A static analyzer for Java, C, C++, and Objective-C

Overview

logo

Infer Build Status

Infer is a static analysis tool for Java, C++, Objective-C, and C. Infer is written in OCaml.

Installation

Read our Getting Started page for details on how to install packaged versions of Infer. To build Infer from source, see INSTALL.md.

Contributing

See CONTRIBUTING.md.

License

Infer is MIT-licensed.

Note: Enabling Java support may require you to download and install components licensed under the GPL.

Issues
  • Migrate Website to Docusaurus 2

    Migrate Website to Docusaurus 2

    Context: https://github.com/facebook/infer/issues/1171

    CLA Signed 
    opened by smorimoto 36
  • Failed to build iOS project,how to fix

    Failed to build iOS project,how to fix

    I use : infer --incremental -- xcodebuild -workspace xxx.xcworkspace -scheme xxx -sdk iphonesimulator -configuration Debug -destination 'platform=iOS Simulator,OS=9.2,name=iPhone 6s' CLANG_ENABLE_MODULES=NO clean build

    The following build commands failed: CompileC /Users/jianzhang/Library/Developer/Xcode/DerivedData/xxxxxxxx-aiaocxwzriymuzayasydwppoqjls/Build/Intermediates/Pods.build/Debug-iphonesimulator/MQTTKit.build/Objects-normal/x86_64/logging_mosq.o MQTTKit/libmosquitto/logging_mosq.c normal x86_64 c com.apple.compilers.llvm.clang.1_0.compiler (1 failure) Traceback (most recent call last): File "/usr/local/bin/infer", line 178, in main() File "/usr/local/bin/infer", line 142, in main capture_exitcode = imported_module.gen_instance(args, cmd).capture() File "/usr/local/Cellar/infer/0.8.0/libexec/infer/lib/python/inferlib/capture/xcodebuild.py", line 78, in capture utils.stdout(exc.output) File "/usr/local/Cellar/infer/0.8.0/libexec/infer/lib/python/inferlib/utils.py", line 298, in stdout print(encode(s, errors=errors)) File "/usr/local/Cellar/infer/0.8.0/libexec/infer/lib/python/inferlib/utils.py", line 294, in encode return u.encode(encoding=config.LOCALE, errors=errors) AttributeError: 'NoneType' object has no attribute 'encode'

    opened by yanqi8573 30
  • infer failed in Xcode9: infer xcodebuild output error - *** Infer needs a working compilation command to run

    infer failed in Xcode9: infer xcodebuild output error - *** Infer needs a working compilation command to run

    My project is created by Objective-C. And infer v0.12.0 was run successfully for my project in xcode 8 yesterday. Today I update my xcode to xcode 9, use some APIs in iOS 11, and update infer to v0.12.1. Then when I run infer v0.12.1 on Xcode 9 with iOS 11 and LLVM v9.0.0 using the following command:

    infer -- xcodebuild -workspace myProject.xcworkspace -scheme myProject -configuration Debug -sdk iphonesimulator
    

    I got the following results:

    Build Succeeded
    Starting translating 463 files 
    
    *** ERROR: Failed to execute compilation command. Output:
    clang: error: cannot specify -o when generating multiple output files
    *** Infer needs a working compilation command to run.
    

    ..MANY OF THESE ERRORS...then...

    ...
    *** ERROR: Failed to execute compilation command. Output:
    clang: error: cannot specify -o when generating multiple output files
    *** Infer needs a working compilation command to run.
    ..
    
    Nothing to compile. Try running `xcodebuild -workspace myProject.xcworkspace -scheme myProject -configuration Debug -sdk iphonesimulator clean` first.
    
    There was nothing to analyze.
    
    opened by tianshunjian 29
  • Migrate Website to Docusaurus 2 Alpha

    Migrate Website to Docusaurus 2 Alpha

    Hi there! The Docusaurus team is currently developing Docusaurus 2 and are almost done with an MVP that doesn't include translations and versioning features, which means there's feature parity with your website's current usage of Docusaurus.

    Docusaurus 2 brings about many improvements:

    • Client-side rendering with prerendering (site renders without JavaScript!)
    • More flexible appearance - Customizable layouts, CSS modules, etc
    • Embeddable interactive React components within markdown via MDX

    I will be helping you migrate and be the POC throughout the migration process. Let me know what you think!

    cc @yangshun @endiliey @wgao19

    opened by mishal23 28
  • (Unix.Exit_or_signal (Exit_non_zero 66))

    (Unix.Exit_or_signal (Exit_non_zero 66))

    When I run ./gradlew build, I get a BUILD SUCCESSFUL. When I run infer -- ./gradlew build, I get the following error:

    $ ./gradlew build --stacktrace
    ...
    
    BUILD SUCCESSFUL
    
    ...
    $ infer -- ./gradlew build --stacktrace
    Capturing in gradle mode...
    Running and capturing gradle compilation...
    Nothing to compile. Try running `./gradlew clean` first.
    Uncaught exception:
      
      (Unix.Exit_or_signal (Exit_non_zero 66))
    
    Raised at file "src/error.ml", line 7, characters 20-30
    Called from file "backend/infer.ml", line 455, characters 2-21
    

    I'm running OS X El Capitan Version 10.11.6 and Infer 0.10.0.

    opened by Will5 27
  • javalib incompatibility causes infer -- javac Hello.java to fail with no files analyzed

    javalib incompatibility causes infer -- javac Hello.java to fail with no files analyzed

    the log trace is as below: [email protected]:~/workspace/test$ infer -- javac Hello.java TODO: print error message Starting analysis (Infer version v0.1.0) Fatal error: exception Sys_error("/home/wyw/workspace/test/infer-out/captured: No such file or directory") [ERROR] Failure during create_makefile, original command was

    [u'inferJ', u'-g', u'-a', 'infer', u'javac', 'Hello.java']

    Traceback (most recent call last): File "/home/wyw/Downloads/infer-linux64-v0.1.0/infer/infer/bin/inferJ", line 19, in stats = analysis.start() File "/home/wyw/Downloads/infer-linux64-v0.1.0/infer/infer/bin/inferlib.py", line 634, in start self.analyze_and_report() File "/home/wyw/Downloads/infer-linux64-v0.1.0/infer/infer/bin/inferlib.py", line 613, in analyze_and_report if self.analyze() == os.EX_OK: File "/home/wyw/Downloads/infer-linux64-v0.1.0/infer/infer/bin/inferlib.py", line 489, in analyze self.args.analyzer File "/home/wyw/Downloads/infer-linux64-v0.1.0/infer/infer/bin/inferlib.py", line 318, in run_command raise e subprocess.CalledProcessError: Command '[u'/home/wyw/Downloads/infer-linux64-v0.1.0/infer/infer/bin/InferAnalyze', u'-results_dir', '/home/wyw/workspace/test/infer-out', u'-makefile', u'Makefile', u'-allow_specs_cleanup', u'-models', u'/home/wyw/Downloads/infer-linux64-v0.1.0/infer/infer/bin/../lib/java/models.jar', u'-project_root', '/home/wyw/workspace/test']' returned non-zero exit status 2

    Anyone could explain?

    java 
    opened by wywlds 25
  • `infer -- javac Hello.java` fails to run when the current path contains whitespaces

    `infer -- javac Hello.java` fails to run when the current path contains whitespaces

    I have tried to test infer using Hello.java which was located in Desktop/Hello folder in my mac. And it said "Failed to load any Java source code". (Refer below commands that I tried.).

    CD-RWEERASOORI:Desktop rweerasooriya$ infer -v Infer version v0.1.1 Copyright 2009 - present Facebook. All Rights Reserved.

    CD-RWEERASOORI:Desktop rweerasooriya$ java -version java version "1.6.0_65" Java(TM) SE Runtime Environment (build 1.6.0_65-b14-466.1-11M4716) Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-466.1, mixed mode)

    CD-RWEERASOORI:Desktop rweerasooriya$ cd Hello/ CD-RWEERASOORI:Hello rweerasooriya$ ls Hello.java

    CD-RWEERASOORI:Hello rweerasooriya$ infer -- javac Hello.java Fatal error: exception Failure("Failed to load any Java source code") [ERROR] Failure during frontend, original command was

    [u'inferJ', u'-g', u'-a', 'infer', u'javac', 'Hello.java']

    Traceback (most recent call last): File "/Users/rweerasooriya/infer-osx-v0.1.1/infer/infer/bin/inferJ", line 19, in stats = analysis.start() File "/Users/rweerasooriya/infer-osx-v0.1.1/infer/infer/bin/inferlib.py", line 632, in start if self.capture() == os.EX_OK: File "/Users/rweerasooriya/infer-osx-v0.1.1/infer/infer/bin/inferlib.py", line 400, in capture return self.run_infer_frontend() File "/Users/rweerasooriya/infer-osx-v0.1.1/infer/infer/bin/inferlib.py", line 391, in run_infer_frontend self.args.analyzer File "/Users/rweerasooriya/infer-osx-v0.1.1/infer/infer/bin/inferlib.py", line 318, in run_command raise e subprocess.CalledProcessError: Command '[u'/Users/rweerasooriya/infer-osx-v0.1.1/infer/infer/bin/InferJava', u'-results_dir', '/Users/rweerasooriya/Desktop/Hello/infer-out', u'-verbose_out', '/var/folders/x0/_9n0fqgj2zngnvt0642_h384zc4l_4/T/javac_hTItgR.out', u'-models', u'/Users/rweerasooriya/infer-osx-v0.1.1/infer/infer/bin/../lib/java/models.jar', u'-no-static_final']' returned non-zero exit status 2 CD-RWEERASOORI:Hello rweerasooriya$

    bug java 
    opened by randikapw 25
  • Confuse how to integrate Infer into our Gitlab CI

    Confuse how to integrate Infer into our Gitlab CI

    I am confused how to integrate Infer into our Gitlab CI pipeline at static analysis stage:

    • To slow I use this command follow the wiki,but still scan whole project 1700+ files when CI Runner checkout the branch every time。
    infer --reactive --continue -- xcodebuild -workspace xxx.xcworkspace -scheme xxx -sdk iphonesimulator10.2 -configuration Debug build
    
    • Can seperate two phases? I just want to analyze the commit files ,but Infer must compile first,and use command infer -- <command> Suppose our CI pipeline include build,test,pre-production,production 4 phase. Assuming there are two jobs in the build phase, the first job is build, the second is static analysis, , and infer - <command> combine two jobs, and make the build phase become slow.

    • Can not set the threshold, analyze the results and throw error so that the pipeline to stop

    Please give me a suggestion how to integrate infer into our CI process correctly,thanks!

    opened by sencho 25
  • Issue Building clang

    Issue Building clang

    I tried building clang after java and got stuck in the process.

    details:

    checking for ant... no checking for buck... no checking for mvn... no checking for ndk-build... no checking for ndk-build... no checking for Python module lxml... ok checking for xcpretty... no configure: saving configure flags to ./config.flags configure: creating ./config.status config.status: creating Makefile.autoconf

    Warning: you are not using a release of Infer. The C and Objective-C analyses require a custom clang to be compiled now. This step takes ~30-60 minutes, possibly more.

    To speed this along, you are encouraged to use a release of Infer instead:

    http://fbinfer.com/docs/getting-started.html

    If you are only interested in analyzing Java programs, simply run this script with only the "java" argument:

    ./build-infer.sh java

    Are you sure you want to compile clang? (y/N) y CMake Warning at cmake/modules/HandleLLVMOptions.cmake:143 (message): -fPIC is not supported. Call Stack (most recent call first): cmake/modules/HandleLLVMOptions.cmake:161 (add_flag_or_print_warning) CMakeLists.txt:497 (include)

    CMake Warning (dev) at projects/libcxx/CMakeLists.txt:15 (project): Policy CMP0048 is not set: project() command manages VERSION variables. Run "cmake --help-policy CMP0048" for policy details. Use the cmake_policy command to set the policy and suppress this warning.

    The following variable(s) would be set to empty:

    PROJECT_VERSION
    PROJECT_VERSION_MAJOR
    PROJECT_VERSION_MINOR
    PROJECT_VERSION_PATCH
    

    This warning is for project developers. Use -Wno-dev to suppress it.

    clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s' clang: warning: argument unused during compilation: '-s'

    This warning is keeping coming and clang is not built

    Thanks Shreyas

    opened by shreyasmrs 25
  • Detect instance fields

    Detect instance fields

    Hi again,

    In the checker I am trying to create, I need to know whether a fieldname is an instance field or not. Example:

    class Hello{
      int foo= 0;
    
      public void test(){
        int i = 0;
        i=3+foo; // foo is a an instance field
        System.out.println("ok");
      }
    }
    

    I took a look at the Ident.java_fieldname_is_outer_instance to give me an idea method but I'm not quite sure when appears the string ".this$".

    Do you have any suggestion?

    opened by luiscruz 24
  • Add Infer# Support for Inference Between Type Expressions

    Add Infer# Support for Inference Between Type Expressions

    This PR enables implications to be drawn between .NET types.

    CLA Signed 
    opened by matjin 0
  • How to fix  org.apache.commons.collections.CollectionUtils Check error

    How to fix org.apache.commons.collections.CollectionUtils Check error

    version: Infer version v0.17.0 cmd: infer -o ./output --keep-going -- mvn ...

    .../test.java:35: error: NULL_DEREFERENCE objecttestArraylast assigned on line 33 could be null and is dereferenced at line 35. 33. if (CollectionUtils.isNotEmpty(testArray)) { 34. List<Integer> list = new ArrayList<>(); 35. > for (Test test: testArray) { 36. list.add(test.getName()); 37. }

    here, user org.apache.commons.collections.CollectionUtils to check [testArray] is not empty,But Infer still report a error ‘NULL_DEREFERENCE’

    opened by felix1982 0
  • Invoking `infer -g run  -- mvn compile` command from Infer REPL

    Invoking `infer -g run -- mvn compile` command from Infer REPL

    My Environment is like the following:

    • My Infer is of version 1.0.0.
    • I am on macOS Big Sur.
    • I usually run Infer with infer -g run -- mvn compile.

    Hello, I was wondering if I could invoke Infer's capture and analyze facilities from the Infer-REPL. So I have looked into onDemand.ml and Maven.ml, but I still have no idea where the entry point to Infer is when I use the above command. I guess if I can get that 'main' procedure I might be able to capture and analyze from the comfort of Utop (Yes, I love Utop 🙃).

    Could you please give some guidance to what I want to achieve?

    opened by jeongsoolee09 1
  • Forward type to implicit casts if part_of_explicit_cast

    Forward type to implicit casts if part_of_explicit_cast

    Currently, casts are not added in clang AST translation except in a couple special cases, seemingly because adding them would break existing checkers. This change fixes many of the casting cases that used to result in information loss without adding Exp.Cast expressions. When an ImplicitCastExpr has the part_of_explicit_cast bit set, it will be forwarded the type of its outer cast. This is particularly useful with LValueToRValue casts because it means the dereference assignment generated has the correct type.

    Here are a couple cases where this prevents information loss (included as unit tests):

    void integral_cast() {
        int a;
        int b = ((char) a) + 2;
    }
    
    struct object {
        int field;
    };
    
    void pointer_cast() {
        void *obj;
        int f = ((struct object *) obj)->field;
    }
    

    Here are the clang ASTs for the casts:

    |-ImplicitCastExpr 0x55e4e4986500 <col:13, col:22> 'int' <IntegralCast>
    | `-ParenExpr 0x55e4e49864c0 <col:13, col:22> 'char'
    |   `-CStyleCastExpr 0x55e4e4986498 <col:14, col:21> 'char' <IntegralCast>
    |     `-ImplicitCastExpr 0x55e4e4986480 <col:21> 'int' <LValueToRValue> part_of_explicit_cast
    |       `-DeclRefExpr 0x55e4e4986450 <col:21> 'int' lvalue Var 0x55e4e4986350 'a' 'int'
    
    `-MemberExpr 0x55e4e49869a8 <col:13, col:38> 'int' lvalue ->field 0x55e4e4986630
      `-ParenExpr 0x55e4e4986988 <col:13, col:35> 'struct object *'
        `-CStyleCastExpr 0x55e4e4986960 <col:14, col:32> 'struct object *' <BitCast>
          `-ImplicitCastExpr 0x55e4e4986948 <col:32> 'void *' <LValueToRValue> part_of_explicit_cast
            `-DeclRefExpr 0x55e4e4986858 <col:32> 'void *' lvalue Var 0x55e4e4986758 'obj' 'void *'
    

    Without this change, the integral_cast assignment has nothing indicating a got truncated to a char:

    n$0=*&a:int
    *&b:int=(n$0 + 2)
    

    With this change, the assignment has the correct type:

    n$0=*&a:char
    *&b:int=(n$0 + 2)
    

    The pointer_cast assignment without this change does not give any information about what type the field access is on:

    n$0=*&obj:void*
    n$1=*n$0.field:int
    *&f:int=n$1
    

    (edit: I realized that there actually is a typ stored in Exp.Lfield, but it only gives the struct type, not the pointer type, so it's still not ideal. For example, here you'd only have void* and object, and would have to reconstruct the object* yourself. So it's not strictly information loss, but this is much nicer.)

    After this change, it has the correct type, allowing checkers to do things with that information:

    n$0=*&obj:object*
    n$1=*n$0.field:int
    *&f:int=n$1
    
    CLA Signed 
    opened by kmh11 0
  • Inconsistent behaviors of capturing the array size when passed as parameters

    Inconsistent behaviors of capturing the array size when passed as parameters

    I am not sure how to interpret the different behaviors regarding the parameter array.

    I prepared a minimized test case to show the differences about the array size.

    • In func_call_strcpy(), infer correctly detected the size of the parameter data and reported a Buffer Overrun L1
    • However, in func_call_strncpy_args, it seems it didn't get the size of the parameter array data. (I thought maybe this was because of the lib call strncpy. So I tried another callee with strncpy but using a local array. Since infer can catch it, so strncpy should be good. So, I was wondering the size of the parameter array data was somehow lost or the side-effects on data was not propagated to its caller?)

    Please make sure your issue is not addressed in the FAQ.

    Please include the following information:

    • [x] The version of infer from infer --version.
    $ infer --version
    Infer version v1.1.0-119e20698
    Copyright 2009 - present Facebook. All Rights Reserved.
    
    • [x] Your operating system and version, for example "Debian 9", "MacOS High Sierra", whether you are using Docker, etc.
    ubuntu 20.04
    
    • [x] Which command you ran, for example infer -- make.
    run --bufferoverrun --pulse  --enable-issue-type ARRAY_OUT_OF_BOUNDS_L1 \
     --enable-issue-type ARRAY_OUT_OF_BOUNDS_L2  --enable-issue-type ARRAY_OUT_OF_BOUNDS_L3 \
     --enable-issue-type BUFFER_OVERRUN_L4  --enable-issue-type BUFFER_OVERRUN_L5 \
     --enable-issue-type BUFFER_OVERRUN_U5  --enable-issue-type INTEGER_OVERFLOW_L5 \
     --enable-issue-type INTEGER_OVERFLOW_U5 \
     -- gcc -c  test1.c 
    
    • [x] The full output in a paste, for instance a gist.
    Capturing in make/cc mode...
    Found 1 source file to analyze in /home/work/p2im/samples/CWE121/infer-out
    1/1 [################################################################################] 100% 56.071ms
    
    test2.c:12: error: Buffer Overrun L1
      Offset added: 10 Size: 5.
      10.     char dest[5];
      11.     char * source = "abcdefghij";
      12.     strncpy(dest, source, 10);
              ^
      13. }
      14. 
    
    test2.c:23: error: Buffer Overrun L1
      Offset: 10 Size: 5 by call to `func_call_strcpy`.
      21.     char dest[5];
      22.     func_call_strncpy_args(dest);
      23.     func_call_strcpy(dest);
              ^
      24.     func_call_strncpy_local(dest);
      25. }
    
    
    Found 2 issues
                Issue Type(ISSUED_TYPE_ID): #
      Buffer Overrun L1(BUFFER_OVERRUN_L1): 2
    
    • [x] If possible, a minimal example to reproduce your problem (for instance, some code where infer reports incorrectly, together with the way you run infer to reproduce the incorrect report).
    #include <stdio.h>
    #include <string.h>
    
    void func_call_strcpy(char *data) {
        char * source = "abcdefghij";
        strcpy(data, source);
    }
    
    void func_call_strncpy_local(char *data) {
        char dest[5];
        char * source = "abcdefghij";
        strncpy(dest, source, 10);
    }
    
    void func_call_strncpy_args(char *data) {
        char * source = "abcdefghij";
        strncpy(data, source, 10);
    }
    
    void foo() {
        char dest[5];
        func_call_strncpy_args(dest);
        func_call_strcpy(dest);
        func_call_strncpy_local(dest);
    }
    
    opened by zyh1121 0
  • Array size in struct or global scope not captured?

    Array size in struct or global scope not captured?

    It seems the array size in the struct or global array is not captured so that the buffer overflow is not detected.

    I prepared three minimized examples to show this (please refer to the test case below).

    • In t1(), the size of structCharVoid.charFirst in memcpy(structCharVoid.charFirst, ... is defined by typedef struct _charVoid. Infer didn't report it.
    • In t2(), the size of global_aaa in memcpy(global_aaa, ... is defined by char global_aaa[16];. Infer didn't report it.
    • However, in t3(), if I define a local array char local_aaa[16];, infer could detect the buffer overrun in memcpy(local_aaa, ...

    Maybe related to #993 and #948 (global)


    Please make sure your issue is not addressed in the FAQ.

    Please include the following information:

    • [x] The version of infer from infer --version.
    $ infer --version
    Infer version v1.1.0-119e20698
    Copyright 2009 - present Facebook. All Rights Reserved.
    
    • [x] Your operating system and version, for example "Debian 9", "MacOS High Sierra", whether you are using Docker, etc.
    Ubuntu 20.04
    
    • [x] Which command you ran, for example infer -- make.
    run --bufferoverrun --pulse  --enable-issue-type ARRAY_OUT_OF_BOUNDS_L1 \
     --enable-issue-type ARRAY_OUT_OF_BOUNDS_L2  --enable-issue-type ARRAY_OUT_OF_BOUNDS_L3 \
     --enable-issue-type BUFFER_OVERRUN_L4  --enable-issue-type BUFFER_OVERRUN_L5 \
     --enable-issue-type BUFFER_OVERRUN_U5  --enable-issue-type INTEGER_OVERFLOW_L5 \
     --enable-issue-type INTEGER_OVERFLOW_U5 \
     -- gcc -c  test1.c 
    
    • [x] The full output in a paste, for instance a gist.
    Found 1 source file to analyze in /home/work/p2im/samples/CWE121/infer-out
    1/1 [################################################################################] 100% 44.198ms
    
    test1.c:26: error: Buffer Overrun L1
      Offset added: 24 Size: 16.
      24.     char local_aaa[16];
      25.     charVoid structCharVoid;
      26.     memcpy(local_aaa, SRC_STR, sizeof(structCharVoid));
              ^
      27. }
    
    
    Found 1 issue
                Issue Type(ISSUED_TYPE_ID): #
      Buffer Overrun L1(BUFFER_OVERRUN_L1): 1
    
    • [x] If possible, a minimal example to reproduce your problem (for instance, some code where infer reports incorrectly, together with the way you run infer to reproduce the incorrect report).
    #include <stdio.h>
    
    #define SRC_STR "0123456789abcdef0123456789abcde"
    
    typedef struct _charVoid
    {
        char charFirst[16];
        void * voidSecond;
    } charVoid;
    
    char global_aaa[16];
    
    void t1() {
        charVoid structCharVoid;
        memcpy(structCharVoid.charFirst, SRC_STR, sizeof(structCharVoid));
    }
    
    void t2() {
        charVoid structCharVoid;
        memcpy(global_aaa, SRC_STR, sizeof(structCharVoid));
    }
    
    void t3() {
        char local_aaa[16];
        charVoid structCharVoid;
        memcpy(local_aaa, SRC_STR, sizeof(structCharVoid));
    }
    
    opened by zyh1121 0
  • Incremental analysis: more issues detected after adding only a new line to a source file

    Incremental analysis: more issues detected after adding only a new line to a source file

    Please make sure your issue is not addressed in the FAQ.

    Please include the following information:

    • [x] The version of infer from infer --version.
    $ infer --version
    Infer version v1.1.0
    Copyright 2009 - present Facebook. All Rights Reserved.
    
    • [x] Your operating system and version, for example "Debian 9", "MacOS High Sierra", whether you are using Docker, etc.
    Ubuntu 20.04
    
    • [x] Which command you ran, for example infer -- make.
    infer run --reactive --bufferoverrun --pulse --bo-field-depth-limit 3 \
    --no-linters  --no-fragment-retains-view \
    --no-inefficient-keyset-iterator --no-self-in-block  --enable-issue-type ARRAY_OUT_OF_BOUNDS_L1  \
    --enable-issue-type ARRAY_OUT_OF_BOUNDS_L2  --enable-issue-type ARRAY_OUT_OF_BOUNDS_L3  \
    --enable-issue-type BUFFER_OVERRUN_L4  --enable-issue-type BUFFER_OVERRUN_L5  \
    --enable-issue-type BUFFER_OVERRUN_U5  --enable-issue-type INTEGER_OVERFLOW_L5  \
    --enable-issue-type INTEGER_OVERFLOW_U5 \
    -j 1 -- make -j 1
    
    • [x] The full output in a paste, for instance a gist. After adding a new line to a source file, infer found 120 more issues in the incremental build. Please refer to https://gist.github.com/zyh1121/9d5db5b3c556a20ac827f27a260532fa#file-libtiff_incremental-sh-session-L486

    • [ ] If possible, a minimal example to reproduce your problem (for instance, some code where infer reports incorrectly, together with the way you run infer to reproduce the incorrect report).

    opened by zyh1121 0
  • NULL_DEREFERENCE not found when there are `&&` in loop conditions

    NULL_DEREFERENCE not found when there are `&&` in loop conditions

    I was playing with an OpenSSL function https://github.com/openssl/openssl/blob/5f96a95e2562f026557f625e50c052e77c7bc2e8/crypto/modes/cbc128.c#L55 and found this issue.

    I came up with a few minimized examples to see why Infer missed the NULL_DEREFERENCE.

    • Infer can capture them when there are no&& in the loop conditions in test1_1 and test2_1.
    • However, if I changed the loop condition and added && (such as test1_2 or test1_3), infer missed the issues.
    • I also tried and added || to loop condition. Infer can capture them correctly.

    Please make sure your issue is not addressed in the FAQ.

    Please include the following information:

    • [x] The version of infer from infer --version.
    $ infer --version
    Infer version v1.1.0-119e20698
    Copyright 2009 - present Facebook. All Rights Reserved.
    
    • [x] Your operating system and version, for example "Debian 9", "MacOS High Sierra", whether you are using Docker, etc.
    ubuntu 20.04 
    5.8.0-50-generic #56~20.04.1-Ubuntu SMP 
    
    • [x] Which command you ran, for example infer -- make.
    infer run -- gcc -c 1.c
    
    • [x] The full output in a paste, for instance a gist.
    $ infer run -- gcc -c 1.c 
    Capturing in make/cc mode...
    Found 1 source file to analyze in /home/work/d2a/test/infer-out
    1/1 [################################################################################] 100% 57.098ms
    
    1.c:16: error: Null Dereference
      pointer `in` last assigned on line 14 could be null and is dereferenced at line 16, column 9.
      14.     const unsigned char *in = NULL;
      15.     while (len) {
      16.         * in;
                  ^
      17.         len--;
      18.     }
    
    1.c:41: error: Null Dereference
      pointer `in` last assigned on line 39 could be null and is dereferenced at line 41, column 9.
      39.     const unsigned char *in = NULL;
      40.     for (;len;) {
      41.         * in;
                  ^
      42.         len--;
      43.     }
    
    
    Found 2 issues
              Issue Type(ISSUED_TYPE_ID): #
      Null Dereference(NULL_DEREFERENCE): 2
    
    • [x] If possible, a minimal example to reproduce your problem (for instance, some code where infer reports incorrectly, together with the way you run infer to reproduce the incorrect report).
    #include <stdio.h>
    
    void original(size_t len, const unsigned char *in, unsigned char *out) {
        size_t n = 0;
        in = NULL;
        while (len) {
            for (n = 0; n < 16 && n < len; ++n)
                out[n] = in[n];
            len -= 16;
        }
    }
    
    void test1_1(size_t len) {
        const unsigned char *in = NULL;
        while (len) {
            * in;
            len--;
        }
    }
    
    void test1_2(size_t len) {
        const unsigned char *in = NULL;
        while (len && len) {
            * in;
            len--;
        }
    }
    
    void test1_3(size_t len) {
        const unsigned char *in = NULL;
        while (len && len < 16) {
            * in;
            len--;
        }
    }
    
    
    void test2_1(size_t len) {
        const unsigned char *in = NULL;
        for (;len;) {
            * in;
            len--;
        }
    }
    
    void test2_2(size_t len) {
        const unsigned char *in = NULL;
        for (;len && len;) {
            * in;
            len--;
        }
    }
    
    void test2_3(size_t len) {
        const unsigned char *in = NULL;
        for (;len && len < 16;) {
            * in;
            len--;
        }
    }
    
    opened by zyh1121 0
  • [Java] Taint tracking and virtual calls

    [Java] Taint tracking and virtual calls

    Hi Infer devs!

    I tried to use Infer for implementation custom taint analysis and faced with some issues of virtual call handling. Could you clarify the current status of the taint tracking features and give some advice on how I can improve them? I wrote the followed example and run Topl, Quandary and Biabduction analyses and marked source() and sink(String) functions as source and sink respectively:

    interface ITaintTest {
        String GetObj();
        void CallSink(String obj);
    }
    
    class UnsafeTest implements ITaintTest {
        @Override
        public String GetObj() {
            return null;
        }
    
        @Override
        public void CallSink(String obj) {
            Main.sink(obj);
        }
    }
    
    class SafeTest implements ITaintTest {
        @Override
        public String GetObj() {
            return "Test";
        }
    
        @Override
        public void CallSink(String obj) { }
    }
    
    public class Main {
        public static void main(String[] args) {
            var x = source();
            Test(new SafeTest(), x);    // [!] FALSE POSITIVE
            Test(new UnsafeTest(), x);  // TRUE POSITIVE
        }
    
        private static void Test(ITaintTest obj, String t) {
            obj.CallSink(t);
            String s = obj.GetObj();
            s.length();
        }
    
        private static String source() { 
            return "TAINTED";
        }
    
        public static void sink(String obj) { }
    }
    
    1. Topl: infer -g --topl-only --topl-properties taint.topl -- javac Main.java The analysis doesn’t detect the sink call via a virtual call. I get the message in debug logs:
        No spec found for void ITaintTest.CallSink(String)
        skipping unknown procedure
    

    It seems that the virtual call dispatching has not implemented yet for Pulse. Have you any plans to implement it soon? Or do you have a description of the algorithm/approach that should be used here?

    1. Quandary: infer -g --quandary-only -- javac Main.java No issues found. The summary of Main.Test is empty Quandary: { }, but the UnsafeTest.CallSink summary contains the sink call:
    Quandary: { @val$1 -> (Footprint({ @val$1* }) ~> { Other(void Main.sink(String) at line 19) }, *) }
    

    It looks like the Quandary skips applying summaries for implementation(s) of virtual methods. Could it be changed by settings or any way?

    1. Biabduction: infer -g --biabduction-only -- javac Main.java This analysis detects Null Dereference correctly (only for the call Test(new UnsafeTest(), x)). I see that the Infer resolves virtual call by corresponding call site type information. Could the taint analysis be implemented based on the Biabduction? Or maybe possible re-using virtual call resolving algorithm for another kind of taint analysis?

    Also, I found the note implement resolve_virtual to not skip virtual calls in TODO.org file. As I understand, it talks about the method resolve_virtual_pname in the Biabduction and it means that the current approach has some limitations. Can you give some info about such limitations if they exist?

    opened by yuske 2
  • Failure compiling C++ stdlib headers on macOS Big Sur 11.3.1

    Failure compiling C++ stdlib headers on macOS Big Sur 11.3.1

    Please make sure your issue is not addressed in the FAQ.

    • Infer version v1.1.0
    • (intel) macOS 11.3.1 (20E241)
    • infer installed from homebrew via brew install infer

    Just using a basic 'hello world' C++ program (https://github.com/jimhester/infer-test) results in compilation failures due to incompatibilities in the standard library headers.

    Strangely this was working fine on this system about a week ago. The main change was updating my OS fto 11.3, I believe it was 11.2 previously.

    Full run output
    Capturing in make/cc mode...
    In file included from test.cc:1:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/iostream:37:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/ios:214:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/iosfwd:95:
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:137:77: error: use of undeclared identifier 'wcschr'
    wchar_t* __libcpp_wcschr(const wchar_t* __s, wchar_t __c) {return (wchar_t*)wcschr(__s, __c);}
                                                                                ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:144:87: error: use of undeclared identifier 'wcspbrk'
    wchar_t* __libcpp_wcspbrk(const wchar_t* __s1, const wchar_t* __s2) {return (wchar_t*)wcspbrk(__s1, __s2);}
                                                                                          ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:151:78: error: use of undeclared identifier 'wcsrchr'; did you mean 'wcschr'?
    wchar_t* __libcpp_wcsrchr(const wchar_t* __s, wchar_t __c) {return (wchar_t*)wcsrchr(__s, __c);}
                                                                                 ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:139:16: note: 'wcschr' declared here
    const wchar_t* wcschr(const wchar_t* __s, wchar_t __c) {return __libcpp_wcschr(__s, __c);}
                   ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:158:86: error: use of undeclared identifier 'wcsstr'; did you mean 'wcschr'?
    wchar_t* __libcpp_wcsstr(const wchar_t* __s1, const wchar_t* __s2) {return (wchar_t*)wcsstr(__s1, __s2);}
                                                                                         ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:141:16: note: 'wcschr' declared here
          wchar_t* wcschr(      wchar_t* __s, wchar_t __c) {return __libcpp_wcschr(__s, __c);}
                   ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:158:86: error: no matching function for call to 'wcschr'
    wchar_t* __libcpp_wcsstr(const wchar_t* __s1, const wchar_t* __s2) {return (wchar_t*)wcsstr(__s1, __s2);}
                                                                                         ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:141:16: note: candidate disabled: <no message provided>
          wchar_t* wcschr(      wchar_t* __s, wchar_t __c) {return __libcpp_wcschr(__s, __c);}
                   ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:158:93: error: cannot initialize a parameter of type 'wchar_t *' with an lvalue of type 'const wchar_t *'
    wchar_t* __libcpp_wcsstr(const wchar_t* __s1, const wchar_t* __s2) {return (wchar_t*)wcsstr(__s1, __s2);}
                                                                                                ^~~~
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:141:38: note: passing argument to parameter '__s' here
          wchar_t* wcschr(      wchar_t* __s, wchar_t __c) {return __libcpp_wcschr(__s, __c);}
                                         ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:165:60: error: unknown type name 'size_t'
    wchar_t* __libcpp_wmemchr(const wchar_t* __s, wchar_t __c, size_t __n) {return (wchar_t*)wmemchr(__s, __c, __n);}
                                                               ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:167:57: error: unknown type name 'size_t'
    const wchar_t* wmemchr(const wchar_t* __s, wchar_t __c, size_t __n) {return __libcpp_wmemchr(__s, __c, __n);}
                                                            ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/wchar.h:169:57: error: unknown type name 'size_t'
          wchar_t* wmemchr(      wchar_t* __s, wchar_t __c, size_t __n) {return __libcpp_wmemchr(__s, __c, __n);}
                                                            ^
    In file included from test.cc:1:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/iostream:37:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/ios:214:
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/iosfwd:189:14: error: use of undeclared identifier 'mbstate_t'
    typedef fpos<mbstate_t>    streampos;
                 ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/iosfwd:190:14: error: use of undeclared identifier 'mbstate_t'
    typedef fpos<mbstate_t>    wstreampos;
                 ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/iosfwd:195:14: error: use of undeclared identifier 'mbstate_t'
    typedef fpos<mbstate_t>    u16streampos;
                 ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/iosfwd:196:14: error: use of undeclared identifier 'mbstate_t'
    typedef fpos<mbstate_t>    u32streampos;
                 ^
    In file included from test.cc:1:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/iostream:37:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/ios:215:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/__locale:14:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/string:506:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/string_view:175:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/__string:57:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/algorithm:639:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/initializer_list:46:
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/cstddef:49:9: error: no member named 'ptrdiff_t' in the global namespace
    using ::ptrdiff_t;
          ~~^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/cstddef:50:9: error: no member named 'size_t' in the global namespace
    using ::size_t;
          ~~^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/cstddef:53:9: error: no member named 'max_align_t' in the global namespace
    using ::max_align_t;
          ~~^
    In file included from test.cc:1:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/iostream:37:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/ios:215:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/__locale:14:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/string:506:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/string_view:175:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/__string:57:
    In file included from /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/algorithm:639:
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/initializer_list:61:5: error: unknown type name 'size_t'
        size_t    __size_;
        ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/initializer_list:65:38: error: unknown type name 'size_t'
        initializer_list(const _Ep* __b, size_t __s) _NOEXCEPT
                                         ^
    /usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1/initializer_list:73:13: error: unknown type name 'size_t'
        typedef size_t    size_type;
                ^
    fatal error: too many errors emitted, stopping now [-ferror-limit=]
    20 errors generated.
    Error: the following clang command did not run successfully:
        /usr/local/Cellar/infer/1.1.0/lib/infer/facebook-clang-plugins/clang/install/bin/clang-11
        @/Users/jhester/pkg/infer-test/infer-out/tmp/clang_command_.tmp.4fb987.txt
      ++Contents of '/Users/jhester/pkg/infer-test/infer-out/tmp/clang_command_.tmp.4fb987.txt':
        "-cc1" "-load"
        "/usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/libtooling/build/FacebookClangPlugin.dylib"
        "-add-plugin" "BiniouASTExporter" "-plugin-arg-BiniouASTExporter" "-"
        "-plugin-arg-BiniouASTExporter" "PREPEND_CURRENT_DIR=1"
        "-plugin-arg-BiniouASTExporter" "MAX_STRING_SIZE=65535" "-cc1" "-triple"
        "x86_64-apple-macosx11.0.0" "-Wundef-prefix=TARGET_OS_"
        "-Werror=undef-prefix" "-Wdeprecated-objc-isa-usage"
        "-Werror=deprecated-objc-isa-usage" "-emit-obj" "-mrelax-all"
        "-disable-free" "-disable-llvm-verifier" "-discard-value-names"
        "-main-file-name" "test.cc" "-mrelocation-model" "pic" "-pic-level" "2"
        "-mframe-pointer=all" "-fno-rounding-math" "-munwind-tables"
        "-target-sdk-version=11.3"
        "-fcompatibility-qualified-id-block-type-checking" "-target-cpu" "penryn"
        "-debugger-tuning=lldb" "-target-linker-version" "609.8" "-resource-dir"
        "/usr/local/Cellar/infer/1.1.0/lib/infer/facebook-clang-plugins/clang/install/lib/clang/11.1.0"
        "-isysroot"
        "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk"
        "-include"
        "/usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../lib/clang_wrappers/global_defines.h"
        "-stdlib=libc++" "-internal-isystem"
        "/usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../../facebook-clang-plugins/clang/install/bin/../include/c++/v1"
        "-internal-isystem"
        "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/usr/include/c++/v1"
        "-internal-isystem"
        "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/usr/local/include"
        "-internal-isystem"
        "/usr/local/Cellar/infer/1.1.0/lib/infer/facebook-clang-plugins/clang/install/lib/clang/11.1.0/include"
        "-internal-externc-isystem"
        "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/usr/include"
        "-Wno-ignored-optimization-argument" "-Wno-everything"
        "-fdeprecated-macro" "-fdebug-compilation-dir"
        "/Users/jhester/pkg/infer-test" "-ferror-limit" "19" "-stack-protector"
        "1" "-fblocks" "-fencode-extended-block-signature"
        "-fregister-global-dtors-with-atexit" "-fgnuc-version=4.2.1"
        "-fcxx-exceptions" "-fexceptions" "-fmax-type-align=16" "-o"
        "/var/folders/9x/_8jnmxwj3rq1t90mlr6_0k1w0000gn/T/test-5e4e48.o" "-x"
        "c++" "test.cc" "-O0" "-include"
        "/usr/local/Cellar/infer/1.1.0/lib/infer/infer/bin/../lib/clang_wrappers/global_defines.h"
        "-Wno-everything"
      
    
    
    make: *** [all] Error 1
    External Error: *** capture command failed:
    *** make
    *** exited with code 2
    
    Error backtrace:
    Raised by primitive operation at Core__Core_sys.stat_check_exn.loop in file "src/core_sys.ml", line 26, characters 11-30
    Re-raised at IBase__Die.raise_error.do_raise in file "src/base/Die.ml", line 26, characters 8-56
    Called from Integration__Driver.capture in file "src/integration/Driver.ml", line 127, characters 6-40
    Called from IBase__Utils.timeit in file "src/base/Utils.ml", line 429, characters 16-20
    Called from IBase__ScubaLogging.execute_with_time_logging in file "src/base/ScubaLogging.ml", line 79, characters 29-44
    Called from Backend__GCStats.log_f in file "src/backend/GCStats.ml", line 90, characters 10-14
    Called from Dune__exe__Infer.run in file "src/infer.ml", line 20, characters 2-36
    Called from IBase__Utils.timeit in file "src/base/Utils.ml", line 429, characters 16-20
    Called from IBase__ScubaLogging.execute_with_time_logging in file "src/base/ScubaLogging.ml", line 79, characters 29-44
    Called from Dune__exe__Infer.run in file "src/infer.ml", line 25, characters 22-94
    
    Run the command again with `--keep-going` to try and ignore this error.
    
    opened by jimhester 0
Releases(v1.1.0)
  • v1.1.0(Mar 26, 2021)

    This is a new release of Infer, with a binary tarball for Linux. On MacOS, using Homebrew is recommended. Please follow these instructions.

    Frontends

    Build System Integrations

    • Clang upgraded to version 11.0

    Checkers

    • Liveness: properly handle exceptional control flow
    • Pulse:
    • NEW checker Topl(early alpha): An experimental checker framework: write your own analysis as a state machine representing a temporal property over multiple memory objects at once, eg to write a taint analysis. Topl is based on Pulse.
    • Miscellaneous improvements to cost, inferbo, nullsafe, racerd, starvation

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 infer-linux64-v1.1.0.tar.xz
    5f5d453814422e93e2a70998d8946b09a2721628ff427f67ff0123dea87461d4  infer-linux64-v1.1.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v1.1.0.tar.xz(360.56 MB)
  • v1.0.0(Oct 12, 2020)

    This is a binary release of Infer for Linux and MacOS. To use it follow these instructions.

    The Linux binary is built for Ubuntu 18 and may require adjustments to run on other configurations.

    The Mac binary is built for the Catalina version. MacOS users may get an error "developer cannot be verified" and need to allow the app to run manually following these instructions, or alternatively get infer from Homebrew when it is released there.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 infer-*-v1.0.0.tar.xz              
    510eeccc7e6bcc2678ac92a88f8e1cb9c07c3e14d272dcc06834e93845bb120f  infer-linux64-v1.0.0.tar.xz
    4f188959f7c61e2ef3b935c8a9e5e66632d7fcb90c5362336fb8305d4f74d6b7  infer-osx-v1.0.0.tar.xz
    

    Changelog

    Checkers

    AL is now deprecated and may be removed in future versions.

    Annotation Reachability

    • reporting format improvements (the trace is no longer included in the report text, only as metadata)

    Biabduction

    • disable some less-used bug types

    Eradicate

    • remove "Field not mutable" check

    RacerD

    • Now defaults to "angelic" ownership: an unknown function is assumed to return owned objects.
    • No more reports on races on paths rooted on temporary or local variables, as these are unreliably modelled.

    Litho Required Properties: new Java checker to check that all non-optional @Props have been specified when constructing Litho components. Self in Block: new Objective-C checker to detect when an Objective-C block incorrectly captures self Starvation

    • New experimental "global" analysis mode. Enable with --starvation-whole-program

    Miscellaneous improvements to most checkers, in particular Annotation Reachability, Cost Analysis, Eradicate, Inefficient Keyset Iterator, InferBO, Pulse, RacerD, Starvation, and Uninitialized Value.

    Build System Integrations

    • The Gradle integration now captures Java files in parallel
    • New Buck integration for Java, enable with --buck-java-flavor
    • Clang upgraded to version 9.0

    Command Line Interface

    • New subcommand infer help to display information about checkers and issue types.
    • New subcommand infer debug that replaces the uses of infer explore not related to reported issues.
    • --debug no longer disables filtering, you have to pass -g -F to get the previous behaviour back.
    • All disk artefacts (except the Java type environment) are now stored in the SQLite database in infer-out/results.db. The contents of the database can be explored with infer debug.
    • Changed how to select the Buck integration. The old command line interface is still supported but is now deprecated.
      • clang via "flavors", activated with --flavors, now with --buck-clang
      • clang via "compilation DB", activated with --buck-compilation-database, unchanged
      • Java via "genrule", activated with --genrule-master-mode, now with --buck-java
      • Java "without genrules", used to be activated by not specifying any other Buck mode, deleted
      • In addition, there is a new Java integration, activated with --buck-java-flavor
    • The textual version of the report infer-out/bugs.txt has moved to infer-out/report.txt. The bugs.txt file is still created with dummy contents to allow for a smooth transition.
    • Removed the --report-hook option.
    • Properly terminate on Control-C instead of sometimes leaving around zombie processes.
    • Spec files (summaries) are now stored in the database. Explore with infer debug --procedures --procedures-summary.

    Documentation

    • Revamped online documentation for bug types and checkers. See the list of all issue types and the pages for each checker. The infer help command can be used locally to also get this information and more.
    • Access the documentation for previous and future versions online.
    • The https://fbinfer.com/ website now uses Docusaurus 2.

    Internal Changes

    • Folded the facebook-clang-plugins sub-repo inside the infer repository; there is no more git submodule for it.
    • Improve internal documentation of OCaml source code.
    • Build with OCaml 4.11.1 and dune 2.7.1
    • Migrated our Python 2 code to OCaml
    • Split the infer OCaml source code into individual dune libraries.
    • Better defaults for SQLite, and a write daemon to reduce contention.
    • New analysis schedulers that speed up the analysis phase. Enable with --scheduler callgraph or --scheduler restart.
    • Infer no longer builds by default in "opt" mode (optimised, using OCaml’s flambda pass). The default is now "dev", which does not include as many optimisations (hence builds faster) and turns warnings into errors.
    • The starvation checker is now based on SIL instead of HIL.
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v1.0.0.tar.xz(301.07 MB)
    infer-osx-v1.0.0.tar.xz(254.79 MB)
  • v0.17.0(Aug 6, 2019)

    This is a binary release of Infer for Linux and MacOS. To use it follow these instructions.

    Highlights:

    • There’s a new --inefficient-keyset-iterator checker for finding inefficient uses of Java's keyset iterators that retrieve both key and value (on by default).
    • Complete the set of Android thread annotations and Java nullability annotations. Updated artifacts are available on Maven Central.
    • --starvation is now on by default. This analysis catches problems with threads not being able to make progress due to locking issues, incorrect scheduling priorities, etc. For instance, on Android calling Future.get from a UiThread without a sensible timeout will be flagged as a starvation issue.
    • New Objective-C linter for calls to @optional methods: UNSAFE_CALL_TO_OPTIONAL_METHOD, enabled by default.
    • A new call-graph scheduler (--call-graph-schedule) improves performance of the analysis phase of Infer, especially when the number of files to analyze is less than available CPUs.
    • A new flag --oom-threshold allows to throttle the analysis when the amount of free memory is below the provided threshold.
    • New genrule based Buck/Java integration is much faster than the previous one, use with --genrule-master-mode.
    • Infer’s internal clang is now in version 8.0.0.
    • Update to javalib 3.1 provides better compatibility with Java 9 and Java 11. Refer to their change log for more details.
    • Infer can now be built and run on MacOS Mojave without fiddling with SDKROOT (although you still might need it with non-standard toolchain setup).
    • [β] Pulse is a new experimental lifetime analysis for C++, give it a try with --pulse. Beware that it doesn’t report much yet.
    • --ownership checker was superseded by Pulse and removed.

    ... and many other fixes and improvements. For the full list of changes included see here.

    The facebook-clang-plugins version used for this release is https://github.com/facebook/facebook-clang-plugins/commit/9386890e42043d04f9 cd9e7b204cb525d4417c41.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 infer-*-v0.17.0.tar.xz
    de972ba3043f18b29a8eff6cd7612e24f5ffaef038dc7949befeaf490931725e  infer-linux64-v0.17.0.tar.xz
    1a3ef6fb51846ae63ffd7fde3b0255f75bab6157f5de1842606fa32988d101f8  infer-osx-v0.17.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.17.0.tar.xz(251.65 MB)
    infer-osx-v0.17.0.tar.xz(215.90 MB)
  • v0.16.0(Apr 23, 2019)

    This is a binary release of Infer for Linux and MacOS. To use it follow these instructions.

    It's been a long time since the previous release, here are some new features and improvements you can find in this new release:

    Backend analyses:

    • A brand new analysis to compute the runtime cost of methods and functions: passing --cost (off by default) to Infer will output a costs-report.json file describing, among others, the computational complexity of each function in the code using the big-O notation, eg O(1), O(list.length), ...
    • The deadlock detection analysis has been ported to C++ and Objective-C and mainly focuses on self-deadlocks (taking a mutex twice). Activate with --starvation (off by default).
    • The data race detector RacerD has been ported to Objective-C and detects races on fields protected by a C++ mutex. It reports "Thread Safety Violation" and "GuardedBy Violation" errors on Java and "Lock Consistency Violation" on C++ and Objective-C. Activate with --racerd (on by default).
    • A progress bar is displayed while the analysis is running
    • Countless improvements and tweaks, in particular in RacerD and in analyses for C++.

    Frontends:

    • Infer now ships with clang version 7.0.1
    • Support for Java up to version 11

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 infer-*-v0.16.0.tar.xz
    435c415a9a22f41e7f2074b542b035b972a2a8c237d5490285d763bf333a817b  infer-linux64-v0.16.0.tar.xz
    471f06c72754a45d73433623e8092bf9ea1315884b8ebff24d3f79f9a8b0380a  infer-osx-v0.16.0.tar.xz
    

    The facebook-clang-plugins version used for this release is https://github.com/facebook/facebook-clang-plugins/commit/36266f6c86041896bed32ffec0637fefbc4463e0.

    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.16.0.tar.xz(275.26 MB)
    infer-osx-v0.16.0.tar.xz(246.13 MB)
  • v0.15.0(Jun 5, 2018)

    This is a binary release of Infer for Linux and MacOS. To use it follow these instructions.

    Highlights:

    • switch infer license to MIT
    • publish binaries
    • [clang] lots of improvements to the frontend

    More changes in the full list of changes.

    The facebook-clang-plugins version used for this release is https://github.com/facebook/facebook-clang-plugins/commit/f31f7c9c28d8fb9b59c0dacc74a24e4bfe90a904.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 infer-*-v0.15.0.tar.xz
    f6eb98162927735e8c545528bb5a472312e5defcf0761e43c07c73fe214cb18a  infer-linux64-v0.15.0.tar.xz
    0f87b8fd68b62717b8c3c143aeaea38b5102435f80fff484cb570a51cf510f9c  infer-osx-v0.15.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.15.0.tar.xz(241.28 MB)
    infer-osx-v0.15.0.tar.xz(222.36 MB)
  • v0.14.0(Apr 30, 2018)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    Highlights:

    • New checker: --ownership detects a subset of use-after-free issues due to bad manual memory management. This is a rough prototype of Rust-style borrow checker for C++. (enabled by default, C++)
    • New checker: --uninit detects uses of uninitialized values (enabled by default, C/C++/Objective-C)
    • New checker: --racerd now also detects inconsistent lock usage in C++. Also improved the lock domain to reduce false positives for all languages.
    • Improved C++ support: destructors are now properly translated; addresses and pointers are handled more precisely
    • Improved retain cycles detection (Objective-C)
    • Upgraded the internal clang to clang 7
    • [internal] SQLite is being used to store some of infer's analysis artefacts instead of storing them in files on disk. This improves analysis speed and reduces load on the OS.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 infer-*-v0.14.0.tar.xz
    330b4bbb5fbf90c04d4c096ce0d8d713dac72925d68c0e1b55ab30e6d5201bcb  infer-linux64-v0.14.0.tar.xz
    350767bc29acdcb86734a2009e97bdf2a3603db0fbf3f18c59fc07b416977021  infer-osx-v0.14.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.14.0.tar.xz(122.59 MB)
    infer-osx-v0.14.0.tar.xz(115.22 MB)
  • v0.13.1(Feb 2, 2018)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    This is a fix for the 0.13.0 release, whose build broke due to changes in opam.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.13.1.tar.xz
    02ff3c49c83d3a4e967696f8818b1cffcb042c26eefbb2ba8d78c27244b5940c ?infer-linux64-v0.13.1.tar.xz
    182ff5b76ff561408dc52b32611346e097098651a491fb8a0a453a1d098d4299 ?infer-osx-v0.13.1.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.13.1.tar.xz(113.06 MB)
    infer-osx-v0.13.1.tar.xz(97.20 MB)
  • v0.13.0(Oct 19, 2017)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    The main changes are:

    • Infer now runs multiple checkers at the same time by default, including the biabduction analysis that was the previous and only default. In particular, we are pleased to introduce RacerD for race detection in Java. The following checkers are activated by default: annotation reachability (Java), biabduction (C/C++/ObjC, Java), fragment retains view (Java), immutable cast (Java), liveness (C/C++/ObjC), printf args (Java), quandary (C/C++/ObjC, Java), RacerD (C/C++/ObjC, Java), SIOF (C/C++/ObjC). Each checker may report several issue types.
    • Upgraded to clang 5.0
    • Richer DSL for writing linters (AL), and a new default linter for const pointers in Objective-C
    • Lots of perf improvements and bug fixes, and improved logging

    Please note the following breaking changes:

    • -a eradicate is now simply --eradicate and can run alongside other checkers
    • inferTraceBugs is now the explore subcommand: infer explore --help
    • infer now depends on sqlite

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.13.0.tar.xz
    79a7fe8b7a05ea2a685997d9188fef7319c7b3d72064f14dea7a5f23ec50efac ?infer-linux64-v0.13.0.tar.xz
    1abec8df73581d35e018f81285197d82a6f3e6101c528fb8be14405765da155e ?infer-osx-v0.13.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.13.0.tar.xz(112.33 MB)
    infer-osx-v0.13.0.tar.xz(96.94 MB)
  • v0.12.1(Aug 30, 2017)

    This is a hotfix release to update infer's opam dependencies to cope with upgrades of cppo in opam (in particular, #718).

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.12.1.tar.xz
    d26dd519c19345530a92a6ae3f7058af3bd8ddfd7c2c945d116c6fd658be6c4 ?infer-linux64-v0.12.1.tar.xz
    ce76b87bf4f70be594aaddc7402609af6338623fbb448dacca610e10bcb7c60a ?infer-osx-v0.12.1.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.12.1.tar.xz(95.09 MB)
    infer-osx-v0.12.1.tar.xz(79.07 MB)
  • v0.12.0(May 17, 2017)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    This introduces subcommands and man pages for all subcommands. If you are used to infer's command line already, here are some rough equivalences (the commands might not be completely equivalent in some cases):

    • infer [options] -- [build command] becomes infer run [options] -- [build command]
    • infer becomes infer analyze
    • infer -a capture [options] -- [build command] becomes infer capture [options] -- [build command]
    • infer -a compile [options] -- [build command] becomes infer compile [options] -- [build command]

    The previous forms of invocations are still supported but may go away in future releases.

    If you were using them, the internal binaries have disappeared and are replaced as follows:

    • InferPrint [options] becomes infer report [options]
    • InferAnalyze [options] becomes infer analyze [options]

    See man infer, man infer-capture, man infer-analyze, etc. for more details, and let us know if anything is missing.

    This release introduces AL, a language for writing linters against the clang AST. AL lets you check syntactic properties of source code by traversing the AST of the program. Using the included domain-specific language (DSL), you can write your own set of checks.

    As usual, this release also includes lots of fixes and improvements. For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.12.0.tar.xz
    698c9ff83a23fb3d6ffa0d62d5394e691ad5e3352f27bf2d4105afdfd07cc201 ?infer-linux64-v0.12.0.tar.xz
    3b97bcabf85af8feb8d6fd0b8622fe2b4fbf27fa215fab61e3a660b5435b6d21 ?infer-osx-v0.12.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.12.0.tar.xz(94.64 MB)
    infer-osx-v0.12.0.tar.xz(79.24 MB)
  • v0.11.0(Apr 12, 2017)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    Highlights:

    • [Java] ThreadSafety analyzer is now on by default; run it with infer -a checkers .... This checker will try and detect races (unprotected concurrent accesses with at least one write) in classes bearing the @ThreadSafe annotation.
    • Infer now builds using OCaml 4.04.0.

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.11.0.tar.xz
    c2a893d66befc2652a28e9e6481f680fe863512f8c507b52616c5731878c22f0 ?infer-linux64-v0.11.0.tar.xz
    0c435efa311cb70a79b5b8ae9cc4e714651e6653c5542a58cc624f2439d68e36 ?infer-osx-v0.11.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.11.0.tar.xz(93.67 MB)
    infer-osx-v0.11.0.tar.xz(79.21 MB)
  • v0.10.0(Feb 23, 2017)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    • [Clang] C++ support.
    • [Clang] Improved support for cmake and Xcode compilation databases. Use with infer --compilation-database compile_commands.json (for cmake and Buck), or with infer --compilation-database-escaped compile_commands.json (for xcbuild and xcpretty).
    • [C++] New SIOF Checker.
    • [iOS] New linter for target SDK version. Use with infer --iphoneos-target-sdk-version <min version you support> ... or with infer -a linters --iphoneos-target-sdk-version <min version you support> ....
    • [Java] New Thread Safety Checker.
    • [Java] Smarter analysis of dynamic dispatch.
    • [Java] Improved Maven integration.
    • [Java] @SuppressWarnings support removed. Use @SuppressLint instead. android.annotation.SuppressLint is only available on Android, but do let us know if that is an issue for you.

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.10.0.tar.xz
    62287344459e2e467def603f97dac9cfb335a8f2852a51217696db948164780c ?infer-linux64-v0.10.0.tar.xz
    6fdcfe52cee28f57a86e8cd80bf4cac7b2dda83a3cc511f86834636ada14a808 ?infer-osx-v0.10.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.10.0.tar.xz(122.77 MB)
    infer-osx-v0.10.0.tar.xz(80.86 MB)
  • v0.9.5(Feb 10, 2017)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS.

    This includes a fix for #577.

    To use it follow these instructions.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.9.5.tar.xz
    199f5cc6466db63375774d20bbea8f50e0394380b7e8b258b73a44c2578b5159 ?infer-linux64-v0.9.5.tar.xz
    43d6c68d4e41057be8188877872544bf7c0e6a53a122be64efe06f3f3b772f47 ?infer-osx-v0.9.5.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.9.5.tar.xz(142.79 MB)
    infer-osx-v0.9.5.tar.xz(97.43 MB)
  • v0.9.4.1(Nov 23, 2016)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions. It only contains hotfix to infer 0.9.4 fixing https://github.com/facebook/infer/issues/508

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.9.4.1.tar.xz
    860f20741bd54f1e058e0e0c4550fc4211016ef93f154938eb173df555a560df ?infer-linux64-v0.9.4.1.tar.xz
    a738a3492a4e0229df8abd745cd88bca8fb547bc3bcca15ec194d6780b07cbda ?infer-osx-v0.9.4.1.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.9.4.1.tar.xz(142.77 MB)
    infer-osx-v0.9.4.1.tar.xz(98.16 MB)
  • v0.9.4(Nov 18, 2016)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    • [Java] preliminary support for Java 8: infer no longer skips methods containing Java 8 code
    • [clang] support for clang compilation databases
    • [Xcode] more robust integration using the compilation database (requires xcpretty)
    • [iOS] added checks for some of the ComponentKit best practices
    • lots of under-the-hood improvements, including perf improvements and bug fixes

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.9.4.tar.xz
    1b85b84a5f798919d2630b313033e710b1e20fba24f5c751ca1b5e0a3c601cff ?infer-linux64-v0.9.4.tar.xz
    529d147bccf3285ddb7500c22e0c50d6e0cbdb2c7f9b11a84e8005873994b3e2 ?infer-osx-v0.9.4.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.9.4.tar.xz(142.78 MB)
    infer-osx-v0.9.4.tar.xz(98.15 MB)
  • v0.9.3(Sep 22, 2016)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    • Fix issues with using Infer with Clang 4.0 and Xcode 8
    • Various fixes and performance improvements

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.9.3.tar.xz
    a55a940082690d06c0c05d8b772b8a9eef8b98ecb0ea82f86e5d473bcf878211 ?infer-linux64-v0.9.3.tar.xz
    8bfbb7ee76388393b5cf513984da79c305af3a1e6bbd057f83082f093d3cc0d7 ?infer-osx-v0.9.3.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.9.3.tar.xz(80.08 MB)
    infer-osx-v0.9.3.tar.xz(70.72 MB)
  • v0.9.2(Aug 23, 2016)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.9.2.tar.xz
    7c374d14affc19c44cd23746696eba7b4422a900e03f8a6b9985d95a05d2d95f ?infer-linux64-v0.9.2.tar.xz
    3935f8be25982a023aba306b66804d73a7316ab833296277c1ec6c3694bfc7c7 ?infer-osx-v0.9.2.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.9.2.tar.xz(98.71 MB)
    infer-osx-v0.9.2.tar.xz(87.17 MB)
  • v0.9.1(Aug 18, 2016)

    This is a minor source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. It contains bugfixes to 0.9.0, in particular to enable packaging via Homebrew and to fix an issue with locales. To use it follow these instructions.

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.9.1.tar.xz
    c6dc64db4a6075d4fac32712bbd0e087ecb6d909ac590220acd64bd4a33480c3 ?infer-linux64-v0.9.1.tar.xz
    6dbb1bb7b3e28d99a8c02fd42f2f87894bf0c5564c13645aae679effb8ee8418 ?infer-osx-v0.9.1.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.9.1.tar.xz(150.96 MB)
    infer-osx-v0.9.1.tar.xz(87.21 MB)
  • v0.9.0(Jul 21, 2016)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    Since the changelog is so big, let's just mention these two items:

    • lots of perf improvements and fixes across all analyses (thanks to everyone who reported issues and made pull requests!)
    • [experimental] C++ language support. See --cxx in infer --help. This is still in heavy development and only includes a few bug types. Feedback welcome!

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.9.0.tar.xz
    1596e2d4e67f920349de4950a2b6b98451d5115602826b508eb7b4d8e1b41caf ?infer-linux64-v0.9.0.tar.xz
    3aebf37bbcbb3c17912c24bfd1f2aec7b8d1256f0617cca5ddeab7aeab58b3ce ?infer-osx-v0.9.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.9.0.tar.xz(148.23 MB)
    infer-osx-v0.9.0.tar.xz(87.15 MB)
  • v0.8.1(Apr 25, 2016)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    This release includes:

    • [Objective-C and C] upgrade clang to version 3.8.0
    • [all] bugfixes

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.8.1.tar.xz
    7f75ae69d91fb9a8c43163f02a9b2a4919b8ebc42dfb2f729722201a0b18ea6b ?infer-linux64-v0.8.1.tar.xz
    0cd33936966fcb4761251279aa737ca07352fb8a8e864697a1d2cc5735c56ae7 ?infer-osx-v0.8.1.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.8.1.tar.xz(83.26 MB)
    infer-osx-v0.8.1.tar.xz(62.73 MB)
  • v0.8.0(Mar 15, 2016)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    • New --reactive mode to rapidly analyze the effects of a code change. Be sure to check out the documentation of the new workflow. As a result, the incremental mode (--incremental) is now deprecated.
    • New XML output, compatible with output from other static analyzers, eg PMD. To use it, pass the --pmd-xml flag to Infer (see infer --help).
    • Use @SuppressWarnings("infer") in your Java projects to annotate methods or classes where Infer shouldn't report.

    This release incorporates a number of contributions (#284 #289 #300 #301) and addresses a number of issues (#279 #281 #283 #288 #291 #294).

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.8.0.tar.xz
    4942ca2c8ad9e76ff6e31c6473b7f360cc95d9db43218dc7747ae34aef6294f4 ?infer-linux64-v0.8.0.tar.xz
    2b494a2b595bd7cf0f0cfaac4e9bece568575a4bcf25cc00161ed34c0319dc58 ?infer-osx-v0.8.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.8.0.tar.xz(62.65 MB)
    infer-osx-v0.8.0.tar.xz(62.82 MB)
  • v0.7.0(Feb 11, 2016)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    This release addresses a number of bugs, eg #270 #274 #275 #276. Thanks to all of you who reported bugs!

    There are also new features:

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.7.0.tar.xz
    b8c4f32bc286893aded3302a2915a66fe7e799edbbaf286ffdcc5218866db3ae ?infer-linux64-v0.7.0.tar.xz
    c83753c04bea8ad1dae3877d23d094d963d293b5d926a21ea8ea9443c870404a ?infer-osx-v0.7.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.7.0.tar.xz(62.45 MB)
    infer-osx-v0.7.0.tar.xz(62.80 MB)
  • v0.6.0(Jan 19, 2016)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    New features:

    • [android] fixed intermittent infinite loop
    • [iOS] new check for capturing a C++ reference in an Objective-C block

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 -p infer-*-v0.6.0.tar.xz
    26abc0312c892b53e4b93c22c2c051381ce1012a3d8458e8e2574b27302eec37 infer-linux64-v0.6.0.tar.xz
    8a1c4d0425c0ef3efcf4683cdbeebba63f3dd2fd5e75df4f04142dc9a5a5f15d infer-osx-v0.6.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.6.0.tar.xz(69.43 MB)
    infer-osx-v0.6.0.tar.xz(78.96 MB)
  • v0.5.0(Dec 18, 2015)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    New features:

    • [android] detection of context leaks
    • [android] support for @PerformanceCritical and @Expensive method annotations. Infer will check that an expensive method is never called during the execution of a performance critical method (run it with infer -a checkers -- ...).
    • [iOS] new check to catch strong delegate properties, likely to create retain cycles
    • [iOS] new check to catch direct accesses to atomic properties, which can cause race conditions
    • [all] performance improvements all-around

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ shasum -a 256 infer-*-v0.5.0*.tar.xz
    9d6eefeb63742bd408bc5769e93f34b378b36c0561c8e80035797c1be0c6fc66  infer-linux64-v0.5.0.tar.xz
    6a8547ac0b75a5e2bbeccae2169e39f753a60adbcacb6c94599fd31343a71ce7  infer-osx-v0.5.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.5.0.tar.xz(62.40 MB)
    infer-osx-v0.5.0.tar.xz(62.76 MB)
  • v0.4.0(Oct 13, 2015)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ sha256sum infer-*-v0.4.0.tar.xz
    bb84656153b59ff43f477c2432039195b614ecb5c19ed2a3f73aea7921696730  infer-osx-v0.4.0.tar.xz
    14f6e6d96a450d7acb17de0b26b136851d1b2815edd267e5865ea0af7aaf2887  infer-linux64-v0.4.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.4.0.tar.xz(82.63 MB)
    infer-osx-v0.4.0.tar.xz(88.72 MB)
  • v0.3.0(Aug 20, 2015)

    This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

    For the full list of changes included see here.

    The sha256 checksums of the tarballs are:

    $ sha256sum infer-*-v0.3.0.tar.xz
    325013468da5b221e81ad3f1ba348e07a87f061c698e46b32d20f94d599ab463  infer-linux64-v0.3.0.tar.xz
    cfd17c647098baff2875f3ff4db994f2ee02e7b5577cde5fe59ee21ec57a2d44  infer-osx-v0.3.0.tar.xz
    
    Source code(tar.gz)
    Source code(zip)
    infer-linux64-v0.3.0.tar.xz(105.22 MB)
    infer-osx-v0.3.0.tar.xz(102.52 MB)
  • v0.2.0(Jun 26, 2015)

    Notable fixes and improvements:

    • [java] analyze class files with $$ in the name (closes #3 more)
    • [java] don't fail on compilation warnings (closes #18)
    • [clang] support __nullable et al. (closes #4)
    • add an Infer:Checkers for printf arguments

    Action required to compile from source when upgrading from a previous version:

    • The version of javalib that Infer requires has changed. You'll need to upgrade it using opam: opam update && opam upgrade. You'll also need to run make -C infer clean before recompiling Infer.
    • The version of the facebook-clang-plugins that Infer requires has changed. You'll need to update the plugins before recompiling Infer: from the directory where Infer sources live, run ./update-fcp.sh && ../facebook-clang-plugin/clang/setup.sh && ./compile-fcp.sh.

    See the full list of changes here.

    Source code(tar.gz)
    Source code(zip)
  • v0.1.1(Jun 18, 2015)

    This release fixes a number of bugs. Non-exhaustive list below.

    • [java] no more crash on class names containing "$$" (closes #3)
    • [java] model for assert (closes #68)
    • [objective-c] support for @import (closes #2)
    • [c family] Infer now always reports on the right line numbers (closes #31)
    • [c family] fix c++ compilation errors (closes #37)
    Source code(tar.gz)
    Source code(zip)
Owner
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Facebook
Tackle Data-intensive Validity Analyzer

Tackle-DiVA (Data-intensive Validity Analyzer) Tackle-DiVA is a command-line tool for data-centric application analysis. It imports a set of target ap

Konveyor 4 May 18, 2021
A static analyzer for Java, C, C++, and Objective-C

Infer Infer is a static analysis tool for Java, C++, Objective-C, and C. Infer is written in OCaml. Installation Read our Getting Started page for det

Facebook 12.4k Jun 13, 2021
An extensible multilanguage static code analyzer.

PMD About PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and

PMD 3.4k Jun 14, 2021
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

NullAway: Fast Annotation-Based Null Checking for Java NullAway is a tool to help eliminate NullPointerExceptions (NPEs) in your Java code. To use Nul

Uber Open Source 3k Jun 7, 2021
Catch common Java mistakes as compile-time errors

Error Prone Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. public class ShortSet { public

Google 5.6k Jun 14, 2021
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community. SpotBugs is licensed unde

null 2.3k Jun 8, 2021
Inria 1.1k Jun 16, 2021
Sourcetrail - free and open-source interactive source explorer

Sourcetrail Sourcetrail is a free and open-source cross-platform source explorer that helps you get productive on unfamiliar source code. Windows: Lin

Coati Software 11.5k Jun 18, 2021
⚡️Lightning-fast linter for .env files. Written in Rust 🦀

⚡️ Lightning-fast linter for .env files. Written in Rust ?? Dotenv-linter can check / fix / compare .env files for problems that may cause the applica

null 933 Jun 9, 2021
Continuous Inspection

SonarQube Continuous Inspection SonarQube provides the capability to not only show health of an application but also to highlight issues newly introdu

SonarSource 5.9k Jun 16, 2021
Astra: a Java tool for analysing and refactoring Java source code

What is Astra? Astra is a Java tool for analysing and refactoring Java source code. For example: "References to type A should instead reference type B

Alfa 32 Jun 8, 2021
OpenGrok is a fast and usable source code search and cross reference engine, written in Java

Copyright (c) 2006, 2020 Oracle and/or its affiliates. All rights reserved. OpenGrok - a wicked fast source browser OpenGrok - a wicked fast source br

Oracle 3.3k Jun 14, 2021
Your Software. Your Structures. Your Rules.

jQAssistant Master Repository We splitted jQAssistant in multiple single repositories to be able to build a better and more flexible build an release

null 159 May 30, 2021