Infer

Facebook Infer is a static analysis tool - if you give Infer some Objective-C, Java, or C code, it produces a list of potential bugs.

Version

0.15.0

Runtime

Ubuntu Xenial OpenJDK 8

Supported Languages

C C++ Java

Official Documentation

http://fbinfer.com/

YAML Configuration

infer:

  • input:

    Patterns to include in execution and reports.

  • ignore:

    Patterns to exclude from execution and reports.

  • auto-fix:

    N/A

  • config-file:

    Path to your .inferconfig file the directory of which is specified to Infer via --inferconfig-home option.

  • machine:

    • cpu:

      Amount of CPU. The default machine has 0.75 CPU with 2880 MiB RAM.

      Inspecode automatically specifies --jobs option to Infer according to this value. For example, --jobs 1 is specified by default (for 0.75 CPU), --jobs 2 is specified for 1.1 CPU.

  • options:

    Below is the list of options that are supported:

        --analyzer,-a { checkers | infer | capture | compile | crashcontext |
        linters }
            Specify which analyzer to run (only one at a time is supported):
            - biabduction: run the bi-abduction based checker only, in
            particular to check for memory errors
            - checkers: run the default checkers, including the bi-abduction
            based checker for memory errors (default)
            - infer: alias for biabduction
            - linters: run linters based on the ast only (clang only,
            activated by default)
            - capture: similar to specifying the capture subcommand
            (DEPRECATED)
            - compile: similar to specifying the compile subcommand
            (DEPRECATED)
            - crashcontext: experimental (see --crashcontext)
            See also infer-analyze(1) and infer-run(1).
    
        --<analyzer>-blacklist-files-containing +string
            blacklist files containing the specified string for the given
            analyzer (see --analyzer for valid values)           See also infer-report(1) and infer-run(1).
    
        --<analyzer>-blacklist-path-regex +path_regex
            blacklist the analysis of files whose relative path matches the
            specified OCaml-style regex (to whitelist:
            --<analyzer>-whitelist-path-regex)           See also infer-report(1) and infer-run(1).
    
        --<analyzer>-suppress-errors +error_name
            do not report a type of errors           See also infer-report(1) and infer-run(1).
    
        --annotation-reachability-custom-pairs json
            Specify custom sources/sink for the annotation reachability
            checker           Example format: for custom annotations
            com.my.annotation.{Source1,Source2,Sink1}
            { "sources" : ["Source1", "Source2"], "sink" : "Sink1" }
            (default: [])
            See also infer-analyze(1).
    
        --annotation-reachability-only
            Activates: Enable --annotation-reachability and disable all other
            checkers (Conversely: --no-annotation-reachability-only)
    See also infer-analyze(1).
    
        --no-biabduction
            Deactivates: the separation logic based bi-abduction analysis
            using the checkers framework (Conversely: --biabduction)
    See also infer-analyze(1).
    
        --biabduction-only
            Activates: Enable --biabduction and disable all other checkers
            (Conversely: --no-biabduction-only)           See also infer-analyze(1).
    
        --bootclasspath string
            Specify the Java bootclasspath           See also infer-capture(1).
    
        --buck-blacklist regex
            Skip analysis of files matched by the specified regular expression
    See also infer-capture(1) and infer-run(1).
    
        --bufferoverrun
            Activates: the buffer overrun analysis (Conversely:
            --no-bufferoverrun)           See also infer-analyze(1).
    
        --bufferoverrun-only
            Activates: Enable --bufferoverrun and disable all other checkers
            (Conversely: --no-bufferoverrun-only)           See also infer-analyze(1).
    
        --check-nullable
            Activates: checks that values annotated with nullable are always
            checked for null before dereference (Conversely:
            --no-check-nullable)           See also infer-analyze(1).
    
        --check-nullable-only
            Activates: Enable --check-nullable and disable all other checkers
            (Conversely: --no-check-nullable-only)           See also infer-analyze(1).
    
        --cost
            Activates: checker for performance cost analysis (Conversely:
            --no-cost)           See also infer-analyze(1).
    
        --cost-only
            Activates: Enable --cost and disable all other checkers
            (Conversely: --no-cost-only)           See also infer-analyze(1).
    
        --current-to-previous-script shell
            Specify a script to checkout a previous version of the project to
            compare against, assuming we are on the current version already.
    See also infer-diff(1).
    
        --no-cxx
            Deactivates: Analyze C++ methods (Conversely: --cxx)
    See also infer-capture(1).
    
        --cxx-infer-headers
            Activates: Include C++ header models during compilation. Infer
            swaps some C++ headers for its own in order to get a better model
            of, eg, the standard library. This can sometimes cause compilation
            failures. (Conversely: --no-cxx-infer-headers)           See also infer-capture(1).
    
        --cxx-scope-guards json
            Specify scope guard classes that can be read only by destructors
            without being reported as dead stores. (default: [])
    See also infer-analyze(1).
    
        --no-default-checkers
            Deactivates: Default checkers: --annotation-reachability,
            --biabduction, --fragment-retains-view, --immutable-cast,
            --linters, --liveness, --ownership, --printf-args, --racerd,
            --siof, --uninit (Conversely: --default-checkers)           See also infer-analyze(1).
    
        --no-default-linters
            Deactivates: Use the default linters for the analysis.
            (Conversely: --default-linters)           See also infer-capture(1).
    
        --disable-issue-type +issue_type
            Do not show reports coming from this type of issue. Each checker
            can report a range of issue types. This option provides
            fine-grained filtering over which types of issue should be
            reported once the checkers have run. In particular, note that
            disabling issue types does not make the corresponding checker not
            run.            By default, the following issue types are disabled:
            ANALYSIS_STOPS, ARRAY_OUT_OF_BOUNDS_L1, ARRAY_OUT_OF_BOUNDS_L2,
            ARRAY_OUT_OF_BOUNDS_L3, BUFFER_OVERRUN_L4, BUFFER_OVERRUN_L5,
            BUFFER_OVERRUN_U5, CLASS_CAST_EXCEPTION, CONDITION_ALWAYS_FALSE,
            CONDITION_ALWAYS_TRUE, DANGLING_POINTER_DEREFERENCE,
            DIVIDE_BY_ZERO,
            GLOBAL_VARIABLE_INITIALIZED_WITH_FUNCTION_OR_METHOD_CALL,
            INFERBO_ALLOC_MAY_BE_BIG, INFERBO_ALLOC_MAY_BE_NEGATIVE,
            INFINITE_EXECUTION_TIME_CALL, NULL_TEST_AFTER_DEREFERENCE,
            RETURN_VALUE_IGNORED, STACK_VARIABLE_ADDRESS_ESCAPE,
            UNARY_MINUS_APPLIED_TO_UNSIGNED_EXPRESSION.
    
            See also --report-issue-type.
            (default:
            ANALYSIS_STOPS,ARRAY_OUT_OF_BOUNDS_L1,ARRAY_OUT_OF_BOUNDS_L2,ARRAY_OUT_OF_BOUNDS_L3,BUFFER_OVERRUN_L4,BUFFER_OVERRUN_L5,BUFFER_OVERRUN_U5,CLASS_CAST_EXCEPTION,CONDITION_ALWAYS_FALSE,CONDITION_ALWAYS_TRUE,DANGLING_POINTER_DEREFERENCE,DIVIDE_BY_ZERO,GLOBAL_VARIABLE_INITIALIZED_WITH_FUNCTION_OR_METHOD_CALL,INFERBO_ALLOC_MAY_BE_BIG,INFERBO_ALLOC_MAY_BE_NEGATIVE,INFINITE_EXECUTION_TIME_CALL,NULL_TEST_AFTER_DEREFERENCE,RETURN_VALUE_IGNORED,STACK_VARIABLE_ADDRESS_ESCAPE,UNARY_MINUS_APPLIED_TO_UNSIGNED_EXPRESSION)
            See also infer-report(1).
    
        --dump-duplicate-symbols
            Activates: Dump all symbols with the same name that are defined in
            more than one file. (Conversely: --no-dump-duplicate-symbols)
    See also infer-capture(1).
    
        --enable-issue-type +issue_type
            Show reports coming from this type of issue. By default, all issue
            types are enabled except the ones listed in --disable-issue-type.
            Note that enabling issue types does not make the corresponding
            checker run; see individual checker options to turn them on or
            off.           See also infer-report(1).
    
        --eradicate
            Activates: the eradicate @Nullable checker for Java annotations
            (Conversely: --no-eradicate)           See also infer-analyze(1).
    
        --eradicate-only
            Activates: Enable --eradicate and disable all other checkers
            (Conversely: --no-eradicate-only)           See also infer-analyze(1).
    
        --external-java-packages +prefix
            Specify a list of Java package prefixes for external Java
            packages. If set, the analysis will not report non-actionable
            warnings on those packages.           See also infer-analyze(1).
    
        --filter-report +string
            Specify a filter for issues to report. If multiple filters are
            specified, they are applied in the order in which they are
            specified. Each filter is applied to each issue detected, and only
            issues which are accepted by all filters are reported. Each filter
            is of the form:
            `<issue_type_regex>:<filename_regex>:<reason_string>`. The first
            two components are OCaml Str regular expressions, with an optional
            `!` character prefix. If a regex has a `!` prefix, the polarity is
            inverted, and the filter becomes a "blacklist" instead of a
            "whitelist". Each filter is interpreted as an implication: an
            issue matches if it does not match the `issue_type_regex` or if it
            does match the `filename_regex`. The filenames that are tested by
            the regex are relative to the `--project-root` directory. The
            `<reason_string>` is a non-empty string used to explain why the
            issue was filtered.           See also infer-report(1) and infer-run(1).
    
        --no-fragment-retains-view
            Deactivates: detects when Android fragments are not explicitly
            nullified before becoming unreabable (Conversely:
            --fragment-retains-view)           See also infer-analyze(1).
    
        --fragment-retains-view-only
            Activates: Enable --fragment-retains-view and disable all other
            checkers (Conversely: --no-fragment-retains-view-only)
    See also infer-analyze(1).
    
        --no-immutable-cast
            Deactivates: the detection of object cast from immutable type to
            mutable type. For instance, it will detect cast from ImmutableList
            to List, ImmutableMap to Map, and ImmutableSet to Set.
            (Conversely: --immutable-cast)           See also infer-analyze(1).
    
        --immutable-cast-only
            Activates: Enable --immutable-cast and disable all other checkers
            (Conversely: --no-immutable-cast-only)           See also infer-analyze(1).
    
        --linter string
            From the linters available, only run this one linter. (Useful
            together with --linters-developer-mode)           See also infer-capture(1).
    
        --no-linters
            Deactivates: syntactic linters (Conversely: --linters)
    See also infer-analyze(1).
    
        --linters-def-file +file
            Specify the file containing linters definition (e.g. 'linters.al')
    See also infer-capture(1).
    
        --linters-def-folder +dir
            Specify the folder containing linters files with extension .al
    See also infer-capture(1).
    
        --linters-ignore-clang-failures
            Activates: Continue linting files even if some compilation fails.
            (Conversely: --no-linters-ignore-clang-failures)           See also infer-capture(1).
    
        --linters-only
            Activates: Enable --linters and disable all other checkers
            (Conversely: --no-linters-only)           See also infer-analyze(1).
    
        --no-liveness
            Deactivates: the detection of dead stores and unused variables
            (Conversely: --liveness)           See also infer-analyze(1).
    
        --liveness-only
            Activates: Enable --liveness and disable all other checkers
            (Conversely: --no-liveness-only)           See also infer-analyze(1).
    
        --no-ownership
            Deactivates: the detection of C++ lifetime bugs (Conversely:
            --ownership)           See also infer-analyze(1).
    
        --ownership-only
            Activates: Enable --ownership and disable all other checkers
            (Conversely: --no-ownership-only)           See also infer-analyze(1).
    
        --print-active-checkers
            Activates: Print the active checkers before starting the analysis
            (Conversely: --no-print-active-checkers)           See also infer-analyze(1).
    
        --no-printf-args
            Deactivates: the detection of mismatch between the Java printf
            format strings and the argument types For, example, this checker
            will warn about the type error in `printf("Hello %d", "world")`
            (Conversely: --printf-args)           See also infer-analyze(1).
    
        --printf-args-only
            Activates: Enable --printf-args and disable all other checkers
            (Conversely: --no-printf-args-only)           See also infer-analyze(1).
    
        --quandary
            Activates: the quandary taint analysis (Conversely: --no-quandary)
    See also infer-analyze(1).
    
        --quandary-endpoints json
            Specify endpoint classes for Quandary (default: [])
    See also infer-analyze(1).
    
        --quandary-only
            Activates: Enable --quandary and disable all other checkers
            (Conversely: --no-quandary-only)           See also infer-analyze(1).
    
        --quandary-sanitizers json
            Specify custom sanitizers for Quandary (default: [])
    See also infer-analyze(1).
    
        --quandary-sinks json
            Specify custom sinks for Quandary (default: [])           See also infer-analyze(1).
    
        --quandary-sources json
            Specify custom sources for Quandary (default: [])           See also infer-analyze(1).
    
        --no-racerd
            Deactivates: the RacerD thread safety analysis (Conversely:
            --racerd)           See also infer-analyze(1).
    
        --racerd-only
            Activates: Enable --racerd and disable all other checkers
            (Conversely: --no-racerd-only)           See also infer-analyze(1).
    
        --no-siof
            Deactivates: the Static Initialization Order Fiasco analysis (C++
            only) (Conversely: --siof)           See also infer-analyze(1).
    
        --siof-check-iostreams
            Activates: Do not assume that iostreams (cout, cerr, ...) are
            always initialized. The default is to assume they are always
            initialized when --cxx-infer-headers is false to avoid false
            positives due to lack of models of the proper initialization of io
            streams. However, if your program compiles against a recent
            libstdc++ then the infer models are not needed for precision and
            it is safe to turn this option on. (Conversely:
            --no-siof-check-iostreams)           See also infer-analyze(1).
    
        --siof-only
            Activates: Enable --siof and disable all other checkers
            (Conversely: --no-siof-only)           See also infer-analyze(1).
    
        --siof-safe-methods +string
            Methods that are SIOF-safe; "foo::bar" will match "foo::bar()",
            "foo<int>::bar()", etc. (can be specified multiple times)
    See also infer-analyze(1).
    
        --skip-analysis-in-path +path_prefix_OCaml_regex
            Ignore files whose path matches the given prefix (can be specified
            multiple times)           See also infer-capture(1) and infer-run(1).
    
        --skip-analysis-in-path-skips-compilation
            Activates: Whether paths in --skip-analysis-in-path should be
            compiled or not (Conversely:
            --no-skip-analysis-in-path-skips-compilation)           See also infer-report(1).
    
        --no-skip-duplicated-types
            Deactivates: Skip fixed-then-introduced duplicated types while
            computing differential reports (Conversely:
            --skip-duplicated-types)           See also infer-reportdiff(1).
    
        --skip-translation-headers +path_prefix
            Ignore headers whose path matches the given prefix           See also infer-capture(1).
    
        --starvation
            Activates: starvation analysis (Conversely: --no-starvation)
    See also infer-analyze(1).
    
        --starvation-only
            Activates: Enable --starvation and disable all other checkers
            (Conversely: --no-starvation-only)           See also infer-analyze(1).
    
        --suggest-nullable
            Activates: Nullable annotation sugesstions analysis (Conversely:
            --no-suggest-nullable)           See also infer-analyze(1).
    
        --suggest-nullable-only
            Activates: Enable --suggest-nullable and disable all other
            checkers (Conversely: --no-suggest-nullable-only)           See also infer-analyze(1).
    
        --threadsafe-aliases json
            Specify custom annotations that should be considered aliases of
            @ThreadSafe (default: [])           See also infer-analyze(1).
    
        --no-uninit
            Deactivates: checker for use of uninitialized values (Conversely:
            --uninit)           See also infer-analyze(1).
    
        --uninit-only
            Activates: Enable --uninit and disable all other checkers
            (Conversely: --no-uninit-only)           See also infer-analyze(1).
    
        --  Stop argument processing, use remaining arguments as a build
            command           See also infer-capture(1) and infer-run(1).
    
    INTERNAL OPTIONS
        Use at your own risk.
    
        --abs-struct int
            Specify abstraction level for fields of structs:           - 0 = no
            - 1 = forget some fields during matching (and so lseg
            abstraction)
            (default: 1)
    
        --abs-val int
            Specify abstraction level for expressions:           - 0 = no abstraction
            - 1 = evaluate all expressions abstractly
            - 2 = 1 + abstract constant integer values during join
            (default: 2)
    
        --allow-leak
            Activates: Forget leaked memory during abstraction (Conversely:
            --no-allow-leak)
    
        --<analyzer>-blacklist-files-containing-reset
            Set --<analyzer>-blacklist-files-containing to the empty list.
    
        --<analyzer>-blacklist-path-regex-reset
            Set --<analyzer>-blacklist-path-regex to the empty list.
    
        --analyzer-reset
            Cancel the effect of --analyzer.
    
        --<analyzer>-suppress-errors-reset
            Set --<analyzer>-suppress-errors to the empty list.
    
        --<analyzer>-whitelist-path-regex-reset
            Set --<analyzer>-whitelist-path-regex to the empty list.
    
        --array-level int
            Level of treating the array indexing and pointer arithmetic:
    - 0 = treats both features soundly
            - 1 = assumes that the size of every array is infinite
            - 2 = assumes that all heap dereferences via array indexing and
            pointer arithmetic are correct
            (default: 0)
    
        --bootclasspath-reset
            Cancel the effect of --bootclasspath.
    
        --buck-blacklist-reset
            Cancel the effect of --buck-blacklist.
    
        --clang-ignore-regex dir_OCaml_regex
            The files in this regex will be ignored in the compilation process
            and an empty file will be passed to clang instead. This is to be
            used with the buck flavour infer-capture-all to work around
            missing generated files.
    
        --clang-ignore-regex-reset
            Cancel the effect of --clang-ignore-regex.
    
        --clang-include-to-override-regex dir_OCaml_regex
            Use this option in the uncommon case where the normal compilation
            process overrides the location of internal compiler headers. This
            option should specify regular expression with the path to those
            headers so that infer can use its own clang internal headers
            instead.
    
        --clang-include-to-override-regex-reset
            Cancel the effect of --clang-include-to-override-regex.
    
        --classpath string
            Specify the Java classpath
    
        --classpath-reset
            Cancel the effect of --classpath.
    
        --coverage
            analysis mode to maximize coverage (can take longer)
    
        --disable-issue-type-reset
            Set --disable-issue-type to the empty list.
    
        --enable-issue-type-reset
            Set --enable-issue-type to the empty list.
    
        --eradicate-condition-redundant
            Activates: Condition redundant warnings (Conversely:
            --no-eradicate-condition-redundant)
    
        --eradicate-field-not-mutable
            Activates: Field not mutable warnings (Conversely:
            --no-eradicate-field-not-mutable)
    
        --eradicate-field-over-annotated
            Activates: Field over-annotated warnings (Conversely:
            --no-eradicate-field-over-annotated)
    
        --eradicate-optional-present
            Activates: Check for @Present annotations (Conversely:
            --no-eradicate-optional-present)
    
        --eradicate-return-over-annotated
            Activates: Return over-annotated warning (Conversely:
            --no-eradicate-return-over-annotated)
    
        --exit-node-bias
            nodes nearest the exit node are analyzed first
    
        --external-java-packages-reset
            Set --external-java-packages to the empty list.
    
        --filter-report-reset
            Set --filter-report to the empty list.
    
        --genrule-mode
            Activates: Enable the genrule compatibility mode used for the Buck
            integration (Conversely: --no-genrule-mode)
    
        --no-ignore-trivial-traces
            Deactivates: Ignore traces whose length is at most 1 (Conversely:
            --ignore-trivial-traces)
    
        --linter-reset
            Cancel the effect of --linter.
    
        --linters-def-file-reset
            Set --linters-def-file to the empty list.
    
        --linters-def-folder-reset
            Set --linters-def-folder to the empty list.
    
        --nullable-annotation-name string
            Specify custom nullable annotation name
    
        --nullable-annotation-name-reset
            Cancel the effect of --nullable-annotation-name.
    
        --racerd-use-path-stability
            Activates: Use access path stability to prune RacerD false
            positives (Conversely: --no-racerd-use-path-stability)
    
        --reset-linters-def-folder
            Reset the list of folders containing linters definitions to be
            empty (see linters-def-folder).
    
        --siof-safe-methods-reset
            Set --siof-safe-methods to the empty list.
    
        --skip-analysis-in-path-reset
            Set --skip-analysis-in-path to the empty list.
    
        --skip-implementation json
            Matcher or list of matchers for names of files where we only want
            to translate the method declaration, skipping the body of the
            methods (Java only). (default: [])
    
        --skip-translation json
            Matcher or list of matchers for names of files that should not be
            analyzed at all. (default: [])
    
        --skip-translation-headers-reset
            Set --skip-translation-headers to the empty list.
    
        --source-files-filter-reset
            Cancel the effect of --source-files-filter.
    
        --sourcepath string
            Specify the sourcepath
    
        --sourcepath-reset
            Cancel the effect of --sourcepath.
    
        --sqlite-vfs string
            VFS for SQLite
    
        --sqlite-vfs-reset
            Cancel the effect of --sqlite-vfs.
    
        --tv-limit int
            The maximum number of traces to submit to Traceview (default: 100)
    
        --tv-limit-filtered int
            The maximum number of traces for issues filtered out by
            --report-filter to submit to Traceview (default: 100)
    
        --uninit-interproc
            Activates: Run uninit check in the experimental interprocedural
            mode (Conversely: --no-uninit-interproc)
    
        --visits-bias
            nodes visited fewer times are analyzed first
    
        --write-html-whitelist-regex +string
            whitelist files that will have its html debug output printed
    
        --write-html-whitelist-regex-reset
            Set --write-html-whitelist-regex to the empty list.
    

    Note: Infer itself supports various analyzers, however, Inspecode supports only the following ones:

    • infer
    • eradicate
    • checkers
    • tracing
    • crashcontext
    • linters
    • quandary
    • threadsafety
    • bufferoverrun
  • thresholds:

    • num-issues:

      In addition to general severity levels, the following tool specific severity levels can be specified:

      • ADVICE (equivalent to general severity level info)
  • experimental:

    • incremental:

      N/A

      Note: The incremental analysis cannot be supported for Infer. This is because Infer performs a regular build with requiring all build dependencies and the results on unchanged files can be affected by changed files.

YAML Examples

  • With default options:

    inspecode:
      infer: default
    
  • With custom machine:

    inspecode:
      infer:
        machine:
          cpu: 1.5 # 1.5 CPU, 5760 MiB RAM
    
  • With custom options:

    inspecode:
      infer:
        options:
          - --dump-duplicate-symbols
          - --: [gcc, -c, hello.c]
    
  • With a configuration file:

    inspecode:
      infer:
        config-file: ./config/infer.config
    

    The above configuration sets the path to the configuration file to the INFERCONFIG environment variable.

Available Toolchain

  • autoconf (GNU Autoconf) 2.69
  • automake (GNU automake) 1.14.1
  • clang 3.8.1
  • cmake 3.0.2
  • gcc 4.9.2
  • g++ 4.9.2
  • javac 1.8.0_111
  • make (GNU Make) 4.0
  • musl 1.1.5
  • Apache Maven 3.0.5
  • Apache Ant 1.9.4
  • Gradle 3.4
  • Buck v2016.11.11.01

Note: Although Infer is focusing on Android and iOS apps, Inspecode does not support them as of now.

Build Command Detection

If no build commands are explicitly specified via -- option such as when using default built-in configuration, Inspecode recursively scans your repository to detect project directories enabling one of the following build systems, and then run build commands at each directory accordingly.

  • CMake (build commands: cmake . && make)
  • ./configure (build commands: ./configure && make)
  • Make (build commands: make)
  • Gradle (build commands: ./gradlew clean build)
  • Maven (build commands: mvn clean compile)
  • Ant (build commands: ant [clean|clear|clobber] [compile|build|release|debug|<default target>])

In addition, if no project directories are detected and there are any *.java files in your repository, Inspecode runs javac *.java as a build command at the root of your repository.

If the automatic detection does not suit your project, explicitly specify build commands via -- option.

Resolving Dependencies

Infer requires all build dependencies to run, so Inspecode tries to download dependencies before running Infer:

As of now, Inspecode can download:

  • submodules available to the public
  • submodules provided from your private repositories which:
    • belong to the same GitHub organization or Bitbucket team as the repository on which Infer runs
    • have been already registered to Inspecode
    • can be accessed via http://<hostname>/<path>, https://<hostname>/<path>, ssh://git@<hostname>/<path> or git@<hostname>:<path>

Note: If resolving dependencies fails due to some reasons, you can see the error log, however, Inspecode continues the process unless running Infer itself fails.

results matching ""

    No results matching ""