Polyspace 2015a orange check IDP (Illegally dereferenced pointer)

61 views (last 30 days)
Hello,
Can someone explain me the following Polyspace warning, especially the text in bold?
Warning: pointer may be outside its bounds of expression (pointer to const unsigned int 8, size: 8 bits): pointer is not null ( but may not be allocated memory) points to 1 bytes at offset 27 or [1051 .. 3099] in buffer of 4096 bytes, so is within bounds (if memory is allocated)      may point to variable or field of variable in: {DrvEep_PolyspaceNvmStartAddress}
NvM_sectionPointer is array of 4 elements which are pointers to uint8
uint8 const * NvM_sectionPointer[( ( 4 ) )];
There is another array containing 4096 bytes divided to 1024-bytes blocks:
volatile uint8 DrvEep_PolyspaceNvmStartAddress[( 1024 )( 4 )];*
NvM_sectionPointer[0] points to DrvEep_PolyspaceNvmStartAddress[0].
NvM_sectionPointer[1] points to DrvEep_PolyspaceNvmStartAddress[1024].
NvM_sectionPointer[2] points to DrvEep_PolyspaceNvmStartAddress[2048].
NvM_sectionPointer[3] points to DrvEep_PolyspaceNvmStartAddress[3072].
I don't understand how to interpret the words *pointer is not null (* *but may not be allocated memory)*.
Thanks and Best Regards Dimo Petkov

Accepted Answer

Alexandre De Barros
Alexandre De Barros on 22 Jan 2016
Hi !
You can see this message for example when a memory buffer is allocated by malloc then used as an array but without checking if the malloc operation was ok. Example:
uint8 * my_tab;
my_tab = (uint8 *)malloc(100);
data = my_tab[10];
Here my_tab is used as an array but the malloc operation has not been checked for a potential failure. So it "may not be allocated memory". In this situation, when accessing my_tab, you will see this message.
Please note that this message disappears if the pointer is tested for nullity before being accessed:
uint8 * my_tab;
my_tab = (uint8 *)malloc(100);
if (my_tab != NULL)
data = my_tab[10];
For your specific example, I'm not able to reproduce this message with this reproduction code:
uint8 const * NvM_sectionPointer[( ( 4 ) )];
volatile uint8 DrvEep_PolyspaceNvmStartAddress[( 1024 )*( 4 )];
void f() {
uint8 data;
NvM_sectionPointer[0] = &DrvEep_PolyspaceNvmStartAddress[0];
NvM_sectionPointer[1] = &DrvEep_PolyspaceNvmStartAddress[1024];
NvM_sectionPointer[2] = &DrvEep_PolyspaceNvmStartAddress[2048];
NvM_sectionPointer[3] = &DrvEep_PolyspaceNvmStartAddress[3072];
data = NvM_sectionPointer[1][27];
}
There is no allocation here so no reason to see this message. But I guess that your code is more complex and there are probably more write accesses to NvM_sectionPointer than in this example.
NvM_sectionPointer is probably a global array so in order to better understand why polypace gives this message, it may be interesting to see how it is accessed by using the Variable Access view : each write and read access to any global variable is displayed in this view so you can precisely trace the accesses of global variables.
Alex

More Answers (3)

Dimo
Dimo on 22 Jan 2016
Edited: Dimo on 22 Jan 2016
Hi Alex,
Thank you for your reply.
Yes, the code is more complex than I have described. The interesting is that the code as yours above doesn't contain such error but try to put arrays definition in the function. Then the error occurs.
void f() {
uint8 const * NvM_sectionPointer[( ( 4 ) )] = {0};
volatile uint8 DrvEep_PolyspaceNvmStartAddress[( 1024 )*( 4 )] = {0};
uint8 data;
NvM_sectionPointer[0] = &DrvEep_PolyspaceNvmStartAddress[0];
NvM_sectionPointer[1] = &DrvEep_PolyspaceNvmStartAddress[1024];
NvM_sectionPointer[2] = &DrvEep_PolyspaceNvmStartAddress[2048];
NvM_sectionPointer[3] = &DrvEep_PolyspaceNvmStartAddress[3072];
data = NvM_sectionPointer[1][27];
}
Dimo

Dimo
Dimo on 22 Jan 2016
Hi,
I was wrong. The error really doesn't occur even array definitions were made locally.
Dimo

NIKHIL PUNNOOSE
NIKHIL PUNNOOSE on 14 Apr 2021
Do we have any way to supress these warning in the code itself

Tags

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!