Main Content

Non-compliance with AUTOSAR specification

An RTE API function is used with arguments that violate the AUTOSAR standard specification

Since R2021a

expand all in page

Description

This defect occurs when you use an RTE API function with arguments that violate the AUTOSAR standard specifications.

For instance, checks on Rte_Write_* or Rte_Byps_Write_* function calls determine if the pointer-to-data argument in the call:

  • Is NULL valued.

  • Points to a memory buffer.

  • Points to an initialized memory buffer.

  • For buffers with enum values, values are within the enum range.

For more information on the RTE API specifications, see AUTOSAR documentation (Specification of RTE Software).

To enable this check, use the value autosar for the option Libraries used (-library).

A more exhaustive version of the same checker is available with Code Prover. When checking for AUTOSAR standard violations on an Rte_ function call, the Code Prover checker considers all execution paths that lead to the function call (subject to verification assumptions).

Risk

The RTE function usage might lead to run-time errors.

Fix

The fix depends on the root cause of the defect. To diagnose this check, read the message on the Result Details pane. The message shows all checks performed on the RTE API function, along with information about whether the check passed. For instance, this message:

Shows the results of three checks, all three of which might fail. The first argument of the function might be a null pointer, might not be allocated and might not point to initialized memory.

Investigate the root cause of the issue further.

Examples

expand all

#include <stdlib.h>

// Type declarations that are typically in AUTOSAR header Rte_type.h
typedef unsigned char uint8_T;
typedef unsigned int uint32_T;
typedef uint8_T Std_ReturnType;

typedef struct {
    uint8_T color;
    uint32_T number;
}
colorNumber;

extern Std_ReturnType Rte_Byps_Write_out_colorNumber_1(colorNumber*);

void SendData() {
    colorNumber aColor;
    uint8_T copyColor;
    uint32_T copyNumber;
    
    colorNumber* aPtrColor = &aColor;
    Rte_Byps_Write_out_colorNumber_1(aPtrColor);          
    
    copyColor = aColor.color;
    copyNumber = aColor.number;
}

In this example, the function Rte_Byps_Write_out_colorNumber_1 takes a pointer to a non-initialized variable. The checker flags the function call because the pointer does not point to initialized memory. To run this example, use the option -library autosar.

#include <stdlib.h>

// Type declarations that are typically in AUTOSAR header Rte_type.h
typedef unsigned char uint8_T;
typedef unsigned int uint32_T;
typedef uint8_T Std_ReturnType;

typedef struct {
    uint8_T color;
    uint32_T number;
}
colorNumber;
extern Std_ReturnType Rte_Byps_Write_out_colorNumber_2(colorNumber*);

void SendData() {
    colorNumber* arrayColorNumber = (colorNumber*) malloc(2*sizeof(colorNumber));
    uint8_T copyColor;
    uint32_T copyNumber;
    
    Rte_Byps_Write_out_colorNumber_2(arrayColorNumber);   
    
    copyColor = arrayColorNumber[0].color;   
    copyNumber = arrayColorNumber[0].number;      
}

In this example, the function Rte_Byps_Write_out_colorNumber_2 takes a pointer returned from a memory allocation with malloc. The checker flags the function call because the pointer does not point to initialized memory. To run this example, use the option -library autosar.

Result Information

Group: Programming
Language: C | C++
Default: Off
Command-Line Syntax: autosar_lib_non_compliance
Impact: High

Version History

Introduced in R2021a

See Also

Topics