infer

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
ENVIRONMENT
FILES
SEE ALSO

NAME

infer - static analysis for Java and C/C++/Objective-C/Objective-C++

SYNOPSIS

infer analyze [options]
infer capture
[options]
infer compile
[options]
infer help
[options]
infer explore
[options]
infer report
[options]
infer reportdiff
[options]
infer run
[options]
infer --compilation-database[-escaped]
file [options]
infer
[options] -- compile command
infer
[options]

DESCRIPTION

Infer is a static analyzer. Given a collection of source files written in Java or in languages of the C family, and a command to build them, infer produces a list of potential issues.

Infer consists of a collection of tools referenced in the SEE ALSO section of this manual. See their respective manuals for more information.

When run without a subcommand, and if a compilation command is specified via the -- option or one of the --clang-compilation-database[-escaped] options, then infer behaves as infer-run(1). Otherwise, infer behaves as infer-analyze(1).

OPTIONS

Every infer command accepts the arguments from all the other infer commands.

Options are read from the .inferconfig file, then from the INFER_ARGS environment variable, then from the command line. Options in INFER_ARGS take precedence over options in .inferconfig, and options passed on the command line take precedence over options in INFER_ARGS. See the ENVIRONMENT and FILES sections of this manual for more information.

Options can be specified inside an argument file file by passing @file as argument. The format is one option per line, and enclosing single ' and double " quotes are ignored.

Options without a default value (e.g., --linter) and options with list-like values (e.g., --Xbuck) all have a corresponding --option-reset flag that resets their values to nothing or the empty list, respectively. For instance, --Xbuck-reset will cancel any previous --Xbuck option passed to infer.

See the manuals of individual infer commands for details about their supported options. The following is a list of all the supported options (see also --help-full for options reserved for internal use).
--annotation-reachability

Activates: checker annotation-reachability: Given a pair of source and sink annotation, e.g. ‘@PerformanceCritical‘ and ‘@Expensive‘, this checker will warn whenever some method annotated with ‘@PerformanceCritical‘ calls, directly or indirectly, another method annotated with ‘@Expensive‘ (Conversely: --no-annotation-reachability)

See also infer-analyze(1).
--annotation-reachability-custom-pairs
json

Specify custom sources/sink for the annotation reachability checker

Example format: for custom annotations
com.my.annotation.{Source1,Source2,Sink1}
{ "sources" : ["Source1", "Source2"], "sink" : "Sink1" }
See also infer-analyze(1).
--annotation-reachability-cxx
json

Specify annotation reachability analyses to be performed on C/C++/ObjC code. Each entry is a JSON object whose key is the issue name. "sources" and "sinks" can be specified either by symbol (including regexps) or path prefix. "sinks" optionally can specify "overrides" (by symbol or path prefix) that block the reachability analysis when hit. Example:

{
"ISOLATED_REACHING_CONNECT": {
"doc_url":
"http:://example.com/issue/doc/optional_link.html",
"sources": {
"desc": "Code that should not call connect [optional]",
"paths": [ "isolated/" ]
},
"sinks": {
"symbols": [ "connect" ],
"overrides": { "symbol_regexps": [ ".*::Trusted::.*" ] }
}
}
}
This will cause us to create a new ISOLATED_REACHING_CONNECT
issue for every function whose source path starts with "isolated/"
that may reach the function named "connect", ignoring paths that
go through a symbol matching the OCaml regexp ".*::Trusted::.*".
See also infer-analyze(1).
--annotation-reachability-cxx-sources
json

Override sources in all cxx annotation reachability specs with the given sources spec

See also infer-analyze(1).
--annotation-reachability-only

Activates: Enable annotation-reachability and disable all other checkers (Conversely: --no-annotation-reachability-only)

See also infer-analyze(1).
--append-buck-flavors
+string

Additional Buck flavors to append to targets discovered by the --buck-compilation-database option.

See also infer-capture(1).
--no-biabduction

Deactivates: checker biabduction: This analysis deals with a range of issues, many linked to memory safety. (Conversely: --biabduction)

See also infer-analyze(1).
--biabduction-only

Activates: Enable biabduction and disable all other checkers (Conversely: --no-biabduction-only)

See also infer-analyze(1).
--biabduction-unsafe-malloc

Activates: Assume that malloc(3) never returns null. (Conversely: --no-biabduction-unsafe-malloc)

See also infer-analyze(1).
--biabduction-write-dotty

Activates: Produce dotty files for specs and retain cycles reports in infer-out/captured. (Conversely: --no-biabduction-write-dotty)

See also infer-analyze(1).
--bo-debug
int

Debug level for buffer-overrun checker (0-4)

See also infer-analyze(1).
--bo-field-depth-limit
int

Limit of field depth of abstract location in buffer-overrun checker

See also infer-analyze(1).
--bootclasspath
string

Specify the Java bootclasspath

See also infer-capture(1).
--buck-blacklist
+regex

Skip capture of files matched by the specified regular expression. Only the clang, non-compilation-database

Buck integration is supported, not Java.
See also infer-capture(1) and infer-run(1).
--buck-clang

Activates: Buck integration for clang-based targets (C/C++/Objective-C/Objective-C++). (Conversely: --no-buck-clang)

See also infer-capture(1).
--buck-compilation-database
{ no-deps | deps }

Buck integration using the compilation database, with or without dependencies. Only includes clang targets, as per Buck's #compilation-database flavor.

See also infer-capture(1).
--buck-compilation-database-depth
int

Depth of dependencies used by the --buck-compilation-database deps option. By default, all recursive dependencies are captured.

See also infer-capture(1).
--buck-java-flavor

Activates: Buck integration for Java which uses the buck flavor #infer-java-capture instead of genrules like buck-java. (Conversely: --no-buck-java-flavor)

See also infer-capture(1).
--buck-java-flavor-suppress-config

Activates: Suppress setting buck config values for the infer binary and its version in the buck-java-flavor integration. (Conversely: --no-buck-java-flavor-suppress-config)

See also infer-capture(1).
--buck-java-heap-size-gb
int

Explicitly set the size of the Java heap of Buck processes, in gigabytes.

See also infer-capture(1).
--buck-merge-all-deps

Activates: Find and merge all infer dependencies produced by buck. Use this flag if infer doesn't find any files to analyze after a successful capture. Only valid for --buck-clang. (Conversely: --no-buck-merge-all-deps)

See also infer-capture(1).
--buck-targets-blacklist
+regex

Skip capture of buck targets matched by the specified regular expression. Only valid for --buck-compilation-database.

See also infer-capture(1) and infer-run(1).
--bufferoverrun

Activates: checker bufferoverrun: InferBO is a detector for out-of-bounds array accesses. (Conversely: --no-bufferoverrun)

See also infer-analyze(1).
--bufferoverrun-only

Activates: Enable bufferoverrun and disable all other checkers (Conversely: --no-bufferoverrun-only)

See also infer-analyze(1).
--capture-blacklist
regex

Skip capture of files matched by the specified OCaml regular expression (only supported by the javac integration for now).

See also infer-capture(1) and infer-run(1).
--censor-report
+string

Specify a filter for issues to be censored by adding a 'censored_reason' field in the json report. Infer will not report censored issues on the console output and in report.txt, but tools that post-process the json report can take them into account. If multiple filters are specified, they are applied in the order in which they are specified. Each filter is applied to each issue detected, and only issues which are accepted by all filters are reported. Each filter is of the form: ‘<issue_type_regex>:<filename_regex>:<reason_string>‘. The first two components are OCaml Str regular expressions, with an optional ‘!‘ character prefix. If a regex has a ‘!‘ prefix, the polarity is inverted, and the filter becomes a "blacklist" instead of a "whitelist". Each filter is interpreted as an implication: an issue matches if it does not match the ‘issue_type_regex‘ or if it does match the ‘filename_regex‘. The filenames that are tested by the regex are relative to the ‘--project-root‘ directory. The ‘<reason_string>‘ is a non-empty string used to explain why the issue was filtered.

See also infer-report(1) and infer-run(1).
--cfg-json
file

Path to CFG json file

See also infer-analyzejson(1).
--changed-files-index
file

Specify the file containing the list of source files from which reactive analysis should start. Source files should be specified relative to project root or be absolute

See also infer-analyze(1).
--clang-biniou-file
file

Specify a file containing the AST of the program, in biniou format. Please note you still need to provide a compilation command.

See also infer-capture(1).
--clang-blacklisted-flags
+string

Clang flags to filter out

See also infer-capture(1).
--clang-blacklisted-flags-with-arg
+string

Clang flags (taking args) to filter out

See also infer-capture(1).
--clang-compound-literal-init-limit
int

Limit after which initialization of compound types (structs and arrays) is not done element by element but using a builtin function that each analysis has to model.

See also infer-analyze(1) and infer-capture(1).
--clang-yojson-file
file

Specify a file containing the AST of the program, in yojson format. Please note you still need to provide a compilation command.

See also infer-capture(1).
--compilation-database
+path

File that contain compilation commands (can be specified multiple times)

See also infer-capture(1).
--compilation-database-escaped
+path

File that contain compilation commands where all entries are escaped for the shell, eg coming from Xcode (can be specified multiple times)

See also infer-capture(1).
--config-checks-between-markers

Activates: checker config-checks-between-markers: [EXPERIMENTAL] Collects config checks between marker start and end. (Conversely: --no-config-checks-between-markers)

See also infer-analyze(1).
--config-checks-between-markers-only

Activates: Enable config-checks-between-markers and disable all other checkers (Conversely: --no-config-checks-between-markers-only)

See also infer-analyze(1).
--config-impact-analysis

Activates: checker config-impact-analysis: [EXPERIMENTAL] Collects function that are called without config checks. (Conversely: --no-config-impact-analysis)

See also infer-analyze(1).
--config-impact-analysis-only

Activates: Enable config-impact-analysis and disable all other checkers (Conversely: --no-config-impact-analysis-only)

See also infer-analyze(1).
--config-impact-current
path

Config impact report of the latest revision

See also infer-reportdiff(1).
--config-impact-data-file
file

[ConfigImpact] Specify the file containing the config data

See also infer-report(1).
--config-impact-issues-tests
file

Write a list of config impact issues in a format suitable for config impact tests to file

See also infer-report(1).
--config-impact-max-callees-to-print
int

Specify the maximum number of unchecked callees to print in the config impact checker

See also infer-report(1) and infer-reportdiff(1).
--config-impact-previous
path

Config impact report of the base revision to use for comparison

See also infer-reportdiff(1).
--continue

Activates: Continue the capture for the reactive analysis, increasing the changed files/procedures. (If a procedure was changed beforehand, keep the changed marking.) (Conversely: --no-continue)

See also infer-capture(1).
--continue-analysis

Activates: Continue the analysis after more targets are captured by --continue. The other analysis options should be given the same before. Not compatible with --reanalyze and --incremental-analysis. (Conversely: --no-continue-analysis)

See also infer-analyze(1).
--cost

Activates: checker cost: Computes the time complexity of functions and methods. Can be used to detect changes in runtime complexity with ‘infer reportdiff‘. (Conversely: --no-cost)

See also infer-analyze(1).
--cost-issues-tests
file

Write a list of cost issues in a format suitable for cost tests to file

See also infer-report(1).
--cost-only

Activates: Enable cost and disable all other checkers (Conversely: --no-cost-only)

See also infer-analyze(1).
--no-cost-suppress-func-ptr

Deactivates: Suppress printing function pointers in cost reports (Conversely: --cost-suppress-func-ptr)

See also infer-analyze(1).
--cost-tests-only-autoreleasepool

Activates: [EXPERIMENTAL] Report only autoreleasepool size results in cost tests (Conversely: --no-cost-tests-only-autoreleasepool)

See also infer-report(1) and infer-reportdiff(1).
--costs-current
path

Costs report of the latest revision

See also infer-reportdiff(1).
--costs-previous
path

Costs report of the base revision to use for comparison

See also infer-reportdiff(1).
--custom-symbols
json

Specify named lists of symbols available to rules

See also infer-analyze(1).
--no-cxx

Deactivates: Analyze C++ methods (Conversely: --cxx)

See also infer-capture(1).
--cxx-scope-guards
json

Specify scope guard classes that can be read only by destructors without being reported as dead stores.

See also infer-analyze(1).
--debug
,-g

Activates: Debug mode (also sets --debug-level 2, --developer-mode, --print-buckets, --print-types, --reports-include-ml-loc, --no-only-cheap-debug, --trace-error, --write-html) (Conversely: --no-debug | -G)

See also infer-analyze(1), infer-analyzejson(1),
infer-capture
(1), infer-compile(1), infer-report(1),
infer-reportdiff
(1), and infer-run(1).
--debug-level
level

Debug level (sets --bo-debug level, --debug-level-analysis level, --debug-level-capture level, --debug-level-linters level):

- 0: only basic debugging enabled
- 1: verbose debugging enabled
- 2: very verbose debugging enabled
See also infer-analyze(1), infer-analyzejson(1),
infer-capture
(1), infer-compile(1), infer-report(1),
infer-reportdiff
(1), and infer-run(1).
--debug-level-analysis
int

Debug level for the analysis. See --debug-level for accepted values.

See also infer-analyze(1), infer-analyzejson(1),
infer-capture
(1), infer-compile(1), infer-report(1),
infer-reportdiff
(1), and infer-run(1).
--debug-level-capture
int

Debug level for the capture. See --debug-level for accepted values.

See also infer-analyze(1), infer-analyzejson(1),
infer-capture
(1), infer-compile(1), infer-report(1),
infer-reportdiff
(1), and infer-run(1).
--debug-level-linters
int

Debug level for the linters. See --debug-level for accepted values.

See also infer-analyze(1), infer-analyzejson(1),
infer-capture
(1), infer-compile(1), infer-report(1),
infer-reportdiff
(1), and infer-run(1).
--no-deduplicate

Deactivates: Apply issue-specific deduplication during analysis and/or reporting. (Conversely: --deduplicate)

See also infer-analyze(1), infer-report(1), and
infer-reportdiff
(1).
--no-default-checkers

Deactivates: Default checkers: --biabduction, --fragment-retains-view, --inefficient-keyset-iterator, --linters, --liveness, --racerd, --dotnet-resource-leak, --siof, --self-in-block, --starvation (Conversely: --default-checkers)

See also infer-analyze(1).
--no-default-linters

Deactivates: Use the default linters for the analysis. (Conversely: --default-linters)

See also infer-capture(1).
--dependencies

Activates: Translate all the dependencies during the capture. The classes in the given jar file will be translated. No sources needed. (Conversely: --no-dependencies)

See also infer-capture(1).
--differential-filter-files
string

Specify the file containing the list of source files for which a differential report is desired. Source files should be specified relative to project root or be absolute

See also infer-report(1).
--disable-issue-type
+issue_type

Do not show reports coming from this type of issue. Each checker can report a range of issue types. This option provides fine-grained filtering over which types of issue should be reported once the checkers have run. In particular, note that disabling issue types does not make the corresponding checker not run.

Available issue types are as follows:
ARBITRARY_CODE_EXECUTION_UNDER_LOCK (enabled by default),
ARRAY_OUT_OF_BOUNDS_L1 (disabled by default),
ARRAY_OUT_OF_BOUNDS_L2 (disabled by default),
ARRAY_OUT_OF_BOUNDS_L3 (disabled by default),
ASSIGN_POINTER_WARNING (enabled by default),
AUTORELEASEPOOL_SIZE_COMPLEXITY_INCREASE (enabled by default),
AUTORELEASEPOOL_SIZE_COMPLEXITY_INCREASE_UI_THREAD (enabled by
default),
AUTORELEASEPOOL_SIZE_UNREACHABLE_AT_EXIT (disabled by default),
Abduction_case_not_implemented (enabled by default),
Array_of_pointsto (enabled by default),
Assert_failure (enabled by default),
BAD_POINTER_COMPARISON (enabled by default),
BIABDUCTION_ANALYSIS_STOPS (disabled by default),
BIABDUCTION_MEMORY_LEAK (disabled by default),
BUFFER_OVERRUN_L1 (enabled by default),
BUFFER_OVERRUN_L2 (enabled by default),
BUFFER_OVERRUN_L3 (enabled by default),
BUFFER_OVERRUN_L4 (disabled by default),
BUFFER_OVERRUN_L5 (disabled by default),
BUFFER_OVERRUN_S2 (enabled by default),
BUFFER_OVERRUN_U5 (disabled by default),
Bad_footprint (enabled by default),
CAPTURED_STRONG_SELF (enabled by default),
CHECKERS_ALLOCATES_MEMORY (enabled by default),
CHECKERS_ANNOTATION_REACHABILITY_ERROR (enabled by default),
CHECKERS_CALLS_EXPENSIVE_METHOD (enabled by default),
CHECKERS_EXPENSIVE_OVERRIDES_UNANNOTATED (enabled by default),
CHECKERS_FRAGMENT_RETAINS_VIEW (enabled by default),
CHECKERS_IMMUTABLE_CAST (enabled by default),
CHECKERS_PRINTF_ARGS (enabled by default),
CLASS_CAST_EXCEPTION (disabled by default),
COMPONENT_WITH_MULTIPLE_FACTORY_METHODS (enabled by default),
CONDITION_ALWAYS_FALSE (disabled by default),
CONDITION_ALWAYS_TRUE (disabled by default),
CONFIG_CHECKS_BETWEEN_MARKERS (disabled by default),
CONFIG_IMPACT (disabled by default),
CONSTANT_ADDRESS_DEREFERENCE (disabled by default),
CREATE_INTENT_FROM_URI (enabled by default),
CROSS_SITE_SCRIPTING (enabled by default),
CXX_REFERENCE_CAPTURED_IN_OBJC_BLOCK (enabled by default),
Cannot_star (enabled by default),
DANGLING_POINTER_DEREFERENCE (disabled by default),
DANGLING_POINTER_DEREFERENCE_MAYBE (disabled by default),
DEADLOCK (enabled by default),
DEAD_STORE (enabled by default),
DIRECT_ATOMIC_PROPERTY_ACCESS (enabled by default),
DISCOURAGED_WEAK_PROPERTY_CUSTOM_SETTER (enabled by default),
DIVIDE_BY_ZERO (disabled by default),
DOTNET_RESOURCE_LEAK (enabled by default),
DO_NOT_REPORT (enabled by default),
EMPTY_VECTOR_ACCESS (enabled by default),
ERADICATE_ANNOTATION_GRAPH (enabled by default),
ERADICATE_BAD_NESTED_CLASS_ANNOTATION (enabled by default),
ERADICATE_CONDITION_REDUNDANT (enabled by default),
ERADICATE_FIELD_NOT_INITIALIZED (enabled by default),
ERADICATE_FIELD_NOT_NULLABLE (enabled by default),
ERADICATE_FIELD_OVER_ANNOTATED (enabled by default),
ERADICATE_INCONSISTENT_SUBCLASS_PARAMETER_ANNOTATION (enabled
by default),
ERADICATE_INCONSISTENT_SUBCLASS_RETURN_ANNOTATION (enabled by
default),
ERADICATE_META_CLASS_CAN_BE_NULLSAFE (disabled by default),
ERADICATE_META_CLASS_IS_NULLSAFE (disabled by default),
ERADICATE_META_CLASS_NEEDS_IMPROVEMENT (disabled by default),
ERADICATE_NULLABLE_DEREFERENCE (enabled by default),
ERADICATE_PARAMETER_NOT_NULLABLE (enabled by default),
ERADICATE_REDUNDANT_NESTED_CLASS_ANNOTATION (enabled by
default),
ERADICATE_RETURN_NOT_NULLABLE (enabled by default),
ERADICATE_RETURN_OVER_ANNOTATED (enabled by default),
ERADICATE_UNCHECKED_USAGE_IN_NULLSAFE (enabled by default),
ERADICATE_UNVETTED_THIRD_PARTY_IN_NULLSAFE (enabled by
default),
EXECUTION_TIME_COMPLEXITY_INCREASE (enabled by default),
EXECUTION_TIME_COMPLEXITY_INCREASE_UI_THREAD (enabled by
default),
EXECUTION_TIME_UNREACHABLE_AT_EXIT (disabled by default),
EXPENSIVE_AUTORELEASEPOOL_SIZE (disabled by default),
EXPENSIVE_EXECUTION_TIME (disabled by default),
EXPENSIVE_LOOP_INVARIANT_CALL (enabled by default),
EXPOSED_INSECURE_INTENT_HANDLING (enabled by default),
Failure_exe (enabled by default),
GLOBAL_VARIABLE_INITIALIZED_WITH_FUNCTION_OR_METHOD_CALL
(disabled by default),
GUARDEDBY_VIOLATION (enabled by default),
GUARDEDBY_VIOLATION_NULLSAFE (enabled by default),
IMPURE_FUNCTION (enabled by default),
INEFFICIENT_KEYSET_ITERATOR (enabled by default),
INFERBO_ALLOC_IS_BIG (enabled by default),
INFERBO_ALLOC_IS_NEGATIVE (enabled by default),
INFERBO_ALLOC_IS_ZERO (enabled by default),
INFERBO_ALLOC_MAY_BE_BIG (enabled by default),
INFERBO_ALLOC_MAY_BE_NEGATIVE (enabled by default),
INFINITE_AUTORELEASEPOOL_SIZE (disabled by default),
INFINITE_EXECUTION_TIME (disabled by default),
INHERENTLY_DANGEROUS_FUNCTION (enabled by default),
INSECURE_INTENT_HANDLING (enabled by default),
INTEGER_OVERFLOW_L1 (enabled by default),
INTEGER_OVERFLOW_L2 (enabled by default),
INTEGER_OVERFLOW_L5 (disabled by default),
INTEGER_OVERFLOW_U5 (disabled by default),
INTERFACE_NOT_THREAD_SAFE (enabled by default),
INVARIANT_CALL (disabled by default),
IPC_ON_UI_THREAD (enabled by default),
IVAR_NOT_NULL_CHECKED (enabled by default),
Internal_error (enabled by default),
JAVASCRIPT_INJECTION (enabled by default),
LAB_RESOURCE_LEAK (enabled by default),
LOCKLESS_VIOLATION (enabled by default),
LOCK_CONSISTENCY_VIOLATION (enabled by default),
LOGGING_PRIVATE_DATA (enabled by default),
Leak_after_array_abstraction (enabled by default),
Leak_in_footprint (enabled by default),
Leak_unknown_origin (disabled by default),
MEMORY_LEAK (enabled by default),
MISSING_REQUIRED_PROP (enabled by default),
MIXED_SELF_WEAKSELF (enabled by default),
MODIFIES_IMMUTABLE (enabled by default),
MULTIPLE_WEAKSELF (enabled by default),
MUTABLE_LOCAL_VARIABLE_IN_COMPONENT_FILE (enabled by default),
Missing_fld (enabled by default),
NIL_BLOCK_CALL (enabled by default),
NIL_INSERTION_INTO_COLLECTION (enabled by default),
NIL_MESSAGING_TO_NON_POD (enabled by default),
NULLPTR_DEREFERENCE (enabled by default),
NULL_DEREFERENCE (enabled by default),
OPTIONAL_EMPTY_ACCESS (enabled by default),
PARAMETER_NOT_NULL_CHECKED (enabled by default),
POINTER_TO_CONST_OBJC_CLASS (enabled by default),
PRECONDITION_NOT_FOUND (enabled by default),
PRECONDITION_NOT_MET (enabled by default),
PREMATURE_NIL_TERMINATION_ARGUMENT (enabled by default),
PULSE_UNINITIALIZED_VALUE (enabled by default),
PURE_FUNCTION (enabled by default),
QUANDARY_TAINT_ERROR (enabled by default),
RESOURCE_LEAK (enabled by default),
RETAIN_CYCLE (enabled by default),
SHELL_INJECTION (enabled by default),
SHELL_INJECTION_RISK (enabled by default),
SKIP_FUNCTION (disabled by default),
SQL_INJECTION (enabled by default),
SQL_INJECTION_RISK (enabled by default),
STACK_VARIABLE_ADDRESS_ESCAPE (enabled by default),
STARVATION (enabled by default),
STATIC_INITIALIZATION_ORDER_FIASCO (enabled by default),
STRICT_MODE_VIOLATION (enabled by default),
STRONG_DELEGATE_WARNING (enabled by default),
STRONG_SELF_NOT_CHECKED (enabled by default),
Symexec_memory_error (enabled by default),
THREAD_SAFETY_VIOLATION (enabled by default),
THREAD_SAFETY_VIOLATION_NULLSAFE (enabled by default),
TOPL_ERROR (enabled by default),
UNINITIALIZED_VALUE (enabled by default),
UNREACHABLE_CODE (enabled by default),
UNTRUSTED_BUFFER_ACCESS (disabled by default),
UNTRUSTED_DESERIALIZATION (enabled by default),
UNTRUSTED_DESERIALIZATION_RISK (enabled by default),
UNTRUSTED_ENVIRONMENT_CHANGE_RISK (enabled by default),
UNTRUSTED_FILE (enabled by default),
UNTRUSTED_FILE_RISK (enabled by default),
UNTRUSTED_HEAP_ALLOCATION (disabled by default),
UNTRUSTED_INTENT_CREATION (enabled by default),
UNTRUSTED_URL_RISK (enabled by default),
UNTRUSTED_VARIABLE_LENGTH_ARRAY (enabled by default),
USER_CONTROLLED_SQL_RISK (enabled by default),
USE_AFTER_DELETE (enabled by default),
USE_AFTER_FREE (enabled by default),
USE_AFTER_LIFETIME (enabled by default),
VECTOR_INVALIDATION (enabled by default),
WEAK_SELF_IN_NO_ESCAPE_BLOCK (enabled by default),
Wrong_argument_number (enabled by default).
See also infer-report(1).
--dump-duplicate-symbols

Activates: Dump all symbols with the same name that are defined in more than one file. (Conversely: --no-dump-duplicate-symbols)

See also infer-capture(1).
--enable-issue-type
+issue_type

Show reports coming from this type of issue. By default, all issue types are enabled except the ones listed in --disable-issue-type. Note that enabling issue types does not make the corresponding checker run; see individual checker options to turn them on or off.

See also infer-report(1).
--eradicate

Activates: checker eradicate: The eradicate ‘@Nullable‘ checker for Java annotations. (Conversely: --no-eradicate)

See also infer-analyze(1).
--eradicate-only

Activates: Enable eradicate and disable all other checkers (Conversely: --no-eradicate-only)

See also infer-analyze(1).
--erlang-ast-dir
dir

Also load AST from all .json files in the given path. These .json files usually come from a previous run with --debug.

See also infer-capture(1).
--erlang-skip-rebar3

Activates: Skip running rebar, to save time. It is useful together with --erlang-ast-dir. (Conversely: --no-erlang-skip-rebar3)

See also infer-capture(1).
--external-java-packages
+prefix

Specify a list of Java package prefixes for external Java packages. If set, the analysis will not report non-actionable warnings on those packages.

See also infer-analyze(1).
--fail-on-issue

Activates: Exit with error code 2 if Infer found something to report (Conversely: --no-fail-on-issue)

See also infer-run(1).
--file-renamings
path

JSON with a list of file renamings to use while computing differential reports

See also infer-reportdiff(1).
--no-filtering
,-F

Deactivates: Do not show the experimental and blacklisted issue types (Conversely: --filtering | -f)

See also infer-report(1).
--force-delete-results-dir

Activates: Do not refuse to delete the results directory if it doesn't look like an infer results directory. (Conversely: --no-force-delete-results-dir)

See also infer-capture(1), infer-compile(1), and infer-run(1).
--force-integration
command

Proceed as if the first argument after -- was command. Possible values: ant, buck, gradle, gradlew, java, javac, cc, clang, gcc, clang++, c++, g++, make, configure, cmake, waf, mvn, mvnw, ndk-build, rebar3, xcodebuild.

See also infer-capture(1) and infer-run(1).
--no-fragment-retains-view

Deactivates: checker fragment-retains-view: Detects when Android fragments are not explicitly nullified before becoming unreachable. (Conversely: --fragment-retains-view)

See also infer-analyze(1).
--fragment-retains-view-only

Activates: Enable fragment-retains-view and disable all other checkers (Conversely: --no-fragment-retains-view-only)

See also infer-analyze(1).
--from-json-config-impact-report
config-impact-report.json

Load costs analysis results from a config-impact-report file.

See also infer-report(1).
--from-json-costs-report
costs-report.json

Load costs analysis results from a costs-report file.

See also infer-report(1).
--from-json-report
report.json

Load analysis results from a report file (default is to load the results from the specs files generated by the analysis).

See also infer-report(1).
--frontend-tests

Activates: Save filename.ext.test.dot with the cfg in dotty format for frontend tests (also sets --print-types) (Conversely: --no-frontend-tests)

See also infer-capture(1).
--generated-classes
path

Specify where to load the generated class files

See also infer-capture(1).
--global-tenv

Activates: Print the global type environment. (Conversely: --no-global-tenv)

See also infer-debug(1).
--headers

Activates: Analyze code in header files (Conversely: --no-headers)

See also infer-capture(1).
--help

Show this manual

See also infer-analyze(1), infer-analyzejson(1),
infer-capture
(1), infer-compile(1), infer-debug(1),
infer-explore
(1), infer-help(1), infer-report(1),
infer-reportdiff
(1), and infer-run(1).
--help-checker
+checker-id

Show information about a checker, for example biabduction. To see the list of all checkers, see --list-checkers.

See also infer-help(1).
--help-format
{ auto | groff | pager | plain }

Show this help in the specified format. auto sets the format to plain if the environment variable TERM is "dumb" or undefined, and to pager otherwise.

See also infer-analyze(1), infer-analyzejson(1),
infer-capture
(1), infer-compile(1), infer-debug(1),
infer-explore
(1), infer-help(1), infer-report(1),
infer-reportdiff
(1), and infer-run(1).
--help-full

Show this manual with all internal options in the INTERNAL OPTIONS section

See also infer-analyze(1), infer-analyzejson(1),
infer-capture
(1), infer-compile(1), infer-debug(1),
infer-explore
(1), infer-help(1), infer-report(1),
infer-reportdiff
(1), and infer-run(1).
--help-issue-type
+UNIQUE_ID

Show information about an issue type, for example NULL_DEREFERENCE. To see the list of all issue types, see --list-issue-types.

See also infer-help(1).
--no-hoisting-report-only-expensive

Deactivates: [Hoisting] Report loop-invariant calls only when the function is expensive, i.e. at least linear (Conversely: --hoisting-report-only-expensive)

See also infer-report(1).
--html

Activates: Generate an html report of issues found. (Conversely: --no-html)

See also infer-explore(1).
--immutable-cast

Activates: checker immutable-cast: Detection of object cast from immutable types to mutable types. For instance, it will detect casts from ‘ImmutableList‘ to ‘List‘, ‘ImmutableMap‘ to ‘Map‘, and ‘ImmutableSet‘ to ‘Set‘. (Conversely: --no-immutable-cast)

See also infer-analyze(1).
--immutable-cast-only

Activates: Enable immutable-cast and disable all other checkers (Conversely: --no-immutable-cast-only)

See also infer-analyze(1).
--impurity

Activates: checker impurity: Detects functions with potential side-effects. Same as "purity", but implemented on top of Pulse. (Conversely: --no-impurity)

See also infer-analyze(1).
--impurity-only

Activates: Enable impurity and disable all other checkers (Conversely: --no-impurity-only)

See also infer-analyze(1).
--impurity-report-immutable-modifications

Activates: Report modifications to immutable fields in the Impurity checker (Conversely: --no-impurity-report-immutable-modifications)

See also infer-analyze(1).
--no-inefficient-keyset-iterator

Deactivates: checker inefficient-keyset-iterator: Check for inefficient uses of iterators that iterate on keys then lookup their values, instead of iterating on key-value pairs directly. (Conversely: --inefficient-keyset-iterator)

See also infer-analyze(1).
--inefficient-keyset-iterator-only

Activates: Enable inefficient-keyset-iterator and disable all other checkers (Conversely: --no-inefficient-keyset-iterator-only)

See also infer-analyze(1).
--issues-tests
file

Write a list of issues in a format suitable for tests to file

See also infer-report(1).
--issues-tests-fields
,-separated sequence of { bug_type | bucket |
qualifier | severity | line | column | procedure | procedure_start_line
| file | bug_trace | key | hash | line_offset |
qualifier_contains_potential_exception_note | nullsafe_extra }

Fields to emit with --issues-tests

See also infer-report(1).
--java-jar-compiler
path

Specify the Java compiler jar used to generate the bytecode

See also infer-capture(1).
--java-version
int

The version of Java being used. Set it to your Java version if mvn is failing.

See also infer-analyze(1) and infer-capture(1).
--jobs
,-j int

Run the specified number of analysis jobs simultaneously

See also infer-analyze(1).
--keep-going

Activates: Keep going when the analysis encounters a failure (Conversely: --no-keep-going)

See also infer-analyze(1).
--linter
string

From the linters available, only run this one linter. (Useful together with --linters-developer-mode)

See also infer-capture(1).
--no-linters

Deactivates: checker linters: Declarative linting framework over the Clang AST. (Conversely: --linters)

See also infer-analyze(1).
--linters-def-file
+file

Specify the file containing linters definition (e.g. 'linters.al')

See also infer-capture(1).
--linters-def-folder
+dir

Specify the folder containing linters files with extension .al

See also infer-capture(1).
--linters-developer-mode

Activates: Debug mode for developing new linters. (Sets the analyzer to linters; also sets --debug, --debug-level-linters 2, --developer-mode, and unsets --allowed-failures and --default-linters. (Conversely: --no-linters-developer-mode)

See also infer-capture(1).
--linters-doc-url
+string

Specify custom documentation URL for some linter that overrides the default one. Useful if your project has specific ways of fixing a lint error that is not true in general or public info. Format: linter_name:doc_url.

See also infer-capture(1).
--linters-ignore-clang-failures

Activates: Continue linting files even if some compilation fails. (Conversely: --no-linters-ignore-clang-failures)

See also infer-capture(1).
--linters-only

Activates: Enable linters and disable all other checkers (Conversely: --no-linters-only)

See also infer-analyze(1).
--linters-validate-syntax-only

Activates: Validate syntax of AL files, then emit possible errors in JSON format to stdout (Conversely: --no-linters-validate-syntax-only)

See also infer-capture(1).
--list-checkers

Activates: Show the list of all available checkers. (Conversely: --no-list-checkers)

See also infer-help(1).
--list-issue-types

Activates: Show the list of all issue types that infer might report. (Conversely: --no-list-issue-types)

See also infer-help(1).
--litho-required-props

Activates: checker litho-required-props: Checks that all non-optional ‘@Prop‘s have been specified when constructing Litho components. (Conversely: --no-litho-required-props)

See also infer-analyze(1).
--litho-required-props-only

Activates: Enable litho-required-props and disable all other checkers (Conversely: --no-litho-required-props-only)

See also infer-analyze(1).
--no-liveness

Deactivates: checker liveness: Detection of dead stores and unused variables. (Conversely: --liveness)

See also infer-analyze(1).
--liveness-dangerous-classes
json

Specify classes where the destructor should be ignored when computing liveness. In other words, assignement to variables of these types (or common wrappers around these types such as unique_ptr<type>) will count as dead stores when the variables are not read explicitly by the program.

See also infer-analyze(1).
--liveness-ignored-constant
+string

List of integer constants to be ignored by liveness analysis

See also infer-analyze(1).
--liveness-only

Activates: Enable liveness and disable all other checkers (Conversely: --no-liveness-only)

See also infer-analyze(1).
--load-average
,-l float

Do not start new parallel jobs if the load average is greater than that specified (Buck and make only)

See also infer-capture(1).
--loop-hoisting

Activates: checker loop-hoisting: Detect opportunities to hoist function calls that are invariant outside of loop bodies for efficiency. (Conversely: --no-loop-hoisting)

See also infer-analyze(1).
--loop-hoisting-only

Activates: Enable loop-hoisting and disable all other checkers (Conversely: --no-loop-hoisting-only)

See also infer-analyze(1).
--max-jobs
int

Maximum number of analysis jobs running simultaneously

See also infer-analyze(1).
--max-nesting
int

Level of nested procedure calls to show. Trace elements beyond the maximum nesting level are skipped. If omitted, all levels are shown.

See also infer-explore(1).
--memtrace-analysis-profiling

Activates: Generate OCaml analysis allocation traces in ‘infer-out/memtrace‘. (Conversely: --no-memtrace-analysis-profiling)

See also infer-analyze(1).
--memtrace-sampling-rate
float

Sampling rate for Memtrace allocation profiling. Default is 1e-6.

See also infer-analyze(1).
--merge

Activates: Merge the captured results directories specified in the dependency file. (Conversely: --no-merge)

See also infer-analyze(1).
--pmd-xml

Activates: Output issues in (PMD) XML format in infer-out/report.xml (Conversely: --no-pmd-xml)

See also infer-run(1).
--print-active-checkers

Activates: Print the active checkers before starting the analysis (Conversely: --no-print-active-checkers)

See also infer-analyze(1).
--print-logs

Activates: Also log messages to stdout and stderr (Conversely: --no-print-logs)

See also infer-analyze(1), infer-capture(1), infer-report(1), and
infer-run
(1).
--printf-args

Activates: checker printf-args: Detect mismatches between the Java ‘printf‘ format strings and the argument types For example, this checker will warn about the type error in ‘printf("Hello %d", "world")‘ (Conversely: --no-printf-args)

See also infer-analyze(1).
--printf-args-only

Activates: Enable printf-args and disable all other checkers (Conversely: --no-printf-args-only)

See also infer-analyze(1).
--procedures

Activates: Print functions and methods discovered by infer (Conversely: --no-procedures)

See also infer-debug(1).
--procedures-attributes

Activates: Print the attributes of each procedure in the output of --procedures (Conversely: --no-procedures-attributes)

See also infer-debug(1).
--procedures-cfg

Activates: Output a dotty file in infer-out/captured/<file_name>/<proc_name>.dot for each procedure in the output of --procedures (Conversely: --no-procedures-cfg)

See also infer-debug(1).
--no-procedures-definedness

Deactivates: Include procedures definedness in the output of --procedures, i.e. whether the procedure definition was found, or only the procedure declaration, or the procedure is an auto-generated Objective-C accessor (Conversely: --procedures-definedness)

See also infer-debug(1).
--procedures-filter
filter

With --procedures, only print functions and methods (procedures) matching the specified filter. A procedure filter is of the form path_pattern:procedure_name. Patterns are interpreted as OCaml Str regular expressions. For instance, to keep only methods named "foo", one can use the filter ".*:foo", or "foo" for short.

See also infer-debug(1).
--procedures-name

Activates: Include procedures names in the output of --procedures (Conversely: --no-procedures-name)

See also infer-debug(1).
--no-procedures-source-file

Deactivates: Include the source file in which the procedure definition or declaration was found in the output of --procedures (Conversely: --procedures-source-file)

See also infer-debug(1).
--procedures-summary

Activates: Print the summaries of each procedure in the output of --procedures (Conversely: --no-procedures-summary)

See also infer-debug(1).
--procedures-summary-json

Activates: Emit the summaries of each procedure in the output of --procedures as JSON (Conversely: --no-procedures-summary-json)

See also infer-debug(1).
--no-progress-bar
,-P

Deactivates: Show a progress bar (Conversely: --progress-bar | -p)

See also infer-run(1).
--progress-bar-style
{ auto | plain | multiline }

Style of the progress bar. auto selects multiline if connected to a tty, otherwise plain.

See also infer-analyze(1) and infer-capture(1).
--project-root
,-C dir

Specify the root directory of the project

See also infer-analyze(1), infer-capture(1), infer-report(1), and
infer-run
(1).
--pulse

Activates: checker pulse: Memory and lifetime analysis. (Conversely: --no-pulse)

See also infer-analyze(1).
--pulse-cut-to-one-path-procedures-pattern
string

Regex of methods for which pulse will only explore one path. Can be used on pathologically large procedures to prevent too-big states from being produced.

See also infer-analyze(1).
--pulse-model-abort
+string

Methods that should be modelled as abort in Pulse

See also infer-analyze(1).
--pulse-model-alloc-pattern
string

Regex of methods that should be modelled as allocs in Pulse

See also infer-analyze(1).
--pulse-model-free-pattern
string

Regex of methods that should be modelled as wrappers to free(3) in Pulse. The pointer to be freed should be the first argument of the function. This should only be needed if the code of the wrapper is not visible to infer or if Pulse somehow doesn't understand it (e.g. the call is dispatched to global function pointers).

See also infer-analyze(1).
--pulse-model-malloc-pattern
string

Regex of methods that should be modelled as wrappers to malloc(3) in Pulse. The size to allocate should be the first argument of the function. See --pulse-model-free-pattern for more information.

See also infer-analyze(1).
--pulse-model-realloc-pattern
string

Regex of methods that should be modelled as wrappers to realloc(3) in Pulse. The pointer to be reallocated should be the first argument of the function and the new size the second argument. See --pulse-model-free-pattern for more information.

See also infer-analyze(1).
--pulse-model-release-pattern
string

Regex of methods that should be modelled as release in Pulse

See also infer-analyze(1).
--pulse-model-return-first-arg
string

Regex of methods that should be modelled as returning the first argument in Pulse

See also infer-analyze(1).
--pulse-model-return-nonnull
string

Regex of methods that should be modelled as returning non-null in Pulse

See also infer-analyze(1).
--pulse-model-skip-pattern
string

Regex of methods that should be modelled as "skip" in Pulse

See also infer-analyze(1).
--pulse-model-transfer-ownership
+string

Methods that should be modelled as transfering memory ownership in Pulse. Accepted formats are method or namespace::method

See also infer-analyze(1).
--pulse-only

Activates: Enable pulse and disable all other checkers (Conversely: --no-pulse-only)

See also infer-analyze(1).
--pulse-report-ignore-unknown-java-methods-patterns
+string

On Java, issues that are found on program paths that contain calls to unknown methods (those without implementation) are not reported unless all the unknown method names match this pattern. If the empty list is provided with --pulse-report-ignore-unknown-java-methods-patterns-reset, all issues will be reported regardless the presence of unknown code

See also infer-analyze(1).
--purity

Activates: checker purity: Detects pure (side-effect-free) functions. A different implementation of "impurity". (Conversely: --no-purity)

See also infer-analyze(1).
--purity-only

Activates: Enable purity and disable all other checkers (Conversely: --no-purity-only)

See also infer-analyze(1).
--quandary

Activates: checker quandary: The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a "sanitizer". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions. (Conversely: --no-quandary)

See also infer-analyze(1).
--quandary-endpoints
json

Specify endpoint classes for Quandary

See also infer-analyze(1).
--quandary-only

Activates: Enable quandary and disable all other checkers (Conversely: --no-quandary-only)

See also infer-analyze(1).
--quandary-sanitizers
json

Specify custom sanitizers for Quandary

See also infer-analyze(1).
--quandary-sinks
json

Specify custom sinks for Quandary

See also infer-analyze(1).
--quandary-sources
json

Specify custom sources for Quandary

See also infer-analyze(1).
--quiet
,-q

Activates: Do not print anything on standard output. (Conversely: --no-quiet | -Q)

See also infer-analyze(1) and infer-report(1).
--no-racerd

Deactivates: checker racerd: Thread safety analysis. (Conversely: --racerd)

See also infer-analyze(1).
--racerd-guardedby

Activates: Check @GuardedBy annotations with RacerD (Conversely: --no-racerd-guardedby)

See also infer-analyze(1).
--racerd-only

Activates: Enable racerd and disable all other checkers (Conversely: --no-racerd-only)

See also infer-analyze(1).
--no-racerd-unknown-returns-owned

Deactivates: DEPRECATED, does nothing. (Conversely: --racerd-unknown-returns-owned)

See also infer-analyze(1).
--reactive
,-r

Activates: Reactive mode: the analysis starts from the files captured since the infer command started (Conversely: --no-reactive | -R)

See also infer-analyze(1).
--no-report

Deactivates: Run the reporting phase once the analysis has completed (Conversely: --report)

See also infer-analyze(1) and infer-run(1).
--report-blacklist-files-containing
+string

Do not report any issues on files containing the specified string

See also infer-report(1) and infer-run(1).
--report-blacklist-path-regex
+path_regex

Do not report any issues on files whose relative path matches the specified OCaml regex, even if they match the whitelist specified by --report-whitelist-path-regex

See also infer-report(1) and infer-run(1).
--report-console-limit
int

Maximum number of issues to display on standard output. Unset with --report-console-limit-reset to show all.

See also infer-report(1).
--report-current
path

report of the latest revision

See also infer-reportdiff(1).
--report-force-relative-path

Activates: Force converting an absolute path to a relative path to the root directory (Conversely: --no-report-force-relative-path)

See also infer-analyze(1) and infer-run(1).
--report-formatter
{ none | phabricator }

Which formatter to use when emitting the report

See also infer-report(1).
--report-previous
path

Report of the base revision to use for comparison

See also infer-reportdiff(1).
--report-suppress-errors
+error_name

do not report a type of errors

See also infer-report(1) and infer-run(1).
--report-whitelist-path-regex
+path_regex

Report issues only on files whose relative path matches the specified OCaml regex (and which do not match --report-blacklist-path-regex)

See also infer-report(1) and infer-run(1).
--results-dir
,-o dir

Write results and internal files in the specified directory

See also infer-analyze(1), infer-capture(1), infer-explore(1),
infer-report
(1), and infer-run(1).
--scheduler
{ file | restart | callgraph }

Specify the scheduler used for the analysis phase:

- file: schedule one job per file
- callgraph: schedule one job per procedure, following the
syntactic call graph. Usually faster than "file".
- restart: same as callgraph but uses locking to try and avoid
duplicate work between different analysis processes and thus
performs better in some circumstances
See also infer-analyze(1).
--select
(N|all)

Select option number N or all of them. If omitted, prompt for input.

See also infer-debug(1) and infer-explore(1).
--no-self-in-block

Deactivates: checker self-in-block: An Objective-C-specific analysis to detect when a block captures ‘self‘. (Conversely: --self-in-block)

See also infer-analyze(1).
--self-in-block-only

Activates: Enable self-in-block and disable all other checkers (Conversely: --no-self-in-block-only)

See also infer-analyze(1).
--no-siof

Deactivates: checker siof: Catches Static Initialization Order Fiascos in C++, that can lead to subtle, compiler-version-dependent errors. (Conversely: --siof)

See also infer-analyze(1).
--siof-check-iostreams

Activates: Do not assume that iostreams (cout, cerr, ...) are always initialized. The default is to assume they are always initialized to avoid false positives. However, if your program compiles against a recent libstdc++ then it is safe to turn this option on. (Conversely: --no-siof-check-iostreams)

See also infer-analyze(1).
--siof-only

Activates: Enable siof and disable all other checkers (Conversely: --no-siof-only)

See also infer-analyze(1).
--siof-safe-methods
+string

Methods that are SIOF-safe; "foo::bar" will match "foo::bar()", "foo<int>::bar()", etc. (can be specified multiple times)

See also infer-analyze(1).
--skip-analysis-in-path
+path_prefix_OCaml_regex

Ignore files whose path matches the given prefix (can be specified multiple times)

See also infer-capture(1) and infer-run(1).
--skip-analysis-in-path-skips-compilation

Activates: Whether paths in --skip-analysis-in-path should be compiled or not (Conversely: --no-skip-analysis-in-path-skips-compilation)

See also infer-report(1).
--no-skip-duplicated-types

Deactivates: Skip fixed-then-introduced duplicated types while computing differential reports (Conversely: --skip-duplicated-types)

See also infer-reportdiff(1).
--skip-non-capture-clang-commands

Activates: Skip clang commands that Infer doesn't use to capture data (Conversely: --no-skip-non-capture-clang-commands)

See also infer-capture(1).
--skip-translation-headers
+path_regex

Ignore declarations in headers whose path matches the given OCaml regex from the start of the string during capture.

See also infer-capture(1).
--source-files

Activates: Print source files discovered by infer (Conversely: --no-source-files)

See also infer-debug(1).
--source-files-cfg

Activates: Output a dotty file in infer-out/captured for each source file in the output of --source-files (Conversely: --no-source-files-cfg)

See also infer-debug(1).
--source-files-filter
filter

With --source-files, only print source files matching the specified filter. The filter is a pattern that should match the file path. Patterns are interpreted as OCaml Str regular expressions.

See also infer-debug(1).
--source-files-freshly-captured

Activates: Print whether the source file has been captured in the most recent capture phase in the output of --source-files. (Conversely: --no-source-files-freshly-captured)

See also infer-debug(1).
--source-files-procedure-names

Activates: Print the names of procedure of each source file in the output of --source-files (Conversely: --no-source-files-procedure-names)

See also infer-debug(1).
--source-files-type-environment

Activates: Print the type environment of each source file in the output of --source-files (Conversely: --no-source-files-type-environment)

See also infer-debug(1).
--no-source-preview

Deactivates: print code excerpts around trace elements (Conversely: --source-preview)

See also infer-explore(1).
--sqlite-cache-size
int

SQLite cache size in pages (if positive) or kB (if negative), follows formal of corresponding SQLite PRAGMA.

See also infer-analyze(1), infer-capture(1), and infer-run(1).
--sqlite-lock-timeout
int

Timeout for SQLite results database operations, in milliseconds.

See also infer-analyze(1), infer-capture(1), and infer-run(1).
--sqlite-page-size
int

SQLite page size in bytes, must be a power of two between 512 and 65536.

See also infer-analyze(1), infer-capture(1), and infer-run(1).
--no-starvation

Deactivates: checker starvation: Detect various kinds of situations when no progress is being made because of concurrency errors. (Conversely: --starvation)

See also infer-analyze(1).
--starvation-only

Activates: Enable starvation and disable all other checkers (Conversely: --no-starvation-only)

See also infer-analyze(1).
--tenv-json
file

Path to TEnv json file

See also infer-analyzejson(1).
--threadsafe-aliases
json

Specify custom annotations that should be considered aliases of @ThreadSafe

See also infer-analyze(1).
--topl

Activates: checker topl: Detect errors based on user-provided state machines describing temporal properties over multiple objects. (Conversely: --no-topl)

See also infer-analyze(1).
--topl-only

Activates: Enable topl and disable all other checkers (Conversely: --no-topl-only)

See also infer-analyze(1).
--uninit

Activates: checker uninit: Warns when values are used before having been initialized. (Conversely: --no-uninit)

See also infer-analyze(1).
--uninit-only

Activates: Enable uninit and disable all other checkers (Conversely: --no-uninit-only)

See also infer-analyze(1).
--version

Print version information and exit

See also infer-run(1).
--version-json

Print version information in json format and exit

See also infer-run(1).
--workspace
path

Specifies the root of the workspace, which is a directory containing --project-root. This can be needed if the capture phase is expected to require several different project roots, all relative to a common workspace. Usually a single project root is enough, though.

See also infer-capture(1).
--write-html

Activates: Produce html debug output for the analyses in infer-out/captured. This shows the abstract state of all analyses at each program point in the source code. Each captured source file has its own html page. This HTML file contains the source file, and at each line of

the file there are links to the nodes of the control flow graph
of Infer's translation of that line of code into its intermediate
representation (SIL). This way it's possible to see what the
translation is, and the details of the symbolic execution on each
node. (Conversely: --no-write-html)
See also infer-analyze(1).
--write-website
path_to_website_dir

Use to write website files documenting issue types and checkers under path_to_website_dir/. Meant to be used within the Infer directory to generate its website at fbinfer.com at website/.

See also infer-help(1).
--Xbuck
+string

Pass values as command-line arguments to invocations of ‘buck build‘. Only valid for --buck-clang.

See also infer-capture(1).
--Xbuck-no-inline
+string

Pass values as command-line arguments to invocations of ‘buck build‘, don't inline any args starting with '@'. Only valid for --buck-clang.

See also infer-capture(1).
--Xclang
+string

Pass values as command-line arguments to invocations of clang

See also infer-capture(1).
--xcode-developer-dir
XCODE_DEVELOPER_DIR

Specify the path to Xcode developer directory, to use for Buck clang targets

See also infer-capture(1).
--xcode-isysroot-suffix
string

Specify the suffix of Xcode isysroot directory, to avoid absolute paths in tests

See also infer-analyze(1).
--xcpretty

Activates: Infer will use xcpretty together with xcodebuild to analyze an iOS app. xcpretty just needs to be in the path, infer command is still just ‘infer -- <xcodebuild command>‘. (Conversely: --no-xcpretty)

See also infer-capture(1).

--

Stop argument processing, use remaining arguments as a build command

See also infer-capture(1) and infer-run(1).

ENVIRONMENT

Extra arguments may be passed to all infer commands using the INFER_ARGS environment variable (see the OPTIONS section). INFER_ARGS is expected to contain a string of ^-separated options. For instance, calling ‘INFER_ARGS=--debug^--print-logs infer‘ is equivalent to calling ‘infer --debug --print-logs‘.

INFERCONFIG: Tells infer where to find the .inferconfig file. (See the FILES section)

If INFER_STRICT_MODE is set to "1", then infer commands will exit with an error code in some cases when otherwise a simple warning would be emitted on stderr, for instance if a deprecated form of an option is used.

FILES

.inferconfig can be used to store infer options. Its format is that of a JSON record, where fields are infer long-form options, without their leading "--", and values depend on the type of the option:
- for switches options, the value is a JSON boolean (true or false, without quotes)
- for non-switches options with no arguments (for instance the undefined option associated with a list option), the value is null
- for integers, the value is a JSON integer (without quotes)
- string options have string values
- path options have string values, and are interpreted relative to the location of the .inferconfig file
- cumulative options are JSON arrays of the appropriate type

Infer will look for an .inferconfig file in the current directory, then its parent, etc., stopping at the first .inferconfig file found.

Example:

{
"cxx": false,
"infer-blacklist-files-containing": ["@gen","/* no infer */"]
}

SEE ALSO

infer-analyze(1), infer-analyzejson(1), infer-capture(1), infer-compile(1), infer-debug(1), infer-explore(1), infer-help(1), infer-report(1), infer-reportdiff(1), infer-run(1)