Programming Defects

Defects for programming coding errors, assignment versus equality operators, type mismatch, wraparound, string arrays

These defects are errors relating to programming syntax. These defects include:

Assignment versus equality operators
Mismatches between variable qualifiers or declarations
Badly formatted strings

Polyspace 결과

High Impact Defects

`Assertion`	Failed assertion statement
`Character value absorbed into EOF`	Data type conversion makes a valid character value same as End-of-File (EOF)
`Declaration mismatch`	Mismatch between function or variable declarations
`Errno not reset`	`errno` not reset before calling a function that sets `errno`
`Incorrect value forwarding`	Forwarded object might be modified unexpectedly
`Invalid iterator usage`	Mismatched or uninitialized iterators are used in standard algorithm functions and comparison operations (R2022a 이후)
`Invalid use of == (equality) operator`	Equality operation in assignment statement
`Invalid use of standard library routine`	Wrong arguments to standard library function
`Invalid va_list argument`	Variable argument list used after invalidation with `va_end` or not initialized with `va_start` or `va_copy`
`Misuse of errno`	`errno` incorrectly checked for error conditions
`Misuse of narrow or wide character string`	Narrow (wide) character string passed to wide (narrow) string function
`Misuse of return value from nonreentrant standard function`	Pointer to static buffer from previous call is used despite a subsequent call that modifies the buffer
`Noncompliance with AUTOSAR specification`	An RTE API function is used with arguments that violate the AUTOSAR standard specification (R2021a 이후)
`Pointer or reference to destroyed temporary object`	Destruction of temporary object results in dangling pointer or reference (R2023b 이후)
`Possible misuse of sizeof`	Use of `sizeof` operator can cause unintended results
`Possibly unintended evaluation of expression because of operator precedence rules`	Operator precedence rules cause unexpected evaluation order in arithmetic expression
`std::string_view initialized with dangling pointer`	An `std::string_view` object is initialized by using an unnamed temporary object (R2022b 이후)
`Typedef mismatch`	Mismatch between `typedef` statements
`Variable length array with nonpositive size`	Size of variable-length array is zero or negative
`Writing to const qualified object`	Object declared with a `const` qualifier is modified
`Wrong type used in sizeof`	`sizeof` argument does not match pointed type

Medium Impact Defects

`Abnormal termination of exit handler`	Exit handler function interrupts the normal execution of a program
`Bad file access mode or status`	Access mode argument of function in `fopen` or `open` group is invalid
`Call through non-prototyped function pointer`	Function pointer declared without its type or number of parameters causes unexpected behavior
`Copy of overlapping memory`	Source and destination arguments of a copy function have overlapping memory
`Environment pointer invalidated by previous operation`	Call to `setenv` or `putenv` family function modifies environment pointed to by pointer
`Floating point comparison with equality operators`	Imprecise comparison of floating-point variables
`Function called from signal handler not asynchronous-safe`	Call to interrupted function causes undefined program behavior
`Function called from signal handler not asynchronous-safe (strict ISO C)`	Call to interrupted function causes undefined program behavior
`Improper array initialization`	Incorrect array initialization when using initializers
`Improper erase-remove idiom`	Container's `erase()` is not called or called improperly following a call to `std::remove()` (R2022a 이후)
`Incorrect data type passed to va_arg`	Data type of variadic function argument does not match type in `va_arg` call
`Incorrect pointer scaling`	Implicit scaling in pointer arithmetic might be ignored
`Incorrect type data passed to va_start`	Data type of second argument to `va_start` macro leads to undefined behavior
`Incorrect use of offsetof in C++`	Incorrect arguments to `offsetof` macro causes undefined behavior
`Incorrect use of va_start`	`va_start` is called in a non-variadic function or called with a second argument that is not the rightmost parameter of a variadic function
`Inline constraint not respected`	Non-`const` static variable is modified in nonstatic inline function
`Invalid assumptions about memory organization`	Address is computed by adding or subtracting from address of a variable
`Invalid file position`	`fsetpos()` is invoked with a file position argument not obtained from `fgetpos()`
`Invalid use of = (assignment) operator`	Assignment in conditional statement
`Memory comparison of padding data`	`memcmp` compares data stored in structure padding
`Memory comparison of strings`	`memcmp` compares data stored in strings after the null terminator
`Missing byte reordering when transferring data`	Different endianness of host and network
`Misuse of errno in a signal handler`	You read `errno` after calling an `errno`-setting function in a signal handler
`Shared data access within signal handler`	Access or modification of shared data causes inconsistent state
`Side effect in arguments to unsafe macro`	Macro contains arguments that can be evaluated multiple times or not evaluated
`Signal call from within signal handler`	Nonpersistent signal handler calling `signal()` in Windows system causes race condition
`Standard function call with incorrect arguments`	Argument to a standard function does not meet requirements for use in the function
`Too many va_arg calls for current argument list`	Number of calls to `va_arg` exceeds number of arguments passed to variadic function
`Too many va_arg calls for current argument list`	Number of calls to `va_arg` exceeds number of arguments passed to variadic function
`Unnamed namespace in header file`	Header file contains unnamed namespace leading to multiple definitions
`Unsafe conversion between pointer and integer`	Misaligned or invalid results from conversions between pointer and integer types
`Use of memset with size argument zero`	Size argument of function in `memset` family is zero
`Use of indeterminate string`	Use of unvalidated buffer from fgets-family function

Low Impact Defects

`Accessing object with temporary lifetime`	Read or write operations on the object are undefined behavior
`Alternating input and output from a stream without flush or positioning call`	Undefined behavior for input or output stream operations
`Call to memset with unintended value`	`memset` or `wmemset` used with possibly incorrect arguments
`Format string specifiers and arguments mismatch`	Format specifiers in `printf`-like functions do not match corresponding arguments
`Memory comparison of float-point values`	Object representation of floating-point values can be different (same) for equal (not equal) floating-point values
`Missing null in string array`	String does not terminate with null character
`Misuse of a FILE object`	Use of copy of FILE object
`Misuse of sign-extended character value`	Data type conversion with sign extension causes unexpected behavior
`Misuse of structure with flexible array member`	Memory allocation ignores flexible array member
`Modification of internal buffer returned from nonreentrant standard function`	Function attempts to modify internal buffer returned from a nonreentrant standard function
`Overlapping assignment`	Memory overlap between left and right sides of an assignment
`Possible copy-paste error`	A section of code is duplicated in other places with exactly one minor change (R2023a 이후)
`Predefined macro used as object`	You use standard library macros such as `assert` and `errno` as objects
`Preprocessor directive in macro argument`	You use a preprocessor directive in the argument to a function-like macro
`Qualifier removed in conversion`	Variable qualifier is lost during conversion
`Result of string::c_str() compared to another pointer`	The C string obtained from `std::string::c_str()` is compared to a pointer (or NULL) (R2021b 이후)
`Return from computational exception signal handler`	Undefined behavior when signal handler returns normally from program error
`Side effect of expression ignored`	`sizeof`, `_Alignof`, or `_Generic` operates on expression with side effect
`Stream argument with possibly unintended side effects`	Stream argument side effects occur more than once
`Universal character name from token concatenation`	You create a universal character name by joining tokens with `##` operator
`Unsafe conversion from string to numerical value`	String to number conversion without validation checks

도움말 항목

Bug Finder Defect Groups
The Bug Finder defect checkers are classified into groups such as data flow, concurrency, numerical, and so on.