Local Variable was change range value but not assigned
Show older comments
Hi Matlab Support teams!
I'm using Polyspace R2019a, and i got a problem about local Variable
At line 5970, range value of local variable "u1t_InRnewEndPntIdx" = [0..8],
Please take a look following pic 1:
But at line 5980, range value of local variable "u1t_InRnewEndPntIdx" = [0..17]
Please take a look following pic 2:
u1t_InRnewEndPntIdx is not updated or assigned from line 5971 to 5980, why does it change range value?
Please help me answer the question above.
BR
Hoang Hiep
Accepted Answer
Anirban
on 16 Dec 2020
1 vote
Hi,
One of the reasons could be that Code Prover is considering the case where the if branch, where u1t_InRnewEndPntIdx is assigned (line 5970), is bypassed. So the range outside the for loop is a combination of ranges in the if branch and any range u1t_InRnewEndPntIdx had before the for loop.
There is something you can try. Place this line:
#pragma Inspection_Point u1t_InRnewEndPntIdx
in the else branch with the break and see the tooltip on u1t_InRnewEndPntIdx. This might help you confirm this hypothesis.
8 Comments
Tran Thang
on 20 Dec 2020
Hi Anirban
I add the line in else branch.
Range value of u1t_InRnewEndPntIdx is [0..9] at else branch. Please take a look shot below:
And rang value of u1t_InRnewEndPntIdx is [0..9] at line 5981.
Why add "#pragma Inspection_Point u1t_InRnewEndPntIdx" line code, It affects to range value of u1t_InRnewEndPntIdx?
Please help me to explain it.
BR
Is the tooltip in the if branch still 0..8? Can you also place the same pragma right before the for loop and see the range?
That might help us form a hypothesis on what is happening. As always, it is difficult to pinpoint the cause without having the full context of the code (since variables in code are often interrelated in surprising ways). A generic answer is the following:
When you added the #pragma Inspection_Point, you not only added a point where you can see a tooltip, but it also acted as a point that the tool can monitor. When a new monitoring point is added, in some cases, the tool can also acquire more information to propagate forward. As a result, you see a more precise range later. It seems that when Code Prover was earlier showing you 0..17, it was losing precision somewhere (this is not a problem since if Code Prover loses precision, it overapproximates to avoid missing an error). With the new monitoring point, Code Prover showed the more precise range.
Tran Thang
on 22 Dec 2020
Edited: Tran Thang
on 22 Dec 2020
Hi Anirban.
Thank you for your answer.
Is the tooltip in the if branch still 0..8? -> Yes, rang value of it is 0..8.
That might help us form a hypothesis on what is happening. -> Ok, i'll try it. I'll let you know the result later.
My source code is too big, How to know it was losing precision? Do you have option or configuration before i run my project?
One more question about array
Can i insert line of code "#pragma Inspection_Point u1t_ArSrcSignalData[];" for array u1t_ArSrcSignalData[] ?
BR
Tran Thang
on 22 Dec 2020
Hi Anirban.
Can you also place the same pragma right before the for loop and see the range? -> I add the line of code
and Range value of u1t_InRnewEndPntIdx is [0..254]
please let me know more info.
BR
Tran Thang
on 26 Dec 2020
Anirban
on 28 Dec 2020
Hi,
Sorry to have raised your hopes, but it is difficult to tell from a visual inspection alone how the ranges are what they are. I was hoping that the pragmas will lead to some answers, but in this specific instance, the pragma only made the analysis more precise, but did not fully explain the situation.
It seems that the loop is definitely entered, that is why the range after the loop is exactly the same as the range in the else branch. But it is not clear where the range in the else branch comes from. For that, the full context of the code is needed. For example:
- There is an orange Out of bounds array index check and a couple of Unreachable code checks inside the loop. These checks might be important to explain the ranges.
- The line 5970 is a macro. The macro expansion (what you see after clicking the M icon on the left) might be useful to understand what is going on. Sometimes what looks like a function call might not be a function call at all.
You will have to contact Support using the link here: https://www.mathworks.com/support/contact_us.html?s_tid=doc2cs
and share the results somehow. Support has all kinds of ways to obfuscate the code received so that you will not have to share the actual code.
Anirban
on 28 Dec 2020
To answer your other questions:
- You cannot add the pragma on an entire array.
- The analysis losing precision is not a problem per se because if the range 0..17 does not cause an issue like an overflow, the smaller range 0..9 is already checked and will still not cause an overflow. So, the greens are fine despite the loss of precision. However, the loss of precision does cause a problem of understanding if you are trying to track the ranges. In this case, as I answered before, it would be possible with the full context of the code, to get a sense of what led to the loss of precision and how adding some more information through the pragma in the else branch, the precision is regained. But Technical Support will have to look through the ranges on the other variables in the loop, the checks in the loop and other information provided by the tool. They can also explain to you what they looked for and how they arrived at their explanation.
Tran Thang
on 30 Dec 2020
Edited: Tran Thang
on 30 Dec 2020
More Answers (0)
Categories
Find more on Run Settings in Help Center and File Exchange
Products
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
