Main Content

Absolute address usage

Absolute address is assigned to pointer

expand all in page

Description

This check appears when an absolute address is assigned to a pointer.

By default, this check is green. The software assumes the following about the absolute address:

  • The address is valid.

  • The type of the pointer to which you assign the address determines the initial value stored in the address.

    If you assign the address to an int* pointer, the memory zone that the address points to is initialized with an int value. The value can be anything allowed for the data type int.

The analysis makes these assumptions regarding absolute address usage:

  • The check does not flag absolute addresses if they involve variables or pointer arithmetic. For example, the x = *(int*)0x7 address is considered an absolute address. The x = *(int*)(0x7 + y) address is not an absolute address due its use of variables.

  • If you assign an absolute address to a pointer, the analysis assumes that the pointed location can contain any value allowed for the pointed data type. For example, following ptr = (int*)0x32, the analysis assumes that *ptr can contain any int value. Following a sequence of casts such as ptr = (int*)(char*)0x32, the analysis takes into account only the outermost cast, in this case, int*.

To turn this check orange by default for each absolute address usage, use the command-line option -no-assumption-on-absolute-addresses.

Examples

expand all

void func(int offset) {
    int *p = (int *)0x32;             // Green absolute address usage
    int *q = (int *)(0x32+offset);    // No absolute address check happens here
}

In this example, the option -no-assumption-on-absolute-addresses is not used. Therefore, the Absolute address usage check is green when the pointer p is assigned an absolute address. The check is orange if the option -no-assumption-on-absolute-addresses is used.

This check is performed only on strict absolute addresses. As the int *q = (int *)(0x32+offset); address contains variables, it is not a strict absolute address.

enum typeList {CHAR,INT,LONG};
enum typeList showType(void);
long int returnLong(void);

void main() {
    int *p = (int *)0x32; //Green absolute address usage
    enum typeList myType = showType();

    char x_char;
    int x_int;
    long int x_long;

    if(myType == CHAR)
        x_char = *p;
    else if(myType == INT)
        x_int = *p;
    else {
        x_long = *p;
        long int x2_long = returnLong();
    }
}

In this example, the option -no-assumption-on-absolute-addresses is not used. Therefore, the Absolute address usage check is green when the pointer p is assigned an absolute address.

Following this check, the verification assumes that the address is initialized with an int value. If you use x86_64 for Target processor type (-target) (sizeof(char) < sizeof(int) < sizeof(long int)), the assumption results in the following:

  • In the if(myType == CHAR) branch, an orange Overflow occurs because x_char cannot accommodate all values allowed for an int variable.

  • In the else if(myType == INT) branch, if you place your cursor on x_int in your verification results, the tooltip shows that x_int potentially has all values allowed for an int variable.

  • In the else branch, if you place your cursor on x_long, the tooltip shows that x_long potentially has all values allowed for an int variable. If you place your cursor on x2_long, the tooltip shows that x2_long potentially has all values allowed for a long int variable. The range of values that x2_long can take is wider than the values allowed for an int variable in the same target.

void main() {
    int *p = (int *)0x32;
    int x = *p;
    p++;
    x = *p;
}

In this example, the option -no-assumption-on-absolute-addresses is used. The Absolute address usage check is orange when the pointer p is assigned an absolute address.

Following this check:

  • Polyspace® considers that p points to a valid memory location. Therefore the Illegally dereferenced pointer check on the following line is green.

  • In the next two lines, the pointer p is incremented and then dereferenced. In this case, an Illegally dereferenced pointer check appears on the dereference and not an Absolute address usage check even though p still points to an absolute address.

Check Information

Group: Static memory
Language: C | C++
Acronym: ABS_ADDR