Reasons for Unchecked Code

Issue

After verification, you see in the Code covered by verification graphs that a significant portion of your code has not been checked for run-time errors.

For instance, in the following graph, the Dashboard pane shows that as much as 75% of your functions have not been checked for run-time errors. (In the functions that were checked, only 7% of operations have not been checked.)

The unchecked code percentage in the Code covered by verification graph covers:

Functions and operations that are not checked because they are proven to be unreachable.
They appear gray on the Source pane.
Functions and operations that are not proven unreachable but not checked for some other reason.
They appear black on the Source pane.

Click the Code covered by verification graph to see a list of unchecked functions.

Possible Cause: Compilation Errors

If some files fail to compile, the Polyspace^® analysis continues with the remaining files. However, the analysis does not check the uncompiled files for run-time errors.

To see if some files did not compile, check the Output Summary or Dashboard pane. To make sure that all files compile before analysis, use the option Stop analysis if a file does not compile (-stop-if-compile-error).

Solution

Fix the compilation errors and rerun the analysis.

For more information on:

How the Polyspace compilation works, see Troubleshoot Compilation and Linking Errors.
Specific compilation errors, see Troubleshoot Compilation Errors.

Possible Cause: Early Red or Gray Check

You have a red or gray check towards the beginning of the function call hierarchy. Red or grey checks can lead to subsequent unchecked code.

Red check: The verification does not check subsequent operations in the block of code containing the red check.
Gray check: Gray checks indicate unreachable code. The verification does not check operations in unreachable code for run-time errors.

If you call functions from the unchecked block of code, the verification does not check those functions either. If you have a red or gray check towards the beginning of the call hierarchy, functions further on in the hierarchy might not be checked. You end up with a significant amount of unchecked code.

For instance, in the following code, only 1 out of 4 functions are checked and the Procedure graph shows 25%. The functions func_called_from_unreachable_1, func_called_from_unreachable_2 and func_called_after_red are not checked. Only main is checked.

void func_called_from_unreachable_1(void) {
}

void func_called_from_unreachable_2(void) {     
}

void func_called_after_red(void) {
}

int glob_var;

void main(void) {
     int loc_var;
     double res;
     
     glob_var=0;
     glob_var++;
     
     if (glob_var!=1) {
           func_called_from_unreachable_1();
           func_called_from_unreachable_2();
     }
     
     res=0;
     /* Division by zero occurs in for loop */
     for(loc_var=-10;loc_var<10;loc_var++) {
	          res += 1/loc_var;
     }
     
     func_called_after_red();
}

Solution

See if the main function or another Tasks function has red or gray checks. See if you call most of your functions from the subsequent unchecked code.

To navigate from the main down the function call hierarchy and identify where the unchecked code begins, use the navigation features on the Call Hierarchy pane. If you do not see the pane by default, select Window > Show/Hide View > Call Hierarchy. For more information, see Call Hierarchy.

Alternatively, you can consider an arbitrary unchecked function and investigate why it is not checked. See if the same reasoning applies for many functions. To detect if a function is not called at all from an entry point or called from unreachable code, use the option Detect uncalled functions (-uncalled-function-checks).

Review the red or gray checks and fix them.

Possible Cause: Incorrect Options

You did not specify the necessary analysis options. When incorrectly specified, the following options can cause unchecked code:

Multitasking options: If you are verifying multitasking code, through these options, you specify your entry point functions.
Possible errors in specification include:
- You expected automatic concurrency detection to detect your thread creation, but you use thread creation primitives that are not yet supported for automatic detection.
- With manual multitasking setup, you did not specify all your entry points.
Main generation options: Through these options, you generate a main function if it does not exist in your code. When verifying modules or libraries, you use these options.
You did not specify all the functions that the generated main must call.
Inputs and stubbing options: Through these options, you constrain variable ranges from outside your code or force stubbing of functions.
Possible errors in specification include:
- You specified variable ranges that are too narrow causing otherwise reachable code to become unreachable.
- You stubbed some functions unintentionally.
Macros: Through these options, you define or undefine preprocessor macros.
You might have to explicitly define a macro that your compiler considers implicitly as defined.

Solution

Check your options in the preceding order. If your specifications are incorrect, fix them.

Possible Cause: `main` Function Does Not Terminate

This cause applies only for multitasking code when entire entry-point functions are not checked.

If you configure multitasking options manually, you must follow the restrictions on the Polyspace multitasking model. In particular, the main function must not contain an infinite loop or a run-time error. Otherwise, entry-point functions are not checked.

For instance, in this example, task2 is not checked even if you specify it as an entry point. The reason is the infinite loop in the main function.

void performTask1Cycle(void);
void performTask2Cycle(void);

void main() {
 while(1) {
    performTask1Cycle();
  } 
}

void task2() {
 while(1) {
    performTask2Cycle();
  }
}

You see the while keyword in the main function underlined in dashed red. A tooltip indicates that the loop might not terminate.

Likewise, if a run-time error occurs, the function call leading to the run-time error is underlined in dashed red with an accompanying tooltip.

Solution: Terminate `main` Function

Fix the reason why the main function does not terminate.

If the reason is a definite run-time error (red check), fix the error.
If the reason is an infinite loop, see why the loop must be infinite.
If the infinite loop in the main function represents a cyclic task, terminate the main function and move the infinite loop to another entry-point function. You can make this change only for the purposes of Polyspace analysis without actually modifying your main function. See Configuring Polyspace Multitasking Analysis Manually.

Documentation