|
|
|
NAME
|
|
|
|
infer-analyze - analyze the files captured by infer
|
|
|
|
|
|
|
|
SYNOPSIS
|
|
|
|
infer analyze [options]
|
|
|
|
infer [options]
|
|
|
|
|
|
|
|
|
|
|
|
DESCRIPTION
|
|
|
|
Analyze the files captured in the project results directory and
|
|
|
|
report.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OPTIONS
|
|
|
|
--annotation-reachability
|
|
|
|
Activates: the annotation reachability checker. Given a pair of
|
|
|
|
source and sink annotation, e.g. @PerformanceCritical and
|
|
|
|
@Expensive, this checker will warn whenever some method annotated
|
|
|
|
with @PerformanceCritical calls, directly or indirectly, another
|
|
|
|
method annotated with @Expensive (Conversely:
|
|
|
|
--no-annotation-reachability)
|
|
|
|
|
|
|
|
--annotation-reachability-only
|
|
|
|
Activates: Enable --annotation-reachability and disable all other
|
|
|
|
checkers (Conversely: --no-annotation-reachability-only)
|
|
|
|
|
|
|
|
--no-biabduction
|
|
|
|
Deactivates: the separation logic based bi-abduction analysis
|
|
|
|
using the checkers framework (Conversely: --biabduction)
|
|
|
|
|
|
|
|
--biabduction-only
|
|
|
|
Activates: Enable --biabduction and disable all other checkers
|
|
|
|
(Conversely: --no-biabduction-only)
|
|
|
|
|
|
|
|
--bufferoverrun
|
|
|
|
Activates: the buffer overrun analysis (Conversely:
|
|
|
|
--no-bufferoverrun)
|
|
|
|
|
|
|
|
--bufferoverrun-only
|
|
|
|
Activates: Enable --bufferoverrun and disable all other checkers
|
|
|
|
(Conversely: --no-bufferoverrun-only)
|
|
|
|
|
|
|
|
--changed-files-index file
|
|
|
|
Specify the file containing the list of source files from which
|
|
|
|
reactive analysis should start. Source files should be specified
|
|
|
|
relative to project root or be absolute
|
|
|
|
|
|
|
|
--class-loads
|
|
|
|
Activates: Java class loading analysis (Conversely:
|
|
|
|
--no-class-loads)
|
|
|
|
|
|
|
|
--class-loads-only
|
|
|
|
Activates: Enable --class-loads and disable all other checkers
|
|
|
|
(Conversely: --no-class-loads-only)
|
|
|
|
|
|
|
|
--continue
|
|
|
|
Activates: Continue the capture for the reactive analysis,
|
|
|
|
increasing the changed files/procedures. (If a procedure was
|
|
|
|
changed beforehand, keep the changed marking.) (Conversely:
|
|
|
|
--no-continue)
|
|
|
|
|
|
|
|
--cost
|
|
|
|
Activates: checker for performance cost analysis (Conversely:
|
|
|
|
--no-cost)
|
|
|
|
|
|
|
|
--cost-only
|
|
|
|
Activates: Enable --cost and disable all other checkers
|
|
|
|
(Conversely: --no-cost-only)
|
|
|
|
|
|
|
|
--custom-symbols json
|
|
|
|
Specify named lists of symbols available to rules (default: [])
|
|
|
|
|
|
|
|
--debug,-g
|
|
|
|
Activates: Debug mode (also sets --debug-level 2,
|
|
|
|
--developer-mode, --no-filtering, --print-buckets, --print-types,
|
|
|
|
--reports-include-ml-loc, --no-only-cheap-debug, --trace-error,
|
|
|
|
--write-dotty, --write-html) (Conversely: --no-debug | -G)
|
|
|
|
|
|
|
|
--debug-level level
|
|
|
|
Debug level (sets --bo-debug level, --debug-level-analysis level,
|
|
|
|
--debug-level-capture level, --debug-level-linters level):
|
|
|
|
- 0: only basic debugging enabled
|
|
|
|
- 1: verbose debugging enabled
|
|
|
|
- 2: very verbose debugging enabled
|
|
|
|
|
|
|
|
--debug-level-analysis int
|
|
|
|
Debug level for the analysis. See --debug-level for accepted
|
|
|
|
values. (default: 0)
|
|
|
|
|
|
|
|
--debug-level-capture int
|
|
|
|
Debug level for the capture. See --debug-level for accepted
|
|
|
|
values. (default: 0)
|
|
|
|
|
|
|
|
--debug-level-linters int
|
|
|
|
Debug level for the linters. See --debug-level for accepted
|
|
|
|
values. (default: 0)
|
|
|
|
|
|
|
|
--no-default-checkers
|
|
|
|
Deactivates: Default checkers: --biabduction,
|
|
|
|
--fragment-retains-view, --inefficient-keyset-iterator, --linters,
|
|
|
|
--liveness, --racerd, --siof, --starvation, --uninit (Conversely:
|
|
|
|
--default-checkers)
|
|
|
|
|
|
|
|
--eradicate
|
|
|
|
Activates: the eradicate @Nullable checker for Java annotations
|
|
|
|
(Conversely: --no-eradicate)
|
|
|
|
|
|
|
|
--eradicate-only
|
|
|
|
Activates: Enable --eradicate and disable all other checkers
|
|
|
|
(Conversely: --no-eradicate-only)
|
|
|
|
|
|
|
|
--no-fragment-retains-view
|
|
|
|
Deactivates: detects when Android fragments are not explicitly
|
|
|
|
nullified before becoming unreabable (Conversely:
|
|
|
|
--fragment-retains-view)
|
|
|
|
|
|
|
|
--fragment-retains-view-only
|
|
|
|
Activates: Enable --fragment-retains-view and disable all other
|
|
|
|
checkers (Conversely: --no-fragment-retains-view-only)
|
|
|
|
|
|
|
|
--help
|
|
|
|
Show this manual
|
|
|
|
|
|
|
|
--help-format { auto | groff | pager | plain }
|
|
|
|
Show this help in the specified format. auto sets the format to
|
|
|
|
plain if the environment variable TERM is "dumb" or undefined, and
|
|
|
|
to pager otherwise. (default: auto)
|
|
|
|
|
|
|
|
--help-full
|
|
|
|
Show this manual with all internal options in the INTERNAL OPTIONS
|
|
|
|
section
|
|
|
|
|
|
|
|
--immutable-cast
|
|
|
|
Activates: the detection of object cast from immutable type to
|
|
|
|
mutable type. For instance, it will detect cast from ImmutableList
|
|
|
|
to List, ImmutableMap to Map, and ImmutableSet to Set.
|
|
|
|
(Conversely: --no-immutable-cast)
|
|
|
|
|
|
|
|
--immutable-cast-only
|
|
|
|
Activates: Enable --immutable-cast and disable all other checkers
|
|
|
|
(Conversely: --no-immutable-cast-only)
|
|
|
|
|
|
|
|
--no-inefficient-keyset-iterator
|
|
|
|
Deactivates: Check for inefficient uses of keySet iterator that
|
|
|
|
access both the key and the value. (Conversely:
|
|
|
|
--inefficient-keyset-iterator)
|
|
|
|
|
|
|
|
--inefficient-keyset-iterator-only
|
|
|
|
Activates: Enable --inefficient-keyset-iterator and disable all
|
|
|
|
other checkers (Conversely: --no-inefficient-keyset-iterator-only)
|
|
|
|
|
|
|
|
--jobs,-j int
|
|
|
|
Run the specified number of analysis jobs simultaneously (default:
|
|
|
|
<number of cores>)
|
|
|
|
|
|
|
|
--keep-going
|
|
|
|
Activates: Keep going when the analysis encounters a failure
|
|
|
|
(Conversely: --no-keep-going)
|
|
|
|
|
|
|
|
--no-linters
|
|
|
|
Deactivates: syntactic linters (Conversely: --linters)
|
|
|
|
|
|
|
|
--linters-only
|
|
|
|
Activates: Enable --linters and disable all other checkers
|
|
|
|
(Conversely: --no-linters-only)
|
|
|
|
|
|
|
|
--litho
|
|
|
|
Activates: Experimental checkers supporting the Litho framework
|
|
|
|
(Conversely: --no-litho)
|
|
|
|
|
|
|
|
--litho-only
|
|
|
|
Activates: Enable --litho and disable all other checkers
|
|
|
|
(Conversely: --no-litho-only)
|
|
|
|
|
|
|
|
--no-liveness
|
|
|
|
Deactivates: the detection of dead stores and unused variables
|
|
|
|
(Conversely: --liveness)
|
|
|
|
|
|
|
|
--liveness-only
|
|
|
|
Activates: Enable --liveness and disable all other checkers
|
|
|
|
(Conversely: --no-liveness-only)
|
|
|
|
|
|
|
|
--loop-hoisting
|
|
|
|
Activates: checker for loop-hoisting (Conversely:
|
|
|
|
--no-loop-hoisting)
|
|
|
|
|
|
|
|
--loop-hoisting-only
|
|
|
|
Activates: Enable --loop-hoisting and disable all other checkers
|
|
|
|
(Conversely: --no-loop-hoisting-only)
|
|
|
|
|
|
|
|
--nullsafe
|
|
|
|
Activates: [EXPERIMENTAL] Nullable type checker (incomplete: use
|
|
|
|
--eradicate for now) (Conversely: --no-nullsafe)
|
|
|
|
|
|
|
|
--nullsafe-only
|
|
|
|
Activates: Enable --nullsafe and disable all other checkers
|
|
|
|
(Conversely: --no-nullsafe-only)
|
|
|
|
|
|
|
|
--perf-profiler-data-file file
|
|
|
|
Specify the file containing perf profiler data to read
|
|
|
|
|
|
|
|
--print-active-checkers
|
|
|
|
Activates: Print the active checkers before starting the analysis
|
|
|
|
(Conversely: --no-print-active-checkers)
|
|
|
|
|
|
|
|
--print-logs
|
|
|
|
Activates: Also log messages to stdout and stderr (Conversely:
|
|
|
|
--no-print-logs)
|
|
|
|
|
|
|
|
--printf-args
|
|
|
|
Activates: the detection of mismatch between the Java printf
|
|
|
|
format strings and the argument types For, example, this checker
|
|
|
|
will warn about the type error in `printf("Hello %d", "world")`
|
|
|
|
(Conversely: --no-printf-args)
|
|
|
|
|
|
|
|
--printf-args-only
|
|
|
|
Activates: Enable --printf-args and disable all other checkers
|
|
|
|
(Conversely: --no-printf-args-only)
|
|
|
|
|
|
|
|
--progress-bar-style { auto | plain | multiline }
|
|
|
|
Style of the progress bar. auto selects multiline if connected to
|
|
|
|
a tty, otherwise plain. (default: auto)
|
|
|
|
|
|
|
|
--project-root,-C dir
|
|
|
|
Specify the root directory of the project (default: .)
|
|
|
|
|
|
|
|
--pulse
|
|
|
|
Activates: [EXPERIMENTAL] C++ lifetime analysis (Conversely:
|
|
|
|
--no-pulse)
|
|
|
|
|
|
|
|
--pulse-only
|
|
|
|
Activates: Enable --pulse and disable all other checkers
|
|
|
|
(Conversely: --no-pulse-only)
|
|
|
|
|
|
|
|
--purity
|
|
|
|
Activates: [EXPERIMENTAL] Purity analysis (Conversely:
|
|
|
|
--no-purity)
|
|
|
|
|
|
|
|
--purity-only
|
|
|
|
Activates: Enable --purity and disable all other checkers
|
|
|
|
(Conversely: --no-purity-only)
|
|
|
|
|
|
|
|
--quandary
|
|
|
|
Activates: the quandary taint analysis (Conversely: --no-quandary)
|
|
|
|
|
|
|
|
--quandary-only
|
|
|
|
Activates: Enable --quandary and disable all other checkers
|
|
|
|
(Conversely: --no-quandary-only)
|
|
|
|
|
|
|
|
--quandaryBO
|
|
|
|
Activates: [EXPERIMENTAL] The quandaryBO tainted buffer access
|
|
|
|
analysis (Conversely: --no-quandaryBO)
|
|
|
|
|
|
|
|
--quandaryBO-only
|
|
|
|
Activates: Enable --quandaryBO and disable all other checkers
|
|
|
|
(Conversely: --no-quandaryBO-only)
|
|
|
|
|
|
|
|
--quiet,-q
|
|
|
|
Activates: Do not print specs on standard output (default: only
|
|
|
|
print for the report command) (Conversely: --no-quiet | -Q)
|
|
|
|
|
|
|
|
--no-racerd
|
|
|
|
Deactivates: the RacerD thread safety analysis (Conversely:
|
|
|
|
--racerd)
|
|
|
|
|
|
|
|
--racerd-only
|
|
|
|
Activates: Enable --racerd and disable all other checkers
|
|
|
|
(Conversely: --no-racerd-only)
|
|
|
|
|
|
|
|
--reactive,-r
|
|
|
|
Activates: Reactive mode: the analysis starts from the files
|
|
|
|
captured since the infer command started (Conversely:
|
|
|
|
--no-reactive | -R)
|
|
|
|
|
|
|
|
--no-report
|
|
|
|
Deactivates: Run the reporting phase once the analysis has
|
|
|
|
completed (Conversely: --report)
|
|
|
|
|
|
|
|
--report-force-relative-path
|
|
|
|
Activates: Force converting an absolute path to a relative path to
|
|
|
|
the root directory (Conversely: --no-report-force-relative-path)
|
|
|
|
|
|
|
|
--report-hook script
|
|
|
|
Specify a script to be executed after the analysis results are
|
|
|
|
written. This script will be passed, --issues-json, --issues-txt,
|
|
|
|
--issues-xml, --project-root, and --results-dir. (default: <infer
|
|
|
|
installation directory>/lib/python/report.py)
|
|
|
|
|
|
|
|
--results-dir,-o dir
|
|
|
|
Write results and internal files in the specified directory
|
|
|
|
(default: ./infer-out)
|
|
|
|
|
|
|
|
--no-siof
|
|
|
|
Deactivates: the Static Initialization Order Fiasco analysis (C++
|
|
|
|
only) (Conversely: --siof)
|
|
|
|
|
|
|
|
--siof-only
|
|
|
|
Activates: Enable --siof and disable all other checkers
|
|
|
|
(Conversely: --no-siof-only)
|
|
|
|
|
|
|
|
--sqlite-lock-timeout int
|
|
|
|
Timeout for SQLite results database operations, in milliseconds.
|
|
|
|
(default: five seconds times number of cores)
|
|
|
|
|
|
|
|
--no-starvation
|
|
|
|
Deactivates: starvation analysis (Conversely: --starvation)
|
|
|
|
|
|
|
|
--starvation-only
|
|
|
|
Activates: Enable --starvation and disable all other checkers
|
|
|
|
(Conversely: --no-starvation-only)
|
|
|
|
|
|
|
|
--no-uninit
|
|
|
|
Deactivates: checker for use of uninitialized values (Conversely:
|
|
|
|
--uninit)
|
|
|
|
|
|
|
|
--uninit-only
|
|
|
|
Activates: Enable --uninit and disable all other checkers
|
|
|
|
(Conversely: --no-uninit-only)
|
|
|
|
BUCK FLAVORS OPTIONS
|
|
|
|
--merge
|
|
|
|
Activates: Merge the captured results directories specified in the
|
|
|
|
dependency file (Conversely: --no-merge)
|
|
|
|
BUFFER OVERRUN OPTIONS
|
|
|
|
--bo-debug int
|
|
|
|
Debug level for buffer-overrun checker (0-4) (default: 0)
|
|
|
|
|
|
|
|
--bo-relational-domain { oct | poly }
|
|
|
|
Select a relational domain being used in the bufferoverrun checker
|
|
|
|
(experimental)
|
|
|
|
CLANG OPTIONS
|
|
|
|
--annotation-reachability-cxx json
|
|
|
|
Specify annotation reachability analyses to be performed on
|
|
|
|
C/C++/ObjC code. Each entry is a JSON object whose key is the
|
|
|
|
issue name. "sources" and "sinks" can be specified either by
|
|
|
|
symbol or path prefix. "sinks" optionally can specify "overrides"
|
|
|
|
(by symbol or path prefix) that block the reachability analysis
|
|
|
|
when hit. Example: {
|
|
|
|
"ISOLATED_REACHING_CONNECT": {
|
|
|
|
"doc_url": "http:://optional/issue/doc/link.html",
|
|
|
|
"sources": {
|
|
|
|
"desc": "Code that should not call connect [optional]",
|
|
|
|
"paths": [ "isolated/" ]
|
|
|
|
},
|
|
|
|
"sinks": {
|
|
|
|
"symbols": [ "connect" ],
|
|
|
|
"overrides": { "symbols": [ "Trusted::" ] }
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
This will cause us to create a new ISOLATED_REACHING_CONNECT
|
|
|
|
issue for every function whose source path starts with "isolated/"
|
|
|
|
that may reach the function named "connect", ignoring paths that
|
|
|
|
go through a symbol starting with "Trusted::".
|
|
|
|
(default: [])
|
|
|
|
|
|
|
|
--annotation-reachability-cxx-sources json
|
|
|
|
Override sources in all cxx annotation reachability specs with the
|
|
|
|
given sources spec (default: [])
|
|
|
|
|
|
|
|
--cxx-scope-guards json
|
|
|
|
Specify scope guard classes that can be read only by destructors
|
|
|
|
without being reported as dead stores. (default: [])
|
|
|
|
|
|
|
|
--liveness-dangerous-classes json
|
|
|
|
Specify classes where the destructor should be ignored when
|
|
|
|
computing liveness. In other words, assignement to variables of
|
|
|
|
these types (or common wrappers around these types such as
|
|
|
|
unique_ptr<type>) will count as dead stores when the variables are
|
|
|
|
not read explicitly by the program. (default: [])
|
|
|
|
|
|
|
|
--ml-buckets ,-separated sequence of { all | cf | arc | narc | cpp |
|
|
|
|
unknown_origin }
|
|
|
|
Specify the memory leak buckets to be checked in C++:
|
|
|
|
- cpp from C++ code
|
|
|
|
(default: cf)
|
|
|
|
|
|
|
|
--unsafe-malloc
|
|
|
|
Activates: Assume that malloc(3) never returns null. (Conversely:
|
|
|
|
--no-unsafe-malloc)
|
|
|
|
JAVA OPTIONS
|
|
|
|
--annotation-reachability-custom-pairs json
|
|
|
|
Specify custom sources/sink for the annotation reachability
|
|
|
|
checker Example format: for custom annotations
|
|
|
|
com.my.annotation.{Source1,Source2,Sink1}
|
|
|
|
{ "sources" : ["Source1", "Source2"], "sink" : "Sink1" }
|
|
|
|
(default: [])
|
|
|
|
|
|
|
|
--external-java-packages +prefix
|
|
|
|
Specify a list of Java package prefixes for external Java
|
|
|
|
packages. If set, the analysis will not report non-actionable
|
|
|
|
warnings on those packages.
|
|
|
|
QUANDARY CHECKER OPTIONS
|
|
|
|
--quandary-endpoints json
|
|
|
|
Specify endpoint classes for Quandary (default: [])
|
|
|
|
|
|
|
|
--quandary-sanitizers json
|
|
|
|
Specify custom sanitizers for Quandary (default: [])
|
|
|
|
|
|
|
|
--quandary-sinks json
|
|
|
|
Specify custom sinks for Quandary (default: [])
|
|
|
|
|
|
|
|
--quandary-sources json
|
|
|
|
Specify custom sources for Quandary (default: [])
|
|
|
|
RACERD CHECKER OPTIONS
|
|
|
|
--racerd-guardedby
|
|
|
|
Activates: Check @GuardedBy annotations with RacerD (Conversely:
|
|
|
|
--no-racerd-guardedby)
|
|
|
|
|
|
|
|
--threadsafe-aliases json
|
|
|
|
Specify custom annotations that should be considered aliases of
|
|
|
|
@ThreadSafe (default: [])
|
|
|
|
SIOF CHECKER OPTIONS
|
|
|
|
--siof-check-iostreams
|
|
|
|
Activates: Do not assume that iostreams (cout, cerr, ...) are
|
|
|
|
always initialized. The default is to assume they are always
|
|
|
|
initialized when --cxx-infer-headers is false to avoid false
|
|
|
|
positives due to lack of models of the proper initialization of io
|
|
|
|
streams. However, if your program compiles against a recent
|
|
|
|
libstdc++ then the infer models are not needed for precision and
|
|
|
|
it is safe to turn this option on. (Conversely:
|
|
|
|
--no-siof-check-iostreams)
|
|
|
|
|
|
|
|
--siof-safe-methods +string
|
|
|
|
Methods that are SIOF-safe; "foo::bar" will match "foo::bar()",
|
|
|
|
"foo<int>::bar()", etc. (can be specified multiple times)
|
|
|
|
|
|
|
|
|
|
|
|
ENVIRONMENT
|
|
|
|
INFER_ARGS, INFERCONFIG, INFER_STRICT_MODE
|
|
|
|
See the ENVIRONMENT section in the manual of infer(1).
|
|
|
|
|
|
|
|
FILES
|
|
|
|
.inferconfig
|
|
|
|
See the FILES section in the manual of infer(1).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SEE ALSO
|
|
|
|
infer-report(1), infer-run(1)
|
|
|
|
|
|
|
|
|
|
|
|
|