infer-analyze - analyze the files captured by infer
infer
analyze [options]
infer [options]
Analyze the files captured in the project results directory and report.
--annotation-reachability
Activates: checker annotation-reachability: Given a pair of source and sink annotation, e.g. ‘@PerformanceCritical‘ and ‘@Expensive‘, this checker will warn whenever some method annotated with ‘@PerformanceCritical‘ calls, directly or indirectly, another method annotated with ‘@Expensive‘ (Conversely: --no-annotation-reachability)
--annotation-reachability-only
Activates: Enable annotation-reachability and disable all other checkers (Conversely: --no-annotation-reachability-only)
--no-biabduction
Deactivates: checker biabduction: This analysis deals with a range of issues, many linked to memory safety. (Conversely: --biabduction)
--biabduction-only
Activates: Enable biabduction and disable all other checkers (Conversely: --no-biabduction-only)
--biabduction-write-dotty
Activates: Produce dotty files for specs and retain cycles reports in infer-out/captured. (Conversely: --no-biabduction-write-dotty)
--bufferoverrun
Activates: checker bufferoverrun: InferBO is a detector for out-of-bounds array accesses. (Conversely: --no-bufferoverrun)
--bufferoverrun-only
Activates: Enable bufferoverrun and disable all other checkers (Conversely: --no-bufferoverrun-only)
--changed-files-index file
Specify the file containing the list of source files from which reactive analysis should start. Source files should be specified relative to project root or be absolute
--config-checks-between-markers
Activates: checker config-checks-between-markers: [EXPERIMENTAL] Collects config checks between marker start and end. (Conversely: --no-config-checks-between-markers)
--config-checks-between-markers-only
Activates: Enable config-checks-between-markers and disable all other checkers (Conversely: --no-config-checks-between-markers-only)
--config-impact-analysis
Activates: checker config-impact-analysis: [EXPERIMENTAL] Collects function that are called without config checks. (Conversely: --no-config-impact-analysis)
--config-impact-analysis-only
Activates: Enable config-impact-analysis and disable all other checkers (Conversely: --no-config-impact-analysis-only)
--continue-analysis
Activates: Continue the analysis after more targets are captured by --continue. The other analysis options should be given the same before. Not compatible with --reanalyze and --incremental-analysis. (Conversely: --no-continue-analysis)
--cost
Activates: checker cost: Computes the time complexity of functions and methods. Can be used to detect changes in runtime complexity with ‘infer reportdiff‘. (Conversely: --no-cost)
--cost-only
Activates: Enable cost and disable all other checkers (Conversely: --no-cost-only)
--no-cost-suppress-func-ptr
Deactivates: Suppress printing function pointers in cost reports (Conversely: --cost-suppress-func-ptr)
--custom-symbols json
Specify named lists of symbols available to rules
--debug,-g
Activates: Debug mode (also sets --debug-level 2, --developer-mode, --print-buckets, --print-types, --reports-include-ml-loc, --no-only-cheap-debug, --trace-error, --write-html) (Conversely: --no-debug | -G)
--debug-level level
Debug level (sets --bo-debug level, --debug-level-analysis level, --debug-level-capture level, --debug-level-linters level):
- 0: only basic debugging
enabled
- 1: verbose debugging enabled
- 2: very verbose debugging enabled
--debug-level-analysis int
Debug level for the analysis. See --debug-level for accepted values.
--debug-level-capture int
Debug level for the capture. See --debug-level for accepted values.
--debug-level-linters int
Debug level for the linters. See --debug-level for accepted values.
--no-deduplicate
Deactivates: Apply issue-specific deduplication during analysis and/or reporting. (Conversely: --deduplicate)
--no-default-checkers
Deactivates: Default checkers: --biabduction, --fragment-retains-view, --inefficient-keyset-iterator, --linters, --liveness, --racerd, --dotnet-resource-leak, --siof, --self-in-block, --starvation, --uninit (Conversely: --default-checkers)
--eradicate
Activates: checker eradicate: The eradicate ‘@Nullable‘ checker for Java annotations. (Conversely: --no-eradicate)
--eradicate-only
Activates: Enable eradicate and disable all other checkers (Conversely: --no-eradicate-only)
--no-fragment-retains-view
Deactivates: checker fragment-retains-view: Detects when Android fragments are not explicitly nullified before becoming unreachable. (Conversely: --fragment-retains-view)
--fragment-retains-view-only
Activates: Enable fragment-retains-view and disable all other checkers (Conversely: --no-fragment-retains-view-only)
--help
Show this manual
--help-format { auto | groff | pager | plain }
Show this help in the specified format. auto sets the format to plain if the environment variable TERM is "dumb" or undefined, and to pager otherwise.
--help-full
Show this manual with all internal options in the INTERNAL OPTIONS section
--immutable-cast
Activates: checker immutable-cast: Detection of object cast from immutable types to mutable types. For instance, it will detect casts from ‘ImmutableList‘ to ‘List‘, ‘ImmutableMap‘ to ‘Map‘, and ‘ImmutableSet‘ to ‘Set‘. (Conversely: --no-immutable-cast)
--immutable-cast-only
Activates: Enable immutable-cast and disable all other checkers (Conversely: --no-immutable-cast-only)
--impurity
Activates: checker impurity: Detects functions with potential side-effects. Same as "purity", but implemented on top of Pulse. (Conversely: --no-impurity)
--impurity-only
Activates: Enable impurity and disable all other checkers (Conversely: --no-impurity-only)
--impurity-report-immutable-modifications
Activates: Report modifications to immutable fields in the Impurity checker (Conversely: --no-impurity-report-immutable-modifications)
--no-inefficient-keyset-iterator
Deactivates: checker inefficient-keyset-iterator: Check for inefficient uses of iterators that iterate on keys then lookup their values, instead of iterating on key-value pairs directly. (Conversely: --inefficient-keyset-iterator)
--inefficient-keyset-iterator-only
Activates: Enable inefficient-keyset-iterator and disable all other checkers (Conversely: --no-inefficient-keyset-iterator-only)
--jobs,-j int
Run the specified number of analysis jobs simultaneously
--keep-going
Activates: Keep going when the analysis encounters a failure (Conversely: --no-keep-going)
--no-linters
Deactivates: checker linters: Declarative linting framework over the Clang AST. (Conversely: --linters)
--linters-only
Activates: Enable linters and disable all other checkers (Conversely: --no-linters-only)
--litho-required-props
Activates: checker litho-required-props: Checks that all non-optional ‘@Prop‘s have been specified when constructing Litho components. (Conversely: --no-litho-required-props)
--litho-required-props-only
Activates: Enable litho-required-props and disable all other checkers (Conversely: --no-litho-required-props-only)
--no-liveness
Deactivates: checker liveness: Detection of dead stores and unused variables. (Conversely: --liveness)
--liveness-ignored-constant +string
List of integer constants to be ignored by liveness analysis
--liveness-only
Activates: Enable liveness and disable all other checkers (Conversely: --no-liveness-only)
--loop-hoisting
Activates: checker loop-hoisting: Detect opportunities to hoist function calls that are invariant outside of loop bodies for efficiency. (Conversely: --no-loop-hoisting)
--loop-hoisting-only
Activates: Enable loop-hoisting and disable all other checkers (Conversely: --no-loop-hoisting-only)
--max-jobs int
Maximum number of analysis jobs running simultaneously
--memtrace-analysis-profiling
Activates: Generate OCaml analysis allocation traces in ‘infer-out/memtrace‘. (Conversely: --no-memtrace-analysis-profiling)
--memtrace-sampling-rate float
Sampling rate for Memtrace allocation profiling. Default is 1e-6.
--print-active-checkers
Activates: Print the active checkers before starting the analysis (Conversely: --no-print-active-checkers)
--print-logs
Activates: Also log messages to stdout and stderr (Conversely: --no-print-logs)
--printf-args
Activates: checker printf-args: Detect mismatches between the Java ‘printf‘ format strings and the argument types For example, this checker will warn about the type error in ‘printf("Hello %d", "world")‘ (Conversely: --no-printf-args)
--printf-args-only
Activates: Enable printf-args and disable all other checkers (Conversely: --no-printf-args-only)
--progress-bar-style { auto | plain | multiline }
Style of the progress bar. auto selects multiline if connected to a tty, otherwise plain.
--project-root,-C dir
Specify the root directory of the project
--pulse
Activates: checker pulse: Memory and lifetime analysis. (Conversely: --no-pulse)
--pulse-cut-to-one-path-procedures-pattern string
Regex of methods for which pulse will only explore one path. Can be used on pathologically large procedures to prevent too-big states from being produced.
--pulse-model-abort +string
Methods that should be modelled as abort in Pulse
--pulse-model-alloc-pattern string
Regex of methods that should be modelled as allocs in Pulse
--pulse-model-release-pattern string
Regex of methods that should be modelled as release in Pulse
--pulse-model-return-first-arg string
Regex of methods that should be modelled as returning the first argument in Pulse
--pulse-model-return-nonnull string
Regex of methods that should be modelled as returning non-null in Pulse
--pulse-model-skip-pattern string
Regex of methods that should be modelled as "skip" in Pulse
--pulse-model-transfer-ownership +string
Methods that should be modelled as transfering memory ownership in Pulse. Accepted formats are method or namespace::method
--pulse-only
Activates: Enable pulse and disable all other checkers (Conversely: --no-pulse-only)
--pulse-report-ignore-unknown-java-methods-patterns +string
On Java, issues that are found on program paths that contain calls to unknown methods (those without implementation) are not reported unless all the unknown method names match this pattern. If the empty list is provided or --pulse_report_ignore_unknown_java_methods_patterns-reset, all issues will be reported regardless the presence of unknown code
--purity
Activates: checker purity: Detects pure (side-effect-free) functions. A different implementation of "impurity". (Conversely: --no-purity)
--purity-only
Activates: Enable purity and disable all other checkers (Conversely: --no-purity-only)
--quandary
Activates: checker quandary: The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a "sanitizer". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions. (Conversely: --no-quandary)
--quandary-only
Activates: Enable quandary and disable all other checkers (Conversely: --no-quandary-only)
--quiet,-q
Activates: Do not print anything on standard output. (Conversely: --no-quiet | -Q)
--no-racerd
Deactivates: checker racerd: Thread safety analysis. (Conversely: --racerd)
--racerd-only
Activates: Enable racerd and disable all other checkers (Conversely: --no-racerd-only)
--reactive,-r
Activates: Reactive mode: the analysis starts from the files captured since the infer command started (Conversely: --no-reactive | -R)
--no-report
Deactivates: Run the reporting phase once the analysis has completed (Conversely: --report)
--report-force-relative-path
Activates: Force converting an absolute path to a relative path to the root directory (Conversely: --no-report-force-relative-path)
--results-dir,-o dir
Write results and internal files in the specified directory
--scheduler { file | restart | callgraph }
Specify the scheduler used for the analysis phase:
- file: schedule one job per
file
- callgraph: schedule one job per procedure, following the
syntactic call graph. Usually faster than "file".
- restart: same as callgraph but uses locking to try and
avoid
duplicate work between different analysis processes and thus
performs better in some circumstances
--no-self-in-block
Deactivates: checker self-in-block: An Objective-C-specific analysis to detect when a block captures ‘self‘. (Conversely: --self-in-block)
--self-in-block-only
Activates: Enable self-in-block and disable all other checkers (Conversely: --no-self-in-block-only)
--no-siof
Deactivates: checker siof: Catches Static Initialization Order Fiascos in C++, that can lead to subtle, compiler-version-dependent errors. (Conversely: --siof)
--siof-only
Activates: Enable siof and disable all other checkers (Conversely: --no-siof-only)
--sqlite-cache-size int
SQLite cache size in pages (if positive) or kB (if negative), follows formal of corresponding SQLite PRAGMA.
--sqlite-lock-timeout int
Timeout for SQLite results database operations, in milliseconds.
--sqlite-page-size int
SQLite page size in bytes, must be a power of two between 512 and 65536.
--no-starvation
Deactivates: checker starvation: Detect various kinds of situations when no progress is being made because of concurrency errors. (Conversely: --starvation)
--starvation-only
Activates: Enable starvation and disable all other checkers (Conversely: --no-starvation-only)
--topl
Activates: checker topl: Detect errors based on user-provided state machines describing temporal properties over multiple objects. (Conversely: --no-topl)
--topl-only
Activates: Enable topl and disable all other checkers (Conversely: --no-topl-only)
--no-uninit
Deactivates: checker uninit: Warns when values are used before having been initialized. (Conversely: --uninit)
--uninit-only
Activates: Enable uninit and disable all other checkers (Conversely: --no-uninit-only)
--write-html
Activates: Produce html debug output for the analyses in infer-out/captured. This shows the abstract state of all analyses at each program point in the source code. Each captured source file has its own html page. This HTML file contains the source file, and at each line of
the file there are links to the
nodes of the control flow graph
of Infer's translation of that line of code into its
intermediate
representation (SIL). This way it's possible to see what the
translation is, and the details of the symbolic execution on
each
node. (Conversely: --no-write-html)
--xcode-isysroot-suffix string
Specify the suffix of Xcode isysroot directory, to avoid absolute paths in tests
--merge
Activates: Merge the captured results directories specified in the dependency file. (Conversely: --no-merge)
--bo-debug int
Debug level for buffer-overrun checker (0-4)
--bo-field-depth-limit int
Limit of field depth of abstract location in buffer-overrun checker
--annotation-reachability-cxx json
Specify annotation reachability analyses to be performed on C/C++/ObjC code. Each entry is a JSON object whose key is the issue name. "sources" and "sinks" can be specified either by symbol (including regexps) or path prefix. "sinks" optionally can specify "overrides" (by symbol or path prefix) that block the reachability analysis when hit. Example:
{
"ISOLATED_REACHING_CONNECT": {
"doc_url":
"http:://example.com/issue/doc/optional_link.html",
"sources": {
"desc": "Code that should not call connect
[optional]",
"paths": [ "isolated/" ]
},
"sinks": {
"symbols": [ "connect" ],
"overrides": { "symbol_regexps": [
".*::Trusted::.*" ] }
}
}
}
This will cause
us to create a new ISOLATED_REACHING_CONNECT
issue for every function whose source path starts with
"isolated/"
that may reach the function named "connect",
ignoring paths that
go through a symbol matching the OCaml regexp
".*::Trusted::.*".
--annotation-reachability-cxx-sources json
Override sources in all cxx annotation reachability specs with the given sources spec
--biabduction-unsafe-malloc
Activates: Assume that malloc(3) never returns null. (Conversely: --no-biabduction-unsafe-malloc)
--clang-compound-literal-init-limit int
Limit after which initialization of compound types (structs and arrays) is not done element by element but using a builtin function that each analysis has to model.
--cxx-scope-guards json
Specify scope guard classes that can be read only by destructors without being reported as dead stores.
--liveness-dangerous-classes json
Specify classes where the destructor should be ignored when computing liveness. In other words, assignement to variables of these types (or common wrappers around these types such as unique_ptr<type>) will count as dead stores when the variables are not read explicitly by the program.
--annotation-reachability-custom-pairs json
Specify custom sources/sink for the annotation reachability checker
Example format: for custom
annotations
com.my.annotation.{Source1,Source2,Sink1}
{ "sources" : ["Source1",
"Source2"], "sink" : "Sink1" }
--external-java-packages +prefix
Specify a list of Java package prefixes for external Java packages. If set, the analysis will not report non-actionable warnings on those packages.
--java-version int
The version of Java being used. Set it to your Java version if mvn is failing.
--quandary-endpoints json
Specify endpoint classes for Quandary
--quandary-sanitizers json
Specify custom sanitizers for Quandary
--quandary-sinks json
Specify custom sinks for Quandary
--quandary-sources json
Specify custom sources for Quandary
--racerd-guardedby
Activates: Check @GuardedBy annotations with RacerD (Conversely: --no-racerd-guardedby)
--no-racerd-unknown-returns-owned
Deactivates: DEPRECATED, does nothing. (Conversely: --racerd-unknown-returns-owned)
--threadsafe-aliases json
Specify custom annotations that should be considered aliases of @ThreadSafe
--siof-check-iostreams
Activates: Do not assume that iostreams (cout, cerr, ...) are always initialized. The default is to assume they are always initialized to avoid false positives. However, if your program compiles against a recent libstdc++ then it is safe to turn this option on. (Conversely: --no-siof-check-iostreams)
--siof-safe-methods +string
Methods that are SIOF-safe; "foo::bar" will match "foo::bar()", "foo<int>::bar()", etc. (can be specified multiple times)
INFER_ARGS, INFERCONFIG, INFER_STRICT_MODE
See the ENVIRONMENT section in the manual of infer(1).
.inferconfig
See the FILES section in the manual of infer(1).
infer-report(1), infer-run(1)