CodeProver does not detect overflow/underflow with unsigned variables
Show older comments
Hello,
I have noticed that Code Prover does not raise a warning in case of a subtraction between 2 unsigned variables. It does raise for 2 signed ones, but not with 2 unsigned.
Example
void test (void){
uint8_t a, b, c;
b = foo();
c = bar();
a = b-c;
}
This operation b-c is not seen as a potential overflow/underflow occurence.
Question
Is this an issue in CodeProver or a missing configuration, please?
Thank you for your answer,
Best regards
Accepted Answer
Alexandre De Barros
on 26 Dec 2017
2 votes
Hello,
In standard C, there is no overflow on unsigned types. The C99 standard (§6.2.5/9) states:
"A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type."
Hence, by default, Code Prover will not report this kind of overflow.
Now, if you are interested by detecting them, you can change the default behavior thanks to the option "Detect overflows".
In the configuration pane, choose "Code Prover Verification" then "Check Behavior" and on the right page, for the option "Detect Overflows", select "signed and unsigned".
Please note that in your example, the overflow will appear on the assignment to the variable a, since the subtraction is performed on the int type (integral promotion).
Alex
More Answers (0)
Categories
Find more on Run Settings in Help Center and File Exchange
on 22 Dec 2017
on 8 Jan 2018
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
