Simulink C Code Generation creates out of bounds access errors in arrays

17 visualizaciones (últimos 30 días)
Marco Montanaro
Marco Montanaro el 22 de Sept. de 2024
Respondida: Abhas el 4 de Dic. de 2024 a las 3:56
I have recently performed a C code generation task on a complex model that required several matrices and arrays to function. I cannot disclose the specifics of the model itself, but all the operations were mostly just reads and writes for the individual code blocks, with a few special blocks (mpc, integrators and derivatives) used for a control system.
The C code provided by Simulink however contains several new errors related to accesses to arrays that end up being out of bounds. The reason why such errors occur lies within the variables the coder used as array indices, as several of them can take values much larger than the maximum index possible. Note that in no Matlab functions I've used in the model have I ever picked them to obtain any item from an array.
As an example, running polyspace on the following generated code returns an "Attempt to access AutonomousDrivingFunction_B.D_JP_Extended outside its bounds" error. Note that the comments are the original lines of Matlab code that were translated in C:
uint32_T D_Safe_Loc;
uint32_T D_JP_Extended[12672]; /*As part of AutonomousDrivingFunction_B */
/*...*/
if (AutonomousDrivingFunction_B.D_JP_Extended[(((int32_T)
rtb_V_MaxTrain_ETCS_On_V) - 1) * 6] ==
AutonomousDrivingFunction_B.D_JP_Extended[6 * idx]) {
/* '<S330>:1:85' D_JP_Extended(5,N_Iter_JP_Index) = D_JP_Extended(5,N_Elem_JP+N_Limit_Index); */
rtb_V_MaxTrain_ETCS_On_V = D_Safe_Loc;
if (rtb_V_MaxTrain_ETCS_On_V > 65535U) {
rtb_V_MaxTrain_ETCS_On_V = 65535U;
}
AutonomousDrivingFunction_B.D_JP_Extended[(6 * idx) + 4] =
AutonomousDrivingFunction_B.D_JP_Extended[((((int32_T)
rtb_V_MaxTrain_ETCS_On_V) - 1) * 6) + 4];
/* '<S330>:1:88' D_JP_Extended(1,N_Elem_JP+N_Limit_Index) = 4294967295; */
if (D_Safe_Loc > 65535U) {
D_Safe_Loc = 65535U;
}
AutonomousDrivingFunction_B.D_JP_Extended[6 * (((int32_T)D_Safe_Loc) -
1)] = MAX_uint32_T;
}
  1 comentario
Shubham
Shubham el 8 de Oct. de 2024
  • Are you getting the "out of bounds" error while Simulating or only for code generation?
  • Have you checked for the index values in your MATLAB function itself?
  • Could you provide the actual function from which this code is generated?

Iniciar sesión para comentar.

Iniciar sesión para responder a esta pregunta.

Respuestas (1)

Abhas
Abhas el 4 de Dic. de 2024 a las 3:56
Hi @Marco Montanaro,
I also encountered the out-of-bounds array access issue in the C code generated by Simulink's Embedded Coder. Upon doing some research I found the root cause to be the following:
  • Faulty Indexing in Generated Code: The generated C code uses variables as array indices, which can exceed the array bounds. In the following line "rtb_V_MaxTrain_ETCS_On_V" and "D_Safe_Loc" are not properly constrained, causing accesses outside the array bounds.
AutonomousDrivingFunction_B.D_JP_Extended[(((int32_T)rtb_V_MaxTrain_ETCS_On_V) - 1) * 6]
  • S-Function Block Configuration Issues: If your model includes S-Function blocks that operate on signals with preserved dimensions and the total elements in the signal are below the "Loop unrolling threshold", this can lead to invalid indexing in the generated code.
To solve the issue Set the model configuration parameter "Loop unrolling threshold" to 1 by following the below steps:
  • Go to "Model Configuration Parameters" → "Code Generation" → "Optimization".
  • Set "Loop unrolling threshold" to 1.
  • This change reduces the likelihood of invalid indexing by altering how loops are optimized in the generated code.
You may also refer to the below MathWorks bug report to know more about the same: https://www.mathworks.com/support/bugreports/details/3379383

Etiquetas

Productos


Versión

R2024a

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by