This topic shows how to review Bug Finder results in the user interface of the Polyspace desktop products. For a similar workflow in the Polyspace Access web interface, see Interpret Bug Finder Results in Polyspace Access Web Interface (Polyspace Bug Finder Access). To see how to review results of Polyspace as You Code in IDEs, see Run Polyspace as You Code in IDEs and Review Results (Polyspace Bug Finder Access).
When you open the results of a Polyspace® Bug Finder™ analysis, you see a list on the Results List pane. The results consist of defects, coding rule violations or code metrics.
You can first narrow down the focus of your review:
Use filters on the results list columns to narrow down the list. For instance, you can focus on the high-impact defects.
Organize results by file or result family. Use the icon above the list.
Once you narrow down the list, you can begin reviewing individual results. This topic describes how to review a result.
To begin your review, select a result in the list.
The first step is to understand what is wrong. Read the message on the Result Details pane and the related line of code on the Source pane.
Sometimes, you need additional help for certain results. Click the icon to open a help page for the selected result. See code examples illustrating the result. Check external standards such as CWE or CERT-C that provide additional rationale for fixing the issue.
At this point, you might be ready to decide whether to fix the issue or not. Once you identify a fix, it might help to review all results of that type together.
Sometimes, the root cause might be far from the actual location where the result
is displayed. For instance, a variable that you read might be non-initialized
because the initialization is not reachable. The defect is shown when you read the
variable, but the root cause is perhaps a previous
while condition that is always false.
Typically, the Result Details pane shows one sequence of events that leads to the result. The Source pane also highlights these events.
In the above event traceback, this sequence is shown:
value is declared.
The execution path bypasses an
This information might be relevant if the variable is initialized
Location of the current defect: Non-initialized variable
Typically, the traceback shows major points in the control flow: entering or bypassing conditional statements or loops, entering a function, and so on. For specific defects, the traceback shows other kinds of events relevant to the defect. For instance, for a Declaration mismatch defect, the traceback shows the two locations with conflicting declarations.
If the event traceback is not available, use other navigation tools to trace your own path through the code.
Before you begin navigating through pathways in your code, ask the question: What am I looking for? Based on your answer, choose the appropriate navigation tool. For instance:
To investigate a Non-initialized variable defect, you might want to make sure that the variable is not initialized at all. To look for previous instances of the variable, on the Source pane, right-click the variable and select Search For All References. Alternatively, double-click the variable. These options show only instances of a specific variable and not other variables with the same name in other scopes.
To investigate a violation of MISRA C:2012 Rule 17.7:
The value returned by a function having non-void return type shall be used.
After you navigate away from the current result, use the icon on the Result Details pane to come back.
If you click a source code token containing a result, the previous result
selection on the Results List and the details on the
Result Details pane do not change. You can keep the
result in the results list and the result details pinned while navigating in the
source code. Sometimes, you might want to see the result associated with a
token. To update the result selection and the details,
Ctrl-click the token or right-click and select
Select Results At This Location.
If reviewing a result requires deeper navigation in your source code, you can create a duplicate source code window that focuses on the result while you navigate in the original source code window.
Right-click on the Source pane and select
Create Duplicate Code Window. Right-click on the tab
showing the duplicate file name (ending with
-spawn 1) and
select New Vertical Group.
Perform the navigation steps in the duplicate file window while the defect still appears on the original file window. After the investigation is over, close the duplicate window.