Main Content

Correctness condition

Mismatch occurs during pointer cast or function pointer use

expand all in page

Description

This check determines whether:

Examples

expand all

typedef int smallArray[10];
typedef int largeArray[100];


void main(void) {
    largeArray myLargeArray;
    smallArray *smallArrayPtr = (smallArray*) &myLargeArray;
    largeArray *largeArrayPtr = (largeArray*) smallArrayPtr;
}

In this example:

  • In the first pointer cast, a pointer of type largeArray is cast to a pointer of type smallArray. Because the data type smallArray represents a smaller array, the Correctness condition check is green.

  • In the second pointer cast, a pointer of type smallArray is cast to a pointer of type largeArray. Because the data type largeArray represents a larger array, the Correctness condition check is red.

typedef void (*callBack) (float data);
typedef struct
{
    char funcName[20];
    callBack func;
} funcStruct;

funcStruct myFuncStruct;

void main(void)
{
    float val = 0.f;
    myFuncStruct.func = (void*)0;
    myFuncStruct.func(val);
}

In this example, the function pointer myFuncStruct.func is initialized with NULL before use. When the pointer is dereferenced, the Correctness condition check produces a red error.

typedef void (*callBack) (float data);
typedef struct {
    char funcName[20];
    callBack func;
} funcStruct;

funcStruct myFuncStruct;

void main(void) {
    float val = 0.f;
    myFuncStruct.func(val);
}

In this example, the global variable myFuncStruct is not initialized, so the function pointer myFuncStruct.func contains NULL. When the pointer myFuncStruct.func is dereferenced, the Correctness condition check produces a red error.

#define MAX_MEMSEG 32764
typedef void (*ptrFunc)(int memseg);
ptrFunc operation = (ptrFunc)(0x003c);

void main(void) {
    for (int i=1; i <= MAX_MEMSEG; i++)
        operation(i);
}

In this example, the function pointer operation is cast to the contents of a memory location. Polyspace® cannot determine whether the location contains a variable or a function code and whether the function is well-typed. Therefore, when the pointer operation is dereferenced and used in a function call, the Correctness condition check is orange.

After an orange Correctness condition check due to absolute address usage, the software assumes that the following variables have the full range of values allowed by their type:

  • Variable storing the return value from the function call.

    In the following example, the software assumes that the return value of operation is full-range.

    typedef int (*ptrFunc)(int);
ptrFunc operation = (ptrFunc)(0x003c);

int main(void) {
  return operation(0);
}

  • Variables that can be modified through the function arguments.

    In the following example, the function pointer operation takes a pointer argument ptr that points to a variable var. After the call to operation, the software assumes that var has full-range value.

    typedef void (*ptrFunc)(int*);
ptrFunc operation = (ptrFunc)(0x003c);

void main(void) {
  int var;
  int *ptr=&var;
  operation(ptr);
}


typedef void (*callBack) (float data);

typedef struct {
    char funcName[20];
    callBack func;
} funcStruct;

void g(float data);

funcStruct FctPtrLUT[2] = {
    {"test",g},
    {"test",g}
};

void main(void) {
    float val = 0.f;
    funcStruct* cb;

    cb=FctPtrLUT[0].func;  
    cb->func(val);
}

In this example, the code declares cb as a pointer to funcStruct and, in the last line of the main function, dereferences cb as if it were a pointer to funcStruct with access to the field func.

However, the code actually assigns cb to FctPtrLUT[0].func, which points to the address of the function g().

Because the expected type of cb (funcStruct*) and the actual type (the function pointer type callback) do not match, Polyspace is unable to find a correct function call and assigns the finding an orange Correctness condition check. This mismatch in type causes a compilation error in C++ code but might not be detected at compile time in C code.

typedef struct {
  double real;
  double imag;
} complex;

typedef int (*typeFuncPtr) (complex*);

int func(int* x);

void main() {
  typeFuncPtr funcPtr = (typeFuncPtr)&func;
  int arg = 0, result = funcPtr((complex*)&arg);
}

In this example, the function pointer funcPtr points to a function with argument type complex*. However, the pointer is assigned the address of function func whose argument type is int*. Because of this type mismatch, the Correctness condition check is orange.

typedef int (*typeFuncPtr) (int, int);

int func(int);

void main() {
    typeFuncPtr funcPtr = (typeFuncPtr)&func;
    int arg1 = 0, arg2 = 0, result = funcPtr(arg1,arg2);
}

In this example, the function pointer funcPtr points to a function with two int arguments. However, it is assigned the function func which has one int argument only. Because of this mismatch in number of arguments, the Correctness condition check is orange.

typedef double (*typeFuncPtr) (int);

int func(int);

void main() {
    typeFuncPtr funcPtr = (typeFuncPtr)&func;
    int arg = 0;
    double result = funcPtr(arg);
}

In this example, the function pointer funcPtr points to a function with return type double. However, it is assigned the function func whose return type is int. Because of this mismatch in return types, the Correctness condition check is orange.

int glob = 0;
int func();

void main() {
    glob = 5;
    glob = func();
    glob+= 20;
}

In this example, a range of 0..10 was specified for the global variable glob.

  • In the statement glob=5;, a green Correctness condition check appears on glob.

  • In the statement glob=func();, an orange Correctness condition check appears on glob because the return value of stubbed function func can be outside 0..10.

    After this statement, Polyspace considers that glob has values in 0..10.

  • In the statement glob+=20;, a red Correctness condition check appears on glob because after the addition, glob has values in 20..30.

See also Constrain Global Variable Range for Polyspace Analysis.

Check Information

Group: Other
Language: C | C++
Acronym: COR

See Also

|

Topics