Issues Detected Using Polyspace Test Code Sanitizer
When running C/C++ tests using Polyspace® Test™, you can enable a code sanitizer to detect run-time errors during test execution. The code sanitizer detects a class of issues that can occur during test execution and reports them as test failures with detailed information about the issue instead of a generic run-time error.
This topic lists the issues that can be detected using the Polyspace Test code sanitizer. For more information on the code sanitizer workflow, see Run C/C++ Code Sanitizer and Review Results in Polyspace Platform User Interface.
Reporting of Issue Detected With Code Sanitizer
When test execution encounters an issue that is detectable using the code sanitizer, it is reported in the test results as a test failure, similar to test failures that occur because of failing assessments. This test failure is accompanied by additional details that provide more information about the issue.
For instance, in this example, the test test_array_access failed because of an out-of-bounds array access. If you open the test results in the Polyspace Platform user interface and select this failing test on the Results List pane, the Result Details pane shows a failure that does not have an associated assessment. Instead the Message column shows the issue with this message:
Defect OUT_BOUND_ARRAY occurred
In addition to test results, you can also see the errors in a sanitizer profiling report. For more information on the sanitizer profiling report, see Structure of HTML Reports Generated from C/C++ Code Sanitizer Results.
Issues Detectable With Code Sanitizer
The tables below list issues that the code sanitizer can detect along with the issue acronym reported in the test failure messages.
Numerical Issues
| Issue | Acronym | Description |
|---|---|---|
| Bitwise operation on negative value | BITWISE_NEG | The left operand of a right shift operator >> has a negative value. |
| Shift operator on negative value | SHIFT_NEG | The left operand of a left shift operator << has a negative value. |
| Result of shift operation outside allowed bounds | SHIFT_OVFL | A shift operation results in a value outside the range of the result data type. |
| Sign change integer conversion overflow | SIGN_CHANGE | A conversion between unsigned and signed integers results in a value outside the range of the result data type. |
| Integer overflow | INT_OVFL | An operation between two signed integer values results in a value outside the range of the operation data type. The data type of a binary operation is determined by the data types of the operands and integer promotion rules. |
| Integer conversion overflow | INT_CONV_OVFL | A conversion between two signed integers results in a value outside the range of the result data type. |
| Unsigned integer overflow | UINT_OVFL | An operation between two unsigned integer values results in a value outside the range of the operation data type. The data type of a binary operation is determined by the data types of the operands and integer promotion rules. |
| Unsigned integer conversion overflow | UINT_CONV_OVFL | A conversion between two unsigned integers results in a value outside the range of the result data type. |
| Integer division by zero | INT_ZERO_DIV | The integer denominator of a division or modulus operation is zero. |
| Float overflow | FLOAT_OVFL | An operation between two floating-point values results in a value outside the range of the operation data type. The data type of a binary operation is determined by the data types of the operands and floating-point promotion rules. |
| Float conversion overflow | FLOAT_CONV_OVFL | A conversion between two floating-point values results in a value outside the range of the result data type. |
| Float to integer conversion overflow | FLOAT_TO_INT_CONV_OVFL | A conversion between a floating-point value and a signed integer results in a value outside the range of the result data type. |
| Float to unsigned integer conversion overflow | FLOAT_TO_UINT_CONV_OVFL | A conversion between a floating-point value and an unsigned integer results in a value outside the range of the result data type. |
| Float division by zero | FLOAT_ZERO_DIV | The floating-point denominator of a division or modulus operation is zero. |
| Invalid use of integer standard library routine | INT_STD_LIB | A standard library function that takes an integer argument is passed a value outside the function's domain. |
| Invalid use of floating-point standard library routine | FLOAT_STD_LIB | A standard library function that takes a floating-point argument is passed a value outside the function's domain. |
Memory Management Issues
| Issue | Acronym | Description |
|---|---|---|
| Invalid use of memory standard library routine | MEM_STD_LIB | A memory manipulation function is called with invalid arguments. |
| Null pointer dereference | NULL_PTR | A null pointer (or result of null pointer arithmetic) is dereferenced. |
| Null pointer arithmetic | NULL_PTR_ARITH | An arithmetic operation is performed on a null pointer. |
| Pointer access out of bounds | OUT_BOUND_PTR | A pointer is dereferenced outside its allowed bounds. |
| Array access out of bounds | OUT_BOUND_ARRAY | An array is accessed outside its allowed bounds. |
Use of automatic variable as putenv-family function argument | PUTENV_AUTO_VAR | The argument to a putenv-family function is a local variable (with automatic duration). |
| Invalid free of pointer | BAD_FREE | Pointer used with
|
| Invalid deletion of pointer | BAD_DELETE | Pointer used with
|
| Dereference of freed pointer | FREED_PTR | Dereference of pointer that points to previously freed memory location. |
| Deallocation of previously deallocated pointer | DOUBLE_DEALLOCATION | Pointer used with free function, or delete or delete[] operator points to memory that was already released previously. |
