Bug Finder Defect Groups

For convenience, the defect checkers in Bug Finder are classified into various groups.

In certain projects, you can choose to focus only on specific groups of defects. Specify the group name for the option Find defects (-checkers).
When reviewing results, you can review all results of a certain group together. Filter out other results during review. See Filter and Group Results in Polyspace Desktop User Interface or Filter and Sort Results in Polyspace Access Web Interface (Polyspace Access).

This topic gives an overview of the various groups.

C++ Exceptions

These defects are related to C++ exception handling. The defects include:

Unhandled exception emitting from a noexcept function
Unexpected exception arising during constructing the argument object of a throw statement
catch statements catching exceptions by value instead of by reference
catch statements hiding subsequent catch statements.

For more details about specific defects, see C++ Exception Defects.

Command-Line Parameter: cpp_exceptions

Concurrency

These defects are related to multitasking code.

Data Race Defects

The data race defects occur when multiple tasks operate on a shared variable or call a nonreentrant standard library function without protection.

For the specific defects, see Concurrency Defects.

Command-Line Parameter: concurrency

Locking Defects

The locking defects occur when the critical sections are not set up appropriately. For example:

The critical sections are involved in a deadlock.
A lock function does not have the corresponding unlock function.
A lock function is called twice without an intermediate call to an unlock function.

Critical sections protect shared variables from concurrent access. Polyspace^® expects critical sections to follow a certain format. The critical section must lie between a call to a lock function and a call to an unlock function.

For the specific defects, see Concurrency Defects.

Command-Line Parameter: concurrency

Cryptography

These defects are related to incorrect use of cryptography routines from the OpenSSL library. For instance:

Use of cryptographically weak algorithms
Absence of essential elements such as cipher key or initialization vector
Wrong order of cryptographic operations

Note that these checkers support up to version 1.1.1 of the OpenSSL library.

For the specific defects, see Cryptography Defects.

Command-Line Parameter: cryptography

Data flow

These defects are errors relating to how information moves throughout your code. The defects include:

Dead or unreachable code
Unused code
Non-initialized information

For the specific defects, see Data Flow Defects.

Command-Line Parameter: data_flow

Dynamic Memory

These defects are errors relating to memory usage when the memory is dynamically allocated. The defects include:

Freeing dynamically allocated memory
Unprotected memory allocations

For specific defects, see Dynamic Memory Defects.

Command-Line Parameter: dynamic_memory

Good Practice

These defects allow you to observe good coding practices. The defects by themselves might not cause a crash, but they sometimes highlight more serious logic errors in your code. The defects also make your code vulnerable to attacks and hard to maintain.

The defects include:

Hard-coded constants such as buffer size and loop boundary
Unused function parameters

For specific defects, see Good Practice Defects.

Command-Line Parameter: good_practice

Numerical

These defects are errors relating to variables in your code; their values, data types, and usage. The defects include:

Mathematical operations
Conversion overflow
Operational overflow

For specific defects, see Numerical Defects.

Command-Line Parameter: numerical

Object Oriented

These defects are related to the object-oriented aspect of C++ programming. The defects highlight class design issues or issues in the inheritance hierarchy.

The defects include:

Data member not initialized or incorrectly initialized in constructor
Incorrect overriding of base class methods
Breaking of data encapsulation

For specific defects, see Object Oriented Defects.

Command-Line Parameter: object_oriented

Performance

These defect checkers detect specific code patterns that directly cause or contribute to performance problems. Fixing the defects either directly removes performance problems, or removes contributing factors that might cause performance problems later.

These checkers can identify defects that a compiler’s optimizations cannot fix. Compiler optimizations try to improve the performance of existing code, but must stay within language rules, and cannot makes guesses about developer intent. On the contrary, these checkers can detect problems where:

A more efficient code pattern can replace the current usage without changing functionalities, but the pattern is not required by the language rules.
For instance, the checker flags empty destructors in classes that do not have move constructors or move assignment operators. An empty destructor is allowed by the C++ language rules but prevents automatic generation of move operators. Removing the destructor allows compiler-generated destructors (and move operators) and makes the code more efficient without changing functionalities.
Two or more similar implementations exist, and depending on requirements, the developer can choose a more efficient implementation.
For instance, the checker flags the use of std::endl in I/O operations. Both std::endl and \n introduce a new line, but if flushing is not intended, the latter is more efficient.

After these defects are fixed, the source code is more efficient or the developer intent is more explicit, and the compiler can more aggressively optimize the code.

The defects include:

Issues that inadvertently cause copy instead of move operations
Inefficient or unnecessary temporary variable creation
Use of a function that has a possibly more efficient alternative

For specific defects, see Performance Defects.

Command-Line Parameter: performance

Programming

These defects are errors relating to programming syntax. These defects include:

Assignment versus equality operators
Mismatches between variable qualifiers or declarations
Badly formatted strings

For specific defects, see Programming Defects.

Command-Line Parameter: programming

Resource Management

These defects are related to file handling. The defects include:

Unclosed file stream
Operations on a file stream after it is closed

For specific defects, see Resource Management Defects.

Command-Line Parameter: resource_management

Static Memory

These defects are errors relating to memory usage when the memory is statically allocated. The defects include:

Accessing arrays outside their bounds
Null pointers
Casting of pointers

For specific defects, see Static Memory Defects.

Command-Line Parameter: static_memory

Security

These defects highlight places in your code which are vulnerable to hacking or other security attacks. Many of these defects do not cause runtime errors, but instead point out risky areas in your code. The defects include:

Managing sensitive data
Using dangerous or obsolete functions
Generating random numbers
Externally controlled paths and commands

For more details about specific defects, see Security Defects.

Command-Line Parameter: security

Tainted data

These defects highlight elements in your code which are from unsecured sources. Attackers can use input data or paths to attack your program and cause failures. These defects highlight elements in your code that are vulnerable. Defects include:

Use of tainted variables or pointers
Externally controlled paths

For more details about specific defects, see Tainted Data Defects. You can modify the behavior of the tainted data defects by using the optional command -consider-analysis-perimeter-as-trust-boundary. See -consider-analysis-perimeter-as-trust-boundary.

Command-Line Parameter: tainted_data