Run stricter checks considering all values of system inputs
(-checks-using-system-input-values)
Enable stricter checks and provide examples of values that lead to detected defect
Since R2020a
Description
This option affects a Bug Finder analysis only. This option is not available for code generated from MATLAB® code or Simulink® models.
Enable a stricter analysis mode for a subset of numerical, static memory and data flow related defect and coding standard checkers. If you enable this option:
The analysis considers all possible values of system inputs when checking for issues.
When an issue is detected, the analysis provides one example input value that leads to the issue.
For each function foo that you specify with Consider inputs to these functions (-system-inputs-from), the following are considered as system inputs:
Each argument of
foo.Each read of a global variable by
fooor one of its callees.For the
main()function, the analysis assumes that the global variables are initialized with value 0.Each read of a volatile variable by
fooor one of its callees.Each return of a stubbed function. a Bug Finder analysis stubs a function if you do not provide the body of the function in your source code.
Each read from an absolute address, such as:
int value = *((int*)0x1234);
For information on checkers affected by this option, see Extend Bug Finder Checkers to Find Defects from Specific System Input Values.
You can view examples of values that lead to the detected defects in the Events column of the Results Details pane on the desktop interface or the Polyspace Access web interface.
Set Option
User interface (desktop products only): In your project configuration, the option is on the Bug Finder Analysis node. See Dependencies for other options that you must also enable.
User interface (Polyspace Platform, desktop products only): In your project configuration, in the Static Analysis tab, click Defects and Coding Standards > Checkers Behavior and then select Run stricter checks considering all values of system inputs.
Command line and options
file: Use the option
-checks-using-system-input-values. See Command-Line Information.
Why Use This Option
The default Bug Finder analysis does not flag defects that are caused by specific values of unknown inputs. Since the inputs might be bounded or initialized in a source file that you are not analyzing, or the specific value causing a defect might not occur in practice, the default analysis behavior helps to minimize false positives.
Enable this option to run a stricter analysis on a function whose system inputs might cause sporadic run-time errors during execution. Using this option might result in a longer analysis time.
Settings
OnPolyspace® considers all possible values of system inputs for a subset of numerical and static memory defect checkers and provides examples of values that lead to detected defects.
Off (default)Polyspace considers possible values of a system input only if the input is bounded by constraints in your code such as
assertorif. The analysis provides no examples of values that lead to detected defects.
Dependencies
This option is enabled only if defects are active. See
Find defects (-checkers).This option is ignored if you enable
Use fast analysis mode for Bug Finder (-fast-analysis).
Tips
If you set external constraints on global variables, the analysis shows examples of global variable values causing defects only within these constraints. See
Constraint setup (-data-range-specifications).If the input is a pointer
p, the analysis assumes that the pointer is not null and can be safely dereferenced. The example value of the input causing a defect is the value of*p. This value is represented as an array in the Results Details pane. For instance, in this code snippet:The example value of the input causing a defect is {0,0,0,4}, where the array representsvoid func(int* x){ int tmp= *(x+3); if(1/(tmp-4)) return; }*x,*(x+1),*(x+2), and*(x+3). The value*(x+3)=4causes a division by zero.The analysis treats these standard library functions that read values from external sources as stubbed functions.
getchargetcfgetcscanf
The stricter analysis considers all possible values of system inputs but it is not an exhaustive analysis. If Bug Finder cannot determine whether a particular input causes a defect, no defect is shown. For more on exhaustive analysis, see Differences Between Polyspace Bug Finder and Polyspace Code Prover.
Command-Line Information
Parameter:
-checks-using-system-input-values |
| Default: Off |
Example (Bug Finder):
polyspace-bug-finder -sources |
Example (Bug Finder Server):
polyspace-bug-finder-server -sources |
Version History
Introduced in R2020a
You can also select a web site from the following list
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)
Asia Pacific
- Australia (English)
- India (English)
- New Zealand (English)
- 中国
- 日本Japanese (日本語)
- 한국Korean (한국어)