|
|
|
NAME
|
|
|
|
infer-analyze - analyze the files captured by infer
|
|
|
|
|
|
|
|
SYNOPSIS
|
|
|
|
infer analyze [options]
|
|
|
|
infer [options]
|
|
|
|
|
|
|
|
|
|
|
|
DESCRIPTION
|
|
|
|
Analyze the files captured in the project results directory and
|
|
|
|
report.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OPTIONS
|
|
|
|
--annotation-reachability
|
|
|
|
Activates: checker annotation-reachability: Given a pair of source
|
|
|
|
and sink annotation, e.g. `@PerformanceCritical` and `@Expensive`,
|
|
|
|
this checker will warn whenever some method annotated with
|
|
|
|
`@PerformanceCritical` calls, directly or indirectly, another
|
|
|
|
method annotated with `@Expensive` (Conversely:
|
|
|
|
--no-annotation-reachability)
|
|
|
|
|
|
|
|
--annotation-reachability-only
|
|
|
|
Activates: Enable annotation-reachability and disable all other
|
|
|
|
checkers (Conversely: --no-annotation-reachability-only)
|
|
|
|
|
|
|
|
--no-biabduction
|
|
|
|
Deactivates: checker biabduction: This analysis deals with a range
|
|
|
|
of issues, many linked to memory safety. (Conversely:
|
|
|
|
--biabduction)
|
|
|
|
|
|
|
|
--biabduction-only
|
|
|
|
Activates: Enable biabduction and disable all other checkers
|
|
|
|
(Conversely: --no-biabduction-only)
|
|
|
|
|
|
|
|
--bufferoverrun
|
|
|
|
Activates: checker bufferoverrun: InferBO is a detector for
|
|
|
|
out-of-bounds array accesses. (Conversely: --no-bufferoverrun)
|
|
|
|
|
|
|
|
--bufferoverrun-only
|
|
|
|
Activates: Enable bufferoverrun and disable all other checkers
|
|
|
|
(Conversely: --no-bufferoverrun-only)
|
|
|
|
|
|
|
|
--changed-files-index file
|
|
|
|
Specify the file containing the list of source files from which
|
|
|
|
reactive analysis should start. Source files should be specified
|
|
|
|
relative to project root or be absolute
|
|
|
|
|
|
|
|
--config-checks-between-markers
|
|
|
|
Activates: checker config-checks-between-markers: [EXPERIMENTAL]
|
|
|
|
Collects config checks between marker start and end. (Conversely:
|
|
|
|
--no-config-checks-between-markers)
|
|
|
|
|
|
|
|
--config-checks-between-markers-only
|
|
|
|
Activates: Enable config-checks-between-markers and disable all
|
|
|
|
other checkers (Conversely:
|
|
|
|
--no-config-checks-between-markers-only)
|
|
|
|
|
|
|
|
--config-impact-analysis
|
|
|
|
Activates: checker config-impact-analysis: [EXPERIMENTAL] Collects
|
|
|
|
function that are called without config checks. (Conversely:
|
|
|
|
--no-config-impact-analysis)
|
|
|
|
|
|
|
|
--config-impact-analysis-only
|
|
|
|
Activates: Enable config-impact-analysis and disable all other
|
|
|
|
checkers (Conversely: --no-config-impact-analysis-only)
|
|
|
|
|
|
|
|
--continue-analysis
|
|
|
|
Activates: Continue the analysis after more targets are captured
|
|
|
|
by --continue. The other analysis options should be given the same
|
|
|
|
before. Not compatible with --reanalyze and
|
|
|
|
--incremental-analysis. (Conversely: --no-continue-analysis)
|
|
|
|
|
|
|
|
--cost
|
|
|
|
Activates: checker cost: Computes the time complexity of functions
|
|
|
|
and methods. Can be used to detect changes in runtime complexity
|
|
|
|
with `infer reportdiff`. (Conversely: --no-cost)
|
|
|
|
|
|
|
|
--cost-only
|
|
|
|
Activates: Enable cost and disable all other checkers (Conversely:
|
|
|
|
--no-cost-only)
|
|
|
|
|
|
|
|
--no-cost-suppress-func-ptr
|
|
|
|
Deactivates: Suppress printing function pointers in cost reports
|
|
|
|
(Conversely: --cost-suppress-func-ptr)
|
|
|
|
|
|
|
|
--custom-symbols json
|
|
|
|
Specify named lists of symbols available to rules
|
|
|
|
|
|
|
|
--debug,-g
|
|
|
|
Activates: Debug mode (also sets --debug-level 2,
|
make --debug option side-effect free
Summary:
I found it very confusing that running infer with --debug makes the
report to be different.
Intuitively, I expect (and I think majority of users would expect) that
`--debug` makes things more verbose (and potentially more slow / consuming
more memory and disk space), but does not change anything apart from it.
One pro of preserving existing behavior, pointed by jvillard:
- Suppose some check is experimental or disabled in the config. The
users expect the issue to be found, but it does not show up. They run
`infer --debug` to understand the behavior, and suddenly the issue shows
up.
I, hovewer, find this pro not important enough and potentially confusing
the users even more.
(If they want to investigate seriously, they can always use
--no-filtering, and there are a lot of cases when the issue does not
show up for others, much hard to undertand reasons, than the fact that
it is disabled).
Reviewed By: jvillard
Differential Revision: D17113750
fbshipit-source-id: 46cc93503
5 years ago
|
|
|
--developer-mode, --print-buckets, --print-types,
|
|
|
|
--reports-include-ml-loc, --no-only-cheap-debug, --trace-error,
|
|
|
|
--write-dotty, --write-html) (Conversely: --no-debug | -G)
|
|
|
|
|
|
|
|
--debug-level level
|
|
|
|
Debug level (sets --bo-debug level, --debug-level-analysis level,
|
|
|
|
--debug-level-capture level, --debug-level-linters level):
|
|
|
|
- 0: only basic debugging enabled
|
|
|
|
- 1: verbose debugging enabled
|
|
|
|
- 2: very verbose debugging enabled
|
|
|
|
|
|
|
|
--debug-level-analysis int
|
|
|
|
Debug level for the analysis. See --debug-level for accepted
|
|
|
|
values.
|
|
|
|
|
|
|
|
--debug-level-capture int
|
|
|
|
Debug level for the capture. See --debug-level for accepted
|
|
|
|
values.
|
|
|
|
|
|
|
|
--debug-level-linters int
|
|
|
|
Debug level for the linters. See --debug-level for accepted
|
|
|
|
values.
|
|
|
|
|
|
|
|
--no-deduplicate
|
|
|
|
Deactivates: Apply issue-specific deduplication during analysis
|
|
|
|
and/or reporting. (Conversely: --deduplicate)
|
|
|
|
|
|
|
|
--no-default-checkers
|
|
|
|
Deactivates: Default checkers: --biabduction,
|
|
|
|
--fragment-retains-view, --inefficient-keyset-iterator, --linters,
|
|
|
|
--liveness, --racerd, --dotnet-resource-leak, --siof,
|
|
|
|
--self-in-block, --starvation, --uninit (Conversely:
|
|
|
|
--default-checkers)
|
|
|
|
|
|
|
|
--eradicate
|
|
|
|
Activates: checker eradicate: The eradicate `@Nullable` checker
|
|
|
|
for Java annotations. (Conversely: --no-eradicate)
|
|
|
|
|
|
|
|
--eradicate-only
|
|
|
|
Activates: Enable eradicate and disable all other checkers
|
|
|
|
(Conversely: --no-eradicate-only)
|
|
|
|
|
|
|
|
--no-fragment-retains-view
|
|
|
|
Deactivates: checker fragment-retains-view: Detects when Android
|
|
|
|
fragments are not explicitly nullified before becoming
|
|
|
|
unreachable. (Conversely: --fragment-retains-view)
|
|
|
|
|
|
|
|
--fragment-retains-view-only
|
|
|
|
Activates: Enable fragment-retains-view and disable all other
|
|
|
|
checkers (Conversely: --no-fragment-retains-view-only)
|
|
|
|
|
|
|
|
--help
|
|
|
|
Show this manual
|
|
|
|
|
|
|
|
--help-format { auto | groff | pager | plain }
|
|
|
|
Show this help in the specified format. auto sets the format to
|
|
|
|
plain if the environment variable TERM is "dumb" or undefined, and
|
|
|
|
to pager otherwise.
|
|
|
|
|
|
|
|
--help-full
|
|
|
|
Show this manual with all internal options in the INTERNAL OPTIONS
|
|
|
|
section
|
|
|
|
|
|
|
|
--immutable-cast
|
|
|
|
Activates: checker immutable-cast: Detection of object cast from
|
|
|
|
immutable types to mutable types. For instance, it will detect
|
|
|
|
casts from `ImmutableList` to `List`, `ImmutableMap` to `Map`, and
|
|
|
|
`ImmutableSet` to `Set`. (Conversely: --no-immutable-cast)
|
|
|
|
|
|
|
|
--immutable-cast-only
|
|
|
|
Activates: Enable immutable-cast and disable all other checkers
|
|
|
|
(Conversely: --no-immutable-cast-only)
|
|
|
|
|
|
|
|
--impurity
|
|
|
|
Activates: checker impurity: Detects functions with potential
|
|
|
|
side-effects. Same as "purity", but implemented on top of Pulse.
|
|
|
|
(Conversely: --no-impurity)
|
|
|
|
|
|
|
|
--impurity-only
|
|
|
|
Activates: Enable impurity and disable all other checkers
|
|
|
|
(Conversely: --no-impurity-only)
|
|
|
|
|
|
|
|
--no-inefficient-keyset-iterator
|
|
|
|
Deactivates: checker inefficient-keyset-iterator: Check for
|
|
|
|
inefficient uses of iterators that iterate on keys then lookup
|
|
|
|
their values, instead of iterating on key-value pairs directly.
|
|
|
|
(Conversely: --inefficient-keyset-iterator)
|
|
|
|
|
|
|
|
--inefficient-keyset-iterator-only
|
|
|
|
Activates: Enable inefficient-keyset-iterator and disable all
|
|
|
|
other checkers (Conversely: --no-inefficient-keyset-iterator-only)
|
|
|
|
|
|
|
|
--jobs,-j int
|
|
|
|
Run the specified number of analysis jobs simultaneously
|
|
|
|
|
|
|
|
--keep-going
|
|
|
|
Activates: Keep going when the analysis encounters a failure
|
|
|
|
(Conversely: --no-keep-going)
|
|
|
|
|
|
|
|
--no-linters
|
|
|
|
Deactivates: checker linters: Declarative linting framework over
|
|
|
|
the Clang AST. (Conversely: --linters)
|
|
|
|
|
|
|
|
--linters-only
|
|
|
|
Activates: Enable linters and disable all other checkers
|
|
|
|
(Conversely: --no-linters-only)
|
|
|
|
|
|
|
|
--litho-required-props
|
|
|
|
Activates: checker litho-required-props: Checks that all
|
|
|
|
non-optional `@Prop`s have been specified when constructing Litho
|
|
|
|
components. (Conversely: --no-litho-required-props)
|
|
|
|
|
|
|
|
--litho-required-props-only
|
|
|
|
Activates: Enable litho-required-props and disable all other
|
|
|
|
checkers (Conversely: --no-litho-required-props-only)
|
|
|
|
|
|
|
|
--no-liveness
|
|
|
|
Deactivates: checker liveness: Detection of dead stores and unused
|
|
|
|
variables. (Conversely: --liveness)
|
|
|
|
|
|
|
|
--liveness-ignored-constant +string
|
|
|
|
List of integer constants to be ignored by liveness analysis
|
|
|
|
|
|
|
|
--liveness-only
|
|
|
|
Activates: Enable liveness and disable all other checkers
|
|
|
|
(Conversely: --no-liveness-only)
|
|
|
|
|
|
|
|
--loop-hoisting
|
|
|
|
Activates: checker loop-hoisting: Detect opportunities to hoist
|
|
|
|
function calls that are invariant outside of loop bodies for
|
|
|
|
efficiency. (Conversely: --no-loop-hoisting)
|
|
|
|
|
|
|
|
--loop-hoisting-only
|
|
|
|
Activates: Enable loop-hoisting and disable all other checkers
|
|
|
|
(Conversely: --no-loop-hoisting-only)
|
|
|
|
|
|
|
|
--max-jobs int
|
|
|
|
Maximum number of analysis jobs running simultaneously
|
|
|
|
|
|
|
|
--memtrace-analysis-profiling
|
|
|
|
Activates: Generate OCaml analysis allocation traces in
|
|
|
|
`infer-out/memtrace`. (Conversely:
|
|
|
|
--no-memtrace-analysis-profiling)
|
|
|
|
|
|
|
|
--memtrace-sampling-rate float
|
|
|
|
Sampling rate for Memtrace allocation profiling. Default is 1e-6.
|
|
|
|
|
|
|
|
--print-active-checkers
|
|
|
|
Activates: Print the active checkers before starting the analysis
|
|
|
|
(Conversely: --no-print-active-checkers)
|
|
|
|
|
|
|
|
--print-logs
|
|
|
|
Activates: Also log messages to stdout and stderr (Conversely:
|
|
|
|
--no-print-logs)
|
|
|
|
|
|
|
|
--printf-args
|
|
|
|
Activates: checker printf-args: Detect mismatches between the Java
|
|
|
|
`printf` format strings and the argument types For example, this
|
|
|
|
checker will warn about the type error in `printf("Hello %d",
|
|
|
|
"world")` (Conversely: --no-printf-args)
|
|
|
|
|
|
|
|
--printf-args-only
|
|
|
|
Activates: Enable printf-args and disable all other checkers
|
|
|
|
(Conversely: --no-printf-args-only)
|
|
|
|
|
|
|
|
--progress-bar-style { auto | plain | multiline }
|
|
|
|
Style of the progress bar. auto selects multiline if connected to
|
|
|
|
a tty, otherwise plain.
|
|
|
|
|
|
|
|
--project-root,-C dir
|
|
|
|
Specify the root directory of the project
|
|
|
|
|
|
|
|
--pulse
|
|
|
|
Activates: checker pulse: Memory and lifetime analysis.
|
|
|
|
(Conversely: --no-pulse)
|
|
|
|
|
|
|
|
--pulse-cut-to-one-path-procedures-pattern string
|
|
|
|
Regex of methods for which pulse will only explore one path. Can
|
|
|
|
be used on pathologically large procedures to prevent too-big
|
|
|
|
states from being produced.
|
|
|
|
|
|
|
|
--pulse-model-abort +string
|
|
|
|
Methods that should be modelled as abort in Pulse
|
|
|
|
|
|
|
|
--pulse-model-alloc-pattern string
|
|
|
|
Regex of methods that should be modelled as allocs in Pulse
|
|
|
|
|
|
|
|
--pulse-model-release-pattern string
|
|
|
|
Regex of methods that should be modelled as release in Pulse
|
|
|
|
|
|
|
|
--pulse-model-return-nonnull string
|
|
|
|
Regex of methods that should be modelled as returning non-null in
|
|
|
|
Pulse
|
|
|
|
|
|
|
|
--pulse-model-skip-pattern string
|
|
|
|
Regex of methods that should be modelled as "skip" in Pulse
|
|
|
|
|
|
|
|
--pulse-model-transfer-ownership +string
|
|
|
|
Methods that should be modelled as transfering memory ownership in
|
|
|
|
Pulse. Accepted formats are method or namespace::method
|
|
|
|
|
|
|
|
--pulse-only
|
|
|
|
Activates: Enable pulse and disable all other checkers
|
|
|
|
(Conversely: --no-pulse-only)
|
|
|
|
|
|
|
|
--pulse-report-ignore-unknown-java-methods-patterns +string
|
|
|
|
On Java, issues that are found on program paths that contain calls
|
|
|
|
to unknown methods (those without implementation) are not reported
|
|
|
|
unless all the unknown method names match this pattern. If the
|
|
|
|
empty list is provided or
|
|
|
|
--pulse_report_ignore_unknown_java_methods_patterns-reset, all
|
|
|
|
issues will be reported regardless the presence of unknown code
|
|
|
|
|
|
|
|
--purity
|
|
|
|
Activates: checker purity: Detects pure (side-effect-free)
|
|
|
|
functions. A different implementation of "impurity". (Conversely:
|
|
|
|
--no-purity)
|
|
|
|
|
|
|
|
--purity-only
|
|
|
|
Activates: Enable purity and disable all other checkers
|
|
|
|
(Conversely: --no-purity-only)
|
|
|
|
|
|
|
|
--quandary
|
|
|
|
Activates: checker quandary: The Quandary taint analysis detects
|
|
|
|
flows of values between sources and sinks, except if the value
|
|
|
|
went through a "sanitizer". In addition to some defaults, users
|
|
|
|
can specify their own sources, sinks, and sanitizers functions.
|
|
|
|
(Conversely: --no-quandary)
|
|
|
|
|
|
|
|
--quandary-only
|
|
|
|
Activates: Enable quandary and disable all other checkers
|
|
|
|
(Conversely: --no-quandary-only)
|
|
|
|
|
|
|
|
--quiet,-q
|
|
|
|
Activates: Do not print anything on standard output. (Conversely:
|
|
|
|
--no-quiet | -Q)
|
|
|
|
|
|
|
|
--no-racerd
|
|
|
|
Deactivates: checker racerd: Thread safety analysis. (Conversely:
|
|
|
|
--racerd)
|
|
|
|
|
|
|
|
--racerd-only
|
|
|
|
Activates: Enable racerd and disable all other checkers
|
|
|
|
(Conversely: --no-racerd-only)
|
|
|
|
|
|
|
|
--reactive,-r
|
|
|
|
Activates: Reactive mode: the analysis starts from the files
|
|
|
|
captured since the infer command started (Conversely:
|
|
|
|
--no-reactive | -R)
|
|
|
|
|
|
|
|
--no-report
|
|
|
|
Deactivates: Run the reporting phase once the analysis has
|
|
|
|
completed (Conversely: --report)
|
|
|
|
|
|
|
|
--report-force-relative-path
|
|
|
|
Activates: Force converting an absolute path to a relative path to
|
|
|
|
the root directory (Conversely: --no-report-force-relative-path)
|
|
|
|
|
|
|
|
--results-dir,-o dir
|
|
|
|
Write results and internal files in the specified directory
|
|
|
|
|
|
|
|
--scheduler { file | restart | callgraph }
|
|
|
|
Specify the scheduler used for the analysis phase: - file: schedule one job per file
|
|
|
|
- callgraph: schedule one job per procedure, following the
|
|
|
|
syntactic call graph. Usually faster than "file".
|
|
|
|
- restart: same as callgraph but uses locking to try and avoid
|
|
|
|
duplicate work between different analysis processes and thus
|
|
|
|
performs better in some circumstances
|
|
|
|
|
|
|
|
--no-self-in-block
|
|
|
|
Deactivates: checker self-in-block: An Objective-C-specific
|
|
|
|
analysis to detect when a block captures `self`. (Conversely:
|
|
|
|
--self-in-block)
|
|
|
|
|
|
|
|
--self-in-block-only
|
|
|
|
Activates: Enable self-in-block and disable all other checkers
|
|
|
|
(Conversely: --no-self-in-block-only)
|
|
|
|
|
|
|
|
--no-siof
|
|
|
|
Deactivates: checker siof: Catches Static Initialization Order
|
|
|
|
Fiascos in C++, that can lead to subtle,
|
|
|
|
compiler-version-dependent errors. (Conversely: --siof)
|
|
|
|
|
|
|
|
--siof-only
|
|
|
|
Activates: Enable siof and disable all other checkers (Conversely:
|
|
|
|
--no-siof-only)
|
|
|
|
|
|
|
|
--sqlite-cache-size int
|
|
|
|
SQLite cache size in pages (if positive) or kB (if negative),
|
|
|
|
follows formal of corresponding SQLite PRAGMA.
|
|
|
|
|
|
|
|
--sqlite-lock-timeout int
|
|
|
|
Timeout for SQLite results database operations, in milliseconds.
|
|
|
|
|
|
|
|
--sqlite-page-size int
|
|
|
|
SQLite page size in bytes, must be a power of two between 512 and
|
|
|
|
65536.
|
|
|
|
|
|
|
|
--no-starvation
|
|
|
|
Deactivates: checker starvation: Detect various kinds of
|
|
|
|
situations when no progress is being made because of concurrency
|
|
|
|
errors. (Conversely: --starvation)
|
|
|
|
|
|
|
|
--starvation-only
|
|
|
|
Activates: Enable starvation and disable all other checkers
|
|
|
|
(Conversely: --no-starvation-only)
|
|
|
|
|
|
|
|
--topl-biabd
|
|
|
|
Activates: checker topl-biabd: Detects errors based on
|
|
|
|
user-provided state machines describing multi-object monitors.
|
|
|
|
(Conversely: --no-topl-biabd)
|
|
|
|
|
|
|
|
--topl-biabd-only
|
|
|
|
Activates: Enable topl-biabd and disable all other checkers
|
|
|
|
(Conversely: --no-topl-biabd-only)
|
|
|
|
|
|
|
|
--topl-pulse
|
|
|
|
Activates: checker topl-pulse: Detects errors based on
|
|
|
|
user-provided state machines describing multi-object monitors.
|
|
|
|
(Conversely: --no-topl-pulse)
|
|
|
|
|
|
|
|
--topl-pulse-only
|
|
|
|
Activates: Enable topl-pulse and disable all other checkers
|
|
|
|
(Conversely: --no-topl-pulse-only)
|
|
|
|
|
|
|
|
--no-uninit
|
|
|
|
Deactivates: checker uninit: Warns when values are used before
|
|
|
|
having been initialized. (Conversely: --uninit)
|
|
|
|
|
|
|
|
--uninit-only
|
|
|
|
Activates: Enable uninit and disable all other checkers
|
|
|
|
(Conversely: --no-uninit-only)
|
|
|
|
|
|
|
|
--xcode-isysroot-suffix string
|
|
|
|
Specify the suffix of Xcode isysroot directory, to avoid absolute
|
|
|
|
paths in tests
|
[buck] one buck mode datatype to rule them all
Summary:
This changes how we select amongst our (currently) 4 Buck integrations
for Java and clang, as well as how the user's choice is reflected by the
Config module.
The old command line interface is still supported but is now deprecated.
The changes in how to select each integration are:
- clang via "flavors", activated with `--flavors`, now with `--buck-clang`
- clang via "compilation DB", activated with `--buck-compilation-database`, unchanged
- Java via "genrule", activated with `--genrule-master-mode`, now with `--buck-java`
- Java "without genrules", used to be activated by *not specifying any other Buck mode*, unchanged
Instead of various `Config` flags corresponding to the previous CLI that
are allowed in any combination of `flavors`,
`buck_compilation_database`, `genrule_master_mode`, `Config` now exposes
a single `buck_mode` datatype. This allows, eg, `flavors` to override
`buck_compilation_database` if needed. It will also make it easier to
get rid of the old "Java without genrules" integration in a later diff
(see inline comments).
Reviewed By: ngorogiannis
Differential Revision: D19175686
fbshipit-source-id: 29b3831be
5 years ago
|
|
|
BUCK OPTIONS
|
|
|
|
--merge
|
|
|
|
Activates: Merge the captured results directories specified in the
|
[buck] one buck mode datatype to rule them all
Summary:
This changes how we select amongst our (currently) 4 Buck integrations
for Java and clang, as well as how the user's choice is reflected by the
Config module.
The old command line interface is still supported but is now deprecated.
The changes in how to select each integration are:
- clang via "flavors", activated with `--flavors`, now with `--buck-clang`
- clang via "compilation DB", activated with `--buck-compilation-database`, unchanged
- Java via "genrule", activated with `--genrule-master-mode`, now with `--buck-java`
- Java "without genrules", used to be activated by *not specifying any other Buck mode*, unchanged
Instead of various `Config` flags corresponding to the previous CLI that
are allowed in any combination of `flavors`,
`buck_compilation_database`, `genrule_master_mode`, `Config` now exposes
a single `buck_mode` datatype. This allows, eg, `flavors` to override
`buck_compilation_database` if needed. It will also make it easier to
get rid of the old "Java without genrules" integration in a later diff
(see inline comments).
Reviewed By: ngorogiannis
Differential Revision: D19175686
fbshipit-source-id: 29b3831be
5 years ago
|
|
|
dependency file. (Conversely: --no-merge)
|
|
|
|
BUFFER OVERRUN OPTIONS
|
|
|
|
--bo-debug int
|
|
|
|
Debug level for buffer-overrun checker (0-4)
|
|
|
|
|
|
|
|
--bo-field-depth-limit int
|
|
|
|
Limit of field depth of abstract location in buffer-overrun
|
|
|
|
checker
|
|
|
|
CLANG OPTIONS
|
|
|
|
--annotation-reachability-cxx json
|
|
|
|
Specify annotation reachability analyses to be performed on
|
|
|
|
C/C++/ObjC code. Each entry is a JSON object whose key is the
|
|
|
|
issue name. "sources" and "sinks" can be specified either by
|
|
|
|
symbol (including regexps) or path prefix. "sinks" optionally can
|
|
|
|
specify "overrides" (by symbol or path prefix) that block the
|
|
|
|
reachability analysis when hit. Example: {
|
|
|
|
"ISOLATED_REACHING_CONNECT": {
|
|
|
|
"doc_url":
|
|
|
|
"http:://example.com/issue/doc/optional_link.html",
|
|
|
|
"sources": {
|
|
|
|
"desc": "Code that should not call connect [optional]",
|
|
|
|
"paths": [ "isolated/" ]
|
|
|
|
},
|
|
|
|
"sinks": {
|
|
|
|
"symbols": [ "connect" ],
|
|
|
|
"overrides": { "symbol_regexps": [ ".*::Trusted::.*" ] }
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
This will cause us to create a new ISOLATED_REACHING_CONNECT
|
|
|
|
issue for every function whose source path starts with "isolated/"
|
|
|
|
that may reach the function named "connect", ignoring paths that
|
|
|
|
go through a symbol matching the OCaml regexp ".*::Trusted::.*".
|
|
|
|
|
|
|
|
--annotation-reachability-cxx-sources json
|
|
|
|
Override sources in all cxx annotation reachability specs with the
|
|
|
|
given sources spec
|
|
|
|
|
|
|
|
--clang-compound-literal-init-limit int
|
|
|
|
Limit after which initialization of compound types (structs and
|
|
|
|
arrays) is not done element by element but using a builtin
|
|
|
|
function that each analysis has to model.
|
|
|
|
|
|
|
|
--cxx-scope-guards json
|
|
|
|
Specify scope guard classes that can be read only by destructors
|
|
|
|
without being reported as dead stores.
|
|
|
|
|
|
|
|
--liveness-dangerous-classes json
|
|
|
|
Specify classes where the destructor should be ignored when
|
|
|
|
computing liveness. In other words, assignement to variables of
|
|
|
|
these types (or common wrappers around these types such as
|
|
|
|
unique_ptr<type>) will count as dead stores when the variables are
|
|
|
|
not read explicitly by the program.
|
|
|
|
|
|
|
|
--ml-buckets ,-separated sequence of { all | cf | arc | narc | cpp |
|
|
|
|
unknown_origin }
|
|
|
|
Specify the memory leak buckets to be checked in C++:
|
|
|
|
- cpp from C++ code
|
|
|
|
|
|
|
|
|
|
|
|
--unsafe-malloc
|
|
|
|
Activates: Assume that malloc(3) never returns null. (Conversely:
|
|
|
|
--no-unsafe-malloc)
|
|
|
|
JAVA OPTIONS
|
|
|
|
--annotation-reachability-custom-pairs json
|
|
|
|
Specify custom sources/sink for the annotation reachability
|
|
|
|
checker Example format: for custom annotations
|
|
|
|
com.my.annotation.{Source1,Source2,Sink1}
|
|
|
|
{ "sources" : ["Source1", "Source2"], "sink" : "Sink1" }
|
|
|
|
|
|
|
|
--external-java-packages +prefix
|
|
|
|
Specify a list of Java package prefixes for external Java
|
|
|
|
packages. If set, the analysis will not report non-actionable
|
|
|
|
warnings on those packages.
|
|
|
|
|
|
|
|
--java-version int
|
|
|
|
The version of Java being used. Set it to your Java version if mvn
|
|
|
|
is failing.
|
|
|
|
QUANDARY CHECKER OPTIONS
|
|
|
|
--quandary-endpoints json
|
|
|
|
Specify endpoint classes for Quandary
|
|
|
|
|
|
|
|
--quandary-sanitizers json
|
|
|
|
Specify custom sanitizers for Quandary
|
|
|
|
|
|
|
|
--quandary-sinks json
|
|
|
|
Specify custom sinks for Quandary
|
|
|
|
|
|
|
|
--quandary-sources json
|
|
|
|
Specify custom sources for Quandary
|
|
|
|
RACERD CHECKER OPTIONS
|
|
|
|
--racerd-guardedby
|
|
|
|
Activates: Check @GuardedBy annotations with RacerD (Conversely:
|
|
|
|
--no-racerd-guardedby)
|
|
|
|
|
|
|
|
--no-racerd-unknown-returns-owned
|
|
|
|
Deactivates: DEPRECATED, does nothing. (Conversely:
|
|
|
|
--racerd-unknown-returns-owned)
|
|
|
|
|
|
|
|
--threadsafe-aliases json
|
|
|
|
Specify custom annotations that should be considered aliases of
|
|
|
|
@ThreadSafe
|
|
|
|
SIOF CHECKER OPTIONS
|
|
|
|
--siof-check-iostreams
|
|
|
|
Activates: Do not assume that iostreams (cout, cerr, ...) are
|
|
|
|
always initialized. The default is to assume they are always
|
|
|
|
initialized to avoid false positives. However, if your program
|
|
|
|
compiles against a recent libstdc++ then it is safe to turn this
|
|
|
|
option on. (Conversely: --no-siof-check-iostreams)
|
|
|
|
|
|
|
|
--siof-safe-methods +string
|
|
|
|
Methods that are SIOF-safe; "foo::bar" will match "foo::bar()",
|
|
|
|
"foo<int>::bar()", etc. (can be specified multiple times)
|
|
|
|
|
|
|
|
|
|
|
|
ENVIRONMENT
|
|
|
|
INFER_ARGS, INFERCONFIG, INFER_STRICT_MODE
|
|
|
|
See the ENVIRONMENT section in the manual of infer(1).
|
|
|
|
|
|
|
|
FILES
|
|
|
|
.inferconfig
|
|
|
|
See the FILES section in the manual of infer(1).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SEE ALSO
|
|
|
|
infer-report(1), infer-run(1)
|
|
|
|
|
|
|
|
|
|
|
|
|