Overflow mode for unsigned integer
(-unsigned-integer-overflows
)
Specify whether result of overflow is wrapped around or truncated
Description
This option affects a Code Prover analysis only.
Specify whether Polyspace® flags unsigned integer overflows and whether the analysis wraps the result of an overflow or restricts it to its extremum value.
Set Option
User interface (desktop products only): In your project configuration, the option is on the Check Behavior node under Code Prover Verification.
User interface (Polyspace Platform, desktop products only): In your project configuration, the option is on the Static Analysis tab on the Run Time Errors > Check Behavior node.
Command line and options file: Use the option
-unsigned-integer-overflows
. See Command-Line Information (Polyspace Code Prover).
Why Use This Option
Use this option to specify how Polyspace Code Prover™ reacts to unsigned integer overflows. You can choose to flag an unsigned integer overflow and treat the code following this issue as compromised. Alternatively, you might choose to allow unsigned integer overflows. Depending on the value of this option, Polyspace makes different assumptions when analyzing the code that comes after an unsigned overflow.
Settings
Default:
allow
forbid
Polyspace flags unsigned integer overflows. If the Overflow check on an operation is:
Red, Polyspace does not analyze the remaining code in the current scope.
Orange, Polyspace analyzes the remaining code in the current scope. Polyspace considers that:
After a positive Overflow, the result of the operation has an upper bound. This upper bound is the maximum value allowed by the type of the result.
After a negative Overflow, the result of the operation has a lower bound. This lower bound is the minimum value allowed by the type of the result.
In the following code,
j
has values in the range[1..232-1]
before the orange overflow. Polyspace considers thatj
has even values in the range[2 .. 4294967294]
after the overflow. Polyspace does not analyze theprintf()
statement after the red overflow.#include<stdio.h> unsigned int getVal(); void func1() { unsigned int i = 1; i = i << 31; // Result of * operation overflows i = i * 2; // Remaining code in current scope not analyzed printf("%u", i); } void func2() { unsigned int j = getVal(); if (j > 0) { // Range of j: [1..232-1] // Result of * operation may overflow j = j * 2; // Range of j: even values in [2 .. 4294967294] printf("%u", j); } }
Note that tooltips on operations with unsigned integers show
(result is truncated)
to indicate the analysis mode. The message appears even if the Overflow check is green.allow
Polyspace does not flag unsigned integer overflows. If an operation results in an overflow, Polyspace analyzes the remaining code but wraps the result of the overflow. For instance,
MAX_INT + 1
wraps toMIN_INT
. This behavior conforms to the ANSI C (ISO C++) standard.In this code, the analysis does not flag any overflow in the code. However, the range of
j
wraps around to even values in the range[0..232-2]]
and the value ofi
wraps around to0
.#include<stdio.h> unsigned int getVal(); void func1() { unsigned int i = 1; i = i << 31; // i = 231 i = i * 2; // i = 0 printf("%u", i); } void func2() { unsigned int j = getVal(); if (j > 0) { // Range of j: [1..232-1] j = j * 2; // Range of j: even values in [0 .. 4294967294] printf("%u", j); } }
Note that tooltips on operations with unsigned integers show
(result is wrapped)
to indicate the analysis mode. The message appears even if the analysis does not flag unsigned integer overflows.warn-with-wrap-around
Polyspace flags unsigned integer overflows. If an operation results in an overflow, Polyspace analyzes the remaining code but wraps the result of the overflow. For instance,
INT_MAX + 1
wraps to0
.In the following code,
j
has values in the range[1..232-1]
before the orange overflow. Polyspace considers thatj
has even values in the range[0 .. 4294967294]
after the overflow.Similarly,
i
has value231
before the red overflow and value0
after it.#include<stdio.h> unsigned int getVal(); void func1() { unsigned int i = 1; i = i << 31; // i = 231 i = i * 2; // i = 0 printf("%u", i); } void func2() { unsigned int j = getVal(); if (j > 0) { // Range of j: [1..232-1] j = j * 2; // Range of j: even values in [0 .. 4294967294] printf("%u", j); } }
Note that tooltips on operations with unsigned integers show
(result is wrapped)
to indicate the analysis mode. The message appears even if the Overflow check is green.In wrap-around mode, an overflowing value propagates and can lead to a similar overflow several lines later. By default, Code Prover shows only the first of similar overflows. To see all overflows, use the option
-show-similar-overflows
(Polyspace Code Prover).
Tips
To check for overflows on conversions from unsigned to signed integers of the same size, set Overflow mode for unsigned integer to
forbid
orwarn-with-wrap-around
. If you allow unsigned integer overflows, Polyspace does not flag overflows on conversions and wraps the result of an overflow, even if you check for signed integer overflows.In Polyspace Code Prover, overflowing unsigned constants are wrapped around. This behavior cannot be changed by using the options. If you want to detect overflows with unsigned constants, use the Polyspace Bug Finder™ checker
Unsigned integer constant overflow
.Code Prover does not show an overflow on bitwise operations on unsigned variables or
sbit
-s, for instance, in this example:The verification considers that such bitwise operations are deliberate on your part and you intend an automatic wrap-around in case the result of the operation overflows.volatile unsigned char Y; Y = ~Y;
Command-Line Information
Parameter:
-unsigned-integer-overflows |
Value:
forbid | allow |
warn-with-wrap-around |
Default:
allow |
Example (Code Prover):
polyspace-code-prover -sources |
Example (Code Prover
Server):
polyspace-code-prover-server -sources
|
Version History
Introduced in R2018b
See Also
Overflow mode for signed integer
(-signed-integer-overflows)
| -show-similar-overflows
(Polyspace Code Prover) | Overflow
(Polyspace Code Prover)
Topics
- Specify Polyspace Analysis Options
- Modify or Disable Code Prover Run-Time Checks (Polyspace Code Prover)