Main Content

Invalid use of AUTOSAR runtime environment function

RTE function argument violates AUTOSAR specifications

Description

This check evaluates calls to functions provided by the AUTOSAR Run-Time Environment (Rte_ functions). The check determines if the function arguments can violate AUTOSAR XML specifications at run-time.

This check is enabled only if you run a Code Prover analysis based on AUTOSAR ARXML specifications, either in the Polyspace® user interface or using the polyspace-autosar command. For more information, see Run Polyspace on AUTOSAR Code.

Diagnosing This Check

Using the information on the Result Details pane, determine whether an argument violates data constraints in the AUTOSAR XML specifications or can be NULL-valued. Look for the ! icon that indicates a definite error or the ? icon that indicates a possible error.

For each function argument, the check looks for these violations:

  • Data constraint violations:

    Suppose, in this call to Rte_IWrite_step_out_e4, the second argument points to a data type that must obey a data constraint. The analysis checks if the constraint can be violated at run time.

    Rte_IWrite_step_out_e4(self, arg);
    The check can result in a message such as this. The message indicates that the argument has a value that falls outside the constrained range (in this case, the value 321).

    In general, the analysis verifies if each Rte_ function argument stays within the constrained range allowed by its AUTOSAR data type. You limit values of AUTOSAR data types by referring to data constraints in your ARXML files. For instance, a constraint specification can look like this (AUTOSAR XML schema version 4.0).

    <DATA-CONSTR>
   <SHORT-NAME>n320to320</SHORT-NAME>
     <DATA-CONSTR-RULES>
       <DATA-CONSTR-RULE>
         <PHYS-CONSTRS>
           <LOWER-LIMIT INTERVAL-TYPE="CLOSED">-320</LOWER-LIMIT>
           <UPPER-LIMIT INTERVAL-TYPE="CLOSED">320</UPPER-LIMIT>
           <UNIT-REF DEST="UNIT">/jyb/types/units/NoUnit</UNIT-REF>
         </PHYS-CONSTRS>
       </DATA-CONSTR-RULE>
     </DATA-CONSTR-RULES>
</DATA-CONSTR>
...
<APPLICATION-PRIMITIVE-DATA-TYPE>
       <SHORT-NAME>Int_n320to320</SHORT-NAME>
       <CATEGORY>VALUE</CATEGORY>
       <SW-DATA-DEF-PROPS>
         <SW-DATA-DEF-PROPS-VARIANTS>
            <SW-DATA-DEF-PROPS-CONDITIONAL>
                ...
            <DATA-CONSTR-REF DEST="DATA-CONSTR">types/app/constraints/n320to320
            </DATA-CONSTR-REF>
                ...
            </SW-DATA-DEF-PROPS-CONDITIONAL>
        </SW-DATA-DEF-PROPS-VARIANTS>
    </SW-DATA-DEF-PROPS>
</APPLICATION-PRIMITIVE-DATA-TYPE>

  • Violations of AUTOSAR standard specifications such as passing unallocated pointers as input arguments to some RTE functions:

    Suppose, in this call to Rte_IWrite_step_out_e4, the second argument is a pointer. The analysis checks if the pointer is non-NULL and allocated for all possible execution paths.

    Rte_IWrite_step_out_e4(self,arg);
    The check can result in a message such as this.

    In general, the analysis verifies if a pointer argument to an Rte_ function is non-NULL and allocated.

    These violations are also found with the checker Non-compliance with AUTOSAR specification.

Result Information

Group: Other
Language: C
Acronym: AUTOSAR_USE

Version History

Introduced in R2018a

See Also

|

Topics