Infer Versions Save

This is a new release of Infer, with a binary tarball for Linux. On MacOS, using Homebrew is recommended. Please follow these instructions.

Frontends

• New JSON input format for SIL. This new format was contributed from Infer#, whose C# frontend for Infer emits SIL as JSON using this format.

Build System Integrations

• Clang upgraded to version 11.0

Checkers

• Liveness: properly handle exceptional control flow
• Pulse:
  • Added preliminary Java support
  • New Uninitialized value bug type, aiming to replace the previous Uninit checker as this one is inter-procedural and more precise.
  • OPTIONAL_EMPTY_ACCESS is now enabled by default
• NEW checker Topl(early alpha): An experimental checker framework: write your own analysis as a state machine representing a temporal property over multiple memory objects at once, eg to write a taint analysis. Topl is based on Pulse.
• Miscellaneous improvements to cost, inferbo, nullsafe, racerd, starvation

The sha256 checksums of the tarballs are:

$ shasum -a 256 infer-linux64-v1.1.0.tar.xz
5f5d453814422e93e2a70998d8946b09a2721628ff427f67ff0123dea87461d4  infer-linux64-v1.1.0.tar.xz

This is a binary release of Infer for Linux and MacOS. To use it follow these instructions.

The Linux binary is built for Ubuntu 18 and may require adjustments to run on other configurations.

The Mac binary is built for the Catalina version. MacOS users may get an error "developer cannot be verified" and need to allow the app to run manually following these instructions, or alternatively get infer from Homebrew when it is released there.

The sha256 checksums of the tarballs are:

$ shasum -a 256 infer-*-v1.0.0.tar.xz              
510eeccc7e6bcc2678ac92a88f8e1cb9c07c3e14d272dcc06834e93845bb120f  infer-linux64-v1.0.0.tar.xz
4f188959f7c61e2ef3b935c8a9e5e66632d7fcb90c5362336fb8305d4f74d6b7  infer-osx-v1.0.0.tar.xz

Changelog

Checkers

AL is now deprecated and may be removed in future versions.

Annotation Reachability

• reporting format improvements (the trace is no longer included in the report text, only as metadata)

Biabduction

• disable some less-used bug types

Eradicate

• remove "Field not mutable" check

RacerD

• Now defaults to "angelic" ownership: an unknown function is assumed to return owned objects.
• No more reports on races on paths rooted on temporary or local variables, as these are unreliably modelled.

Litho Required Properties: new Java checker to check that all non-optional @Props have been specified when constructing Litho components. Self in Block: new Objective-C checker to detect when an Objective-C block incorrectly captures self Starvation

• New experimental "global" analysis mode. Enable with --starvation-whole-program

Miscellaneous improvements to most checkers, in particular Annotation Reachability, Cost Analysis, Eradicate, Inefficient Keyset Iterator, InferBO, Pulse, RacerD, Starvation, and Uninitialized Value.

Build System Integrations

• The Gradle integration now captures Java files in parallel
• New Buck integration for Java, enable with --buck-java-flavor
• Clang upgraded to version 9.0

Command Line Interface

• New subcommand infer help to display information about checkers and issue types.
• New subcommand infer debug that replaces the uses of infer explore not related to reported issues.
• --debug no longer disables filtering, you have to pass -g -F to get the previous behaviour back.
• All disk artefacts (except the Java type environment) are now stored in the SQLite database in infer-out/results.db. The contents of the database can be explored with infer debug.
• Changed how to select the Buck integration. The old command line interface is still supported but is now deprecated.
  • clang via "flavors", activated with --flavors, now with --buck-clang
  • clang via "compilation DB", activated with --buck-compilation-database, unchanged
  • Java via "genrule", activated with --genrule-master-mode, now with --buck-java
  • Java "without genrules", used to be activated by not specifying any other Buck mode, deleted
  • In addition, there is a new Java integration, activated with --buck-java-flavor
• The textual version of the report infer-out/bugs.txt has moved to infer-out/report.txt. The bugs.txt file is still created with dummy contents to allow for a smooth transition.
• Removed the --report-hook option.
• Properly terminate on Control-C instead of sometimes leaving around zombie processes.
• Spec files (summaries) are now stored in the database. Explore with infer debug --procedures --procedures-summary.

Documentation

• Revamped online documentation for bug types and checkers. See the list of all issue types and the pages for each checker. The infer help command can be used locally to also get this information and more.
• Access the documentation for previous and future versions online.
• The https://fbinfer.com/ website now uses Docusaurus 2.

Internal Changes

• Folded the facebook-clang-plugins sub-repo inside the infer repository; there is no more git submodule for it.
• Improve internal documentation of OCaml source code.
• Build with OCaml 4.11.1 and dune 2.7.1
• Migrated our Python 2 code to OCaml
• Split the infer OCaml source code into individual dune libraries.
• Better defaults for SQLite, and a write daemon to reduce contention.
• New analysis schedulers that speed up the analysis phase. Enable with --scheduler callgraph or --scheduler restart.
• Infer no longer builds by default in "opt" mode (optimised, using OCaml’s flambda pass). The default is now "dev", which does not include as many optimisations (hence builds faster) and turns warnings into errors.
• The starvation checker is now based on SIL instead of HIL.

This is a binary release of Infer for Linux and MacOS. To use it follow these instructions.

Highlights:

• There’s a new --inefficient-keyset-iterator checker for finding inefficient uses of Java's keyset iterators that retrieve both key and value (on by default).
• Complete the set of Android thread annotations and Java nullability annotations. Updated artifacts are available on Maven Central.
• --starvation is now on by default. This analysis catches problems with threads not being able to make progress due to locking issues, incorrect scheduling priorities, etc. For instance, on Android calling Future.get from a UiThread without a sensible timeout will be flagged as a starvation issue.
• New Objective-C linter for calls to @optional methods: UNSAFE_CALL_TO_OPTIONAL_METHOD, enabled by default.
• A new call-graph scheduler (--call-graph-schedule) improves performance of the analysis phase of Infer, especially when the number of files to analyze is less than available CPUs.
• A new flag --oom-threshold allows to throttle the analysis when the amount of free memory is below the provided threshold.
• New genrule based Buck/Java integration is much faster than the previous one, use with --genrule-master-mode.
• Infer’s internal clang is now in version 8.0.0.
• Update to javalib 3.1 provides better compatibility with Java 9 and Java 11. Refer to their change log for more details.
• Infer can now be built and run on MacOS Mojave without fiddling with SDKROOT (although you still might need it with non-standard toolchain setup).
• [β] Pulse is a new experimental lifetime analysis for C++, give it a try with --pulse. Beware that it doesn’t report much yet.
• --ownership checker was superseded by Pulse and removed.

... and many other fixes and improvements. For the full list of changes included see here.

The facebook-clang-plugins version used for this release is https://github.com/facebook/facebook-clang-plugins/commit/9386890e42043d04f9 cd9e7b204cb525d4417c41.

The sha256 checksums of the tarballs are:

$ shasum -a 256 infer-*-v0.17.0.tar.xz
de972ba3043f18b29a8eff6cd7612e24f5ffaef038dc7949befeaf490931725e  infer-linux64-v0.17.0.tar.xz
1a3ef6fb51846ae63ffd7fde3b0255f75bab6157f5de1842606fa32988d101f8  infer-osx-v0.17.0.tar.xz

This is a binary release of Infer for Linux and MacOS. To use it follow these instructions.

It's been a long time since the previous release, here are some new features and improvements you can find in this new release:

Backend analyses:

• A brand new analysis to compute the runtime cost of methods and functions: passing --cost (off by default) to Infer will output a costs-report.json file describing, among others, the computational complexity of each function in the code using the big-O notation, eg O(1), O(list.length), ...
• The deadlock detection analysis has been ported to C++ and Objective-C and mainly focuses on self-deadlocks (taking a mutex twice). Activate with --starvation (off by default).
• The data race detector RacerD has been ported to Objective-C and detects races on fields protected by a C++ mutex. It reports "Thread Safety Violation" and "GuardedBy Violation" errors on Java and "Lock Consistency Violation" on C++ and Objective-C. Activate with --racerd (on by default).
• A progress bar is displayed while the analysis is running
• Countless improvements and tweaks, in particular in RacerD and in analyses for C++.

Frontends:

• Infer now ships with clang version 7.0.1
• Support for Java up to version 11

The sha256 checksums of the tarballs are:

$ shasum -a 256 infer-*-v0.16.0.tar.xz
435c415a9a22f41e7f2074b542b035b972a2a8c237d5490285d763bf333a817b  infer-linux64-v0.16.0.tar.xz
471f06c72754a45d73433623e8092bf9ea1315884b8ebff24d3f79f9a8b0380a  infer-osx-v0.16.0.tar.xz

The facebook-clang-plugins version used for this release is https://github.com/facebook/facebook-clang-plugins/commit/36266f6c86041896bed32ffec0637fefbc4463e0.

This is a binary release of Infer for Linux and MacOS. To use it follow these instructions.

Highlights:

• switch infer license to MIT
• publish binaries
• [clang] lots of improvements to the frontend

More changes in the full list of changes.

The facebook-clang-plugins version used for this release is https://github.com/facebook/facebook-clang-plugins/commit/f31f7c9c28d8fb9b59c0dacc74a24e4bfe90a904.

The sha256 checksums of the tarballs are:

$ shasum -a 256 infer-*-v0.15.0.tar.xz
f6eb98162927735e8c545528bb5a472312e5defcf0761e43c07c73fe214cb18a  infer-linux64-v0.15.0.tar.xz
0f87b8fd68b62717b8c3c143aeaea38b5102435f80fff484cb570a51cf510f9c  infer-osx-v0.15.0.tar.xz

This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

Highlights:

• New checker: --ownership detects a subset of use-after-free issues due to bad manual memory management. This is a rough prototype of Rust-style borrow checker for C++. (enabled by default, C++)
• New checker: --uninit detects uses of uninitialized values (enabled by default, C/C++/Objective-C)
• New checker: --racerd now also detects inconsistent lock usage in C++. Also improved the lock domain to reduce false positives for all languages.
• Improved C++ support: destructors are now properly translated; addresses and pointers are handled more precisely
• Improved retain cycles detection (Objective-C)
• Upgraded the internal clang to clang 7
• [internal] SQLite is being used to store some of infer's analysis artefacts instead of storing them in files on disk. This improves analysis speed and reduces load on the OS.

The sha256 checksums of the tarballs are:

$ shasum -a 256 infer-*-v0.14.0.tar.xz
330b4bbb5fbf90c04d4c096ce0d8d713dac72925d68c0e1b55ab30e6d5201bcb  infer-linux64-v0.14.0.tar.xz
350767bc29acdcb86734a2009e97bdf2a3603db0fbf3f18c59fc07b416977021  infer-osx-v0.14.0.tar.xz

This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

This is a fix for the 0.13.0 release, whose build broke due to changes in opam.

The sha256 checksums of the tarballs are:

$ shasum -a 256 -p infer-*-v0.13.1.tar.xz
02ff3c49c83d3a4e967696f8818b1cffcb042c26eefbb2ba8d78c27244b5940c ?infer-linux64-v0.13.1.tar.xz
182ff5b76ff561408dc52b32611346e097098651a491fb8a0a453a1d098d4299 ?infer-osx-v0.13.1.tar.xz

This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

The main changes are:

• Infer now runs multiple checkers at the same time by default, including the biabduction analysis that was the previous and only default. In particular, we are pleased to introduce RacerD for race detection in Java. The following checkers are activated by default: annotation reachability (Java), biabduction (C/C++/ObjC, Java), fragment retains view (Java), immutable cast (Java), liveness (C/C++/ObjC), printf args (Java), quandary (C/C++/ObjC, Java), RacerD (C/C++/ObjC, Java), SIOF (C/C++/ObjC). Each checker may report several issue types.
• Upgraded to clang 5.0
• Richer DSL for writing linters (AL), and a new default linter for const pointers in Objective-C
• Lots of perf improvements and bug fixes, and improved logging

Please note the following breaking changes:

• -a eradicate is now simply --eradicate and can run alongside other checkers
• inferTraceBugs is now the explore subcommand: infer explore --help
• infer now depends on sqlite

The sha256 checksums of the tarballs are:

$ shasum -a 256 -p infer-*-v0.13.0.tar.xz
79a7fe8b7a05ea2a685997d9188fef7319c7b3d72064f14dea7a5f23ec50efac ?infer-linux64-v0.13.0.tar.xz
1abec8df73581d35e018f81285197d82a6f3e6101c528fb8be14405765da155e ?infer-osx-v0.13.0.tar.xz

This is a hotfix release to update infer's opam dependencies to cope with upgrades of cppo in opam (in particular, #718).

This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

The sha256 checksums of the tarballs are:

$ shasum -a 256 -p infer-*-v0.12.1.tar.xz
d26dd519c19345530a92a6ae3f7058af3bd8ddfd7c2c945d116c6fd658be6c4 ?infer-linux64-v0.12.1.tar.xz
ce76b87bf4f70be594aaddc7402609af6338623fbb448dacca610e10bcb7c60a ?infer-osx-v0.12.1.tar.xz

This is a source release of Infer packaged with pre-built binaries for clang and facebook-clang-plugins for Linux and MacOS. To use it follow these instructions.

This introduces subcommands and man pages for all subcommands. If you are used to infer's command line already, here are some rough equivalences (the commands might not be completely equivalent in some cases):

• infer [options] -- [build command] becomes infer run [options] -- [build command]
• infer becomes infer analyze
• infer -a capture [options] -- [build command] becomes infer capture [options] -- [build command]
• infer -a compile [options] -- [build command] becomes infer compile [options] -- [build command]

The previous forms of invocations are still supported but may go away in future releases.

If you were using them, the internal binaries have disappeared and are replaced as follows:

• InferPrint [options] becomes infer report [options]
• InferAnalyze [options] becomes infer analyze [options]

See man infer, man infer-capture, man infer-analyze, etc. for more details, and let us know if anything is missing.

This release introduces AL, a language for writing linters against the clang AST. AL lets you check syntactic properties of source code by traversing the AST of the program. Using the included domain-specific language (DSL), you can write your own set of checks.

As usual, this release also includes lots of fixes and improvements. For the full list of changes included see here.

The sha256 checksums of the tarballs are:

$ shasum -a 256 -p infer-*-v0.12.0.tar.xz
698c9ff83a23fb3d6ffa0d62d5394e691ad5e3352f27bf2d4105afdfd07cc201 ?infer-linux64-v0.12.0.tar.xz
3b97bcabf85af8feb8d6fd0b8622fe2b4fbf27fa215fab61e3a660b5435b6d21 ?infer-osx-v0.12.0.tar.xz