You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
474 lines
17 KiB
474 lines
17 KiB
NAME
|
|
infer-analyze - analyze the files captured by infer
|
|
|
|
SYNOPSIS
|
|
infer analyze [options]
|
|
infer [options]
|
|
|
|
|
|
DESCRIPTION
|
|
Analyze the files captured in the project results directory and
|
|
report.
|
|
|
|
|
|
|
|
OPTIONS
|
|
--annotation-reachability
|
|
Activates: the annotation reachability checker. Given a pair of
|
|
source and sink annotation, e.g. @PerformanceCritical and
|
|
@Expensive, this checker will warn whenever some method annotated
|
|
with @PerformanceCritical calls, directly or indirectly, another
|
|
method annotated with @Expensive (Conversely:
|
|
--no-annotation-reachability)
|
|
|
|
--annotation-reachability-only
|
|
Activates: Enable --annotation-reachability and disable all other
|
|
checkers (Conversely: --no-annotation-reachability-only)
|
|
|
|
--no-biabduction
|
|
Deactivates: the separation logic based bi-abduction analysis
|
|
using the checkers framework (Conversely: --biabduction)
|
|
|
|
--biabduction-only
|
|
Activates: Enable --biabduction and disable all other checkers
|
|
(Conversely: --no-biabduction-only)
|
|
|
|
--bufferoverrun
|
|
Activates: the buffer overrun analysis (Conversely:
|
|
--no-bufferoverrun)
|
|
|
|
--bufferoverrun-only
|
|
Activates: Enable --bufferoverrun and disable all other checkers
|
|
(Conversely: --no-bufferoverrun-only)
|
|
|
|
--changed-files-index file
|
|
Specify the file containing the list of source files from which
|
|
reactive analysis should start. Source files should be specified
|
|
relative to project root or be absolute
|
|
|
|
--class-loads
|
|
Activates: Java class loading analysis (Conversely:
|
|
--no-class-loads)
|
|
|
|
--class-loads-only
|
|
Activates: Enable --class-loads and disable all other checkers
|
|
(Conversely: --no-class-loads-only)
|
|
|
|
--continue-analysis
|
|
Activates: Continue the analysis after more targets are captured
|
|
by --continue. The other analysis options should be given the same
|
|
before. Not compatible with --reanalyze and
|
|
--incremental-analysis. (Conversely: --no-continue-analysis)
|
|
|
|
--cost
|
|
Activates: checker for performance cost analysis (Conversely:
|
|
--no-cost)
|
|
|
|
--cost-only
|
|
Activates: Enable --cost and disable all other checkers
|
|
(Conversely: --no-cost-only)
|
|
|
|
--custom-symbols json
|
|
Specify named lists of symbols available to rules
|
|
|
|
--debug,-g
|
|
Activates: Debug mode (also sets --debug-level 2,
|
|
--developer-mode, --print-buckets, --print-types,
|
|
--reports-include-ml-loc, --no-only-cheap-debug, --trace-error,
|
|
--write-dotty, --write-html) (Conversely: --no-debug | -G)
|
|
|
|
--debug-level level
|
|
Debug level (sets --bo-debug level, --debug-level-analysis level,
|
|
--debug-level-capture level, --debug-level-linters level):
|
|
- 0: only basic debugging enabled
|
|
- 1: verbose debugging enabled
|
|
- 2: very verbose debugging enabled
|
|
|
|
--debug-level-analysis int
|
|
Debug level for the analysis. See --debug-level for accepted
|
|
values.
|
|
|
|
--debug-level-capture int
|
|
Debug level for the capture. See --debug-level for accepted
|
|
values.
|
|
|
|
--debug-level-linters int
|
|
Debug level for the linters. See --debug-level for accepted
|
|
values.
|
|
|
|
--no-deduplicate
|
|
Deactivates: Apply issue-specific deduplication during analysis
|
|
and/or reporting. (Conversely: --deduplicate)
|
|
|
|
--no-default-checkers
|
|
Deactivates: Default checkers: --biabduction,
|
|
--fragment-retains-view, --inefficient-keyset-iterator, --linters,
|
|
--liveness, --racerd, --siof, --self_in_block, --starvation,
|
|
--uninit (Conversely: --default-checkers)
|
|
|
|
--eradicate
|
|
Activates: the eradicate @Nullable checker for Java annotations
|
|
(Conversely: --no-eradicate)
|
|
|
|
--eradicate-only
|
|
Activates: Enable --eradicate and disable all other checkers
|
|
(Conversely: --no-eradicate-only)
|
|
|
|
--no-fragment-retains-view
|
|
Deactivates: detects when Android fragments are not explicitly
|
|
nullified before becoming unreabable (Conversely:
|
|
--fragment-retains-view)
|
|
|
|
--fragment-retains-view-only
|
|
Activates: Enable --fragment-retains-view and disable all other
|
|
checkers (Conversely: --no-fragment-retains-view-only)
|
|
|
|
--help
|
|
Show this manual
|
|
|
|
--help-format { auto | groff | pager | plain }
|
|
Show this help in the specified format. auto sets the format to
|
|
plain if the environment variable TERM is "dumb" or undefined, and
|
|
to pager otherwise.
|
|
|
|
--help-full
|
|
Show this manual with all internal options in the INTERNAL OPTIONS
|
|
section
|
|
|
|
--immutable-cast
|
|
Activates: the detection of object cast from immutable type to
|
|
mutable type. For instance, it will detect cast from ImmutableList
|
|
to List, ImmutableMap to Map, and ImmutableSet to Set.
|
|
(Conversely: --no-immutable-cast)
|
|
|
|
--immutable-cast-only
|
|
Activates: Enable --immutable-cast and disable all other checkers
|
|
(Conversely: --no-immutable-cast-only)
|
|
|
|
--impurity
|
|
Activates: [EXPERIMENTAL] Impurity analysis (Conversely:
|
|
--no-impurity)
|
|
|
|
--impurity-only
|
|
Activates: Enable --impurity and disable all other checkers
|
|
(Conversely: --no-impurity-only)
|
|
|
|
--no-inefficient-keyset-iterator
|
|
Deactivates: Check for inefficient uses of keySet iterator that
|
|
access both the key and the value. (Conversely:
|
|
--inefficient-keyset-iterator)
|
|
|
|
--inefficient-keyset-iterator-only
|
|
Activates: Enable --inefficient-keyset-iterator and disable all
|
|
other checkers (Conversely: --no-inefficient-keyset-iterator-only)
|
|
|
|
--jobs,-j int
|
|
Run the specified number of analysis jobs simultaneously
|
|
|
|
--keep-going
|
|
Activates: Keep going when the analysis encounters a failure
|
|
(Conversely: --no-keep-going)
|
|
|
|
--no-linters
|
|
Deactivates: syntactic linters (Conversely: --linters)
|
|
|
|
--linters-only
|
|
Activates: Enable --linters and disable all other checkers
|
|
(Conversely: --no-linters-only)
|
|
|
|
--litho-required-props
|
|
Activates: [EXPERIMENTAL] Required Prop check for Litho
|
|
(Conversely: --no-litho-required-props)
|
|
|
|
--litho-required-props-only
|
|
Activates: Enable --litho-required-props and disable all other
|
|
checkers (Conversely: --no-litho-required-props-only)
|
|
|
|
--no-liveness
|
|
Deactivates: the detection of dead stores and unused variables
|
|
(Conversely: --liveness)
|
|
|
|
--liveness-only
|
|
Activates: Enable --liveness and disable all other checkers
|
|
(Conversely: --no-liveness-only)
|
|
|
|
--loop-hoisting
|
|
Activates: checker for loop-hoisting (Conversely:
|
|
--no-loop-hoisting)
|
|
|
|
--loop-hoisting-only
|
|
Activates: Enable --loop-hoisting and disable all other checkers
|
|
(Conversely: --no-loop-hoisting-only)
|
|
|
|
--perf-profiler-data-file file
|
|
Specify the file containing perf profiler data to read
|
|
|
|
--print-active-checkers
|
|
Activates: Print the active checkers before starting the analysis
|
|
(Conversely: --no-print-active-checkers)
|
|
|
|
--print-logs
|
|
Activates: Also log messages to stdout and stderr (Conversely:
|
|
--no-print-logs)
|
|
|
|
--printf-args
|
|
Activates: the detection of mismatch between the Java printf
|
|
format strings and the argument types For, example, this checker
|
|
will warn about the type error in `printf("Hello %d", "world")`
|
|
(Conversely: --no-printf-args)
|
|
|
|
--printf-args-only
|
|
Activates: Enable --printf-args and disable all other checkers
|
|
(Conversely: --no-printf-args-only)
|
|
|
|
--progress-bar-style { auto | plain | multiline }
|
|
Style of the progress bar. auto selects multiline if connected to
|
|
a tty, otherwise plain.
|
|
|
|
--project-root,-C dir
|
|
Specify the root directory of the project
|
|
|
|
--pulse
|
|
Activates: [EXPERIMENTAL] C++ lifetime analysis (Conversely:
|
|
--no-pulse)
|
|
|
|
--pulse-cut-to-one-path-procedures-pattern string
|
|
Regex of methods for which pulse will only explore one path. Can
|
|
be used on pathologically large procedures to prevent too-big
|
|
states from being produced.
|
|
|
|
--pulse-model-alloc-pattern string
|
|
Regex of methods that should be modelled as allocs in Pulse
|
|
|
|
--pulse-model-free-pattern string
|
|
Regex of methods that should be modelled as free in Pulse
|
|
|
|
--pulse-only
|
|
Activates: Enable --pulse and disable all other checkers
|
|
(Conversely: --no-pulse-only)
|
|
|
|
--purity
|
|
Activates: [EXPERIMENTAL] Purity analysis (Conversely:
|
|
--no-purity)
|
|
|
|
--purity-only
|
|
Activates: Enable --purity and disable all other checkers
|
|
(Conversely: --no-purity-only)
|
|
|
|
--quandary
|
|
Activates: the quandary taint analysis (Conversely: --no-quandary)
|
|
|
|
--quandary-only
|
|
Activates: Enable --quandary and disable all other checkers
|
|
(Conversely: --no-quandary-only)
|
|
|
|
--quiet,-q
|
|
Activates: Do not print anything on standard output. (Conversely:
|
|
--no-quiet | -Q)
|
|
|
|
--no-racerd
|
|
Deactivates: the RacerD thread safety analysis (Conversely:
|
|
--racerd)
|
|
|
|
--racerd-only
|
|
Activates: Enable --racerd and disable all other checkers
|
|
(Conversely: --no-racerd-only)
|
|
|
|
--reactive,-r
|
|
Activates: Reactive mode: the analysis starts from the files
|
|
captured since the infer command started (Conversely:
|
|
--no-reactive | -R)
|
|
|
|
--no-report
|
|
Deactivates: Run the reporting phase once the analysis has
|
|
completed (Conversely: --report)
|
|
|
|
--report-force-relative-path
|
|
Activates: Force converting an absolute path to a relative path to
|
|
the root directory (Conversely: --no-report-force-relative-path)
|
|
|
|
--results-dir,-o dir
|
|
Write results and internal files in the specified directory
|
|
|
|
--no-self_in_block
|
|
Deactivates: checker to flag incorrect uses of when Objective-C
|
|
blocks capture self (Conversely: --self_in_block)
|
|
|
|
--self_in_block-only
|
|
Activates: Enable --self_in_block and disable all other checkers
|
|
(Conversely: --no-self_in_block-only)
|
|
|
|
--no-siof
|
|
Deactivates: the Static Initialization Order Fiasco analysis (C++
|
|
only) (Conversely: --siof)
|
|
|
|
--siof-only
|
|
Activates: Enable --siof and disable all other checkers
|
|
(Conversely: --no-siof-only)
|
|
|
|
--sqlite-cache-size int
|
|
SQLite cache size in pages (if positive) or kB (if negative),
|
|
follows formal of corresponding SQLite PRAGMA.
|
|
|
|
--sqlite-lock-timeout int
|
|
Timeout for SQLite results database operations, in milliseconds.
|
|
|
|
--sqlite-page-size int
|
|
SQLite page size in bytes, must be a power of two between 512 and
|
|
65536.
|
|
|
|
--no-starvation
|
|
Deactivates: starvation analysis (Conversely: --starvation)
|
|
|
|
--starvation-only
|
|
Activates: Enable --starvation and disable all other checkers
|
|
(Conversely: --no-starvation-only)
|
|
|
|
--no-uninit
|
|
Deactivates: checker for use of uninitialized values (Conversely:
|
|
--uninit)
|
|
|
|
--uninit-only
|
|
Activates: Enable --uninit and disable all other checkers
|
|
(Conversely: --no-uninit-only)
|
|
BUCK OPTIONS
|
|
--merge
|
|
Activates: Merge the captured results directories specified in the
|
|
dependency file. (Conversely: --no-merge)
|
|
BUFFER OVERRUN OPTIONS
|
|
--bo-debug int
|
|
Debug level for buffer-overrun checker (0-4)
|
|
|
|
--bo-field-depth-limit int
|
|
Limit of field depth of abstract location in buffer-overrun
|
|
checker
|
|
|
|
--bo-service-handler-request
|
|
Activates: [EXPERIMENTAL] Use taint flow of service handler
|
|
requests in buffer overflow checking. (Conversely:
|
|
--no-bo-service-handler-request)
|
|
CLANG OPTIONS
|
|
--annotation-reachability-cxx json
|
|
Specify annotation reachability analyses to be performed on
|
|
C/C++/ObjC code. Each entry is a JSON object whose key is the
|
|
issue name. "sources" and "sinks" can be specified either by
|
|
symbol (including regexps) or path prefix. "sinks" optionally can
|
|
specify "overrides" (by symbol or path prefix) that block the
|
|
reachability analysis when hit. Example: {
|
|
"ISOLATED_REACHING_CONNECT": {
|
|
"doc_url":
|
|
"http:://example.com/issue/doc/optional_link.html",
|
|
"sources": {
|
|
"desc": "Code that should not call connect [optional]",
|
|
"paths": [ "isolated/" ]
|
|
},
|
|
"sinks": {
|
|
"symbols": [ "connect" ],
|
|
"overrides": { "symbol_regexps": [ ".*::Trusted::.*" ] }
|
|
}
|
|
}
|
|
}
|
|
|
|
This will cause us to create a new ISOLATED_REACHING_CONNECT
|
|
issue for every function whose source path starts with "isolated/"
|
|
that may reach the function named "connect", ignoring paths that
|
|
go through a symbol matching the OCaml regexp ".*::Trusted::.*".
|
|
|
|
--annotation-reachability-cxx-sources json
|
|
Override sources in all cxx annotation reachability specs with the
|
|
given sources spec
|
|
|
|
--clang-compound-literal-init-limit int
|
|
Limit after which initialization of compound types (structs and
|
|
arrays) is not done element by element but using a builtin
|
|
function that each analysis has to model.
|
|
|
|
--cxx-scope-guards json
|
|
Specify scope guard classes that can be read only by destructors
|
|
without being reported as dead stores.
|
|
|
|
--liveness-dangerous-classes json
|
|
Specify classes where the destructor should be ignored when
|
|
computing liveness. In other words, assignement to variables of
|
|
these types (or common wrappers around these types such as
|
|
unique_ptr<type>) will count as dead stores when the variables are
|
|
not read explicitly by the program.
|
|
|
|
--ml-buckets ,-separated sequence of { all | cf | arc | narc | cpp |
|
|
unknown_origin }
|
|
Specify the memory leak buckets to be checked in C++:
|
|
- cpp from C++ code
|
|
|
|
|
|
--unsafe-malloc
|
|
Activates: Assume that malloc(3) never returns null. (Conversely:
|
|
--no-unsafe-malloc)
|
|
JAVA OPTIONS
|
|
--annotation-reachability-custom-pairs json
|
|
Specify custom sources/sink for the annotation reachability
|
|
checker Example format: for custom annotations
|
|
com.my.annotation.{Source1,Source2,Sink1}
|
|
{ "sources" : ["Source1", "Source2"], "sink" : "Sink1" }
|
|
|
|
--external-java-packages +prefix
|
|
Specify a list of Java package prefixes for external Java
|
|
packages. If set, the analysis will not report non-actionable
|
|
warnings on those packages.
|
|
|
|
--java-version int
|
|
The version of Java being used. Set it to your Java version if mvn
|
|
is failing.
|
|
QUANDARY CHECKER OPTIONS
|
|
--quandary-endpoints json
|
|
Specify endpoint classes for Quandary
|
|
|
|
--quandary-sanitizers json
|
|
Specify custom sanitizers for Quandary
|
|
|
|
--quandary-sinks json
|
|
Specify custom sinks for Quandary
|
|
|
|
--quandary-sources json
|
|
Specify custom sources for Quandary
|
|
RACERD CHECKER OPTIONS
|
|
--racerd-guardedby
|
|
Activates: Check @GuardedBy annotations with RacerD (Conversely:
|
|
--no-racerd-guardedby)
|
|
|
|
--no-racerd-unknown-returns-owned
|
|
Deactivates: DEPRECATED, does nothing. (Conversely:
|
|
--racerd-unknown-returns-owned)
|
|
|
|
--threadsafe-aliases json
|
|
Specify custom annotations that should be considered aliases of
|
|
@ThreadSafe
|
|
SIOF CHECKER OPTIONS
|
|
--siof-check-iostreams
|
|
Activates: Do not assume that iostreams (cout, cerr, ...) are
|
|
always initialized. The default is to assume they are always
|
|
initialized to avoid false positives. However, if your program
|
|
compiles against a recent libstdc++ then it is safe to turn this
|
|
option on. (Conversely: --no-siof-check-iostreams)
|
|
|
|
--siof-safe-methods +string
|
|
Methods that are SIOF-safe; "foo::bar" will match "foo::bar()",
|
|
"foo<int>::bar()", etc. (can be specified multiple times)
|
|
|
|
|
|
ENVIRONMENT
|
|
INFER_ARGS, INFERCONFIG, INFER_STRICT_MODE
|
|
See the ENVIRONMENT section in the manual of infer(1).
|
|
|
|
FILES
|
|
.inferconfig
|
|
See the FILES section in the manual of infer(1).
|
|
|
|
|
|
|
|
|
|
SEE ALSO
|
|
infer-report(1), infer-run(1)
|
|
|
|
|
|
|