Review and Fix Invalid C++ Specific Operations Checks

This topic describes how to systematically review the results of an Invalid C++ specific operations check in Polyspace^® Code Prover™.

Follow one or more of these steps until you determine a fix for the Invalid C++ specific operations check. There are multiple ways to fix a red or orange check. For a description of the check and code examples, see Invalid C++ specific operations.

Sometimes, especially for an orange check, you can determine that the check does not represent a real error but a Polyspace assumption that is not true for your code. If you can use an analysis option to relax the assumption, rerun the verification using that option. Otherwise, you can add a comment and justification in your result or code.

For the general workflow that applies to all checks, see Interpret Code Prover Results in Polyspace Desktop User Interface or Interpret Code Prover Results in Polyspace Access Web Interface (Polyspace Access).

Step 1: Interpret Check Information

On the Results List pane, select the check. The Result Details pane displays further information about the check.

You can see:

The immediate cause of the check. For instance:
- The size of an array is not strictly positive.
  For instance, you create an array using the statement arr = new char [num]. num is possibly zero or negative.
  Possible fix: Use num as an array size only if it is positive.
- The typeid operator dereferences a possibly NULL pointer.
  Possible fix: Before using the typeid operator on a pointer, test the pointer for NULL.
- The dynamic_cast operator performs an invalid cast.
  Possible fix: The invalid cast results in a NULL return value for pointers and the std::bad_cast exception for references. Try to avoid the invalid cast. Otherwise, if the invalid cast is on pointers, make sure that you test the return value of dynamic_cast for NULL before dereference. If the invalid cast is on references, make sure that you catch the std::bad_cast exception in a try-catch statement.
The probable root cause of the check, if indicated.

Step 2: Determine Root Cause of Check

If you cannot determine the root cause based on the check information, use navigation shortcuts in the user interface to navigate to the root cause.

Based on the nature of the error, use one of the following methods to find the root cause.

Error How to Find Root Cause

An array size is nonpositive.

Error	How to Find Root Cause
An array size is nonpositive.	Trace the data flow for the size variable. Follow the same root cause investigation steps as for a Division by Zero check. See Review and Fix Division by Zero Checks. Identify a point where you can constrain the array size variable to positive values.
The `typeid` operator dereferences a possibly `NULL` pointer.	Trace the data flow for the pointer variable. Follow the same root cause investigation steps as for an Illegally dereferenced pointer check. See Review and Fix Illegally Dereferenced Pointer Checks. Identify a point where you can test the pointer for `NULL`.
The `dynamic_cast` operator performs an invalid cast.	Navigate to the definitions of the classes involved. Determine the inheritance relationship between the classes. On the Source pane in the Polyspace user interface, right-click the class name. Select Go To Definition.

Trace the data flow for the size variable.
Follow the same root cause investigation steps as for a Division by Zero check. See Review and Fix Division by Zero Checks.
Identify a point where you can constrain the array size variable to positive values.

The typeid operator dereferences a possibly NULL pointer.

Trace the data flow for the pointer variable.
Follow the same root cause investigation steps as for an Illegally dereferenced pointer check. See Review and Fix Illegally Dereferenced Pointer Checks.
Identify a point where you can test the pointer for NULL.

The dynamic_cast operator performs an invalid cast.

Navigate to the definitions of the classes involved. Determine the inheritance relationship between the classes.

On the Source pane in the Polyspace user interface, right-click the class name.
Select Go To Definition.

Step 3: Trace Check to Polyspace Assumption

See if you can trace the orange check to a Polyspace assumption that occurs earlier in the code. If the assumption does not hold true in your case, add a comment or justification in your result or code. See Address Results in Polyspace User Interface Through Bug Fixes or Justifications or Address Results in Polyspace Access Through Bug Fixes or Justifications (Polyspace Access).

For instance, you obtain the array size variable from a stubbed function getSize. Then:

Polyspace assumes that the return value of getSize is full-range. The range includes nonpositive values.
Using the variable as array size in dynamic memory allocation causes orange Invalid C++ specific operations.
If you know that the variable takes a positive value, add a comment and justification explaining why you did not change your code.

For more information, see Code Prover Analysis Assumptions.

Note

Before justifying an orange check, consider carefully whether you can improve your coding design.