Polyspace 2015a orange check IDP (Illegally dereferenced pointer)
17 次查看(过去 30 天)
显示 更早的评论
Hello,
Can someone explain me the following Polyspace warning, especially the text in bold?
Warning: pointer may be outside its bounds of expression (pointer to const unsigned int 8, size: 8 bits): pointer is not null ( but may not be allocated memory) points to 1 bytes at offset 27 or [1051 .. 3099] in buffer of 4096 bytes, so is within bounds (if memory is allocated) may point to variable or field of variable in: {DrvEep_PolyspaceNvmStartAddress}
NvM_sectionPointer is array of 4 elements which are pointers to uint8
uint8 const * NvM_sectionPointer[( ( 4 ) )];
There is another array containing 4096 bytes divided to 1024-bytes blocks:
volatile uint8 DrvEep_PolyspaceNvmStartAddress[( 1024 )( 4 )];*
NvM_sectionPointer[0] points to DrvEep_PolyspaceNvmStartAddress[0].
NvM_sectionPointer[1] points to DrvEep_PolyspaceNvmStartAddress[1024].
NvM_sectionPointer[2] points to DrvEep_PolyspaceNvmStartAddress[2048].
NvM_sectionPointer[3] points to DrvEep_PolyspaceNvmStartAddress[3072].
I don't understand how to interpret the words *pointer is not null (* *but may not be allocated memory)*.
Thanks and Best Regards Dimo Petkov
0 个评论
采纳的回答
Alexandre De Barros
2016-1-22
Hi !
You can see this message for example when a memory buffer is allocated by malloc then used as an array but without checking if the malloc operation was ok. Example:
uint8 * my_tab;
my_tab = (uint8 *)malloc(100);
data = my_tab[10];
Here my_tab is used as an array but the malloc operation has not been checked for a potential failure. So it "may not be allocated memory". In this situation, when accessing my_tab, you will see this message.
Please note that this message disappears if the pointer is tested for nullity before being accessed:
uint8 * my_tab;
my_tab = (uint8 *)malloc(100);
if (my_tab != NULL)
data = my_tab[10];
For your specific example, I'm not able to reproduce this message with this reproduction code:
uint8 const * NvM_sectionPointer[( ( 4 ) )];
volatile uint8 DrvEep_PolyspaceNvmStartAddress[( 1024 )*( 4 )];
void f() {
uint8 data;
NvM_sectionPointer[0] = &DrvEep_PolyspaceNvmStartAddress[0];
NvM_sectionPointer[1] = &DrvEep_PolyspaceNvmStartAddress[1024];
NvM_sectionPointer[2] = &DrvEep_PolyspaceNvmStartAddress[2048];
NvM_sectionPointer[3] = &DrvEep_PolyspaceNvmStartAddress[3072];
data = NvM_sectionPointer[1][27];
}
There is no allocation here so no reason to see this message. But I guess that your code is more complex and there are probably more write accesses to NvM_sectionPointer than in this example.
NvM_sectionPointer is probably a global array so in order to better understand why polypace gives this message, it may be interesting to see how it is accessed by using the Variable Access view : each write and read access to any global variable is displayed in this view so you can precisely trace the accesses of global variables.
Alex
1 个评论
Anirban
2022-5-23
To learn in general about Illegally dereferenced pointers in Polyspace Code Prover, see https://www.mathworks.com/help/codeprover/ref/illegallydereferencedpointer.html .
更多回答(3 个)
另请参阅
类别
在 Help Center 和 File Exchange 中查找有关 Code Prover Analysis in Polyspace Platform User Interface 的更多信息
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!