You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1453 lines
69 KiB
1453 lines
69 KiB
NAME
|
|
infer - static analysis for Java and C/C++/Objective-C/Objective-C++
|
|
|
|
SYNOPSIS
|
|
infer analyze [options]
|
|
infer capture [options]
|
|
infer compile [options]
|
|
infer help [options]
|
|
infer explore [options]
|
|
infer report [options]
|
|
infer reportdiff [options]
|
|
infer run [options]
|
|
infer --compilation-database[-escaped] file [options]
|
|
infer [options] -- compile command
|
|
infer [options]
|
|
|
|
|
|
DESCRIPTION
|
|
Infer is a static analyzer. Given a collection of source files written
|
|
in Java or in languages of the C family, and a command to build them,
|
|
infer produces a list of potential issues.
|
|
|
|
Infer consists of a collection of tools referenced in the SEE ALSO
|
|
section of this manual. See their respective manuals for more
|
|
information.
|
|
|
|
When run without a subcommand, and if a compilation command is
|
|
specified via the -- option or one of the
|
|
--clang-compilation-database[-escaped] options, then infer behaves as
|
|
infer-run(1). Otherwise, infer behaves as infer-analyze(1).
|
|
|
|
|
|
|
|
OPTIONS
|
|
Every infer command accepts the arguments from all the other infer
|
|
commands.
|
|
|
|
Options are read from the .inferconfig file, then from the INFER_ARGS
|
|
environment variable, then from the command line. Options in
|
|
INFER_ARGS take precedence over options in .inferconfig, and options
|
|
passed on the command line take precedence over options in INFER_ARGS.
|
|
See the ENVIRONMENT and FILES sections of this manual for more
|
|
information.
|
|
|
|
Options can be specified inside an argument file file by passing @file
|
|
as argument. The format is one option per line, and enclosing single '
|
|
and double " quotes are ignored.
|
|
|
|
Options without a default value (e.g., --linter) and options with
|
|
list-like values (e.g., --Xbuck) all have a corresponding
|
|
--option-reset flag that resets their values to nothing or the empty
|
|
list, respectively. For instance, --Xbuck-reset will cancel any
|
|
previous --Xbuck option passed to infer.
|
|
|
|
See the manuals of individual infer commands for details about their
|
|
supported options. The following is a list of all the supported
|
|
options (see also --help-full for options reserved for internal use).
|
|
|
|
--annotation-reachability
|
|
Activates: checker annotation-reachability: Given a pair of source
|
|
and sink annotation, e.g. `@PerformanceCritical` and `@Expensive`,
|
|
this checker will warn whenever some method annotated with
|
|
`@PerformanceCritical` calls, directly or indirectly, another
|
|
method annotated with `@Expensive` (Conversely:
|
|
--no-annotation-reachability) See also infer-analyze(1).
|
|
|
|
--annotation-reachability-custom-pairs json
|
|
Specify custom sources/sink for the annotation reachability
|
|
checker Example format: for custom annotations
|
|
com.my.annotation.{Source1,Source2,Sink1}
|
|
{ "sources" : ["Source1", "Source2"], "sink" : "Sink1" }
|
|
See also infer-analyze(1).
|
|
|
|
--annotation-reachability-cxx json
|
|
Specify annotation reachability analyses to be performed on
|
|
C/C++/ObjC code. Each entry is a JSON object whose key is the
|
|
issue name. "sources" and "sinks" can be specified either by
|
|
symbol (including regexps) or path prefix. "sinks" optionally can
|
|
specify "overrides" (by symbol or path prefix) that block the
|
|
reachability analysis when hit. Example: {
|
|
"ISOLATED_REACHING_CONNECT": {
|
|
"doc_url":
|
|
"http:://example.com/issue/doc/optional_link.html",
|
|
"sources": {
|
|
"desc": "Code that should not call connect [optional]",
|
|
"paths": [ "isolated/" ]
|
|
},
|
|
"sinks": {
|
|
"symbols": [ "connect" ],
|
|
"overrides": { "symbol_regexps": [ ".*::Trusted::.*" ] }
|
|
}
|
|
}
|
|
}
|
|
|
|
This will cause us to create a new ISOLATED_REACHING_CONNECT
|
|
issue for every function whose source path starts with "isolated/"
|
|
that may reach the function named "connect", ignoring paths that
|
|
go through a symbol matching the OCaml regexp ".*::Trusted::.*".
|
|
See also infer-analyze(1).
|
|
|
|
--annotation-reachability-cxx-sources json
|
|
Override sources in all cxx annotation reachability specs with the
|
|
given sources spec See also infer-analyze(1).
|
|
|
|
--annotation-reachability-only
|
|
Activates: Enable annotation-reachability and disable all other
|
|
checkers (Conversely: --no-annotation-reachability-only)
|
|
See also infer-analyze(1).
|
|
|
|
--append-buck-flavors +string
|
|
Additional Buck flavors to append to targets discovered by the
|
|
--buck-compilation-database option. See also infer-capture(1).
|
|
|
|
--no-biabduction
|
|
Deactivates: checker biabduction: This analysis deals with a range
|
|
of issues, many linked to memory safety. (Conversely:
|
|
--biabduction) See also infer-analyze(1).
|
|
|
|
--biabduction-only
|
|
Activates: Enable biabduction and disable all other checkers
|
|
(Conversely: --no-biabduction-only) See also infer-analyze(1).
|
|
|
|
--biabduction-unsafe-malloc
|
|
Activates: Assume that malloc(3) never returns null. (Conversely:
|
|
--no-biabduction-unsafe-malloc) See also infer-analyze(1).
|
|
|
|
--biabduction-write-dotty
|
|
Activates: Produce dotty files for specs and retain cycles reports
|
|
in infer-out/captured. (Conversely: --no-biabduction-write-dotty)
|
|
See also infer-analyze(1).
|
|
|
|
--bo-debug int
|
|
Debug level for buffer-overrun checker (0-4) See also infer-analyze(1).
|
|
|
|
--bo-field-depth-limit int
|
|
Limit of field depth of abstract location in buffer-overrun
|
|
checker See also infer-analyze(1).
|
|
|
|
--bootclasspath string
|
|
Specify the Java bootclasspath See also infer-capture(1).
|
|
|
|
--buck-block-list +regex
|
|
Skip capture of files matched by the specified regular expression.
|
|
Only the clang, non-compilation-database Buck integration is supported, not Java.
|
|
See also infer-capture(1) and infer-run(1).
|
|
|
|
--buck-clang
|
|
Activates: Buck integration for clang-based targets
|
|
(C/C++/Objective-C/Objective-C++). (Conversely: --no-buck-clang)
|
|
See also infer-capture(1).
|
|
|
|
--buck-clang-use-toolchain-config
|
|
Activates: Suppress setting buck config values for the infer
|
|
binary and other values in the buck-clang-flavor integration and
|
|
instead rely on buck toolchain configuration options. (Conversely:
|
|
--no-buck-clang-use-toolchain-config) See also infer-capture(1).
|
|
|
|
--buck-compilation-database { no-deps | deps }
|
|
Buck integration using the compilation database, with or without
|
|
dependencies. Only includes clang targets, as per Buck's
|
|
#compilation-database flavor. See also infer-capture(1).
|
|
|
|
--buck-compilation-database-depth int
|
|
Depth of dependencies used by the --buck-compilation-database deps
|
|
option. By default, all recursive dependencies are captured.
|
|
See also infer-capture(1).
|
|
|
|
--buck-java-flavor
|
|
Activates: Buck integration for Java which uses the buck flavor
|
|
#infer-java-capture instead of genrules like buck-java.
|
|
(Conversely: --no-buck-java-flavor) See also infer-capture(1).
|
|
|
|
--buck-java-flavor-suppress-config
|
|
Activates: Suppress setting buck config values for the infer
|
|
binary and its version in the buck-java-flavor integration.
|
|
(Conversely: --no-buck-java-flavor-suppress-config)
|
|
See also infer-capture(1).
|
|
|
|
--buck-java-heap-size-gb int
|
|
Explicitly set the size of the Java heap of Buck processes, in
|
|
gigabytes. See also infer-capture(1).
|
|
|
|
--buck-merge-all-deps
|
|
Activates: Find and merge all infer dependencies produced by buck.
|
|
Use this flag if infer doesn't find any files to analyze after a
|
|
successful capture. Only valid for --buck-clang. (Conversely:
|
|
--no-buck-merge-all-deps) See also infer-capture(1).
|
|
|
|
--buck-targets-block-list +regex
|
|
Skip capture of buck targets matched by the specified regular
|
|
expression. Only valid for --buck-compilation-database.
|
|
See also infer-capture(1) and infer-run(1).
|
|
|
|
--bufferoverrun
|
|
Activates: checker bufferoverrun: InferBO is a detector for
|
|
out-of-bounds array accesses. (Conversely: --no-bufferoverrun)
|
|
See also infer-analyze(1).
|
|
|
|
--bufferoverrun-only
|
|
Activates: Enable bufferoverrun and disable all other checkers
|
|
(Conversely: --no-bufferoverrun-only) See also infer-analyze(1).
|
|
|
|
--capture-block-list regex
|
|
Skip capture of files matched by the specified OCaml regular
|
|
expression (only supported by the javac integration for now).
|
|
See also infer-capture(1) and infer-run(1).
|
|
|
|
--censor-report +string
|
|
Specify a filter for issues to be censored by adding a
|
|
'censored_reason' field in the json report. Infer will not report
|
|
censored issues on the console output and in report.txt, but tools
|
|
that post-process the json report can take them into account. If
|
|
multiple filters are specified, they are applied in the order in
|
|
which they are specified. Each filter is applied to each issue
|
|
detected, and only issues which are accepted by all filters are
|
|
reported. Each filter is of the form:
|
|
`<issue_type_regex>:<filename_regex>:<reason_string>`. The first
|
|
two components are OCaml Str regular expressions, with an optional
|
|
`!` character prefix. If a regex has a `!` prefix, the polarity is
|
|
inverted, and the filter becomes a "block list" instead of a
|
|
"allow list". Each filter is interpreted as an implication: an
|
|
issue matches if it does not match the `issue_type_regex` or if it
|
|
does match the `filename_regex`. The filenames that are tested by
|
|
the regex are relative to the `--project-root` directory. The
|
|
`<reason_string>` is a non-empty string used to explain why the
|
|
issue was filtered. See also infer-report(1) and infer-run(1).
|
|
|
|
--cfg-json file
|
|
Path to CFG json file See also infer-analyzejson(1).
|
|
|
|
--changed-files-index file
|
|
Specify the file containing the list of source files from which
|
|
reactive analysis should start. Source files should be specified
|
|
relative to project root or be absolute See also infer-analyze(1).
|
|
|
|
--clang-biniou-file file
|
|
Specify a file containing the AST of the program, in biniou
|
|
format. Please note you still need to provide a compilation
|
|
command. See also infer-capture(1).
|
|
|
|
--clang-block-listed-flags +string
|
|
Clang flags to filter out See also infer-capture(1).
|
|
|
|
--clang-block-listed-flags-with-arg +string
|
|
Clang flags (taking args) to filter out See also infer-capture(1).
|
|
|
|
--clang-compound-literal-init-limit int
|
|
Limit after which initialization of compound types (structs and
|
|
arrays) is not done element by element but using a builtin
|
|
function that each analysis has to model. See also infer-analyze(1) and infer-capture(1).
|
|
|
|
--clang-yojson-file file
|
|
Specify a file containing the AST of the program, in yojson
|
|
format. Please note you still need to provide a compilation
|
|
command. See also infer-capture(1).
|
|
|
|
--compilation-database +path
|
|
File that contain compilation commands (can be specified multiple
|
|
times) See also infer-capture(1).
|
|
|
|
--compilation-database-escaped +path
|
|
File that contain compilation commands where all entries are
|
|
escaped for the shell, eg coming from Xcode (can be specified
|
|
multiple times) See also infer-capture(1).
|
|
|
|
--config-checks-between-markers
|
|
Activates: checker config-checks-between-markers: [EXPERIMENTAL]
|
|
Collects config checks between marker start and end. (Conversely:
|
|
--no-config-checks-between-markers) See also infer-analyze(1).
|
|
|
|
--config-checks-between-markers-only
|
|
Activates: Enable config-checks-between-markers and disable all
|
|
other checkers (Conversely:
|
|
--no-config-checks-between-markers-only) See also infer-analyze(1).
|
|
|
|
--config-impact-analysis
|
|
Activates: checker config-impact-analysis: [EXPERIMENTAL] Collects
|
|
function that are called without config checks. (Conversely:
|
|
--no-config-impact-analysis) See also infer-analyze(1).
|
|
|
|
--config-impact-analysis-only
|
|
Activates: Enable config-impact-analysis and disable all other
|
|
checkers (Conversely: --no-config-impact-analysis-only)
|
|
See also infer-analyze(1).
|
|
|
|
--config-impact-current path
|
|
Config impact report of the latest revision See also infer-reportdiff(1).
|
|
|
|
--config-impact-data-file file
|
|
[ConfigImpact] Specify the file containing the config data
|
|
See also infer-report(1).
|
|
|
|
--config-impact-issues-tests file
|
|
Write a list of config impact issues in a format suitable for
|
|
config impact tests to file See also infer-report(1).
|
|
|
|
--config-impact-max-callees-to-print int
|
|
Specify the maximum number of unchecked callees to print in the
|
|
config impact checker See also infer-report(1) and infer-reportdiff(1).
|
|
|
|
--config-impact-previous path
|
|
Config impact report of the base revision to use for comparison
|
|
See also infer-reportdiff(1).
|
|
|
|
--continue
|
|
Activates: Continue the capture for the reactive analysis,
|
|
increasing the changed files/procedures. (If a procedure was
|
|
changed beforehand, keep the changed marking.) (Conversely:
|
|
--no-continue) See also infer-capture(1).
|
|
|
|
--continue-analysis
|
|
Activates: Continue the analysis after more targets are captured
|
|
by --continue. The other analysis options should be given the same
|
|
before. Not compatible with --reanalyze and
|
|
--incremental-analysis. (Conversely: --no-continue-analysis)
|
|
See also infer-analyze(1).
|
|
|
|
--cost
|
|
Activates: checker cost: Computes the time complexity of functions
|
|
and methods. Can be used to detect changes in runtime complexity
|
|
with `infer reportdiff`. (Conversely: --no-cost) See also infer-analyze(1).
|
|
|
|
--cost-issues-tests file
|
|
Write a list of cost issues in a format suitable for cost tests to
|
|
file See also infer-report(1).
|
|
|
|
--cost-only
|
|
Activates: Enable cost and disable all other checkers (Conversely:
|
|
--no-cost-only) See also infer-analyze(1).
|
|
|
|
--no-cost-suppress-func-ptr
|
|
Deactivates: Suppress printing function pointers in cost reports
|
|
(Conversely: --cost-suppress-func-ptr) See also infer-analyze(1).
|
|
|
|
--cost-tests-only-autoreleasepool
|
|
Activates: [EXPERIMENTAL] Report only autoreleasepool size results
|
|
in cost tests (Conversely: --no-cost-tests-only-autoreleasepool)
|
|
See also infer-report(1) and infer-reportdiff(1).
|
|
|
|
--costs-current path
|
|
Costs report of the latest revision See also infer-reportdiff(1).
|
|
|
|
--costs-previous path
|
|
Costs report of the base revision to use for comparison
|
|
See also infer-reportdiff(1).
|
|
|
|
--custom-symbols json
|
|
Specify named lists of symbols available to rules See also infer-analyze(1).
|
|
|
|
--no-cxx
|
|
Deactivates: Analyze C++ methods (Conversely: --cxx)
|
|
See also infer-capture(1).
|
|
|
|
--cxx-scope-guards json
|
|
Specify scope guard classes that can be read only by destructors
|
|
without being reported as dead stores. See also infer-analyze(1).
|
|
|
|
--debug,-g
|
|
Activates: Debug mode (also sets --debug-level 2,
|
|
--developer-mode, --print-buckets, --print-types,
|
|
--reports-include-ml-loc, --no-only-cheap-debug, --trace-error,
|
|
--write-html) (Conversely: --no-debug | -G) See also infer-analyze(1), infer-analyzejson(1),
|
|
infer-capture(1), infer-compile(1), infer-report(1),
|
|
infer-reportdiff(1), and infer-run(1).
|
|
|
|
--debug-level level
|
|
Debug level (sets --bo-debug level, --debug-level-analysis level,
|
|
--debug-level-capture level, --debug-level-linters level):
|
|
- 0: only basic debugging enabled
|
|
- 1: verbose debugging enabled
|
|
- 2: very verbose debugging enabled
|
|
See also infer-analyze(1), infer-analyzejson(1),
|
|
infer-capture(1), infer-compile(1), infer-report(1),
|
|
infer-reportdiff(1), and infer-run(1).
|
|
|
|
--debug-level-analysis int
|
|
Debug level for the analysis. See --debug-level for accepted
|
|
values. See also infer-analyze(1), infer-analyzejson(1),
|
|
infer-capture(1), infer-compile(1), infer-report(1),
|
|
infer-reportdiff(1), and infer-run(1).
|
|
|
|
--debug-level-capture int
|
|
Debug level for the capture. See --debug-level for accepted
|
|
values. See also infer-analyze(1), infer-analyzejson(1),
|
|
infer-capture(1), infer-compile(1), infer-report(1),
|
|
infer-reportdiff(1), and infer-run(1).
|
|
|
|
--debug-level-linters int
|
|
Debug level for the linters. See --debug-level for accepted
|
|
values. See also infer-analyze(1), infer-analyzejson(1),
|
|
infer-capture(1), infer-compile(1), infer-report(1),
|
|
infer-reportdiff(1), and infer-run(1).
|
|
|
|
--no-deduplicate
|
|
Deactivates: Apply issue-specific deduplication during analysis
|
|
and/or reporting. (Conversely: --deduplicate) See also infer-analyze(1), infer-report(1), and
|
|
infer-reportdiff(1).
|
|
|
|
--no-default-checkers
|
|
Deactivates: Default checkers: --biabduction,
|
|
--fragment-retains-view, --inefficient-keyset-iterator, --linters,
|
|
--liveness, --racerd, --dotnet-resource-leak, --siof,
|
|
--self-in-block, --starvation (Conversely: --default-checkers)
|
|
See also infer-analyze(1).
|
|
|
|
--no-default-linters
|
|
Deactivates: Use the default linters for the analysis.
|
|
(Conversely: --default-linters) See also infer-capture(1).
|
|
|
|
--dependencies
|
|
Activates: Translate all the dependencies during the capture. The
|
|
classes in the given jar file will be translated. No sources
|
|
needed. (Conversely: --no-dependencies) See also infer-capture(1).
|
|
|
|
--differential-filter-files string
|
|
Specify the file containing the list of source files for which a
|
|
differential report is desired. Source files should be specified
|
|
relative to project root or be absolute See also infer-report(1).
|
|
|
|
--disable-issue-type +issue_type
|
|
Do not show reports coming from this type of issue. Each checker
|
|
can report a range of issue types. This option provides
|
|
fine-grained filtering over which types of issue should be
|
|
reported once the checkers have run. In particular, note that
|
|
disabling issue types does not make the corresponding checker not
|
|
run. Available issue types are as follows:
|
|
|
|
ARBITRARY_CODE_EXECUTION_UNDER_LOCK (enabled by default),
|
|
ARRAY_OUT_OF_BOUNDS_L1 (disabled by default),
|
|
ARRAY_OUT_OF_BOUNDS_L2 (disabled by default),
|
|
ARRAY_OUT_OF_BOUNDS_L3 (disabled by default),
|
|
ASSIGN_POINTER_WARNING (enabled by default),
|
|
AUTORELEASEPOOL_SIZE_COMPLEXITY_INCREASE (enabled by default),
|
|
AUTORELEASEPOOL_SIZE_COMPLEXITY_INCREASE_UI_THREAD (enabled by
|
|
default),
|
|
AUTORELEASEPOOL_SIZE_UNREACHABLE_AT_EXIT (disabled by default),
|
|
Abduction_case_not_implemented (enabled by default),
|
|
Array_of_pointsto (enabled by default),
|
|
Assert_failure (enabled by default),
|
|
BAD_POINTER_COMPARISON (enabled by default),
|
|
BAD_RECORD (enabled by default),
|
|
BIABDUCTION_ANALYSIS_STOPS (disabled by default),
|
|
BIABDUCTION_MEMORY_LEAK (disabled by default),
|
|
BUFFER_OVERRUN_L1 (enabled by default),
|
|
BUFFER_OVERRUN_L2 (enabled by default),
|
|
BUFFER_OVERRUN_L3 (enabled by default),
|
|
BUFFER_OVERRUN_L4 (disabled by default),
|
|
BUFFER_OVERRUN_L5 (disabled by default),
|
|
BUFFER_OVERRUN_S2 (enabled by default),
|
|
BUFFER_OVERRUN_U5 (disabled by default),
|
|
Bad_footprint (enabled by default),
|
|
CAPTURED_STRONG_SELF (enabled by default),
|
|
CHECKERS_ALLOCATES_MEMORY (enabled by default),
|
|
CHECKERS_ANNOTATION_REACHABILITY_ERROR (enabled by default),
|
|
CHECKERS_CALLS_EXPENSIVE_METHOD (enabled by default),
|
|
CHECKERS_EXPENSIVE_OVERRIDES_UNANNOTATED (enabled by default),
|
|
CHECKERS_FRAGMENT_RETAINS_VIEW (enabled by default),
|
|
CHECKERS_IMMUTABLE_CAST (enabled by default),
|
|
CHECKERS_PRINTF_ARGS (enabled by default),
|
|
CLASS_CAST_EXCEPTION (disabled by default),
|
|
COMPONENT_WITH_MULTIPLE_FACTORY_METHODS (enabled by default),
|
|
CONDITION_ALWAYS_FALSE (disabled by default),
|
|
CONDITION_ALWAYS_TRUE (disabled by default),
|
|
CONFIG_CHECKS_BETWEEN_MARKERS (disabled by default),
|
|
CONFIG_IMPACT (disabled by default),
|
|
CONSTANT_ADDRESS_DEREFERENCE (disabled by default),
|
|
CREATE_INTENT_FROM_URI (enabled by default),
|
|
CROSS_SITE_SCRIPTING (enabled by default),
|
|
CXX_REFERENCE_CAPTURED_IN_OBJC_BLOCK (enabled by default),
|
|
Cannot_star (enabled by default),
|
|
DANGLING_POINTER_DEREFERENCE (disabled by default),
|
|
DANGLING_POINTER_DEREFERENCE_MAYBE (disabled by default),
|
|
DEADLOCK (enabled by default),
|
|
DEAD_STORE (enabled by default),
|
|
DIRECT_ATOMIC_PROPERTY_ACCESS (enabled by default),
|
|
DISCOURAGED_WEAK_PROPERTY_CUSTOM_SETTER (enabled by default),
|
|
DIVIDE_BY_ZERO (disabled by default),
|
|
DOTNET_RESOURCE_LEAK (enabled by default),
|
|
DO_NOT_REPORT (enabled by default),
|
|
EMPTY_VECTOR_ACCESS (enabled by default),
|
|
ERADICATE_ANNOTATION_GRAPH (enabled by default),
|
|
ERADICATE_BAD_NESTED_CLASS_ANNOTATION (enabled by default),
|
|
ERADICATE_CONDITION_REDUNDANT (enabled by default),
|
|
ERADICATE_FIELD_NOT_INITIALIZED (enabled by default),
|
|
ERADICATE_FIELD_NOT_NULLABLE (enabled by default),
|
|
ERADICATE_FIELD_OVER_ANNOTATED (enabled by default),
|
|
ERADICATE_INCONSISTENT_SUBCLASS_PARAMETER_ANNOTATION (enabled
|
|
by default),
|
|
ERADICATE_INCONSISTENT_SUBCLASS_RETURN_ANNOTATION (enabled by
|
|
default),
|
|
ERADICATE_META_CLASS_CAN_BE_NULLSAFE (disabled by default),
|
|
ERADICATE_META_CLASS_IS_NULLSAFE (disabled by default),
|
|
ERADICATE_META_CLASS_NEEDS_IMPROVEMENT (disabled by default),
|
|
ERADICATE_NULLABLE_DEREFERENCE (enabled by default),
|
|
ERADICATE_PARAMETER_NOT_NULLABLE (enabled by default),
|
|
ERADICATE_REDUNDANT_NESTED_CLASS_ANNOTATION (enabled by
|
|
default),
|
|
ERADICATE_RETURN_NOT_NULLABLE (enabled by default),
|
|
ERADICATE_RETURN_OVER_ANNOTATED (enabled by default),
|
|
ERADICATE_UNCHECKED_USAGE_IN_NULLSAFE (enabled by default),
|
|
ERADICATE_UNVETTED_THIRD_PARTY_IN_NULLSAFE (enabled by
|
|
default),
|
|
EXECUTION_TIME_COMPLEXITY_INCREASE (enabled by default),
|
|
EXECUTION_TIME_COMPLEXITY_INCREASE_UI_THREAD (enabled by
|
|
default),
|
|
EXECUTION_TIME_UNREACHABLE_AT_EXIT (disabled by default),
|
|
EXPENSIVE_AUTORELEASEPOOL_SIZE (disabled by default),
|
|
EXPENSIVE_EXECUTION_TIME (disabled by default),
|
|
EXPENSIVE_LOOP_INVARIANT_CALL (enabled by default),
|
|
EXPOSED_INSECURE_INTENT_HANDLING (enabled by default),
|
|
Failure_exe (enabled by default),
|
|
GLOBAL_VARIABLE_INITIALIZED_WITH_FUNCTION_OR_METHOD_CALL
|
|
(disabled by default),
|
|
GUARDEDBY_VIOLATION (enabled by default),
|
|
GUARDEDBY_VIOLATION_NULLSAFE (enabled by default),
|
|
IMPURE_FUNCTION (enabled by default),
|
|
INEFFICIENT_KEYSET_ITERATOR (enabled by default),
|
|
INFERBO_ALLOC_IS_BIG (enabled by default),
|
|
INFERBO_ALLOC_IS_NEGATIVE (enabled by default),
|
|
INFERBO_ALLOC_IS_ZERO (enabled by default),
|
|
INFERBO_ALLOC_MAY_BE_BIG (enabled by default),
|
|
INFERBO_ALLOC_MAY_BE_NEGATIVE (enabled by default),
|
|
INFINITE_AUTORELEASEPOOL_SIZE (disabled by default),
|
|
INFINITE_EXECUTION_TIME (disabled by default),
|
|
INHERENTLY_DANGEROUS_FUNCTION (enabled by default),
|
|
INSECURE_INTENT_HANDLING (enabled by default),
|
|
INTEGER_OVERFLOW_L1 (enabled by default),
|
|
INTEGER_OVERFLOW_L2 (enabled by default),
|
|
INTEGER_OVERFLOW_L5 (disabled by default),
|
|
INTEGER_OVERFLOW_U5 (disabled by default),
|
|
INTERFACE_NOT_THREAD_SAFE (enabled by default),
|
|
INVARIANT_CALL (disabled by default),
|
|
IPC_ON_UI_THREAD (enabled by default),
|
|
IVAR_NOT_NULL_CHECKED (enabled by default),
|
|
Internal_error (enabled by default),
|
|
JAVASCRIPT_INJECTION (enabled by default),
|
|
LAB_RESOURCE_LEAK (enabled by default),
|
|
LOCKLESS_VIOLATION (enabled by default),
|
|
LOCK_CONSISTENCY_VIOLATION (enabled by default),
|
|
LOGGING_PRIVATE_DATA (enabled by default),
|
|
Leak_after_array_abstraction (enabled by default),
|
|
Leak_in_footprint (enabled by default),
|
|
Leak_unknown_origin (disabled by default),
|
|
MEMORY_LEAK (enabled by default),
|
|
MISSING_REQUIRED_PROP (enabled by default),
|
|
MIXED_SELF_WEAKSELF (enabled by default),
|
|
MODIFIES_IMMUTABLE (enabled by default),
|
|
MULTIPLE_WEAKSELF (enabled by default),
|
|
MUTABLE_LOCAL_VARIABLE_IN_COMPONENT_FILE (enabled by default),
|
|
Missing_fld (enabled by default),
|
|
NIL_BLOCK_CALL (enabled by default),
|
|
NIL_INSERTION_INTO_COLLECTION (enabled by default),
|
|
NIL_MESSAGING_TO_NON_POD (enabled by default),
|
|
NO_MATCHING_CASE_CLAUSE (enabled by default),
|
|
NO_MATCHING_FUNCTION_CLAUSE (enabled by default),
|
|
NO_MATCH_OF_RHS (enabled by default),
|
|
NO_TRUE_BRANCH_IN_IF (enabled by default),
|
|
NULLPTR_DEREFERENCE (enabled by default),
|
|
NULL_DEREFERENCE (enabled by default),
|
|
OPTIONAL_EMPTY_ACCESS (enabled by default),
|
|
PARAMETER_NOT_NULL_CHECKED (enabled by default),
|
|
POINTER_TO_CONST_OBJC_CLASS (enabled by default),
|
|
PRECONDITION_NOT_FOUND (enabled by default),
|
|
PRECONDITION_NOT_MET (enabled by default),
|
|
PREMATURE_NIL_TERMINATION_ARGUMENT (enabled by default),
|
|
PULSE_UNINITIALIZED_VALUE (enabled by default),
|
|
PURE_FUNCTION (enabled by default),
|
|
QUANDARY_TAINT_ERROR (enabled by default),
|
|
RESOURCE_LEAK (enabled by default),
|
|
RETAIN_CYCLE (enabled by default),
|
|
SHELL_INJECTION (enabled by default),
|
|
SHELL_INJECTION_RISK (enabled by default),
|
|
SKIP_FUNCTION (disabled by default),
|
|
SQL_INJECTION (enabled by default),
|
|
SQL_INJECTION_RISK (enabled by default),
|
|
STACK_VARIABLE_ADDRESS_ESCAPE (enabled by default),
|
|
STARVATION (enabled by default),
|
|
STATIC_INITIALIZATION_ORDER_FIASCO (enabled by default),
|
|
STRICT_MODE_VIOLATION (enabled by default),
|
|
STRONG_DELEGATE_WARNING (enabled by default),
|
|
STRONG_SELF_NOT_CHECKED (enabled by default),
|
|
Symexec_memory_error (enabled by default),
|
|
THREAD_SAFETY_VIOLATION (enabled by default),
|
|
THREAD_SAFETY_VIOLATION_NULLSAFE (enabled by default),
|
|
TOPL_ERROR (enabled by default),
|
|
UNINITIALIZED_VALUE (enabled by default),
|
|
UNREACHABLE_CODE (enabled by default),
|
|
UNTRUSTED_BUFFER_ACCESS (disabled by default),
|
|
UNTRUSTED_DESERIALIZATION (enabled by default),
|
|
UNTRUSTED_DESERIALIZATION_RISK (enabled by default),
|
|
UNTRUSTED_ENVIRONMENT_CHANGE_RISK (enabled by default),
|
|
UNTRUSTED_FILE (enabled by default),
|
|
UNTRUSTED_FILE_RISK (enabled by default),
|
|
UNTRUSTED_HEAP_ALLOCATION (disabled by default),
|
|
UNTRUSTED_INTENT_CREATION (enabled by default),
|
|
UNTRUSTED_URL_RISK (enabled by default),
|
|
UNTRUSTED_VARIABLE_LENGTH_ARRAY (enabled by default),
|
|
USER_CONTROLLED_SQL_RISK (enabled by default),
|
|
USE_AFTER_DELETE (enabled by default),
|
|
USE_AFTER_FREE (enabled by default),
|
|
USE_AFTER_LIFETIME (enabled by default),
|
|
VECTOR_INVALIDATION (enabled by default),
|
|
WEAK_SELF_IN_NO_ESCAPE_BLOCK (enabled by default),
|
|
Wrong_argument_number (enabled by default).
|
|
|
|
See also infer-report(1).
|
|
|
|
--dump-duplicate-symbols
|
|
Activates: Dump all symbols with the same name that are defined in
|
|
more than one file. (Conversely: --no-dump-duplicate-symbols)
|
|
See also infer-capture(1).
|
|
|
|
--enable-issue-type +issue_type
|
|
Show reports coming from this type of issue. By default, all issue
|
|
types are enabled except the ones listed in --disable-issue-type.
|
|
Note that enabling issue types does not make the corresponding
|
|
checker run; see individual checker options to turn them on or
|
|
off. See also infer-report(1).
|
|
|
|
--eradicate
|
|
Activates: checker eradicate: The eradicate `@Nullable` checker
|
|
for Java annotations. (Conversely: --no-eradicate) See also infer-analyze(1).
|
|
|
|
--eradicate-only
|
|
Activates: Enable eradicate and disable all other checkers
|
|
(Conversely: --no-eradicate-only) See also infer-analyze(1).
|
|
|
|
--erlang-ast-dir dir
|
|
Also load AST from all .json files in the given path. These .json
|
|
files usually come from a previous run with --debug.
|
|
See also infer-capture(1).
|
|
|
|
--erlang-skip-rebar3
|
|
Activates: Skip running rebar, to save time. It is useful together
|
|
with --erlang-ast-dir. (Conversely: --no-erlang-skip-rebar3)
|
|
See also infer-capture(1).
|
|
|
|
--external-java-packages +prefix
|
|
Specify a list of Java package prefixes for external Java
|
|
packages. If set, the analysis will not report non-actionable
|
|
warnings on those packages. See also infer-analyze(1).
|
|
|
|
--fail-on-issue
|
|
Activates: Exit with error code 2 if Infer found something to
|
|
report (Conversely: --no-fail-on-issue) See also infer-run(1).
|
|
|
|
--file-renamings path
|
|
JSON with a list of file renamings to use while computing
|
|
differential reports See also infer-reportdiff(1).
|
|
|
|
--no-filtering,-F
|
|
Deactivates: Do not show the experimental and block listed issue
|
|
types (Conversely: --filtering | -f) See also infer-report(1).
|
|
|
|
--force-delete-results-dir
|
|
Activates: Do not refuse to delete the results directory if it
|
|
doesn't look like an infer results directory. (Conversely:
|
|
--no-force-delete-results-dir) See also infer-capture(1), infer-compile(1), and infer-run(1).
|
|
|
|
--force-integration command
|
|
Proceed as if the first argument after -- was command. Possible
|
|
values: ant, buck, gradle, gradlew, java, javac, cc, clang, gcc,
|
|
clang++, c++, g++, make, configure, cmake, waf, mvn, mvnw,
|
|
ndk-build, rebar3, xcodebuild. See also infer-capture(1) and infer-run(1).
|
|
|
|
--no-fragment-retains-view
|
|
Deactivates: checker fragment-retains-view: Detects when Android
|
|
fragments are not explicitly nullified before becoming
|
|
unreachable. (Conversely: --fragment-retains-view) See also infer-analyze(1).
|
|
|
|
--fragment-retains-view-only
|
|
Activates: Enable fragment-retains-view and disable all other
|
|
checkers (Conversely: --no-fragment-retains-view-only)
|
|
See also infer-analyze(1).
|
|
|
|
--from-json-config-impact-report config-impact-report.json
|
|
Load costs analysis results from a config-impact-report file.
|
|
See also infer-report(1).
|
|
|
|
--from-json-costs-report costs-report.json
|
|
Load costs analysis results from a costs-report file.
|
|
See also infer-report(1).
|
|
|
|
--from-json-report report.json
|
|
Load analysis results from a report file (default is to load the
|
|
results from the specs files generated by the analysis).
|
|
See also infer-report(1).
|
|
|
|
--frontend-tests
|
|
Activates: Save filename.ext.test.dot with the cfg in dotty format
|
|
for frontend tests (also sets --print-types) (Conversely:
|
|
--no-frontend-tests) See also infer-capture(1).
|
|
|
|
--generated-classes path
|
|
Specify where to load the generated class files See also infer-capture(1).
|
|
|
|
--global-tenv
|
|
Activates: Print the global type environment. (Conversely:
|
|
--no-global-tenv) See also infer-debug(1).
|
|
|
|
--headers
|
|
Activates: Analyze code in header files (Conversely: --no-headers)
|
|
See also infer-capture(1).
|
|
|
|
--help
|
|
Show this manual See also infer-analyze(1), infer-analyzejson(1),
|
|
infer-capture(1), infer-compile(1), infer-debug(1),
|
|
infer-explore(1), infer-help(1), infer-report(1),
|
|
infer-reportdiff(1), and infer-run(1).
|
|
|
|
--help-checker +checker-id
|
|
Show information about a checker, for example biabduction. To see
|
|
the list of all checkers, see --list-checkers. See also infer-help(1).
|
|
|
|
--help-format { auto | groff | pager | plain }
|
|
Show this help in the specified format. auto sets the format to
|
|
plain if the environment variable TERM is "dumb" or undefined, and
|
|
to pager otherwise. See also infer-analyze(1), infer-analyzejson(1),
|
|
infer-capture(1), infer-compile(1), infer-debug(1),
|
|
infer-explore(1), infer-help(1), infer-report(1),
|
|
infer-reportdiff(1), and infer-run(1).
|
|
|
|
--help-full
|
|
Show this manual with all internal options in the INTERNAL OPTIONS
|
|
section See also infer-analyze(1), infer-analyzejson(1),
|
|
infer-capture(1), infer-compile(1), infer-debug(1),
|
|
infer-explore(1), infer-help(1), infer-report(1),
|
|
infer-reportdiff(1), and infer-run(1).
|
|
|
|
--help-issue-type +UNIQUE_ID
|
|
Show information about an issue type, for example
|
|
NULL_DEREFERENCE. To see the list of all issue types, see
|
|
--list-issue-types. See also infer-help(1).
|
|
|
|
--no-hoisting-report-only-expensive
|
|
Deactivates: [Hoisting] Report loop-invariant calls only when the
|
|
function is expensive, i.e. at least linear (Conversely:
|
|
--hoisting-report-only-expensive) See also infer-report(1).
|
|
|
|
--html
|
|
Activates: Generate an html report of issues found. (Conversely:
|
|
--no-html) See also infer-explore(1).
|
|
|
|
--immutable-cast
|
|
Activates: checker immutable-cast: Detection of object cast from
|
|
immutable types to mutable types. For instance, it will detect
|
|
casts from `ImmutableList` to `List`, `ImmutableMap` to `Map`, and
|
|
`ImmutableSet` to `Set`. (Conversely: --no-immutable-cast)
|
|
See also infer-analyze(1).
|
|
|
|
--immutable-cast-only
|
|
Activates: Enable immutable-cast and disable all other checkers
|
|
(Conversely: --no-immutable-cast-only) See also infer-analyze(1).
|
|
|
|
--impurity
|
|
Activates: checker impurity: Detects functions with potential
|
|
side-effects. Same as "purity", but implemented on top of Pulse.
|
|
(Conversely: --no-impurity) See also infer-analyze(1).
|
|
|
|
--impurity-only
|
|
Activates: Enable impurity and disable all other checkers
|
|
(Conversely: --no-impurity-only) See also infer-analyze(1).
|
|
|
|
--impurity-report-immutable-modifications
|
|
Activates: Report modifications to immutable fields in the
|
|
Impurity checker (Conversely:
|
|
--no-impurity-report-immutable-modifications) See also infer-analyze(1).
|
|
|
|
--no-inefficient-keyset-iterator
|
|
Deactivates: checker inefficient-keyset-iterator: Check for
|
|
inefficient uses of iterators that iterate on keys then lookup
|
|
their values, instead of iterating on key-value pairs directly.
|
|
(Conversely: --inefficient-keyset-iterator) See also infer-analyze(1).
|
|
|
|
--inefficient-keyset-iterator-only
|
|
Activates: Enable inefficient-keyset-iterator and disable all
|
|
other checkers (Conversely: --no-inefficient-keyset-iterator-only)
|
|
See also infer-analyze(1).
|
|
|
|
--issues-tests file
|
|
Write a list of issues in a format suitable for tests to file
|
|
See also infer-report(1).
|
|
|
|
--issues-tests-fields ,-separated sequence of { bug_type | bucket |
|
|
qualifier | severity | line | column | procedure |
|
|
procedure_start_line | file | bug_trace | key | hash | line_offset |
|
|
qualifier_contains_potential_exception_note | nullsafe_extra }
|
|
Fields to emit with --issues-tests See also infer-report(1).
|
|
|
|
--java-jar-compiler path
|
|
Specify the Java compiler jar used to generate the bytecode
|
|
See also infer-capture(1).
|
|
|
|
--java-version int
|
|
The version of Java being used. Set it to your Java version if mvn
|
|
is failing. See also infer-analyze(1) and infer-capture(1).
|
|
|
|
--jobs,-j int
|
|
Run the specified number of analysis jobs simultaneously
|
|
See also infer-analyze(1).
|
|
|
|
--keep-going
|
|
Activates: Keep going when the analysis encounters a failure
|
|
(Conversely: --no-keep-going) See also infer-analyze(1).
|
|
|
|
--kotlin-capture
|
|
Activates: Enable Kotlin capture (experimental, do not use).
|
|
(Conversely: --no-kotlin-capture) See also infer-capture(1).
|
|
|
|
--linter string
|
|
From the linters available, only run this one linter. (Useful
|
|
together with --linters-developer-mode) See also infer-capture(1).
|
|
|
|
--no-linters
|
|
Deactivates: checker linters: Declarative linting framework over
|
|
the Clang AST. (Conversely: --linters) See also infer-analyze(1).
|
|
|
|
--linters-def-file +file
|
|
Specify the file containing linters definition (e.g. 'linters.al')
|
|
See also infer-capture(1).
|
|
|
|
--linters-def-folder +dir
|
|
Specify the folder containing linters files with extension .al
|
|
See also infer-capture(1).
|
|
|
|
--linters-developer-mode
|
|
Activates: Debug mode for developing new linters. (Sets the
|
|
analyzer to linters; also sets --debug, --debug-level-linters 2,
|
|
--developer-mode, and unsets --allowed-failures and
|
|
--default-linters. (Conversely: --no-linters-developer-mode)
|
|
See also infer-capture(1).
|
|
|
|
--linters-doc-url +string
|
|
Specify custom documentation URL for some linter that overrides
|
|
the default one. Useful if your project has specific ways of
|
|
fixing a lint error that is not true in general or public info.
|
|
Format: linter_name:doc_url. See also infer-capture(1).
|
|
|
|
--linters-ignore-clang-failures
|
|
Activates: Continue linting files even if some compilation fails.
|
|
(Conversely: --no-linters-ignore-clang-failures) See also infer-capture(1).
|
|
|
|
--linters-only
|
|
Activates: Enable linters and disable all other checkers
|
|
(Conversely: --no-linters-only) See also infer-analyze(1).
|
|
|
|
--linters-validate-syntax-only
|
|
Activates: Validate syntax of AL files, then emit possible errors
|
|
in JSON format to stdout (Conversely:
|
|
--no-linters-validate-syntax-only) See also infer-capture(1).
|
|
|
|
--list-checkers
|
|
Activates: Show the list of all available checkers. (Conversely:
|
|
--no-list-checkers) See also infer-help(1).
|
|
|
|
--list-issue-types
|
|
Activates: Show the list of all issue types that infer might
|
|
report. (Conversely: --no-list-issue-types) See also infer-help(1).
|
|
|
|
--litho-required-props
|
|
Activates: checker litho-required-props: Checks that all
|
|
non-optional `@Prop`s have been specified when constructing Litho
|
|
components. (Conversely: --no-litho-required-props)
|
|
See also infer-analyze(1).
|
|
|
|
--litho-required-props-only
|
|
Activates: Enable litho-required-props and disable all other
|
|
checkers (Conversely: --no-litho-required-props-only)
|
|
See also infer-analyze(1).
|
|
|
|
--no-liveness
|
|
Deactivates: checker liveness: Detection of dead stores and unused
|
|
variables. (Conversely: --liveness) See also infer-analyze(1).
|
|
|
|
--liveness-dangerous-classes json
|
|
Specify classes where the destructor should be ignored when
|
|
computing liveness. In other words, assignement to variables of
|
|
these types (or common wrappers around these types such as
|
|
unique_ptr<type>) will count as dead stores when the variables are
|
|
not read explicitly by the program. See also infer-analyze(1).
|
|
|
|
--liveness-ignored-constant +string
|
|
List of integer constants to be ignored by liveness analysis
|
|
See also infer-analyze(1).
|
|
|
|
--liveness-only
|
|
Activates: Enable liveness and disable all other checkers
|
|
(Conversely: --no-liveness-only) See also infer-analyze(1).
|
|
|
|
--load-average,-l float
|
|
Do not start new parallel jobs if the load average is greater than
|
|
that specified (Buck and make only) See also infer-capture(1).
|
|
|
|
--loop-hoisting
|
|
Activates: checker loop-hoisting: Detect opportunities to hoist
|
|
function calls that are invariant outside of loop bodies for
|
|
efficiency. (Conversely: --no-loop-hoisting) See also infer-analyze(1).
|
|
|
|
--loop-hoisting-only
|
|
Activates: Enable loop-hoisting and disable all other checkers
|
|
(Conversely: --no-loop-hoisting-only) See also infer-analyze(1).
|
|
|
|
--no-mask-sawja-exceptions
|
|
Deactivates: Mask exceptions thrown by Sawja/Javalib during Java
|
|
capture (Conversely: --mask-sawja-exceptions) See also infer-capture(1).
|
|
|
|
--max-jobs int
|
|
Maximum number of analysis jobs running simultaneously
|
|
See also infer-analyze(1).
|
|
|
|
--max-nesting int
|
|
Level of nested procedure calls to show. Trace elements beyond the
|
|
maximum nesting level are skipped. If omitted, all levels are
|
|
shown. See also infer-explore(1).
|
|
|
|
--memtrace-analysis-profiling
|
|
Activates: Generate OCaml analysis allocation traces in
|
|
`infer-out/memtrace`. (Conversely:
|
|
--no-memtrace-analysis-profiling) See also infer-analyze(1).
|
|
|
|
--memtrace-sampling-rate float
|
|
Sampling rate for Memtrace allocation profiling. Default is 1e-6.
|
|
See also infer-analyze(1).
|
|
|
|
--merge
|
|
Activates: Merge the captured results directories specified in the
|
|
dependency file. (Conversely: --no-merge) See also infer-analyze(1).
|
|
|
|
--pmd-xml
|
|
Activates: Output issues in (PMD) XML format in
|
|
infer-out/report.xml (Conversely: --no-pmd-xml) See also infer-run(1).
|
|
|
|
--print-active-checkers
|
|
Activates: Print the active checkers before starting the analysis
|
|
(Conversely: --no-print-active-checkers) See also infer-analyze(1).
|
|
|
|
--print-logs
|
|
Activates: Also log messages to stdout and stderr (Conversely:
|
|
--no-print-logs) See also infer-analyze(1), infer-capture(1), infer-report(1), and
|
|
infer-run(1).
|
|
|
|
--printf-args
|
|
Activates: checker printf-args: Detect mismatches between the Java
|
|
`printf` format strings and the argument types For example, this
|
|
checker will warn about the type error in `printf("Hello %d",
|
|
"world")` (Conversely: --no-printf-args) See also infer-analyze(1).
|
|
|
|
--printf-args-only
|
|
Activates: Enable printf-args and disable all other checkers
|
|
(Conversely: --no-printf-args-only) See also infer-analyze(1).
|
|
|
|
--procedures
|
|
Activates: Print functions and methods discovered by infer
|
|
(Conversely: --no-procedures) See also infer-debug(1).
|
|
|
|
--procedures-attributes
|
|
Activates: Print the attributes of each procedure in the output of
|
|
--procedures (Conversely: --no-procedures-attributes)
|
|
See also infer-debug(1).
|
|
|
|
--procedures-cfg
|
|
Activates: Output a dotty file in
|
|
infer-out/captured/<file_name>/<proc_name>.dot for each procedure
|
|
in the output of --procedures (Conversely: --no-procedures-cfg)
|
|
See also infer-debug(1).
|
|
|
|
--no-procedures-definedness
|
|
Deactivates: Include procedures definedness in the output of
|
|
--procedures, i.e. whether the procedure definition was found, or
|
|
only the procedure declaration, or the procedure is an
|
|
auto-generated Objective-C accessor (Conversely:
|
|
--procedures-definedness) See also infer-debug(1).
|
|
|
|
--procedures-filter filter
|
|
With --procedures, only print functions and methods (procedures)
|
|
matching the specified filter. A procedure filter is of the form
|
|
path_pattern:procedure_name. Patterns are interpreted as OCaml Str
|
|
regular expressions. For instance, to keep only methods named
|
|
"foo", one can use the filter ".*:foo", or "foo" for short.
|
|
See also infer-debug(1).
|
|
|
|
--procedures-name
|
|
Activates: Include procedures names in the output of --procedures
|
|
(Conversely: --no-procedures-name) See also infer-debug(1).
|
|
|
|
--no-procedures-source-file
|
|
Deactivates: Include the source file in which the procedure
|
|
definition or declaration was found in the output of --procedures
|
|
(Conversely: --procedures-source-file) See also infer-debug(1).
|
|
|
|
--procedures-summary
|
|
Activates: Print the summaries of each procedure in the output of
|
|
--procedures (Conversely: --no-procedures-summary) See also infer-debug(1).
|
|
|
|
--procedures-summary-json
|
|
Activates: Emit the summaries of each procedure in the output of
|
|
--procedures as JSON (Conversely: --no-procedures-summary-json)
|
|
See also infer-debug(1).
|
|
|
|
--no-progress-bar,-P
|
|
Deactivates: Show a progress bar (Conversely: --progress-bar | -p)
|
|
See also infer-run(1).
|
|
|
|
--progress-bar-style { auto | plain | multiline }
|
|
Style of the progress bar. auto selects multiline if connected to
|
|
a tty, otherwise plain. See also infer-analyze(1) and infer-capture(1).
|
|
|
|
--project-root,-C dir
|
|
Specify the root directory of the project See also infer-analyze(1), infer-capture(1), infer-report(1), and
|
|
infer-run(1).
|
|
|
|
--pulse
|
|
Activates: checker pulse: Memory and lifetime analysis.
|
|
(Conversely: --no-pulse) See also infer-analyze(1).
|
|
|
|
--pulse-cut-to-one-path-procedures-pattern string
|
|
Regex of methods for which pulse will only explore one path. Can
|
|
be used on pathologically large procedures to prevent too-big
|
|
states from being produced. See also infer-analyze(1).
|
|
|
|
--pulse-model-abort +string
|
|
Methods that should be modelled as abort in Pulse See also infer-analyze(1).
|
|
|
|
--pulse-model-alloc-pattern string
|
|
Regex of methods that should be modelled as allocs in Pulse
|
|
See also infer-analyze(1).
|
|
|
|
--pulse-model-free-pattern string
|
|
Regex of methods that should be modelled as wrappers to free(3) in
|
|
Pulse. The pointer to be freed should be the first argument of the
|
|
function. This should only be needed if the code of the wrapper is
|
|
not visible to infer or if Pulse somehow doesn't understand it
|
|
(e.g. the call is dispatched to global function pointers).
|
|
See also infer-analyze(1).
|
|
|
|
--pulse-model-malloc-pattern string
|
|
Regex of methods that should be modelled as wrappers to malloc(3)
|
|
in Pulse. The size to allocate should be the first argument of the
|
|
function. See --pulse-model-free-pattern for more information.
|
|
See also infer-analyze(1).
|
|
|
|
--pulse-model-realloc-pattern string
|
|
Regex of methods that should be modelled as wrappers to realloc(3)
|
|
in Pulse. The pointer to be reallocated should be the first
|
|
argument of the function and the new size the second argument. See
|
|
--pulse-model-free-pattern for more information. See also infer-analyze(1).
|
|
|
|
--pulse-model-release-pattern string
|
|
Regex of methods that should be modelled as release in Pulse
|
|
See also infer-analyze(1).
|
|
|
|
--pulse-model-return-first-arg string
|
|
Regex of methods that should be modelled as returning the first
|
|
argument in Pulse See also infer-analyze(1).
|
|
|
|
--pulse-model-return-nonnull string
|
|
Regex of methods that should be modelled as returning non-null in
|
|
Pulse See also infer-analyze(1).
|
|
|
|
--pulse-model-skip-pattern string
|
|
Regex of methods that should be modelled as "skip" in Pulse
|
|
See also infer-analyze(1).
|
|
|
|
--pulse-model-transfer-ownership +string
|
|
Methods that should be modelled as transfering memory ownership in
|
|
Pulse. Accepted formats are method or namespace::method
|
|
See also infer-analyze(1).
|
|
|
|
--pulse-only
|
|
Activates: Enable pulse and disable all other checkers
|
|
(Conversely: --no-pulse-only) See also infer-analyze(1).
|
|
|
|
--pulse-prune-unsupported-arithmetic
|
|
Activates: The arithmetic engine in Pulse sometimes does not
|
|
detect that the collection of conditions on the path makes it
|
|
infeasible, especially outside the well-supported linear
|
|
arithmetic fragment. To avoid false positives, Pulse tries to
|
|
detect when there is a possibility of imprecise arithmetic
|
|
treatment and if so pessimistically assumes the path is
|
|
infeasible. (Conversely: --no-pulse-prune-unsupported-arithmetic)
|
|
See also infer-analyze(1).
|
|
|
|
--pulse-report-ignore-unknown-java-methods-patterns +string
|
|
On Java, issues that are found on program paths that contain calls
|
|
to unknown methods (those without implementation) are not reported
|
|
unless all the unknown method names match this pattern. If the
|
|
empty list is provided with
|
|
--pulse-report-ignore-unknown-java-methods-patterns-reset, all
|
|
issues will be reported regardless the presence of unknown code
|
|
See also infer-analyze(1).
|
|
|
|
--purity
|
|
Activates: checker purity: Detects pure (side-effect-free)
|
|
functions. A different implementation of "impurity". (Conversely:
|
|
--no-purity) See also infer-analyze(1).
|
|
|
|
--purity-only
|
|
Activates: Enable purity and disable all other checkers
|
|
(Conversely: --no-purity-only) See also infer-analyze(1).
|
|
|
|
--quandary
|
|
Activates: checker quandary: The Quandary taint analysis detects
|
|
flows of values between sources and sinks, except if the value
|
|
went through a "sanitizer". In addition to some defaults, users
|
|
can specify their own sources, sinks, and sanitizers functions.
|
|
(Conversely: --no-quandary) See also infer-analyze(1).
|
|
|
|
--quandary-endpoints json
|
|
Specify endpoint classes for Quandary See also infer-analyze(1).
|
|
|
|
--quandary-only
|
|
Activates: Enable quandary and disable all other checkers
|
|
(Conversely: --no-quandary-only) See also infer-analyze(1).
|
|
|
|
--quandary-sanitizers json
|
|
Specify custom sanitizers for Quandary See also infer-analyze(1).
|
|
|
|
--quandary-sinks json
|
|
Specify custom sinks for Quandary See also infer-analyze(1).
|
|
|
|
--quandary-sources json
|
|
Specify custom sources for Quandary See also infer-analyze(1).
|
|
|
|
--quiet,-q
|
|
Activates: Do not print anything on standard output. (Conversely:
|
|
--no-quiet | -Q) See also infer-analyze(1) and infer-report(1).
|
|
|
|
--no-racerd
|
|
Deactivates: checker racerd: Thread safety analysis. (Conversely:
|
|
--racerd) See also infer-analyze(1).
|
|
|
|
--racerd-guardedby
|
|
Activates: Check @GuardedBy annotations with RacerD (Conversely:
|
|
--no-racerd-guardedby) See also infer-analyze(1).
|
|
|
|
--racerd-only
|
|
Activates: Enable racerd and disable all other checkers
|
|
(Conversely: --no-racerd-only) See also infer-analyze(1).
|
|
|
|
--no-racerd-unknown-returns-owned
|
|
Deactivates: DEPRECATED, does nothing. (Conversely:
|
|
--racerd-unknown-returns-owned) See also infer-analyze(1).
|
|
|
|
--reactive,-r
|
|
Activates: Reactive mode: the analysis starts from the files
|
|
captured since the infer command started (Conversely:
|
|
--no-reactive | -R) See also infer-analyze(1).
|
|
|
|
--no-report
|
|
Deactivates: Run the reporting phase once the analysis has
|
|
completed (Conversely: --report) See also infer-analyze(1) and infer-run(1).
|
|
|
|
--report-allow-list-path-regex +path_regex
|
|
Report issues only on files whose relative path matches the
|
|
specified OCaml regex (and which do not match
|
|
--report-block-list-path-regex) See also infer-report(1) and infer-run(1).
|
|
|
|
--report-block-list-files-containing +string
|
|
Do not report any issues on files containing the specified string
|
|
See also infer-report(1) and infer-run(1).
|
|
|
|
--report-block-list-path-regex +path_regex
|
|
Do not report any issues on files whose relative path matches the
|
|
specified OCaml regex, even if they match the allow list specified
|
|
by --report-allow-list-path-regex See also infer-report(1) and infer-run(1).
|
|
|
|
--report-console-limit int
|
|
Maximum number of issues to display on standard output. Unset with
|
|
--report-console-limit-reset to show all. See also infer-report(1).
|
|
|
|
--report-current path
|
|
report of the latest revision See also infer-reportdiff(1).
|
|
|
|
--report-force-relative-path
|
|
Activates: Force converting an absolute path to a relative path to
|
|
the root directory (Conversely: --no-report-force-relative-path)
|
|
See also infer-analyze(1) and infer-run(1).
|
|
|
|
--report-formatter { none | phabricator }
|
|
Which formatter to use when emitting the report See also infer-report(1).
|
|
|
|
--report-previous path
|
|
Report of the base revision to use for comparison See also infer-reportdiff(1).
|
|
|
|
--report-suppress-errors +error_name
|
|
do not report a type of errors See also infer-report(1) and infer-run(1).
|
|
|
|
--results-dir,-o dir
|
|
Write results and internal files in the specified directory
|
|
See also infer-analyze(1), infer-capture(1), infer-explore(1),
|
|
infer-report(1), and infer-run(1).
|
|
|
|
--scheduler { file | restart | callgraph }
|
|
Specify the scheduler used for the analysis phase: - file: schedule one job per file
|
|
- callgraph: schedule one job per procedure, following the
|
|
syntactic call graph. Usually faster than "file".
|
|
- restart: same as callgraph but uses locking to try and avoid
|
|
duplicate work between different analysis processes and thus
|
|
performs better in some circumstances
|
|
See also infer-analyze(1).
|
|
|
|
--select (N|all)
|
|
Select option number N or all of them. If omitted, prompt for
|
|
input. See also infer-debug(1) and infer-explore(1).
|
|
|
|
--no-self-in-block
|
|
Deactivates: checker self-in-block: An Objective-C-specific
|
|
analysis to detect when a block captures `self`. (Conversely:
|
|
--self-in-block) See also infer-analyze(1).
|
|
|
|
--self-in-block-only
|
|
Activates: Enable self-in-block and disable all other checkers
|
|
(Conversely: --no-self-in-block-only) See also infer-analyze(1).
|
|
|
|
--no-siof
|
|
Deactivates: checker siof: Catches Static Initialization Order
|
|
Fiascos in C++, that can lead to subtle,
|
|
compiler-version-dependent errors. (Conversely: --siof)
|
|
See also infer-analyze(1).
|
|
|
|
--siof-check-iostreams
|
|
Activates: Do not assume that iostreams (cout, cerr, ...) are
|
|
always initialized. The default is to assume they are always
|
|
initialized to avoid false positives. However, if your program
|
|
compiles against a recent libstdc++ then it is safe to turn this
|
|
option on. (Conversely: --no-siof-check-iostreams) See also infer-analyze(1).
|
|
|
|
--siof-only
|
|
Activates: Enable siof and disable all other checkers (Conversely:
|
|
--no-siof-only) See also infer-analyze(1).
|
|
|
|
--siof-safe-methods +string
|
|
Methods that are SIOF-safe; "foo::bar" will match "foo::bar()",
|
|
"foo<int>::bar()", etc. (can be specified multiple times)
|
|
See also infer-analyze(1).
|
|
|
|
--skip-analysis-in-path +path_prefix_OCaml_regex
|
|
Ignore files whose path matches the given prefix (can be specified
|
|
multiple times) See also infer-capture(1) and infer-run(1).
|
|
|
|
--skip-analysis-in-path-skips-compilation
|
|
Activates: Whether paths in --skip-analysis-in-path should be
|
|
compiled or not (Conversely:
|
|
--no-skip-analysis-in-path-skips-compilation) See also infer-report(1).
|
|
|
|
--no-skip-duplicated-types
|
|
Deactivates: Skip fixed-then-introduced duplicated types while
|
|
computing differential reports (Conversely:
|
|
--skip-duplicated-types) See also infer-reportdiff(1).
|
|
|
|
--skip-non-capture-clang-commands
|
|
Activates: Skip clang commands that Infer doesn't use to capture
|
|
data (Conversely: --no-skip-non-capture-clang-commands)
|
|
See also infer-capture(1).
|
|
|
|
--skip-translation-headers +path_regex
|
|
Ignore declarations in headers whose path matches the given OCaml
|
|
regex from the start of the string during capture. See also infer-capture(1).
|
|
|
|
--source-files
|
|
Activates: Print source files discovered by infer (Conversely:
|
|
--no-source-files) See also infer-debug(1).
|
|
|
|
--source-files-cfg
|
|
Activates: Output a dotty file in infer-out/captured for each
|
|
source file in the output of --source-files (Conversely:
|
|
--no-source-files-cfg) See also infer-debug(1).
|
|
|
|
--source-files-filter filter
|
|
With --source-files, only print source files matching the
|
|
specified filter. The filter is a pattern that should match the
|
|
file path. Patterns are interpreted as OCaml Str regular
|
|
expressions. See also infer-debug(1).
|
|
|
|
--source-files-freshly-captured
|
|
Activates: Print whether the source file has been captured in the
|
|
most recent capture phase in the output of --source-files.
|
|
(Conversely: --no-source-files-freshly-captured) See also infer-debug(1).
|
|
|
|
--source-files-procedure-names
|
|
Activates: Print the names of procedure of each source file in the
|
|
output of --source-files (Conversely:
|
|
--no-source-files-procedure-names) See also infer-debug(1).
|
|
|
|
--source-files-type-environment
|
|
Activates: Print the type environment of each source file in the
|
|
output of --source-files (Conversely:
|
|
--no-source-files-type-environment) See also infer-debug(1).
|
|
|
|
--no-source-preview
|
|
Deactivates: print code excerpts around trace elements
|
|
(Conversely: --source-preview) See also infer-explore(1).
|
|
|
|
--sqlite-cache-size int
|
|
SQLite cache size in pages (if positive) or kB (if negative),
|
|
follows formal of corresponding SQLite PRAGMA. See also infer-analyze(1), infer-capture(1), and infer-run(1).
|
|
|
|
--sqlite-lock-timeout int
|
|
Timeout for SQLite results database operations, in milliseconds.
|
|
See also infer-analyze(1), infer-capture(1), and infer-run(1).
|
|
|
|
--sqlite-page-size int
|
|
SQLite page size in bytes, must be a power of two between 512 and
|
|
65536. See also infer-analyze(1), infer-capture(1), and infer-run(1).
|
|
|
|
--no-starvation
|
|
Deactivates: checker starvation: Detect various kinds of
|
|
situations when no progress is being made because of concurrency
|
|
errors. (Conversely: --starvation) See also infer-analyze(1).
|
|
|
|
--starvation-only
|
|
Activates: Enable starvation and disable all other checkers
|
|
(Conversely: --no-starvation-only) See also infer-analyze(1).
|
|
|
|
--tenv-json file
|
|
Path to TEnv json file See also infer-analyzejson(1).
|
|
|
|
--threadsafe-aliases json
|
|
Specify custom annotations that should be considered aliases of
|
|
@ThreadSafe See also infer-analyze(1).
|
|
|
|
--topl
|
|
Activates: checker topl: Detect errors based on user-provided
|
|
state machines describing temporal properties over multiple
|
|
objects. (Conversely: --no-topl) See also infer-analyze(1).
|
|
|
|
--topl-only
|
|
Activates: Enable topl and disable all other checkers (Conversely:
|
|
--no-topl-only) See also infer-analyze(1).
|
|
|
|
--uninit
|
|
Activates: checker uninit: Warns when values are used before
|
|
having been initialized. (Conversely: --no-uninit) See also infer-analyze(1).
|
|
|
|
--uninit-only
|
|
Activates: Enable uninit and disable all other checkers
|
|
(Conversely: --no-uninit-only) See also infer-analyze(1).
|
|
|
|
--version
|
|
Print version information and exit See also infer-run(1).
|
|
|
|
--version-json
|
|
Print version information in json format and exit See also infer-run(1).
|
|
|
|
--workspace path
|
|
Specifies the root of the workspace, which is a directory
|
|
containing --project-root. This can be needed if the capture phase
|
|
is expected to require several different project roots, all
|
|
relative to a common workspace. Usually a single project root is
|
|
enough, though. See also infer-capture(1).
|
|
|
|
--write-html
|
|
Activates: Produce html debug output for the analyses in
|
|
infer-out/captured. This shows the abstract state of all analyses
|
|
at each program point in the source code. Each captured source
|
|
file has its own html page. This HTML file contains the source
|
|
file, and at each line of the file there are links to the nodes of the control flow graph
|
|
of Infer's translation of that line of code into its intermediate
|
|
representation (SIL). This way it's possible to see what the
|
|
translation is, and the details of the symbolic execution on each
|
|
node. (Conversely: --no-write-html)
|
|
See also infer-analyze(1).
|
|
|
|
--write-website path_to_website_dir
|
|
Use to write website files documenting issue types and checkers
|
|
under path_to_website_dir/. Meant to be used within the Infer
|
|
directory to generate its website at fbinfer.com at website/.
|
|
See also infer-help(1).
|
|
|
|
--Xbuck +string
|
|
Pass values as command-line arguments to invocations of `buck
|
|
build`. Only valid for --buck-clang. See also infer-capture(1).
|
|
|
|
--Xbuck-no-inline +string
|
|
Pass values as command-line arguments to invocations of `buck
|
|
build`, don't inline any args starting with '@'. Only valid for
|
|
--buck-clang. See also infer-capture(1).
|
|
|
|
--Xclang +string
|
|
Pass values as command-line arguments to invocations of clang
|
|
See also infer-capture(1).
|
|
|
|
--xcode-developer-dir XCODE_DEVELOPER_DIR
|
|
Specify the path to Xcode developer directory, to use for Buck
|
|
clang targets See also infer-capture(1).
|
|
|
|
--xcode-isysroot-suffix string
|
|
Specify the suffix of Xcode isysroot directory, to avoid absolute
|
|
paths in tests See also infer-analyze(1).
|
|
|
|
--xcpretty
|
|
Activates: Infer will use xcpretty together with xcodebuild to
|
|
analyze an iOS app. xcpretty just needs to be in the path, infer
|
|
command is still just `infer -- <xcodebuild command>`.
|
|
(Conversely: --no-xcpretty) See also infer-capture(1).
|
|
|
|
-- Stop argument processing, use remaining arguments as a build
|
|
command See also infer-capture(1) and infer-run(1).
|
|
|
|
|
|
|
|
ENVIRONMENT
|
|
Extra arguments may be passed to all infer commands using the
|
|
INFER_ARGS environment variable (see the OPTIONS section). INFER_ARGS
|
|
is expected to contain a string of ^-separated options. For instance,
|
|
calling `INFER_ARGS=--debug^--print-logs infer` is equivalent to
|
|
calling `infer --debug --print-logs`.
|
|
|
|
INFERCONFIG: Tells infer where to find the .inferconfig file. (See the
|
|
FILES section)
|
|
|
|
If INFER_STRICT_MODE is set to "1", then infer commands will exit with
|
|
an error code in some cases when otherwise a simple warning would be
|
|
emitted on stderr, for instance if a deprecated form of an option is
|
|
used.
|
|
|
|
|
|
FILES
|
|
.inferconfig can be used to store infer options. Its format is that of
|
|
a JSON record, where fields are infer long-form options, without their
|
|
leading "--", and values depend on the type of the option:
|
|
- for switches options, the value is a JSON boolean (true or false,
|
|
without quotes)
|
|
- for non-switches options with no arguments (for instance the
|
|
undefined option associated with a list option), the value is null
|
|
- for integers, the value is a JSON integer (without quotes)
|
|
- string options have string values
|
|
- path options have string values, and are interpreted relative to the
|
|
location of the .inferconfig file
|
|
- cumulative options are JSON arrays of the appropriate type
|
|
|
|
Infer will look for an .inferconfig file in the current directory,
|
|
then its parent, etc., stopping at the first .inferconfig file found.
|
|
|
|
Example:
|
|
|
|
{
|
|
"cxx": false,
|
|
"infer-block-list-files-containing": ["@gen","/* no infer */"]
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
SEE ALSO
|
|
infer-analyze(1), infer-analyzejson(1), infer-capture(1),
|
|
infer-compile(1), infer-debug(1), infer-explore(1), infer-help(1),
|
|
infer-report(1), infer-reportdiff(1), infer-run(1)
|
|
|
|
|
|
|