Code Prover warning 'Illegally dereferenced pointer'
60 views (last 30 days)
Show older comments
While running the code prover i got same Orange warning on many places in the code. For example in the function,
void DD_XYZ_Init( uint32_t addr_mcs_crit_ctrl )
{
( ( *((uint32_t volatile *)((uint32_t)addr_tim_crit_ctrl + ( (uint32_t)((uint32_t)0xf0100000+0x00001024) - (uint32_t)((uint32_t)0xf0100000+0x00001024) ))) ) ) = 0;
}
The Warning that i got,
Illegally dereferenced pointer
Warning: pointer may be outside its bounds
Dereference of expression (pointer to volatile unsigned int 32, size: 32 bits):
Pointer may be null.
Points to 4 bytes at unknown offset in buffer of unknown size, so may be outside bounds.
Pointer may point to dynamically allocated memory.
My Question,
We have given proper range for ‘addr_tim_crit_ctrl’ in constraint specification file, but still getting the warning. What could be the reason?
2 Comments
Anirban
on 5 May 2021
Can you state what you provided as constraint on addr_tim_crit_ctrl ? The input to the function seems to be addr_mcs_crit_ctrl . Is it a typo or is addr_tim_crit_ctrl actually different from addr_mcs_crit_ctrl?
Accepted Answer
Anirban
on 6 May 2021
Edited: Anirban
on 6 May 2021
In your example, you are converting an integer to a pointer. These conversions have results that are implementation-dependent and in the most general case, the pointer might point to an address that is illegal to dereference. That is why Code Prover is showing an orange check.
Even if you constrain the integer to a range of addresses, since Code Prover has no knowledge of the size of your target and the memory layout, this constraint is not sufficient to determine that the addresses are valid and the dereference is ok.
If you are sure that the dereference is ok, you can justify this orange check. See Address Polyspace Results Through Bug Fixes or Justifications.
2 Comments
Anirban
on 6 May 2021
As of now, there is no way to specify a memory layout. The most you can do is specify the sizes of fundamental data types, alignment, endianness and so on using the option Target processor type. If you contact MathWorks Technical Support, they might provide you specific solutions for your needs.
More Answers (0)
See Also
Categories
Find more on Options at Command Line Only in Help Center and File Exchange
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!