Main Content

Programming Defects

Defects for programming coding errors, assignment versus equality operators, type mismatch, wraparound, string arrays

These defects are errors relating to programming syntax. These defects include:

  • Assignment versus equality operators

  • Mismatches between variable qualifiers or declarations

  • Badly formatted strings

Polyspace Results

expand all

AssertionFailed assertion statement
Character value absorbed into EOFData type conversion makes a valid character value same as End-of-File (EOF)
Declaration mismatchMismatch between function or variable declarations
Errno not reseterrno not reset before calling a function that sets errno
Incorrect value forwardingForwarded object might be modified unexpectedly (Since R2020b)
Invalid iterator usageMismatched or uninitialized iterators are used in standard algorithm functions and comparison operations (Since R2022a)
Invalid use of == (equality) operatorEquality operation in assignment statement
Invalid use of standard library routineWrong arguments to standard library function
Invalid va_list argumentVariable argument list used after invalidation with va_end or not initialized with va_start or va_copy
Misuse of errnoerrno incorrectly checked for error conditions
Misuse of narrow or wide character stringNarrow (wide) character string passed to wide (narrow) string function
Misuse of return value from nonreentrant standard functionPointer to static buffer from previous call is used despite a subsequent call that modifies the buffer
Noncompliance with AUTOSAR specificationAn RTE API function is used with arguments that violate the AUTOSAR standard specification (Since R2021a)
Pointer or reference to destroyed temporary objectDestruction of temporary object results in dangling pointer or reference (Since R2023b)
Possible misuse of sizeofUse of sizeof operator can cause unintended results
Possibly unintended evaluation of expression because of operator precedence rulesOperator precedence rules cause unexpected evaluation order in arithmetic expression
std::string_view initialized with dangling pointerAn std::string_view object is initialized by using an unnamed temporary object (Since R2022b)
Typedef mismatchMismatch between typedef statements
Variable length array with nonpositive sizeSize of variable-length array is zero or negative
Writing to const qualified objectObject declared with a const qualifier is modified
Wrong type used in sizeofsizeof argument does not match pointed type
Abnormal termination of exit handlerExit handler function interrupts the normal execution of a program
Bad file access mode or statusAccess mode argument of function in fopen or open group is invalid
Call through non-prototyped function pointerFunction pointer declared without its type or number of parameters causes unexpected behavior
Copy of overlapping memorySource and destination arguments of a copy function have overlapping memory
Environment pointer invalidated by previous operationCall to setenv or putenv family function modifies environment pointed to by pointer
Floating point comparison with equality operatorsImprecise comparison of floating-point variables
Function called from signal handler not asynchronous-safeCall to interrupted function causes undefined program behavior
Function called from signal handler not asynchronous-safe (strict ISO C)Call to interrupted function causes undefined program behavior
Improper array initializationIncorrect array initialization when using initializers
Improper erase-remove idiomContainer's erase() is not called or called improperly following a call to std::remove() (Since R2022a)
Incorrect data type passed to va_argData type of variadic function argument does not match type in va_arg call
Incorrect pointer scalingImplicit scaling in pointer arithmetic might be ignored
Incorrect type data passed to va_startData type of second argument to va_start macro leads to undefined behavior
Incorrect use of offsetof in C++Incorrect arguments to offsetof macro causes undefined behavior
Incorrect use of va_startva_start is called in a non-variadic function or called with a second argument that is not the rightmost parameter of a variadic function
Inline constraint not respectedNon-const static variable is modified in nonstatic inline function
Invalid assumptions about memory organizationAddress is computed by adding or subtracting from address of a variable
Invalid file positionfsetpos() is invoked with a file position argument not obtained from fgetpos()
Invalid use of = (assignment) operatorAssignment in conditional statement
Memory comparison of padding datamemcmp compares data stored in structure padding
Memory comparison of stringsmemcmp compares data stored in strings after the null terminator
Missing byte reordering when transferring dataDifferent endianness of host and network
Misuse of errno in a signal handlerYou read errno after calling an errno-setting function in a signal handler
Shared data access within signal handlerAccess or modification of shared data causes inconsistent state
Side effect in arguments to unsafe macroMacro contains arguments that can be evaluated multiple times or not evaluated
Signal call from within signal handlerNonpersistent signal handler calling signal() in Windows system causes race condition
Standard function call with incorrect argumentsArgument to a standard function does not meet requirements for use in the function
Too many va_arg calls for current argument listNumber of calls to va_arg exceeds number of arguments passed to variadic function
Too many va_arg calls for current argument listNumber of calls to va_arg exceeds number of arguments passed to variadic function
Unnamed namespace in header fileHeader file contains unnamed namespace leading to multiple definitions
Unsafe conversion between pointer and integerMisaligned or invalid results from conversions between pointer and integer types
Use of memset with size argument zeroSize argument of function in memset family is zero
Use of indeterminate stringUse of unvalidated buffer from fgets-family function
Accessing object with temporary lifetimeRead or write operations on the object are undefined behavior
Alternating input and output from a stream without flush or positioning callUndefined behavior for input or output stream operations
Call to memset with unintended valuememset or wmemset used with possibly incorrect arguments
Format string specifiers and arguments mismatchFormat specifiers in printf-like functions do not match corresponding arguments
Memory comparison of float-point valuesObject representation of floating-point values can be different (same) for equal (not equal) floating-point values
Missing null in string arrayString does not terminate with null character
Misuse of a FILE objectUse of copy of FILE object
Misuse of sign-extended character valueData type conversion with sign extension causes unexpected behavior
Misuse of structure with flexible array memberMemory allocation ignores flexible array member
Modification of internal buffer returned from nonreentrant standard functionFunction attempts to modify internal buffer returned from a nonreentrant standard function
Overlapping assignmentMemory overlap between left and right sides of an assignment
Possible copy-paste errorA section of code is duplicated in other places with exactly one minor change (Since R2023a)
Predefined macro used as objectYou use standard library macros such as assert and errno as objects
Preprocessor directive in macro argumentYou use a preprocessor directive in the argument to a function-like macro
Qualifier removed in conversionVariable qualifier is lost during conversion
Result of string::c_str() compared to another pointerThe C string obtained from std::string::c_str() is compared to a pointer (or NULL) (Since R2021b)
Return from computational exception signal handlerUndefined behavior when signal handler returns normally from program error
Side effect of expression ignoredsizeof, _Alignof, or _Generic operates on expression with side effect
Stream argument with possibly unintended side effectsStream argument side effects occur more than once
Universal character name from token concatenationYou create a universal character name by joining tokens with ## operator
Unsafe conversion from string to numerical valueString to number conversion without validation checks

Topics

  • Bug Finder Defect Groups

    The Bug Finder defect checkers are classified into groups such as data flow, concurrency, numerical, and so on.