Extend Checkers for Initialization to Check Function Arguments Passed by Pointers
This topic shows how to extend checkers for initialization to check function arguments passed by pointers. By default, Bug Finder does not check these arguments for initialization at the point of function call because you might perform the initialization in the function body. However, for specific functions, you can extend the checkers to check arguments passed by pointers for initialization at the point of function call.
Identify Need for Existing Checker
Suppose that you consider some function calls as part of the system boundary and
you want to make sure that you pass initialized buffers across the boundary. For
instance, the Run-Time environment or Rte_ functions in AUTOSAR
allow a software component to communicate with other software components. You might
want to ensure that pointer arguments to these functions point to initialized
buffers.
For instance, consider this code snippet:
extern void Rte_Write_int(unsigned int, int*);
void writeValueToAddress() {
const unsigned int module_id = 0xfe;
int x;
Rte_Write_int(module_id, &x);
}x is passed by pointer to the
Rte_Write_int function. Bug Finder does not check
x for initialization at the point of function call. In the
body of Rte_Write_int, if you attempt to read
x, Bug Finder flags the non-initialized variable. However,
you might not be able to provide the module containing the function body for
analysis and might want to detect that x is non-initialized at
the point of function call itself.Extend Checker
You can specify that pointer arguments to some functions must point to initialized
buffers. For instance, to specify that Rte_Write_int is one such function:
List the function in an XML file in a specific syntax.
Copy the template file
code-behavior-specifications-template.xmlfrom the folderpolyspaceroot\polyspace\verifier\cxxThis syntax indicates that Bug Finder must check the second argument of the<function name="Rte_Write_int"> <check name="ARGUMENT_POINTS_TO_INITIALIZED_VALUE" arg="2"/> </function>
Rte_Write_intfunction to determine if the argument points to an initialized buffer. Remove previously existing entries in the file to avoid warnings.You can also use the wildcard
*to cover a group of functions. To specify all functions beginning withRte_Write_, enter:<function name="Rte_Write_*"> <check name="ARGUMENT_POINTS_TO_INITIALIZED_VALUE" arg="2"/> </function>
Specify this XML file as argument for the option
-code-behavior-specifications.
If you rerun the analysis, you see a Non-initialized variable
defect on &x when the function
Rte_Write_int is called.
Checkers That Can Be Extended
These checkers are extended by using this option:
See Also
Related Topics
You can also select a web site from the following list
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)
Asia Pacific
- Australia (English)
- India (English)
- New Zealand (English)
- 中国
- 日本Japanese (日本語)
- 한국Korean (한국어)