Main Content

Non-compliance with AUTOSAR specification

RTE API function is used with arguments that violate the AUTOSAR standard specification

Since R2021a

expand all in page

Description

This check determines if the arguments to an RTE API function violate the AUTOSAR standard specifications.

For instance, checks on Rte_Write_* or Rte_Byps_Write_* function calls determine if the pointer-to-data argument in the call:

  • Is NULL valued.

  • Points to a memory buffer.

  • Points to an initialized memory buffer.

  • For buffers with enum values, values are within the enum range.

For more information on the RTE API specifications, see AUTOSAR documentation (Specification of RTE Software).

To enable this check, use the value autosar for the option Libraries used (-library).

This check finds a subset of issues found with the check Invalid use of AUTOSAR runtime environment function. Setting up for this check does not require providing the design constraints in ARXML format, therefore this check cannot find the constraint violations found with the other check. See also Choose Between Component-Based and Integration Analysis of AUTOSAR Code with Polyspace.

Diagnosing This Check

To diagnose this check, read the message on the Result Details pane. The message shows all checks performed on the RTE API function, along with information about whether the check passed. For instance, this message:

Shows the results of three checks. Only one of the checks indicates a possible issue. The first argument of the function might not point to initialized memory.

Investigate the root cause of the issue further.

Examples

expand all

#include <stdlib.h>

// Type declarations that are typically in AUTOSAR header Rte_type.h
typedef unsigned char uint8_T;
typedef unsigned int uint32_T;
typedef uint8_T Std_ReturnType;

typedef struct {
    uint8_T color;
    uint32_T number;
}
colorNumber;

extern Std_ReturnType Rte_Byps_Write_out_colorNumber_1(colorNumber*);

void SendData() {
    colorNumber aColor;
    uint8_T copyColor;
    uint32_T copyNumber;
    
    colorNumber* aPtrColor = &aColor;
    Rte_Byps_Write_out_colorNumber_1(aPtrColor);          
    
    copyColor = aColor.color;
    copyNumber = aColor.number;
}

In this example, the function Rte_Byps_Write_out_colorNumber_1 takes a pointer to a non-initialized variable. The check on this function is red indicating a definite issue.

The check message states that:

  • The pointer cannot have a NULL value.

  • The pointer is allocated a buffer.

  • The poined buffer is not initialized.

Since one of the constituent checks, the third one, indicates a definite error, the check is red.

#include <stdlib.h>

// Type declarations that are typically in AUTOSAR header Rte_type.h
typedef unsigned char uint8_T;
typedef unsigned int uint32_T;
typedef uint8_T Std_ReturnType;

typedef struct {
    uint8_T color;
    uint32_T number;
}
colorNumber;
extern Std_ReturnType Rte_Byps_Write_out_colorNumber_2(colorNumber*);

void SendData() {
    colorNumber* arrayColorNumber = (colorNumber*) malloc(2*sizeof(colorNumber));
    uint8_T copyColor;
    uint32_T copyNumber;
    
    Rte_Byps_Write_out_colorNumber_2(arrayColorNumber);   
    
    copyColor = arrayColorNumber[0].color;   
    copyNumber = arrayColorNumber[0].number;      
}

In this example, the function Rte_Byps_Write_out_colorNumber_2 takes a pointer returned from a memory allocation with malloc. The check on this function is red indicating a definite issue.

The check message indicates that:

  • The pointer might have a NULL value.

  • If the pointer value is not NULL, the pointer is allocated a buffer.

  • If the pointer value is not NULL and the pointer points to a buffer, the buffer is not initialized.

Since one of the constituent checks, the third one, indicates a definite error, the check is red.

#include <stdlib.h>

// Type declarations that are typically in AUTOSAR header Rte_type.h
typedef unsigned char uint8_T;
typedef unsigned int uint32_T;
typedef uint8_T Std_ReturnType;

typedef struct {
    uint8_T color;
    uint32_T number;
}
colorNumber;
extern Std_ReturnType Rte_Byps_Write_out_colorNumber_2(colorNumber*);

void SendData(uint8_T hasInitialData, colorNumber* initialColorData) {
    colorNumber arrayColorNumber[2];
    uint8_T copyColor;
    uint32_T copyNumber;
    
    if(hasInitialData == 1) {
        for(uint8_T i = 0; i < 2; i++) {
            arrayColorNumber[i].color = initialColorData[i].color;
            arrayColorNumber[i].number = initialColorData[i].number;
        }
    }
    else if (hasInitialData == 0){
        for(uint8_T i = 0; i < 2; i++) {
            arrayColorNumber[i].color = 0;
            arrayColorNumber[i].number = 0;
        }
    }
    
    Rte_Byps_Write_out_colorNumber_2(arrayColorNumber);   
   
}

In this example, the function Rte_Byps_Write_out_colorNumber_2 takes a pointer to a possibly noninitialized buffer. The check on this function is orange, indicating a possible error, for instance, an error that occurs only on certain execution paths. You can see that because of a missing catch-all else clause in the if-else if-else statement, the buffer arrayColorNumber is not initialized for values of hasInitialData other than 0 and 1.

The check message indicates that:

  • The pointer cannot have a NULL value.

  • The pointer is allocated a buffer.

  • The buffer might not be initialized.

Since one of the constituent checks, the third one, indicates a possible error, the check is orange.

Check Information

Group: Other
Language: C | C++
Default: On if you use the value autosar for the option Libraries used (-library), otherwise off
Command-Line Syntax: autosar_compliance

Version History

Introduced in R2021a

See Also

Topics