ACCESS (enabled by default),
PARAMETER_NOT_NULL_CHECKED (enabled by default),
POINTER_TO_CONST_OBJC_CLASS (enabled by default),
PRECONDITION_NOT_FOUND (enabled by default),
PRECONDITION_NOT_MET (enabled by default),
PREMATURE_NIL_TERMINATION_ARGUMENT (enabled by default),
PULSE_UNINITIALIZED_VALUE (enabled by default),
PURE_FUNCTION (enabled by default),
QUANDARY_TAINT_ERROR (enabled by default),
RESOURCE_LEAK (enabled by default),
RETAIN_CYCLE (enabled by default),
SHELL_INJECTION (enabled by default),
SHELL_INJECTION_RISK (enabled by default),
SKIP_FUNCTION (disabled by default),
SQL_INJECTION (enabled by default),
SQL_INJECTION_RISK (enabled by default),
STACK_VARIABLE_ADDRESS_ESCAPE (enabled by default),
STARVATION (enabled by default),
STATIC_INITIALIZATION_ORDER_FIASCO (enabled by default),
STRICT_MODE_VIOLATION (enabled by default),
STRONG_DELEGATE_WARNING (enabled by default),
STRONG_SELF_NOT_CHECKED (enabled by default),
Symexec_memory_error (enabled by default),
THREAD_SAFETY_VIOLATION (enabled by default),
THREAD_SAFETY_VIOLATION_NULLSAFE (enabled by default),
TOPL_ERROR (enabled by default),
UNINITIALIZED_VALUE (enabled by default),
UNREACHABLE_CODE (enabled by default),
UNTRUSTED_BUFFER_ACCESS (disabled by default),
UNTRUSTED_DESERIALIZATION (enabled by default),
UNTRUSTED_DESERIALIZATION_RISK (enabled by default),
UNTRUSTED_ENVIRONMENT_CHANGE_RISK (enabled by default),
UNTRUSTED_FILE (enabled by default),
UNTRUSTED_FILE_RISK (enabled by default),
UNTRUSTED_HEAP_ALLOCATION (disabled by default),
UNTRUSTED_INTENT_CREATION (enabled by default),
UNTRUSTED_URL_RISK (enabled by default),
UNTRUSTED_VARIABLE_LENGTH_ARRAY (enabled by default),
USER_CONTROLLED_SQL_RISK (enabled by default),
USE_AFTER_DELETE (enabled by default),
USE_AFTER_FREE (enabled by default),
USE_AFTER_LIFETIME (enabled by default),
VECTOR_INVALIDATION (enabled by default),
WEAK_SELF_IN_NO_ESCAPE_BLOCK (enabled by default),
Wrong_argument_number (enabled by default).
See also infer-report(1).
--dump-duplicate-symbols
Activates: Dump all symbols with the same name that are defined in
more than one file. (Conversely: --no-dump-duplicate-symbols)
See also infer-capture(1).
--enable-issue-type +issue_type
Show reports coming from this type of issue. By default, all issue
types are enabled except the ones listed in --disable-issue-type.
Note that enabling issue types does not make the corresponding
checker run; see individual checker options to turn them on or
off. See also infer-report(1).
--eradicate
Activates: checker eradicate: The eradicate `@Nullable` checker
for Java annotations. (Conversely: --no-eradicate) See also infer-analyze(1).
--eradicate-only
Activates: Enable eradicate and disable all other checkers
(Conversely: --no-eradicate-only) See also infer-analyze(1).
--erlang-ast-dir dir
Also load AST from all .json files in the given path. These .json
files usually come from a previous run with --debug.
See also infer-capture(1).
--erlang-skip-rebar3
Activates: Skip running rebar, to save time. It is useful together
with --erlang-ast-dir. (Conversely: --no-erlang-skip-rebar3)
See also infer-capture(1).
--external-java-packages +prefix
Specify a list of Java package prefixes for external Java
packages. If set, the analysis will not report non-actionable
warnings on those packages. See also infer-analyze(1).
--fail-on-issue
Activates: Exit with error code 2 if Infer found something to
report (Conversely: --no-fail-on-issue) See also infer-run(1).
--file-renamings path
JSON with a list of file renamings to use while computing
differential reports See also infer-reportdiff(1).
--no-filtering,-F
Deactivates: Do not show the experimental and blacklisted issue
types (Conversely: --filtering | -f) See also infer-report(1).
--force-delete-results-dir
Activates: Do not refuse to delete the results directory if it
doesn't look like an infer results directory. (Conversely:
--no-force-delete-results-dir) See also infer-capture(1), infer-compile(1), and infer-run(1).
--force-integration command
Proceed as if the first argument after -- was command. Possible
values: ant, buck, gradle, gradlew, java, javac, cc, clang, gcc,
clang++, c++, g++, make, configure, cmake, waf, mvn, mvnw,
ndk-build, rebar3, xcodebuild. See also infer-capture(1) and infer-run(1).
--no-fragment-retains-view
Deactivates: checker fragment-retains-view: Detects when Android
fragments are not explicitly nullified before becoming
unreachable. (Conversely: --fragment-retains-view) See also infer-analyze(1).
--fragment-retains-view-only
Activates: Enable fragment-retains-view and disable all other
checkers (Conversely: --no-fragment-retains-view-only)
See also infer-analyze(1).
--from-json-config-impact-report config-impact-report.json
Load costs analysis results from a config-impact-report file.
See also infer-report(1).
--from-json-costs-report costs-report.json
Load costs analysis results from a costs-report file.
See also infer-report(1).
--from-json-report report.json
Load analysis results from a report file (default is to load the
results from the specs files generated by the analysis).
See also infer-report(1).
--frontend-tests
Activates: Save filename.ext.test.dot with the cfg in dotty format
for frontend tests (also sets --print-types) (Conversely:
--no-frontend-tests) See also infer-capture(1).
--generated-classes path
Specify where to load the generated class files See also infer-capture(1).
--global-tenv
Activates: Print the global type environment. (Conversely:
--no-global-tenv) See also infer-debug(1).
--headers
Activates: Analyze code in header files (Conversely: --no-headers)
See also infer-capture(1).
--help
Show this manual See also infer-analyze(1), infer-analyzejson(1),
infer-capture(1), infer-compile(1), infer-debug(1),
infer-explore(1), infer-help(1), infer-report(1),
infer-reportdiff(1), and infer-run(1).
--help-checker +checker-id
Show information about a checker, for example biabduction. To see
the list of all checkers, see --list-checkers. See also infer-help(1).
--help-format { auto | groff | pager | plain }
Show this help in the specified format. auto sets the format to
plain if the environment variable TERM is "dumb" or undefined, and
to pager otherwise. See also infer-analyze(1), infer-analyzejson(1),
infer-capture(1), infer-compile(1), infer-debug(1),
infer-explore(1), infer-help(1), infer-report(1),
infer-reportdiff(1), and infer-run(1).
--help-full
Show this manual with all internal options in the INTERNAL OPTIONS
section See also infer-analyze(1), infer-analyzejson(1),
infer-capture(1), infer-compile(1), infer-debug(1),
infer-explore(1), infer-help(1), infer-report(1),
infer-reportdiff(1), and infer-run(1).
--help-issue-type +UNIQUE_ID
Show information about an issue type, for example
NULL_DEREFERENCE. To see the list of all issue types, see
--list-issue-types. See also infer-help(1).
--no-hoisting-report-only-expensive
Deactivates: [Hoisting] Report loop-invariant calls only when the
function is expensive, i.e. at least linear (Conversely:
--hoisting-report-only-expensive) See also infer-report(1).
--html
Activates: Generate an html report of issues found. (Conversely:
--no-html) See also infer-explore(1).
--immutable-cast
Activates: checker immutable-cast: Detection of object cast from
immutable types to mutable types. For instance, it will detect
casts from `ImmutableList` to `List`, `ImmutableMap` to `Map`, and
`ImmutableSet` to `Set`. (Conversely: --no-immutable-cast)
See also infer-analyze(1).
--immutable-cast-only
Activates: Enable immutable-cast and disable all other checkers
(Conversely: --no-immutable-cast-only) See also infer-analyze(1).
--impurity
Activates: checker impurity: Detects functions with potential
side-effects. Same as "purity", but implemented on top of Pulse.
(Conversely: --no-impurity) See also infer-analyze(1).
--impurity-only
Activates: Enable impurity and disable all other checkers
(Conversely: --no-impurity-only) See also infer-analyze(1).
--impurity-report-immutable-modifications
Activates: Report modifications to immutable fields in the
Impurity checker (Conversely:
--no-impurity-report-immutable-modifications) See also infer-analyze(1).
--no-inefficient-keyset-iterator
Deactivates: checker inefficient-keyset-iterator: Check for
inefficient uses of iterators that iterate on keys then lookup
their values, instead of iterating on key-value pairs directly.
(Conversely: --inefficient-keyset-iterator) See also infer-analyze(1).
--inefficient-keyset-iterator-only
Activates: Enable inefficient-keyset-iterator and disable all
other checkers (Conversely: --no-inefficient-keyset-iterator-only)
See also infer-analyze(1).
--issues-tests file
Write a list of issues in a format suitable for tests to file
See also infer-report(1).
--issues-tests-fields ,-separated sequence of { bug_type | bucket |
qualifier | severity | line | column | procedure |
procedure_start_line | file | bug_trace | key | hash | line_offset |
qualifier_contains_potential_exception_note | nullsafe_extra }
Fields to emit with --issues-tests See also infer-report(1).
--java-jar-compiler path
Specify the Java compiler jar used to generate the bytecode
See also infer-capture(1).
--java-version int
The version of Java being used. Set it to your Java version if mvn
is failing. See also infer-analyze(1) and infer-capture(1).
--jobs,-j int
Run the specified number of analysis jobs simultaneously
See also infer-analyze(1).
--keep-going
Activates: Keep going when the analysis encounters a failure
(Conversely: --no-keep-going) See also infer-analyze(1).
--kotlin-capture
Activates: Enable Kotlin capture (experimental, do not use).
(Conversely: --no-kotlin-capture) See also infer-capture(1).
--linter string
From the linters available, only run this one linter. (Useful
together with --linters-developer-mode) See also infer-capture(1).
--no-linters
Deactivates: checker linters: Declarative linting framework over
the Clang AST. (Conversely: --linters) See also infer-analyze(1).
--linters-def-file +file
Specify the file containing linters definition (e.g. 'linters.al')
See also infer-capture(1).
--linters-def-folder +dir
Specify the folder containing linters files with extension .al
See also infer-capture(1).
--linters-developer-mode
Activates: Debug mode for developing new linters. (Sets the
analyzer to linters; also sets --debug, --debug-level-linters 2,
--developer-mode, and unsets --allowed-failures and
--default-linters. (Conversely: --no-linters-developer-mode)
See also infer-capture(1).
--linters-doc-url +string
Specify custom documentation URL for some linter that overrides
the default one. Useful if your project has specific ways of
fixing a lint error that is not true in general or public info.
Format: linter_name:doc_url. See also infer-capture(1).
--linters-ignore-clang-failures
Activates: Continue linting files even if some compilation fails.
(Conversely: --no-linters-ignore-clang-failures) See also infer-capture(1).
--linters-only
Activates: Enable linters and disable all other checkers
(Conversely: --no-linters-only) See also infer-analyze(1).
--linters-validate-syntax-only
Activates: Validate syntax of AL files, then emit possible errors
in JSON format to stdout (Conversely:
--no-linters-validate-syntax-only) See also infer-capture(1).
--list-checkers
Activates: Show the list of all available checkers. (Conversely:
--no-list-checkers) See also infer-help(1).
--list-issue-types
Activates: Show the list of all issue types that infer might
report. (Conversely: --no-list-issue-types) See also infer-help(1).
--litho-required-props
Activates: checker litho-required-props: Checks that all
non-optional `@Prop`s have been specified when constructing Litho
components. (Conversely: --no-litho-required-props)
See also infer-analyze(1).
--litho-required-props-only
Activates: Enable litho-required-props and disable all other
checkers (Conversely: --no-litho-required-props-only)
See also infer-analyze(1).
--no-liveness
Deactivates: checker liveness: Detection of dead stores and unused
variables. (Conversely: --liveness) See also infer-analyze(1).
--liveness-dangerous-classes json
Specify classes where the destructor should be ignored when
computing liveness. In other words, assignement to variables of
these types (or common wrappers around these types such as
unique_ptr<type>) will count as dead stores when the variables are
not read explicitly by the program. See also infer-analyze(1).
--liveness-ignored-constant +string
List of integer constants to be ignored by liveness analysis
See also infer-analyze(1).
--liveness-only
Activates: Enable liveness and disable all other checkers
(Conversely: --no-liveness-only) See also infer-analyze(1).
--load-average,-l float
Do not start new parallel jobs if the load average is greater than
that specified (Buck and make only) See also infer-capture(1).
--loop-hoisting
Activates: checker loop-hoisting: Detect opportunities to hoist
function calls that are invariant outside of loop bodies for
efficiency. (Conversely: --no-loop-hoisting) See also infer-analyze(1).
--loop-hoisting-only
Activates: Enable loop-hoisting and disable all other checkers
(Conversely: --no-loop-hoisting-only) See also infer-analyze(1).
--no-mask-sawja-exceptions
Deactivates: Mask exceptions thrown by Sawja/Javalib during Java
capture (Conversely: --mask-sawja-exceptions) See also infer-capture(1).
--max-jobs int
Maximum number of analysis jobs running simultaneously
See also infer-analyze(1).
--max-nesting int
Level of nested procedure calls to show. Trace elements beyond the
maximum nesting level are skipped. If omitted, all levels are
shown. See also infer-explore(1).
--memtrace-analysis-profiling
Activates: Generate OCaml analysis allocation traces in
`infer-out/memtrace`. (Conversely:
--no-memtrace-analysis-profiling) See also infer-analyze(1).
--memtrace-sampling-rate float
Sampling rate for Memtrace allocation profiling. Default is 1e-6.
See also infer-analyze(1).
--merge
Activates: Merge the captured results directories specified in the
dependency file. (Conversely: --no-merge) See also infer-analyze(1).
--pmd-xml
Activates: Output issues in (PMD) XML format in
infer-out/report.xml (Conversely: --no-pmd-xml) See also infer-run(1).
--print-active-checkers
Activates: Print the active checkers before starting the analysis
(Conversely: --no-print-active-checkers) See also infer-analyze(1).
--print-logs
Activates: Also log messages to stdout and stderr (Conversely:
--no-print-logs) See also infer-analyze(1), infer-capture(1), infer-report(1), and
infer-run(1).
--printf-args
Activates: checker printf-args: Detect mismatches between the Java
`printf` format strings and the argument types For example, this
checker will warn about the type error in `printf("Hello %d",
"world")` (Conversely: --no-printf-args) See also infer-analyze(1).
--printf-args-only
Activates: Enable printf-args and disable all other checkers
(Conversely: --no-printf-args-only) See also infer-analyze(1).
--procedures
Activates: Print functions and methods discovered by infer
(Conversely: --no-procedures) See also infer-debug(1).
--procedures-attributes
Activates: Print the attributes of each procedure in the output of
--procedures (Conversely: --no-procedures-attributes)
See also infer-debug(1).
--procedures-cfg
Activates: Output a dotty file in
infer-out/captured/<file_name>/<proc_name>.dot for each procedure
in the output of --procedures (Conversely: --no-procedures-cfg)
See also infer-debug(1).
--no-procedures-definedness
Deactivates: Include procedures definedness in the output of
--procedures, i.e. whether the procedure definition was found, or
only the procedure declaration, or the procedure is an
auto-generated Objective-C accessor (Conversely:
--procedures-definedness) See also infer-debug(1).
--procedures-filter filter
With --procedures, only print functions and methods (procedures)
matching the specified filter. A procedure filter is of the form
path_pattern:procedure_name. Patterns are interpreted as OCaml Str
regular expressions. For instance, to keep only methods named
"foo", one can use the filter ".*:foo", or "foo" for short.
See also infer-debug(1).
--procedures-name
Activates: Include procedures names in the output of --procedures
(Conversely: --no-procedures-name) See also infer-debug(1).
--no-procedures-source-file
Deactivates: Include the source file in which the procedure
definition or declaration was found in the output of --procedures
(Conversely: --procedures-source-file) See also infer-debug(1).
[infer] Add summary-lookup option in infer-explore Summary: Problem: `infer report <specs file name>` is called manually sometimes to see analysis results in CLI. However, giving the specs file name is sometimes annoying, because the specs file name may be quite long and include special characters sometimes. This diff introduces `--procedures-summary` to lookup the summaries interactively in `infer explore`. example1: There are 8 procedures that include "max" in their names, then I selected one of them by entering a number. ``` $ infer explore --procedures --procedures-filter '.*max.*' --procedures-summary 0: minmax_div_const2_Bad_FN 1: minmax_div_const_Good 2: use_int64_max_Bad 3: use_uint64_max_Good 4: use_int64_max_Good 5: minmax_div_const_Bad 6: minmax_div_const2_Good 7: use_uint64_max_Bad Select one number (type 'a' for selecting all, 'q' for quit): 2 void use_int64_max_Bad() Analyzed ERRORS: BUFFER_OVERRUN_L1 WARNINGS: FAILURE:NONE SYMOPS:0 BufferOverrunAnalysis: StackLocs: { } MemPure: { } Alias: { ret= } BufferOverrunChecker: Safety conditions: { } ``` example2: If there is only one specs file that satisfies the given filter, it reports the summary of that procedure without an interaction. ``` $ infer explore --procedures --procedures-filter '.*add_in_loop_ok.*' --procedures-summary Selected proc name: void ArrayListTest.add_in_loop_ok() void void ArrayListTest.add_in_loop_ok()(ArrayListTest* this) Analyzed ERRORS: WARNINGS: FAILURE:NONE SYMOPS:0 BufferOverrunAnalysis: StackLocs: { } MemPure: { } Alias: { i=size(__new-390022197-0-1.elements), ret= } LatestPrune: latest { i -> (5, { }, { }) by ((5, { }, { }) >= (5, { }, { })), __new-390022197-0-1.elements -> (⊥, { }, { __new-390022197-1-1 -> length : 5 }) by ((5, { }, { }) >= (5, { }, { })) } BufferOverrunChecker: Safety conditions: { } ``` Reviewed By: jvillard Differential Revision: D20284052 fbshipit-source-id: 2131339f1
5 years ago
--procedures-summary
Activates: Print the summaries of each procedure in the output of
--procedures (Conversely: --no-procedures-summary) See also infer-debug(1).
[infer] Add summary-lookup option in infer-explore Summary: Problem: `infer report <specs file name>` is called manually sometimes to see analysis results in CLI. However, giving the specs file name is sometimes annoying, because the specs file name may be quite long and include special characters sometimes. This diff introduces `--procedures-summary` to lookup the summaries interactively in `infer explore`. example1: There are 8 procedures that include "max" in their names, then I selected one of them by entering a number. ``` $ infer explore --procedures --procedures-filter '.*max.*' --procedures-summary 0: minmax_div_const2_Bad_FN 1: minmax_div_const_Good 2: use_int64_max_Bad 3: use_uint64_max_Good 4: use_int64_max_Good 5: minmax_div_const_Bad 6: minmax_div_const2_Good 7: use_uint64_max_Bad Select one number (type 'a' for selecting all, 'q' for quit): 2 void use_int64_max_Bad() Analyzed ERRORS: BUFFER_OVERRUN_L1 WARNINGS: FAILURE:NONE SYMOPS:0 BufferOverrunAnalysis: StackLocs: { } MemPure: { } Alias: { ret= } BufferOverrunChecker: Safety conditions: { } ``` example2: If there is only one specs file that satisfies the given filter, it reports the summary of that procedure without an interaction. ``` $ infer explore --procedures --procedures-filter '.*add_in_loop_ok.*' --procedures-summary Selected proc name: void ArrayListTest.add_in_loop_ok() void void ArrayListTest.add_in_loop_ok()(ArrayListTest* this) Analyzed ERRORS: WARNINGS: FAILURE:NONE SYMOPS:0 BufferOverrunAnalysis: StackLocs: { } MemPure: { } Alias: { i=size(__new-390022197-0-1.elements), ret= } LatestPrune: latest { i -> (5, { }, { }) by ((5, { }, { }) >= (5, { }, { })), __new-390022197-0-1.elements -> (⊥, { }, { __new-390022197-1-1 -> length : 5 }) by ((5, { }, { }) >= (5, { }, { })) } BufferOverrunChecker: Safety conditions: { } ``` Reviewed By: jvillard Differential Revision: D20284052 fbshipit-source-id: 2131339f1
5 years ago
--procedures-summary-json
Activates: Emit the summaries of each procedure in the output of
--procedures as JSON (Conversely: --no-procedures-summary-json)
See also infer-debug(1).
--no-progress-bar,-P
Deactivates: Show a progress bar (Conversely: --progress-bar | -p)
See also infer-run(1).
--progress-bar-style { auto | plain | multiline }
Style of the progress bar. auto selects multiline if connected to
a tty, otherwise plain. See also infer-analyze(1) and infer-capture(1).
--project-root,-C dir
Specify the root directory of the project See also infer-analyze(1), infer-capture(1), infer-report(1), and
infer-run(1).
--pulse
Activates: checker pulse: Memory and lifetime analysis.
(Conversely: --no-pulse) See also infer-analyze(1).
--pulse-cut-to-one-path-procedures-pattern string
Regex of methods for which pulse will only explore one path. Can
be used on pathologically large procedures to prevent too-big
states from being produced. See also infer-analyze(1).
--pulse-model-abort +string
Methods that should be modelled as abort in Pulse See also infer-analyze(1).
--pulse-model-alloc-pattern string
Regex of methods that should be modelled as allocs in Pulse
See also infer-analyze(1).
--pulse-model-free-pattern string
Regex of methods that should be modelled as wrappers to free(3) in
Pulse. The pointer to be freed should be the first argument of the
function. This should only be needed if the code of the wrapper is
not visible to infer or if Pulse somehow doesn't understand it
(e.g. the call is dispatched to global function pointers).
See also infer-analyze(1).
--pulse-model-malloc-pattern string
Regex of methods that should be modelled as wrappers to malloc(3)
in Pulse. The size to allocate should be the first argument of the
function. See --pulse-model-free-pattern for more information.
See also infer-analyze(1).
--pulse-model-realloc-pattern string
Regex of methods that should be modelled as wrappers to realloc(3)
in Pulse. The pointer to be reallocated should be the first
argument of the function and the new size the second argument. See
--pulse-model-free-pattern for more information. See also infer-analyze(1).
--pulse-model-release-pattern string
Regex of methods that should be modelled as release in Pulse
See also infer-analyze(1).
--pulse-model-return-first-arg string
Regex of methods that should be modelled as returning the first
argument in Pulse See also infer-analyze(1).
--pulse-model-return-nonnull string
Regex of methods that should be modelled as returning non-null in
Pulse See also infer-analyze(1).
--pulse-model-skip-pattern string
Regex of methods that should be modelled as "skip" in Pulse
See also infer-analyze(1).
--pulse-model-transfer-ownership +string
Methods that should be modelled as transfering memory ownership in
Pulse. Accepted formats are method or namespace::method
See also infer-analyze(1).
--pulse-only
Activates: Enable pulse and disable all other checkers
(Conversely: --no-pulse-only) See also infer-analyze(1).
--pulse-report-ignore-unknown-java-methods-patterns +string
On Java, issues that are found on program paths that contain calls
to unknown methods (those without implementation) are not reported
unless all the unknown method names match this pattern. If the
empty list is provided with
--pulse-report-ignore-unknown-java-methods-patterns-reset, all
issues will be reported regardless the presence of unknown code
See also infer-analyze(1).
--purity
Activates: checker purity: Detects pure (side-effect-free)
functions. A different implementation of "impurity". (Conversely:
--no-purity) See also infer-analyze(1).
--purity-only
Activates: Enable purity and disable all other checkers
(Conversely: --no-purity-only) See also infer-analyze(1).
--quandary
Activates: checker quandary: The Quandary taint analysis detects
flows of values between sources and sinks, except if the value
went through a "sanitizer". In addition to some defaults, users
can specify their own sources, sinks, and sanitizers functions.
(Conversely: --no-quandary) See also infer-analyze(1).
--quandary-endpoints json
Specify endpoint classes for Quandary See also infer-analyze(1).
--quandary-only
Activates: Enable quandary and disable all other checkers
(Conversely: --no-quandary-only) See also infer-analyze(1).
--quandary-sanitizers json
Specify custom sanitizers for Quandary See also infer-analyze(1).
--quandary-sinks json
Specify custom sinks for Quandary See also infer-analyze(1).
--quandary-sources json
Specify custom sources for Quandary See also infer-analyze(1).
--quiet,-q
Activates: Do not print anything on standard output. (Conversely:
--no-quiet | -Q) See also infer-analyze(1) and infer-report(1).
--no-racerd
Deactivates: checker racerd: Thread safety analysis. (Conversely:
--racerd) See also infer-analyze(1).
--racerd-guardedby
Activates: Check @GuardedBy annotations with RacerD (Conversely:
--no-racerd-guardedby) See also infer-analyze(1).
--racerd-only
Activates: Enable racerd and disable all other checkers
(Conversely: --no-racerd-only) See also infer-analyze(1).
--no-racerd-unknown-returns-owned
Deactivates: DEPRECATED, does nothing. (Conversely:
--racerd-unknown-returns-owned) See also infer-analyze(1).
--reactive,-r
Activates: Reactive mode: the analysis starts from the files
captured since the infer command started (Conversely:
--no-reactive | -R) See also infer-analyze(1).
--no-report
Deactivates: Run the reporting phase once the analysis has
completed (Conversely: --report) See also infer-analyze(1) and infer-run(1).
--report-blacklist-files-containing +string
Do not report any issues on files containing the specified string
See also infer-report(1) and infer-run(1).
--report-blacklist-path-regex +path_regex
Do not report any issues on files whose relative path matches the
specified OCaml regex, even if they match the whitelist specified
by --report-whitelist-path-regex See also infer-report(1) and infer-run(1).
--report-console-limit int
Maximum number of issues to display on standard output. Unset with
--report-console-limit-reset to show all. See also infer-report(1).
--report-current path
report of the latest revision See also infer-reportdiff(1).
--report-force-relative-path
Activates: Force converting an absolute path to a relative path to
the root directory (Conversely: --no-report-force-relative-path)
See also infer-analyze(1) and infer-run(1).
--report-formatter { none | phabricator }
Which formatter to use when emitting the report See also infer-report(1).
--report-previous path
Report of the base revision to use for comparison See also infer-reportdiff(1).
--report-suppress-errors +error_name
do not report a type of errors See also infer-report(1) and infer-run(1).
--report-whitelist-path-regex +path_regex
Report issues only on files whose relative path matches the
specified OCaml regex (and which do not match
--report-blacklist-path-regex) See also infer-report(1) and infer-run(1).
--results-dir,-o dir
Write results and internal files in the specified directory
See also infer-analyze(1), infer-capture(1), infer-explore(1),
infer-report(1), and infer-run(1).
--scheduler { file | restart | callgraph }
Specify the scheduler used for the analysis phase: - file: schedule one job per file
- callgraph: schedule one job per procedure, following the
syntactic call graph. Usually faster than "file".
- restart: same as callgraph but uses locking to try and avoid
duplicate work between different analysis processes and thus
performs better in some circumstances
See also infer-analyze(1).
--select (N|all)
Select option number N or all of them. If omitted, prompt for
input. See also infer-debug(1) and infer-explore(1).
--no-self-in-block
Deactivates: checker self-in-block: An Objective-C-specific
analysis to detect when a block captures `self`. (Conversely:
--self-in-block) See also infer-analyze(1).
--self-in-block-only
Activates: Enable self-in-block and disable all other checkers
(Conversely: --no-self-in-block-only) See also infer-analyze(1).
--no-siof
Deactivates: checker siof: Catches Static Initialization Order
Fiascos in C++, that can lead to subtle,
compiler-version-dependent errors. (Conversely: --siof)
See also infer-analyze(1).
--siof-check-iostreams
Activates: Do not assume that iostreams (cout, cerr, ...) are
always initialized. The default is to assume they are always
initialized to avoid false positives. However, if your program
compiles against a recent libstdc++ then it is safe to turn this
option on. (Conversely: --no-siof-check-iostreams) See also infer-analyze(1).
--siof-only
Activates: Enable siof and disable all other checkers (Conversely:
--no-siof-only) See also infer-analyze(1).
--siof-safe-methods +string
Methods that are SIOF-safe; "foo::bar" will match "foo::bar()",
"foo<int>::bar()", etc. (can be specified multiple times)
See also infer-analyze(1).
--skip-analysis-in-path +path_prefix_OCaml_regex
Ignore files whose path matches the given prefix (can be specified
multiple times) See also infer-capture(1) and infer-run(1).
--skip-analysis-in-path-skips-compilation
Activates: Whether paths in --skip-analysis-in-path should be
compiled or not (Conversely:
--no-skip-analysis-in-path-skips-compilation) See also infer-report(1).
--no-skip-duplicated-types
Deactivates: Skip fixed-then-introduced duplicated types while
computing differential reports (Conversely:
--skip-duplicated-types) See also infer-reportdiff(1).
--skip-non-capture-clang-commands
Activates: Skip clang commands that Infer doesn't use to capture
data (Conversely: --no-skip-non-capture-clang-commands)
See also infer-capture(1).
--skip-translation-headers +path_regex
Ignore declarations in headers whose path matches the given OCaml
regex from the start of the string during capture. See also infer-capture(1).
--source-files
Activates: Print source files discovered by infer (Conversely:
--no-source-files) See also infer-debug(1).
--source-files-cfg
Activates: Output a dotty file in infer-out/captured for each
source file in the output of --source-files (Conversely:
--no-source-files-cfg) See also infer-debug(1).
--source-files-filter filter
With --source-files, only print source files matching the
specified filter. The filter is a pattern that should match the
file path. Patterns are interpreted as OCaml Str regular
expressions. See also infer-debug(1).
--source-files-freshly-captured
Activates: Print whether the source file has been captured in the
most recent capture phase in the output of --source-files.
(Conversely: --no-source-files-freshly-captured) See also infer-debug(1).
--source-files-procedure-names
Activates: Print the names of procedure of each source file in the
output of --source-files (Conversely:
--no-source-files-procedure-names) See also infer-debug(1).
--source-files-type-environment
Activates: Print the type environment of each source file in the
output of --source-files (Conversely:
--no-source-files-type-environment) See also infer-debug(1).
--no-source-preview
Deactivates: print code excerpts around trace elements
(Conversely: --source-preview) See also infer-explore(1).
--sqlite-cache-size int
SQLite cache size in pages (if positive) or kB (if negative),
follows formal of corresponding SQLite PRAGMA. See also infer-analyze(1), infer-capture(1), and infer-run(1).
--sqlite-lock-timeout int
Timeout for SQLite results database operations, in milliseconds.
See also infer-analyze(1), infer-capture(1), and infer-run(1).
--sqlite-page-size int
SQLite page size in bytes, must be a power of two between 512 and
65536. See also infer-analyze(1), infer-capture(1), and infer-run(1).
--no-starvation
Deactivates: checker starvation: Detect various kinds of
situations when no progress is being made because of concurrency
errors. (Conversely: --starvation) See also infer-analyze(1).
--starvation-only
Activates: Enable starvation and disable all other checkers
(Conversely: --no-starvation-only) See also infer-analyze(1).
--tenv-json file
Path to TEnv json file See also infer-analyzejson(1).
--threadsafe-aliases json
Specify custom annotations that should be considered aliases of
@ThreadSafe See also infer-analyze(1).
--topl
Activates: checker topl: Detect errors based on user-provided
state machines describing temporal properties over multiple
objects. (Conversely: --no-topl) See also infer-analyze(1).
--topl-only
Activates: Enable topl and disable all other checkers (Conversely:
--no-topl-only) See also infer-analyze(1).
--uninit
Activates: checker uninit: Warns when values are used before
having been initialized. (Conversely: --no-uninit) See also infer-analyze(1).
--uninit-only
Activates: Enable uninit and disable all other checkers
(Conversely: --no-uninit-only) See also infer-analyze(1).
--version
Print version information and exit See also infer-run(1).
--version-json
Print version information in json format and exit See also infer-run(1).
--workspace path
Specifies the root of the workspace, which is a directory
containing --project-root. This can be needed if the capture phase
is expected to require several different project roots, all
relative to a common workspace. Usually a single project root is
enough, though. See also infer-capture(1).
--write-html
Activates: Produce html debug output for the analyses in
infer-out/captured. This shows the abstract state of all analyses
at each program point in the source code. Each captured source
file has its own html page. This HTML file contains the source
file, and at each line of the file there are links to the nodes of the control flow graph
of Infer's translation of that line of code into its intermediate
representation (SIL). This way it's possible to see what the
translation is, and the details of the symbolic execution on each
node. (Conversely: --no-write-html)
See also infer-analyze(1).
--write-website path_to_website_dir
Use to write website files documenting issue types and checkers
under path_to_website_dir/. Meant to be used within the Infer
directory to generate its website at fbinfer.com at website/.
See also infer-help(1).
--Xbuck +string
Pass values as command-line arguments to invocations of `buck
build`. Only valid for --buck-clang. See also infer-capture(1).
--Xbuck-no-inline +string
Pass values as command-line arguments to invocations of `buck
build`, don't inline any args starting with '@'. Only valid for
--buck-clang. See also infer-capture(1).
--Xclang +string
Pass values as command-line arguments to invocations of clang
See also infer-capture(1).
--xcode-developer-dir XCODE_DEVELOPER_DIR
Specify the path to Xcode developer directory, to use for Buck
clang targets See also infer-capture(1).
--xcode-isysroot-suffix string
Specify the suffix of Xcode isysroot directory, to avoid absolute
paths in tests See also infer-analyze(1).
--xcpretty
Activates: Infer will use xcpretty together with xcodebuild to
analyze an iOS app. xcpretty just needs to be in the path, infer
command is still just `infer -- <xcodebuild command>`.
(Conversely: --no-xcpretty) See also infer-capture(1).
-- Stop argument processing, use remaining arguments as a build
command See also infer-capture(1) and infer-run(1).
ENVIRONMENT
Extra arguments may be passed to all infer commands using the
INFER_ARGS environment variable (see the OPTIONS section). INFER_ARGS
is expected to contain a string of ^-separated options. For instance,
calling `INFER_ARGS=--debug^--print-logs infer` is equivalent to
calling `infer --debug --print-logs`.
INFERCONFIG: Tells infer where to find the .inferconfig file. (See the
FILES section)
If INFER_STRICT_MODE is set to "1", then infer commands will exit with
an error code in some cases when otherwise a simple warning would be
emitted on stderr, for instance if a deprecated form of an option is
used.
FILES
.inferconfig can be used to store infer options. Its format is that of
a JSON record, where fields are infer long-form options, without their
leading "--", and values depend on the type of the option:
- for switches options, the value is a JSON boolean (true or false,
without quotes)
- for non-switches options with no arguments (for instance the
undefined option associated with a list option), the value is null
- for integers, the value is a JSON integer (without quotes)
- string options have string values
- path options have string values, and are interpreted relative to the
location of the .inferconfig file
- cumulative options are JSON arrays of the appropriate type
Infer will look for an .inferconfig file in the current directory,
then its parent, etc., stopping at the first .inferconfig file found.
Example:
{
"cxx": false,
"infer-blacklist-files-containing": ["@gen","/* no infer */"]
}
SEE ALSO
infer-analyze(1), infer-analyzejson(1), infer-capture(1),
infer-compile(1), infer-debug(1), infer-explore(1), infer-help(1),
infer-report(1), infer-reportdiff(1), infer-run(1)