Polyspace Overflow Orange Checks

3 views (last 30 days)
Zulham Mr
Zulham Mr on 23 Jun 2022
Commented: Zulham Mr on 28 Jun 2022
Hello guys,
I have this C++ code:
#include <iostream>
using namespace std;
int pos = 0;
char *buf = NULL;
const char *module_name = "module";
void myfunc()
pos += snprintf(buf + pos, pos, "[%s] ", module_name);
The Polyspace Code Prover gives one Overflow Orange Check. I have also set the DRS but Orange Check still exists.
Can you help me how to remove the Orange Check beside giving annotation?
Thank you in advance.

Accepted Answer

Anirban on 23 Jun 2022
Edited: Anirban on 23 Jun 2022
There are two reasons for the orange overflow:
  • snprintf() can return a very large number.
  • myfunc() can be called 0 or more times, upto a very large number. There is no main() function which would indicate how many times myfunc() is called (that is, your application is not complete).
By applying DRS, you have constrained the return value of snprint(). But even if snprintf() returns something in a small range like 0..100, myfunc() can still be called 0 or more times.
Now the question is: do you want to get rid of the orange overflow or make your function robust to overflows? Just based on your code snippet, Polyspace is making sound assumptions and showing that the function is not robust to overflows. Any external constraint you apply would assume that you have some foreknowledge outside the code.
Since you are applying DRS, I will go with the assumption that you somehow have this foreknowledge. You can then also constrain the number of times myfunc() can be called. There is no way to do this directly in the user interface, but you can add a file to your Polyspace project with lines like this (this code snippet is saying that myfunc() is called upto 10 times):
extern void myfunc();
int generateRandomNumber();
void main() {
int counter_max = generateRandomNumber();
assert(counter_max > 0 && counter_max <=10);
for(int i = 0; i < counter_max; i++)
Name the file polyspace_main.cpp or whatever and add it to the analysis along with your current source (and also apply DRS on the return of snprint). Now, the overflow should go away, because you have constrained both aspects of the overflow.
Zulham Mr
Zulham Mr on 28 Jun 2022
That's great. Thank you.

Sign in to comment.

More Answers (0)

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by