Expected absence of impact

An object (source) is expected to have no impact on another object (sink)

Description

You can specify that a pair of objects in your source code are not expected to impact each other. If you designate one object as a source and another as a sink, the Expected absence of impact check determines if the source actually has no impact on the sink. The check color is:

Green, if the source is proven to have no impact on the sink.
Orange, if there is a possible impact of the source on the sink but the impact cannot be proven. For instance, the impact might not occur on all execution paths.

The check is localized on an impact specification written in XML as follows:

<expect>
   <no-impact source="sourceID" sink="sinkID"/>
</expect>

Where sourceID and sinkID are the ID-s of a source variable and a sink variable previously defined in the specification XML.

If the check detects a possible impact between a source and a sink, the event list below the result shows one path from the source to the sink. You can click each event in the list to trace the path in the source code.

To see the result, you must set the following options:

Enable impact analysis using the option Enable impact analysis (-impact-analysis).
Specify the sources and sinks for impact analysis using the option Specify sources and sinks (-impact-specifications).

Diagnosing This Check

Review Results of Impact Analysis in Polyspace Code Prover

Examples

expand all

Proven Expected Absence of Impact Specification

In the code below, the global variable external_data has no impact on the global variable sensitive_data.

int external_data;
int internal_data;
int sensitive_data;

void main() {
    int local_data = external_data;
    int isPositive = local_data > 0? 1 : 0;
    if(!isPositive) {
        local_data = -local_data;
    }
    sensitive_data = internal_data;
}

If you designate external_data as a source and sensitive_data as a sink and indicate an expected absence of impact between the source and the sink, you see a green Expected absence of impact check in the results. The result shows Specification proven in the Type column.

<?xml version="1.0" encoding="UTF-8"?>
<impact-specifications xmlns="http://www.mathworks.com/PolyspaceImpactSpecifications">
     <variables>
       <variable>
           <match>
               <match-declaration>
                   <match-qualified-name value="external_data"/>
               </match-declaration>
           </match>
           <impact-source id="source1" event="onRead"/>
        </variable>
        <variable>
           <match>
               <match-declaration>
                   <match-qualified-name value="sensitive_data"/>
               </match-declaration>
           </match>
           <impact-sink id="sink1" event="onWrite"/>
        </variable>
    </variables>
    <expect>
        <no-impact source="source1" sink="sink1"/>
    </expect>
</impact-specifications>

Potential Violation of Expected Absence of Impact Specification

In the code below, the global variable external_data impacts the global variable sensitive_data on one execution path but has no impact on another execution path.

int external_data;
int sensitive_data;

void main() {
    int local_data = external_data;
    int isPositive = local_data > 0? 1 : 0;
    if(isPositive) {
        sensitive_data = local_data;
    }
    else {
        sensitive_data = 0;
    }
}

If you designate external_data as a source and sensitive_data as a sink and indicate an expected absence of impact between the source and the sink, you see an orange Expected absence of impact check in the results. The result shows Specification potentially violated in the Type column. The result is orange because there is at least one execution path where the source impacts the sink.

<?xml version="1.0" encoding="UTF-8"?>
<impact-specifications xmlns="http://www.mathworks.com/PolyspaceImpactSpecifications">
     <variables>
       <variable>
           <match>
               <match-declaration>
                   <match-qualified-name value="external_data"/>
               </match-declaration>
           </match>
           <impact-source id="source1" event="onRead"/>
        </variable>
        <variable>
           <match>
               <match-declaration>
                   <match-qualified-name value="sensitive_data"/>
               </match-declaration>
           </match>
           <impact-sink id="sink1" event="onWrite"/>
        </variable>
    </variables>
    <expect>
        <no-impact source="source1" sink="sink1"/>
    </expect>
</impact-specifications>

Check Information

Group: Impact specification

Language: C | C++

Acronym: EXPECTED_NO_IMPACT