MATLAB: Polyspace 2015a orange check IDP (Illegally dereferenced pointer)

Question

Hello,

Can someone explain me the following Polyspace warning, especially the text in bold?

Warning: pointer may be outside its bounds of expression (pointer to const unsigned int 8, size: 8 bits): pointer is not null ( but may not be allocated memory) points to 1 bytes at offset 27 or [1051 .. 3099] in buffer of 4096 bytes, so is within bounds (if memory is allocated)      may point to variable or field of variable in: {DrvEep_PolyspaceNvmStartAddress}

NvM_sectionPointer is array of 4 elements which are pointers to uint8

uint8 const * NvM_sectionPointer[( ( 4 ) )];

There is another array containing 4096 bytes divided to 1024-bytes blocks:

volatile uint8 DrvEep_PolyspaceNvmStartAddress[( 1024 )( 4 )];*

NvM_sectionPointer[0] points to DrvEep_PolyspaceNvmStartAddress[0].

NvM_sectionPointer[1] points to DrvEep_PolyspaceNvmStartAddress[1024].

NvM_sectionPointer[2] points to DrvEep_PolyspaceNvmStartAddress[2048].

NvM_sectionPointer[3] points to DrvEep_PolyspaceNvmStartAddress[3072].

I don't understand how to interpret the words *pointer is not null (* *but may not be allocated memory)*.

Thanks and Best Regards Dimo Petkov

Answer 1

Hi !

You can see this message for example when a memory buffer is allocated by malloc then used as an array but without checking if the malloc operation was ok. Example:

 uint8 * my_tab;
 my_tab = (uint8 *)malloc(100);
 data = my_tab[10];

Here my_tab is used as an array but the malloc operation has not been checked for a potential failure. So it "may not be allocated memory". In this situation, when accessing my_tab, you will see this message.

Please note that this message disappears if the pointer is tested for nullity before being accessed:

 uint8 * my_tab;
 my_tab = (uint8 *)malloc(100);
 if (my_tab != NULL)
  data = my_tab[10];

For your specific example, I'm not able to reproduce this message with this reproduction code:

 uint8 const * NvM_sectionPointer[( ( 4 ) )];
 volatile uint8 DrvEep_PolyspaceNvmStartAddress[( 1024 )*( 4 )];
 void f() {
  uint8 data;
  
  NvM_sectionPointer[0] = &DrvEep_PolyspaceNvmStartAddress[0];
  NvM_sectionPointer[1] = &DrvEep_PolyspaceNvmStartAddress[1024];
  NvM_sectionPointer[2] = &DrvEep_PolyspaceNvmStartAddress[2048];
  NvM_sectionPointer[3] = &DrvEep_PolyspaceNvmStartAddress[3072];
  data = NvM_sectionPointer[1][27];
 }

There is no allocation here so no reason to see this message. But I guess that your code is more complex and there are probably more write accesses to NvM_sectionPointer than in this example.

NvM_sectionPointer is probably a global array so in order to better understand why polypace gives this message, it may be interesting to see how it is accessed by using the Variable Access view : each write and read access to any global variable is displayed in this view so you can precisely trace the accesses of global variables.

Alex