You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
559 lines
22 KiB
559 lines
22 KiB
NAME
|
|
infer-analyze - analyze the files captured by infer
|
|
|
|
SYNOPSIS
|
|
infer analyze [options]
|
|
infer [options]
|
|
|
|
|
|
DESCRIPTION
|
|
Analyze the files captured in the project results directory and
|
|
report.
|
|
|
|
|
|
|
|
OPTIONS
|
|
--annotation-reachability
|
|
Activates: checker annotation-reachability: Given a pair of source
|
|
and sink annotation, e.g. `@PerformanceCritical` and `@Expensive`,
|
|
this checker will warn whenever some method annotated with
|
|
`@PerformanceCritical` calls, directly or indirectly, another
|
|
method annotated with `@Expensive` (Conversely:
|
|
--no-annotation-reachability)
|
|
|
|
--annotation-reachability-only
|
|
Activates: Enable annotation-reachability and disable all other
|
|
checkers (Conversely: --no-annotation-reachability-only)
|
|
|
|
--no-biabduction
|
|
Deactivates: checker biabduction: This analysis deals with a range
|
|
of issues, many linked to memory safety. (Conversely:
|
|
--biabduction)
|
|
|
|
--biabduction-only
|
|
Activates: Enable biabduction and disable all other checkers
|
|
(Conversely: --no-biabduction-only)
|
|
|
|
--bufferoverrun
|
|
Activates: checker bufferoverrun: InferBO is a detector for
|
|
out-of-bounds array accesses. (Conversely: --no-bufferoverrun)
|
|
|
|
--bufferoverrun-only
|
|
Activates: Enable bufferoverrun and disable all other checkers
|
|
(Conversely: --no-bufferoverrun-only)
|
|
|
|
--changed-files-index file
|
|
Specify the file containing the list of source files from which
|
|
reactive analysis should start. Source files should be specified
|
|
relative to project root or be absolute
|
|
|
|
--config-checks-between-markers
|
|
Activates: checker config-checks-between-markers: [EXPERIMENTAL]
|
|
Collects config checks between marker start and end. (Conversely:
|
|
--no-config-checks-between-markers)
|
|
|
|
--config-checks-between-markers-only
|
|
Activates: Enable config-checks-between-markers and disable all
|
|
other checkers (Conversely:
|
|
--no-config-checks-between-markers-only)
|
|
|
|
--config-impact-analysis
|
|
Activates: checker config-impact-analysis: [EXPERIMENTAL] Collects
|
|
function that are called without config checks. (Conversely:
|
|
--no-config-impact-analysis)
|
|
|
|
--config-impact-analysis-only
|
|
Activates: Enable config-impact-analysis and disable all other
|
|
checkers (Conversely: --no-config-impact-analysis-only)
|
|
|
|
--continue-analysis
|
|
Activates: Continue the analysis after more targets are captured
|
|
by --continue. The other analysis options should be given the same
|
|
before. Not compatible with --reanalyze and
|
|
--incremental-analysis. (Conversely: --no-continue-analysis)
|
|
|
|
--cost
|
|
Activates: checker cost: Computes the time complexity of functions
|
|
and methods. Can be used to detect changes in runtime complexity
|
|
with `infer reportdiff`. (Conversely: --no-cost)
|
|
|
|
--cost-only
|
|
Activates: Enable cost and disable all other checkers (Conversely:
|
|
--no-cost-only)
|
|
|
|
--no-cost-suppress-func-ptr
|
|
Deactivates: Suppress printing function pointers in cost reports
|
|
(Conversely: --cost-suppress-func-ptr)
|
|
|
|
--custom-symbols json
|
|
Specify named lists of symbols available to rules
|
|
|
|
--debug,-g
|
|
Activates: Debug mode (also sets --debug-level 2,
|
|
--developer-mode, --print-buckets, --print-types,
|
|
--reports-include-ml-loc, --no-only-cheap-debug, --trace-error,
|
|
--write-dotty, --write-html) (Conversely: --no-debug | -G)
|
|
|
|
--debug-level level
|
|
Debug level (sets --bo-debug level, --debug-level-analysis level,
|
|
--debug-level-capture level, --debug-level-linters level):
|
|
- 0: only basic debugging enabled
|
|
- 1: verbose debugging enabled
|
|
- 2: very verbose debugging enabled
|
|
|
|
--debug-level-analysis int
|
|
Debug level for the analysis. See --debug-level for accepted
|
|
values.
|
|
|
|
--debug-level-capture int
|
|
Debug level for the capture. See --debug-level for accepted
|
|
values.
|
|
|
|
--debug-level-linters int
|
|
Debug level for the linters. See --debug-level for accepted
|
|
values.
|
|
|
|
--no-deduplicate
|
|
Deactivates: Apply issue-specific deduplication during analysis
|
|
and/or reporting. (Conversely: --deduplicate)
|
|
|
|
--no-default-checkers
|
|
Deactivates: Default checkers: --biabduction,
|
|
--fragment-retains-view, --inefficient-keyset-iterator, --linters,
|
|
--liveness, --racerd, --dotnet-resource-leak, --siof,
|
|
--self-in-block, --starvation, --uninit (Conversely:
|
|
--default-checkers)
|
|
|
|
--eradicate
|
|
Activates: checker eradicate: The eradicate `@Nullable` checker
|
|
for Java annotations. (Conversely: --no-eradicate)
|
|
|
|
--eradicate-only
|
|
Activates: Enable eradicate and disable all other checkers
|
|
(Conversely: --no-eradicate-only)
|
|
|
|
--no-fragment-retains-view
|
|
Deactivates: checker fragment-retains-view: Detects when Android
|
|
fragments are not explicitly nullified before becoming
|
|
unreachable. (Conversely: --fragment-retains-view)
|
|
|
|
--fragment-retains-view-only
|
|
Activates: Enable fragment-retains-view and disable all other
|
|
checkers (Conversely: --no-fragment-retains-view-only)
|
|
|
|
--help
|
|
Show this manual
|
|
|
|
--help-format { auto | groff | pager | plain }
|
|
Show this help in the specified format. auto sets the format to
|
|
plain if the environment variable TERM is "dumb" or undefined, and
|
|
to pager otherwise.
|
|
|
|
--help-full
|
|
Show this manual with all internal options in the INTERNAL OPTIONS
|
|
section
|
|
|
|
--immutable-cast
|
|
Activates: checker immutable-cast: Detection of object cast from
|
|
immutable types to mutable types. For instance, it will detect
|
|
casts from `ImmutableList` to `List`, `ImmutableMap` to `Map`, and
|
|
`ImmutableSet` to `Set`. (Conversely: --no-immutable-cast)
|
|
|
|
--immutable-cast-only
|
|
Activates: Enable immutable-cast and disable all other checkers
|
|
(Conversely: --no-immutable-cast-only)
|
|
|
|
--impurity
|
|
Activates: checker impurity: Detects functions with potential
|
|
side-effects. Same as "purity", but implemented on top of Pulse.
|
|
(Conversely: --no-impurity)
|
|
|
|
--impurity-only
|
|
Activates: Enable impurity and disable all other checkers
|
|
(Conversely: --no-impurity-only)
|
|
|
|
--no-inefficient-keyset-iterator
|
|
Deactivates: checker inefficient-keyset-iterator: Check for
|
|
inefficient uses of iterators that iterate on keys then lookup
|
|
their values, instead of iterating on key-value pairs directly.
|
|
(Conversely: --inefficient-keyset-iterator)
|
|
|
|
--inefficient-keyset-iterator-only
|
|
Activates: Enable inefficient-keyset-iterator and disable all
|
|
other checkers (Conversely: --no-inefficient-keyset-iterator-only)
|
|
|
|
--jobs,-j int
|
|
Run the specified number of analysis jobs simultaneously
|
|
|
|
--keep-going
|
|
Activates: Keep going when the analysis encounters a failure
|
|
(Conversely: --no-keep-going)
|
|
|
|
--no-linters
|
|
Deactivates: checker linters: Declarative linting framework over
|
|
the Clang AST. (Conversely: --linters)
|
|
|
|
--linters-only
|
|
Activates: Enable linters and disable all other checkers
|
|
(Conversely: --no-linters-only)
|
|
|
|
--litho-required-props
|
|
Activates: checker litho-required-props: Checks that all
|
|
non-optional `@Prop`s have been specified when constructing Litho
|
|
components. (Conversely: --no-litho-required-props)
|
|
|
|
--litho-required-props-only
|
|
Activates: Enable litho-required-props and disable all other
|
|
checkers (Conversely: --no-litho-required-props-only)
|
|
|
|
--no-liveness
|
|
Deactivates: checker liveness: Detection of dead stores and unused
|
|
variables. (Conversely: --liveness)
|
|
|
|
--liveness-ignored-constant +string
|
|
List of integer constants to be ignored by liveness analysis
|
|
|
|
--liveness-only
|
|
Activates: Enable liveness and disable all other checkers
|
|
(Conversely: --no-liveness-only)
|
|
|
|
--loop-hoisting
|
|
Activates: checker loop-hoisting: Detect opportunities to hoist
|
|
function calls that are invariant outside of loop bodies for
|
|
efficiency. (Conversely: --no-loop-hoisting)
|
|
|
|
--loop-hoisting-only
|
|
Activates: Enable loop-hoisting and disable all other checkers
|
|
(Conversely: --no-loop-hoisting-only)
|
|
|
|
--max-jobs int
|
|
Maximum number of analysis jobs running simultaneously
|
|
|
|
--memtrace-analysis-profiling
|
|
Activates: Generate OCaml analysis allocation traces in
|
|
`infer-out/memtrace`. (Conversely:
|
|
--no-memtrace-analysis-profiling)
|
|
|
|
--memtrace-sampling-rate float
|
|
Sampling rate for Memtrace allocation profiling. Default is 1e-6.
|
|
|
|
--print-active-checkers
|
|
Activates: Print the active checkers before starting the analysis
|
|
(Conversely: --no-print-active-checkers)
|
|
|
|
--print-logs
|
|
Activates: Also log messages to stdout and stderr (Conversely:
|
|
--no-print-logs)
|
|
|
|
--printf-args
|
|
Activates: checker printf-args: Detect mismatches between the Java
|
|
`printf` format strings and the argument types For example, this
|
|
checker will warn about the type error in `printf("Hello %d",
|
|
"world")` (Conversely: --no-printf-args)
|
|
|
|
--printf-args-only
|
|
Activates: Enable printf-args and disable all other checkers
|
|
(Conversely: --no-printf-args-only)
|
|
|
|
--progress-bar-style { auto | plain | multiline }
|
|
Style of the progress bar. auto selects multiline if connected to
|
|
a tty, otherwise plain.
|
|
|
|
--project-root,-C dir
|
|
Specify the root directory of the project
|
|
|
|
--pulse
|
|
Activates: checker pulse: Memory and lifetime analysis.
|
|
(Conversely: --no-pulse)
|
|
|
|
--pulse-cut-to-one-path-procedures-pattern string
|
|
Regex of methods for which pulse will only explore one path. Can
|
|
be used on pathologically large procedures to prevent too-big
|
|
states from being produced.
|
|
|
|
--pulse-model-abort +string
|
|
Methods that should be modelled as abort in Pulse
|
|
|
|
--pulse-model-alloc-pattern string
|
|
Regex of methods that should be modelled as allocs in Pulse
|
|
|
|
--pulse-model-release-pattern string
|
|
Regex of methods that should be modelled as release in Pulse
|
|
|
|
--pulse-model-return-first-arg string
|
|
Regex of methods that should be modelled as returning the first
|
|
argument in Pulse
|
|
|
|
--pulse-model-return-nonnull string
|
|
Regex of methods that should be modelled as returning non-null in
|
|
Pulse
|
|
|
|
--pulse-model-skip-pattern string
|
|
Regex of methods that should be modelled as "skip" in Pulse
|
|
|
|
--pulse-model-transfer-ownership +string
|
|
Methods that should be modelled as transfering memory ownership in
|
|
Pulse. Accepted formats are method or namespace::method
|
|
|
|
--pulse-only
|
|
Activates: Enable pulse and disable all other checkers
|
|
(Conversely: --no-pulse-only)
|
|
|
|
--pulse-report-ignore-unknown-java-methods-patterns +string
|
|
On Java, issues that are found on program paths that contain calls
|
|
to unknown methods (those without implementation) are not reported
|
|
unless all the unknown method names match this pattern. If the
|
|
empty list is provided or
|
|
--pulse_report_ignore_unknown_java_methods_patterns-reset, all
|
|
issues will be reported regardless the presence of unknown code
|
|
|
|
--purity
|
|
Activates: checker purity: Detects pure (side-effect-free)
|
|
functions. A different implementation of "impurity". (Conversely:
|
|
--no-purity)
|
|
|
|
--purity-only
|
|
Activates: Enable purity and disable all other checkers
|
|
(Conversely: --no-purity-only)
|
|
|
|
--quandary
|
|
Activates: checker quandary: The Quandary taint analysis detects
|
|
flows of values between sources and sinks, except if the value
|
|
went through a "sanitizer". In addition to some defaults, users
|
|
can specify their own sources, sinks, and sanitizers functions.
|
|
(Conversely: --no-quandary)
|
|
|
|
--quandary-only
|
|
Activates: Enable quandary and disable all other checkers
|
|
(Conversely: --no-quandary-only)
|
|
|
|
--quiet,-q
|
|
Activates: Do not print anything on standard output. (Conversely:
|
|
--no-quiet | -Q)
|
|
|
|
--no-racerd
|
|
Deactivates: checker racerd: Thread safety analysis. (Conversely:
|
|
--racerd)
|
|
|
|
--racerd-only
|
|
Activates: Enable racerd and disable all other checkers
|
|
(Conversely: --no-racerd-only)
|
|
|
|
--reactive,-r
|
|
Activates: Reactive mode: the analysis starts from the files
|
|
captured since the infer command started (Conversely:
|
|
--no-reactive | -R)
|
|
|
|
--no-report
|
|
Deactivates: Run the reporting phase once the analysis has
|
|
completed (Conversely: --report)
|
|
|
|
--report-force-relative-path
|
|
Activates: Force converting an absolute path to a relative path to
|
|
the root directory (Conversely: --no-report-force-relative-path)
|
|
|
|
--results-dir,-o dir
|
|
Write results and internal files in the specified directory
|
|
|
|
--scheduler { file | restart | callgraph }
|
|
Specify the scheduler used for the analysis phase: - file: schedule one job per file
|
|
- callgraph: schedule one job per procedure, following the
|
|
syntactic call graph. Usually faster than "file".
|
|
- restart: same as callgraph but uses locking to try and avoid
|
|
duplicate work between different analysis processes and thus
|
|
performs better in some circumstances
|
|
|
|
--no-self-in-block
|
|
Deactivates: checker self-in-block: An Objective-C-specific
|
|
analysis to detect when a block captures `self`. (Conversely:
|
|
--self-in-block)
|
|
|
|
--self-in-block-only
|
|
Activates: Enable self-in-block and disable all other checkers
|
|
(Conversely: --no-self-in-block-only)
|
|
|
|
--no-siof
|
|
Deactivates: checker siof: Catches Static Initialization Order
|
|
Fiascos in C++, that can lead to subtle,
|
|
compiler-version-dependent errors. (Conversely: --siof)
|
|
|
|
--siof-only
|
|
Activates: Enable siof and disable all other checkers (Conversely:
|
|
--no-siof-only)
|
|
|
|
--sqlite-cache-size int
|
|
SQLite cache size in pages (if positive) or kB (if negative),
|
|
follows formal of corresponding SQLite PRAGMA.
|
|
|
|
--sqlite-lock-timeout int
|
|
Timeout for SQLite results database operations, in milliseconds.
|
|
|
|
--sqlite-page-size int
|
|
SQLite page size in bytes, must be a power of two between 512 and
|
|
65536.
|
|
|
|
--no-starvation
|
|
Deactivates: checker starvation: Detect various kinds of
|
|
situations when no progress is being made because of concurrency
|
|
errors. (Conversely: --starvation)
|
|
|
|
--starvation-only
|
|
Activates: Enable starvation and disable all other checkers
|
|
(Conversely: --no-starvation-only)
|
|
|
|
--topl
|
|
Activates: checker topl: Detects errors based on user-provided
|
|
state machines describing multi-object monitors. (Conversely:
|
|
--no-topl)
|
|
|
|
--topl-only
|
|
Activates: Enable topl and disable all other checkers (Conversely:
|
|
--no-topl-only)
|
|
|
|
--no-uninit
|
|
Deactivates: checker uninit: Warns when values are used before
|
|
having been initialized. (Conversely: --uninit)
|
|
|
|
--uninit-only
|
|
Activates: Enable uninit and disable all other checkers
|
|
(Conversely: --no-uninit-only)
|
|
|
|
--xcode-isysroot-suffix string
|
|
Specify the suffix of Xcode isysroot directory, to avoid absolute
|
|
paths in tests
|
|
BUCK OPTIONS
|
|
--merge
|
|
Activates: Merge the captured results directories specified in the
|
|
dependency file. (Conversely: --no-merge)
|
|
BUFFER OVERRUN OPTIONS
|
|
--bo-debug int
|
|
Debug level for buffer-overrun checker (0-4)
|
|
|
|
--bo-field-depth-limit int
|
|
Limit of field depth of abstract location in buffer-overrun
|
|
checker
|
|
CLANG OPTIONS
|
|
--annotation-reachability-cxx json
|
|
Specify annotation reachability analyses to be performed on
|
|
C/C++/ObjC code. Each entry is a JSON object whose key is the
|
|
issue name. "sources" and "sinks" can be specified either by
|
|
symbol (including regexps) or path prefix. "sinks" optionally can
|
|
specify "overrides" (by symbol or path prefix) that block the
|
|
reachability analysis when hit. Example: {
|
|
"ISOLATED_REACHING_CONNECT": {
|
|
"doc_url":
|
|
"http:://example.com/issue/doc/optional_link.html",
|
|
"sources": {
|
|
"desc": "Code that should not call connect [optional]",
|
|
"paths": [ "isolated/" ]
|
|
},
|
|
"sinks": {
|
|
"symbols": [ "connect" ],
|
|
"overrides": { "symbol_regexps": [ ".*::Trusted::.*" ] }
|
|
}
|
|
}
|
|
}
|
|
|
|
This will cause us to create a new ISOLATED_REACHING_CONNECT
|
|
issue for every function whose source path starts with "isolated/"
|
|
that may reach the function named "connect", ignoring paths that
|
|
go through a symbol matching the OCaml regexp ".*::Trusted::.*".
|
|
|
|
--annotation-reachability-cxx-sources json
|
|
Override sources in all cxx annotation reachability specs with the
|
|
given sources spec
|
|
|
|
--clang-compound-literal-init-limit int
|
|
Limit after which initialization of compound types (structs and
|
|
arrays) is not done element by element but using a builtin
|
|
function that each analysis has to model.
|
|
|
|
--cxx-scope-guards json
|
|
Specify scope guard classes that can be read only by destructors
|
|
without being reported as dead stores.
|
|
|
|
--liveness-dangerous-classes json
|
|
Specify classes where the destructor should be ignored when
|
|
computing liveness. In other words, assignement to variables of
|
|
these types (or common wrappers around these types such as
|
|
unique_ptr<type>) will count as dead stores when the variables are
|
|
not read explicitly by the program.
|
|
|
|
--ml-buckets ,-separated sequence of { all | cf | arc | narc | cpp |
|
|
unknown_origin }
|
|
Specify the memory leak buckets to be checked in C++:
|
|
- cpp from C++ code
|
|
|
|
|
|
--unsafe-malloc
|
|
Activates: Assume that malloc(3) never returns null. (Conversely:
|
|
--no-unsafe-malloc)
|
|
JAVA OPTIONS
|
|
--annotation-reachability-custom-pairs json
|
|
Specify custom sources/sink for the annotation reachability
|
|
checker Example format: for custom annotations
|
|
com.my.annotation.{Source1,Source2,Sink1}
|
|
{ "sources" : ["Source1", "Source2"], "sink" : "Sink1" }
|
|
|
|
--external-java-packages +prefix
|
|
Specify a list of Java package prefixes for external Java
|
|
packages. If set, the analysis will not report non-actionable
|
|
warnings on those packages.
|
|
|
|
--java-version int
|
|
The version of Java being used. Set it to your Java version if mvn
|
|
is failing.
|
|
QUANDARY CHECKER OPTIONS
|
|
--quandary-endpoints json
|
|
Specify endpoint classes for Quandary
|
|
|
|
--quandary-sanitizers json
|
|
Specify custom sanitizers for Quandary
|
|
|
|
--quandary-sinks json
|
|
Specify custom sinks for Quandary
|
|
|
|
--quandary-sources json
|
|
Specify custom sources for Quandary
|
|
RACERD CHECKER OPTIONS
|
|
--racerd-guardedby
|
|
Activates: Check @GuardedBy annotations with RacerD (Conversely:
|
|
--no-racerd-guardedby)
|
|
|
|
--no-racerd-unknown-returns-owned
|
|
Deactivates: DEPRECATED, does nothing. (Conversely:
|
|
--racerd-unknown-returns-owned)
|
|
|
|
--threadsafe-aliases json
|
|
Specify custom annotations that should be considered aliases of
|
|
@ThreadSafe
|
|
SIOF CHECKER OPTIONS
|
|
--siof-check-iostreams
|
|
Activates: Do not assume that iostreams (cout, cerr, ...) are
|
|
always initialized. The default is to assume they are always
|
|
initialized to avoid false positives. However, if your program
|
|
compiles against a recent libstdc++ then it is safe to turn this
|
|
option on. (Conversely: --no-siof-check-iostreams)
|
|
|
|
--siof-safe-methods +string
|
|
Methods that are SIOF-safe; "foo::bar" will match "foo::bar()",
|
|
"foo<int>::bar()", etc. (can be specified multiple times)
|
|
|
|
|
|
ENVIRONMENT
|
|
INFER_ARGS, INFERCONFIG, INFER_STRICT_MODE
|
|
See the ENVIRONMENT section in the manual of infer(1).
|
|
|
|
FILES
|
|
.inferconfig
|
|
See the FILES section in the manual of infer(1).
|
|
|
|
|
|
|
|
|
|
SEE ALSO
|
|
infer-report(1), infer-run(1)
|
|
|
|
|
|
|