MATLAB: Polyspace: best practice for stubbing functions that exit

exitpolyspacePolyspace Client for C/C++stub

I'm not sure what the best practice is with respect to stubbing functions that exit/terminate the program. Consider a reboot() function rebooting the system. I can stub it as

void reboot(void)
{
   for (;;) {
      ;
   }
}

But that makes "for" a red NTC which I can't seem to make go away with "-known-NTC reboot". So I went with

#include <stdlib.h>
void reboot(void)
{
    exit(0);
}

This makes "exit" a dashed red underline, with a bubble comment saying "A problem occurs during the execution of call to function __polyspace__stdstubs.exit.".

How do I stub such a function without getting a red or other problematic statement?

Best Answer

Hi Tommy!

If a function exits the program, then by definition the call to this function will never return, and the program will not continue after this call. This is why Polyspace will flag an NTC check, indicating that if you call this function, your program will stop.

It is important to use this red check to understand for example why some code is unreachable:

 reboot(); // your function that exits the application. We have a red NTC here
 restart(); // problem: this function is not called !

If you stub your function without an NTC or NTL, then Polyspace will consider that, in the example above, the function restart() can be called, which is not true. So the results will not reflect the reality.

Please note also that Polyspace will propagate this check through the call tree and it is also very important to keep this NTC check.

Let's take another example with this function:

 int check(int status_code) {
  if (status_code > 10)
    reboot();
  else
    return 1;
 }

and later this code where we will suppose that my_status is set to an incorrect value:

 my_status = 11;  // oops, wrong value here!
 if (check(my_status)) {  
    ...
    // do something very important
 }

In the function check(), there will be an NTC on reboot(), but there will be another NTC on the call to check() because Polyspace knows that the function reboot() is going to be called since the parameter status_code is 11.

If reboot() was stubbed without an NTC, the call to check() with status_code equal to 11 would appear as ok. But in reality, this code will cause an unexpected reboot.

More information on this NTC check here.

Alex

Related Solutions

MATLAB: What is a pure stub and how can I force an automatic stub to be a pure function in PolySpace Server for C/C++

A stubbed function will be considered as pure by PolySpace if the function will not modify its parameters. In the following example f is a pure function as x will not be modified by f and only passed by value:

 int f(int c);
 ...
 int x = 3;
 f(x);

Here is a more non-trivial example:

 void g(void);
 void h(const int *p);  // the const qualifier here says that the  pointed object 
                                   // should not be modified.

Example of a non-pure function:

 void f(int *p);  // the stub will consider that the object pointed by p can be                         //modified inside f

Note that you can also force automatically generated stub to be “pure” by using

 #pragma POLYSPACE_PURE function_to_stub

somewhere in your code. Refer the Stubbing section under Preparing Source Code for Verification chapter of the PolySpace User's guide for C for more information.

One of the advantages of declaring a function to be pure for PolySPace verification purpose is not having to write a manual stub if you know for a fact that the function in run-time will not modify its parameters.

Example:

 #pragma POLYSPACE_PURE f
 int f(char *x);
 int main(void) {
      char c=0;
      int i,x;
      x = f(&c);
      x = c; // c is not modified, and x equals 0
     return 0;
 }

Though f is accepting a char pointer the automatic stubber in PolySpace will stub f as a pure function.

MATLAB: Can I perform with code verification for Ada if I have Polyspace Bug Finder and PolySpace Code Prover

Code verification for Ada requires the Polyspace Client for Ada, which is a separate product from PolySpace Bug Finder and PolySpace Code Prover.

To purchase the PolySpace Client for Ada, please reach out to your company's MathWorks sales representative, or contact the MathWorks sales department.

Best Answer

Related Solutions

MATLAB: What is a pure stub and how can I force an automatic stub to be a pure function in PolySpace Server for C/C++

MATLAB: Can I perform with code verification for Ada if I have Polyspace Bug Finder and PolySpace Code Prover

Related Question