Review Polyspace Bug Finder Results in Polyspace User Interface

Polyspace^® Bug Finder™ checks C/C++ code for defects, coding rule violations, and security vulnerabilities. After you run an analysis, you can open and review the results in the Polyspace user interface.

This topic shows how to review some Bug Finder results in the Polyspace user interface. The Polyspace user interface is available with the desktop products, Polyspace Bug Finder and Polyspace Code Prover™.

If you run a single-file analysis in your IDE using Polyspace as You Code, you can review the results directly within your IDE. See Review Polyspace as You Code Results in IDEs.
If you run an analysis using a Polyspace Server product and upload to Polyspace Access, you can review the results in a web browser. See Review Polyspace Bug Finder Results in Web Browser.

Example Files

To follow the steps in this tutorial, run Polyspace using the steps in Run Polyspace Bug Finder on Desktop. Alternatively, in the Polyspace user interface, open example results using Help > Examples > Bug_Finder_Example.psprj. If you have loaded the example results earlier and made some changes, to load a fresh copy, select Help > Examples > Restore Default Examples.

Interpret Results

Review each Polyspace result. Find the root cause of the issue.

Start from the list of results on the Results List pane.

If the Results List pane covers the entire window, select Window > Reset Layout > Results Review.
If you do not see a flat list of results, but instead see them grouped, from the list, select None.

Click the Check column header to sort the results alphabetically. Select one of the Non-initialized variable results.

See the source code on the Source pane and further information about the result on the Result Details pane.

The Result Details pane also highlights a sequence of events leading to the result. For instance, for the Non initialized variable result, you see the following events:

The variable value is declared.
The if statement where value gets initialized is skipped.
The variable value is read.

You also see these events highlighted in blue on the source code. Sometimes, these events can be located far apart in the source code. Click an event on the Result Details pane to navigate to the corresponding location on the source code.

Additional Information

See:

Address Results Through Bug Fix or Comments

Once you understand the root cause of a Polyspace finding, you can fix your code. Otherwise, add comments to your Polyspace results to fix the code later or to justify the result. You can use the comments to keep track of your review progress.

Right-click the variable value on the Source pane. Select Open Editor. The code opens in a text editor. Fix the issue. For instance, you can initialize value during declaration.

int value = -1;

If you rerun the analysis, you do not see the Non-initialized variable defect.

Alternatively, if you do not want to fix the defect immediately, assign a status To investigate to the result. Optionally, add comments with further explanation.

If you assign a status No action planned, the result does not appear in subsequent runs on the same project.

Additional Information

See:

Manage Results

When you open the results of a Bug Finder analysis, you see a flat list of defects, coding rule violations or other results. To organize your review, you can narrow down the list or group results by file or result type.

For instance, you can:

Review only high impact defects.
Click the Information column header to sort defects by impact. Alternatively, you can filter out results other than high-impact defects. To begin filtering, click the icon on the column header.
Review only the new results since the last analysis.
On the Results List pane toolbar, click the New button.
Review results in certain files or functions.
On the Results List pane toolbar, from the list, select File.

Additional Information

See Filter and Group Results in Polyspace Desktop User Interface.