NAME infer-analyze - analyze the files captured by infer SYNOPSIS infer analyze [options] infer [options] DESCRIPTION Analyze the files captured in the project results directory and report. OPTIONS --no-annotation-reachability Deactivates: the annotation reachability checker. Given a pair of source and sink annotation, e.g. @PerformanceCritical and @Expensive, this checker will warn whenever some method annotated with @PerformanceCritical calls, directly or indirectly, another method annotated with @Expensive (Conversely: --annotation-reachability) --annotation-reachability-only Activates: Enable --annotation-reachability and disable all other checkers (Conversely: --no-annotation-reachability-only) --no-biabduction Deactivates: the separation logic based bi-abduction analysis using the checkers framework (Conversely: --biabduction) --biabduction-only Activates: Enable --biabduction and disable all other checkers (Conversely: --no-biabduction-only) --bufferoverrun Activates: the buffer overrun analysis (Conversely: --no-bufferoverrun) --bufferoverrun-only Activates: Enable --bufferoverrun and disable all other checkers (Conversely: --no-bufferoverrun-only) --changed-files-index file Specify the file containing the list of source files from which reactive analysis should start. Source files should be specified relative to project root or be absolute --check-nullable Activates: checks that values annotated with nullable are always checked for null before dereference (Conversely: --no-check-nullable) --check-nullable-only Activates: Enable --check-nullable and disable all other checkers (Conversely: --no-check-nullable-only) --continue Activates: Continue the capture for the reactive analysis, increasing the changed files/procedures. (If a procedure was changed beforehand, keep the changed marking.) (Conversely: --no-continue) --cost Activates: checker for performance cost analysis (Conversely: --no-cost) --cost-only Activates: Enable --cost and disable all other checkers (Conversely: --no-cost-only) --crashcontext Activates: the crashcontext checker for Java stack trace context reconstruction (Conversely: --no-crashcontext) --crashcontext-only Activates: Enable --crashcontext and disable all other checkers (Conversely: --no-crashcontext-only) --debug,-g Activates: Debug mode (also sets --debug-level 2, --developer-mode, --no-filtering, --print-buckets, --print-types, --reports-include-ml-loc, --no-only-cheap-debug, --trace-error, --write-dotty, --write-html) (Conversely: --no-debug | -G) --debug-level level Debug level (sets --bo-debug level, --debug-level-analysis level, --debug-level-capture level, --debug-level-linters level): - 0: only basic debugging enabled - 1: verbose debugging enabled - 2: very verbose debugging enabled --debug-level-analysis int Debug level for the analysis. See --debug-level for accepted values. (default: 0) --debug-level-capture int Debug level for the capture. See --debug-level for accepted values. (default: 0) --debug-level-linters int Debug level for the linters. See --debug-level for accepted values. (default: 0) --no-default-checkers Deactivates: Default checkers: --annotation-reachability, --biabduction, --fragment-retains-view, --immutable-cast, --linters, --liveness, --ownership, --printf-args, --racerd, --siof, --uninit (Conversely: --default-checkers) --eradicate Activates: the eradicate @Nullable checker for Java annotations (Conversely: --no-eradicate) --eradicate-only Activates: Enable --eradicate and disable all other checkers (Conversely: --no-eradicate-only) --no-fragment-retains-view Deactivates: detects when Android fragments are not explicitly nullified before becoming unreabable (Conversely: --fragment-retains-view) --fragment-retains-view-only Activates: Enable --fragment-retains-view and disable all other checkers (Conversely: --no-fragment-retains-view-only) --help Show this manual --help-format { auto | groff | pager | plain } Show this help in the specified format. auto sets the format to plain if the environment variable TERM is "dumb" or undefined, and to pager otherwise. (default: auto) --help-full Show this manual with all internal options in the INTERNAL OPTIONS section --no-immutable-cast Deactivates: the detection of object cast from immutable type to mutable type. For instance, it will detect cast from ImmutableList to List, ImmutableMap to Map, and ImmutableSet to Set. (Conversely: --immutable-cast) --immutable-cast-only Activates: Enable --immutable-cast and disable all other checkers (Conversely: --no-immutable-cast-only) --jobs,-j int Run the specified number of analysis jobs simultaneously (default: ) --keep-going Activates: Keep going when the analysis encounters a failure (Conversely: --no-keep-going) --no-linters Deactivates: syntactic linters (Conversely: --linters) --linters-only Activates: Enable --linters and disable all other checkers (Conversely: --no-linters-only) --litho Activates: Experimental checkers supporting the Litho framework (Conversely: --no-litho) --litho-only Activates: Enable --litho and disable all other checkers (Conversely: --no-litho-only) --no-liveness Deactivates: the detection of dead stores and unused variables (Conversely: --liveness) --liveness-only Activates: Enable --liveness and disable all other checkers (Conversely: --no-liveness-only) --loop-hoisting Activates: checker for loop-hoisting (Conversely: --no-loop-hoisting) --loop-hoisting-only Activates: Enable --loop-hoisting and disable all other checkers (Conversely: --no-loop-hoisting-only) --no-ownership Deactivates: the detection of C++ lifetime bugs (Conversely: --ownership) --ownership-only Activates: Enable --ownership and disable all other checkers (Conversely: --no-ownership-only) --print-active-checkers Activates: Print the active checkers before starting the analysis (Conversely: --no-print-active-checkers) --print-logs Activates: Also log messages to stdout and stderr (Conversely: --no-print-logs) --no-printf-args Deactivates: the detection of mismatch between the Java printf format strings and the argument types For, example, this checker will warn about the type error in `printf("Hello %d", "world")` (Conversely: --printf-args) --printf-args-only Activates: Enable --printf-args and disable all other checkers (Conversely: --no-printf-args-only) --progress-bar-style { auto | plain | multiline } Style of the progress bar. auto selects multiline if connected to a tty, otherwise plain. (default: auto) --project-root,-C dir Specify the root directory of the project (default: .) --purity Activates: [EXPERIMENTAL] Purity analysis (Conversely: --no-purity) --purity-only Activates: Enable --purity and disable all other checkers (Conversely: --no-purity-only) --quandary Activates: the quandary taint analysis (Conversely: --no-quandary) --quandary-only Activates: Enable --quandary and disable all other checkers (Conversely: --no-quandary-only) --quandaryBO Activates: [EXPERIMENTAL] The quandaryBO tainted buffer access analysis (Conversely: --no-quandaryBO) --quandaryBO-only Activates: Enable --quandaryBO and disable all other checkers (Conversely: --no-quandaryBO-only) --quiet,-q Activates: Do not print specs on standard output (default: only print for the report command) (Conversely: --no-quiet | -Q) --no-racerd Deactivates: the RacerD thread safety analysis (Conversely: --racerd) --racerd-only Activates: Enable --racerd and disable all other checkers (Conversely: --no-racerd-only) --reactive,-r Activates: Reactive mode: the analysis starts from the files captured since the infer command started (Conversely: --no-reactive | -R) --no-report Deactivates: Run the reporting phase once the analysis has completed (Conversely: --report) --report-hook script Specify a script to be executed after the analysis results are written. This script will be passed, --issues-json, --issues-txt, --issues-xml, --project-root, and --results-dir. (default: /lib/python/report.py) --results-dir,-o dir Write results and internal files in the specified directory (default: ./infer-out) --no-siof Deactivates: the Static Initialization Order Fiasco analysis (C++ only) (Conversely: --siof) --siof-only Activates: Enable --siof and disable all other checkers (Conversely: --no-siof-only) --starvation Activates: starvation analysis (Conversely: --no-starvation) --starvation-only Activates: Enable --starvation and disable all other checkers (Conversely: --no-starvation-only) --suggest-nullable Activates: Nullable annotation sugesstions analysis (Conversely: --no-suggest-nullable) --suggest-nullable-only Activates: Enable --suggest-nullable and disable all other checkers (Conversely: --no-suggest-nullable-only) --no-uninit Deactivates: checker for use of uninitialized values (Conversely: --uninit) --uninit-only Activates: Enable --uninit and disable all other checkers (Conversely: --no-uninit-only) BUCK FLAVORS OPTIONS --merge Activates: Merge the captured results directories specified in the dependency file (Conversely: --no-merge) BUFFER OVERRUN OPTIONS --bo-debug int Debug level for buffer-overrun checker (0-4) (default: 0) --bo-relational-domain { oct | poly } Select a relational domain being used in the bufferoverrun checker (experimental) CLANG OPTIONS --cxx-scope-guards json Specify scope guard classes that can be read only by destructors without being reported as dead stores. (default: []) --ml-buckets ,-separated sequence of { all | cf | arc | narc | cpp | unknown_origin } Specify the memory leak buckets to be checked in C++: - cpp from C++ code (default: cf) --unsafe-malloc Activates: Assume that malloc(3) never returns null. (Conversely: --no-unsafe-malloc) CRASHCONTEXT OPTIONS --stacktrace file File path containing a json-encoded Java crash stacktrace. Used to guide the analysis (only with '-a crashcontext'). See tests/codetoanalyze/java/crashcontext/*.json for examples of the expected format. --stacktraces-dir dir Directory path containing multiple json-encoded Java crash stacktraces. Used to guide the analysis (only with '-a crashcontext'). See tests/codetoanalyze/java/crashcontext/*.json for examples of the expected format. JAVA OPTIONS --annotation-reachability-custom-pairs json Specify custom sources/sink for the annotation reachability checker Example format: for custom annotations com.my.annotation.{Source1,Source2,Sink1} { "sources" : ["Source1", "Source2"], "sink" : "Sink1" } (default: []) --external-java-packages +prefix Specify a list of Java package prefixes for external Java packages. If set, the analysis will not report non-actionable warnings on those packages. QUANDARY CHECKER OPTIONS --quandary-endpoints json Specify endpoint classes for Quandary (default: []) --quandary-sanitizers json Specify custom sanitizers for Quandary (default: []) --quandary-sinks json Specify custom sinks for Quandary (default: []) --quandary-sources json Specify custom sources for Quandary (default: []) RACERD CHECKER OPTIONS --threadsafe-aliases json Specify custom annotations that should be considered aliases of @ThreadSafe (default: []) SIOF CHECKER OPTIONS --siof-check-iostreams Activates: Do not assume that iostreams (cout, cerr, ...) are always initialized. The default is to assume they are always initialized when --cxx-infer-headers is false to avoid false positives due to lack of models of the proper initialization of io streams. However, if your program compiles against a recent libstdc++ then the infer models are not needed for precision and it is safe to turn this option on. (Conversely: --no-siof-check-iostreams) --siof-safe-methods +string Methods that are SIOF-safe; "foo::bar" will match "foo::bar()", "foo::bar()", etc. (can be specified multiple times) ENVIRONMENT INFER_ARGS, INFERCONFIG, INFER_STRICT_MODE See the ENVIRONMENT section in the manual of infer(1). FILES .inferconfig See the FILES section in the manual of infer(1). SEE ALSO infer-report(1), infer-run(1)