The Parasoft AUTOSAR Compliance artifact is a set of assets for your DTP infrastructure that enable you to readily demonstrate compliance with AUTOSAR development guidelines. The AUTOSAR Compliance artifact can be adapted to support any version of the AUTOSAR standard, but it is configured by default for AUTOSAR C++ 14 (version 18.10). This artifact ships with the Automotive Compliance Pack for DTP 5.4.2. Contact your Parasoft representative for information about downloading and licensing the compliance pack.
In this section:
Background
AUTOSAR (AUTomotive Open System ARchitecture) is a worldwide development partnership of vehicle manufacturers, suppliers, service providers and companies from the automotive electronics, semiconductor and software industry. AUTOSAR is focused on the standardization of basic system functions and functional interfaces. The organization supports these initiatives by creating and publishing standards that provide guidance on the development of these systems.
The Parasoft AUTOSAR Compliance artifact configures code analysis to run against AUTOSAR rules and conforms the data to meet the reporting specifications defined in AUTOSAR C++14. AUTOSAR C++14 is an extension of the MISRA C++:2008 standard and uses many of the same rules, conventions, and terminology used in the MISRA standard.
Rules are classified based on the following characteristics:
Obligation Level
Rules are classified as either "required" or "advisory." Required rules are mandatory and must be complied with to claim compliance with AUTOSAR C++14. Deviations from required rules must be formally documented. Advisory rules should be followed as is reasonably practical. Deviations from advisory rules do not require formal documentation but should be raised when appropriate.
Ability to be Enforced by Static Analysis
Rules are classified as either "automated," "partially automated," or "non-automated." According AUTOSAR, automated rules are automatically enforceable with static analysis. Partially automated rules can be supported with static code analysis as support for a manual code review. Non-automated rules cannot be reasonably supported with static analysis and require other means of verification, such as manual code review.
The standard is based on assumptions about the limits of static code analysis technology. Parasoft code analysis, however, is able to check for some patterns in the code that may result in non-automated guideline violations.
Allocated Target
Rules are classified according to the target:
- architecture
- design
- implementation
- infrastructure
- toolchain
- verification
See "Guidelines for the use of the C++14 language in critical and safety-related systems" (PDF) for details and specific information about AUTOSAR rules and compliance processes.
Prerequisites
In addition to the AUTOSAR Compliance artifact, the following Parasoft products are required:
- DTP and DTP Enterprise Pack 5.4.2 with Enterprise license.
- C/C++test 10.4.2 (Standard or Professional) with the Flow Analysis and Automotive Compliance Pack license features enabled.
Process Overview
- Install the Automotive Compliance Pack for DTP 5.4.2 into DTP Extension Designer
- Deploy the AUTOSAR DTP Workflow to your DTP environment. This also deploys the AUTOSAR Compliance extension assets.
- Analyze code with C/C++test using the AUTOSAR C++14 Coding Guidelines test configuration and report violations to DTP. You can configure C/C++test to use the local test configuration or the test configuration shipped with the Security Compliance Pack.
- Add the AUTOSAR dashboard and widgets to your DTP interface.
- Interact with the widgets and reports to identify code that needs to be fixed, as well as print out the reports for auditing purposes.
Achieving 100% Compliance
According to AUTOSAR C++14, there are several guidelines that cannot be enforced with static analysis. As a result, DTP will report 100% compliance against the automated guidelines in the standard, as well as the applicable partially automated guidelines that map to a Parasoft static analysis rule.
AUTOSAR Compliance Extension Assets
The Parasoft AUTOSAR Compliance artifact helps you create the documentation required for demonstrating compliance with AUTOSAR C++14. The following assets are included:
- Compliance categories and guidelines: These files add the AUTOSAR Compliance option to DTP interfaces, such as widget configuration settings.
- Test configurations: These files specify which code analysis rules to execute. You can configure C/C++test to run the local test configuration or to run the test configuration uploaded to DTP when the compliance pack is installed.
- Dashboard template: This file enables you to add the AUTOSAR C++14 dashboard that includes a pre-defined set of AUTOSAR-related widgets.
- Model and profile: These files provide the framework for rendering the report data required to demonstrate compliance. See Profile Configuration for additional information.
- DTP Workflow: This is the DTP Enterprise Pack artifact that includes the widgets, reports, and processing logic that show violations in the context of AUTOSAR guidelines.
Installing and Deploying the DTP Workflow
- The AUTOSAR Compliance artifact is installed as part of the Automotive Compliance Pack. See Installation for instructions.
- Choose Extension Designer from the DTP settings menu (gear icon).
- Click the Services tab and choose a service category. You can deploy the artifact to any service category you want. You can also create a new category (see Working with Services), but we recommend deploying compliance pack artifacts to the DTP Workflows service category.
- You can deploy the artifact to an existing service or add a new service. The number of artifacts deployed to a service affects the overall performance. See Extension Designer Best Practices for additional information. Choose an existing service and continue to step 6 or click Add Service.
- Specify a name for the service and click Confirm.
- The tabs interface allows you to organize your artifacts within the service. Organizing your artifacts across one or more tabs does not affect the performance of the system. Click on a tab (or click the + button to add a new tab) and click the vertical ellipses menu.
- Choose Import> Library> Workflows> Automotive> AUTOSAR Compliance and click anywhere in the open area to add the the artifact to the service.
- Click Deploy to finish deploying the artifact to your DTP environment.
- Restart DTP. See Stopping DTP Services and Starting DTP Services for instructions.
You will now be able to add the AUTOSAR dashboard and widgets, as well as access AUTOSAR reports.
Adding the AUTOSAR Dashboard
The AUTOSAR dashboard is configured to show custom widgets shipped as part of the AUTOSAR artifact. The dashboard also contains select native DTP widgets configured to show code analysis data within the context of AUTOSAR C++14. The information in this section is also covered in the Adding Dashboards chapter.
- Click Add Dashboard and specify a name when prompted.
- (Optional) You can configure the default view for the dashboard by specifying the following information:
- Choose the filter associated with your project in the filter drop-down menu. A filter represents a set of run configurations that enabled custom views of the data stored in DTP. See DTP Concepts for additional information.
- Specify a range of time from the Period drop-down menu.
- Specify a range of builds from the Baseline Build and Target Build drop-down menus.
- Enable the Create dashboard from a template option and choose AUTOSAR C++14 Compliance from the drop-down menu.
- Click Create to finish adding the dashboard.
In addition to the AUTOSAR-specific widgets shipped with the artifact (see Viewing AUTOSAR Compliance Widgets), the dashboard includes three implementations of the native Categories - Top 5 Table DTP widget. The widgets are configured to use the AUTOSAR C++14 compliance categories shipped with the artifact.
Top 5 AUTOSAR Violations
This widget shows the five Parasoft rules with the most number of violations. Click on a link in the Name column to open the Violations by Rule report. Click on the more... link to open the Violations by Compliance Category report.
AUTOSAR Violations by Analysis
This widget shows the breakdown of violations by ability to be enforced (see Ability to be Enforced by Static Analysis). Click on a link in the Name column to open the Violations by Rule report.
Top 5 AUTOSAR Guidelines
This widget shows the five AUTOSAR guidelines with the most number of violations. Click on a link in the Name column to open the Violations by Rule report. Click on the more... link to open the Violations by Compliance Category report.
Widget Configuration
The following widgets are shipped with the AUTOSAR Compliance artifact:
- AUTOSAR Compliance - Guidelines by Status
- AUTOSAR Compliance - Percentage
- AUTOSAR Compliance - Status
- AUTOSAR Violations by Obligation - TreeMap
You can manually add the AUTOSAR Compliance widgets to your dashboard (see Adding Widgets). The widgets will appear in the Compliance category in the Add Widget overlay:
You can configure the following settings:
Title | You can rename the widget in the Title field. |
---|---|
Filter | Choose a specific filter or Dashboard Settings from the drop-down menu. See Creating and Managing Filters for additional information. |
Target Build | Choose a specific build from the drop-down menu. The build selected for the entire dashboard is selected by default. See Using Build Administration for additional information about understanding builds. |
Obligation | This setting is available in the AUTOSAR Compliance - Guidelines by Status and AUTOSAR Compliance - Status widgets. Choose one of the following:
|
Target | This setting is available in the AUTOSAR Compliance - Guidelines by Status and AUTOSAR Compliance - Status widgets. Choose one of the following:
|
Analysis | This setting is available in the AUTOSAR Compliance - Guidelines by Status and AUTOSAR Compliance - Status widgets. Choose one of the following:
|
Compliance Profile | Specify a compliance profile (see Profile Configuration). The compliance profile is used to generate the compliance report. |
Viewing AUTOSAR Compliance Widgets
Each widget provides a different view of the code analysis data to help you achieve AUTOSAR compliance. The following widgets are shipped with the AUTOSAR Compliance DTP Workflow.
AUTOSAR Compliance - Status
This widget shows you the general state of compliance. Click on the widget to open the AUTOSAR Compliance Report.
The widget can show five possible states:
Compliant Code meets all guidelines with no deviations or changes to the guideline categories. | |
Missing rule(s) in analysis Parasoft code analysis rules documented in your profile were not included in the specified build. Make sure all rules are enabled in C/C++test and re-run analysis. | |
Compliant with Deviations Code meets all guidelines, but deviations have been applied. Deviations are violations that you have determined to be acceptable (see Deviations Report for additional information about deviations). | |
Compliant with Violations Code meets all required guidelines but contains violations for advisory guidelines. | |
Not Compliant Code does not meet all required guidelines. |
AUTOSAR Compliance - Percentage
This widget shows the completeness of AUTOSAR compliance as a percentage. Completeness is based on number of guidelines being enforced in the profile. Click on the widget to open the AUTOSAR Compliance Report.
AUTOSAR Compliance - Guidelines by Status
This widget shows the compliance status for an individual obligation category (All, Required, or Advisory).
The pie chart can represent up to five different guideline statuses for the selected category:
Green | Guidelines that your code is complaint. |
Yellow | Guidelines that your code is deviating from but are still considered compliant. A deviation is when the guideline is not being followed according to the Parasoft static analysis rule, but is considered acceptable because it does not affect the safety of the software. Deviations represent Parasoft static analysis rules that have been suppressed. |
Orange | Guidelines that your code is considered compliant with, even though the static analysis rules that enforce them contain violations. Only advisory guidelines can have this status. |
Red | Guidelines that your code is not compliant with. |
Maroon | Guidelines that are specified in the profile, but the Parasoft rule that enforces the guideline is missing. |
You can perform the following actions:
- Mouse over a pie slice to view details.
- Click on a section to open the AUTOSAR Compliance report filtered by the category and status.
- Click on the number of violations counter to open the AUTOSAR Compliance report filtered by the category and status.
- Click on the number of deviations counter to open the Deviations Report filtered by the category selected in the widget.
AUTOSAR Violations by Obligation - TreeMap Widget
This widget provides a representation of the highest concentration of static analysis violations per AUTOSAR obligation (required, advisory). The widget also shows the guidelines within each category in which violations were reported. Finally, the Parasoft rule(s) enforcing each guideline are also presented. Tiles are proportional to the number of static analysis violations reported for each rule.
The widget uses the hierarchy established in the model profile to correlate rules, guidelines, and categories. You can mouse over a tile in the widget to view the number of violations associated with each rule-guidline-category.
Click on a rule to see the violation in the Violations Explorer.
Viewing AUTOSAR Compliance Reports
The AUTOSAR Compliance Report provides an overview of your AUTOSAR compliance status and serves as the primary document for demonstrating compliance. It includes an entry for each guideline, its level of compliance, any deviations and/or re-catorizations, etc.
You can perform the following actions:
- Use the drop-down menus to filter by obligation level, target, analysis, or compliance status.
- Click on a guideline link in the Guideline column to open the Guideline Enforcement Plan. The link goes directly to the specific guideline so that you can review the Parasoft code analysis rule or rules enforcing the guideline.
- Click on a link in the # of Violations, In-Code Suppression, or DTP Suppressions column to view the violations in the Violations Explorer.
- Open one of the AUTOSAR Compliance sub-reports.
- Click Download PDF to export a printer-friendly PDF version of the report data. If you added a custom graphic to DTP as described in Adding a Custom Graphic to the Navigation Bar, the PDF will also be branded with the graphic.
The AUTOSAR Compliance Report contains the following sub-reports:
Guideline Enforcement Plan
The Guidelines Enforcement Plan (GEP) lists the AUTOSAR guidelines mapped to Parasoft code analysis rules and other information to demonstrate how compliance is checked.
This report uses the data specified in the compliance profile (see Profile Configuration). In the profile, you can add notes to the Compiler field, such as “no errors” or specific compiler settings that will be applied to document your plan. These notes appear in the Compiler column.
The Analysis Tool column should refer to the static analysis rule. The Manual Review column should contain any manual verifications that will be performed in addition to the automated checks applied by the compiler and analysis tool.
Guideline Re-categorization Plan
You can change a guideline's obligation level from advisory to required and still claim compliance with AUTOSAR C++14. Guidelines cannot, however, be re-categorized as advisory. If you changed any of the AUTOSAR guideline categories (see Profile Configuration), they will be processed and displayed in this report.
Deviation Report
A "deviation" is a documented violation of the guideline and supporting rationale for allowing the violation to remain. In the context of AUTOSAR compliance with Parasoft, deviations take the form of suppressed code analysis violations. Your project can have deviations and still be considered compliant if the deviations are documented in the report and do not impact safety.
Your code can contain violations and still be AUTOSAR-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code or in the DTP Violations Explorer. See the C++test documentation for details on suppressing violations in the code. See Suppressing Violations in the Violations Explorer documentation for information about suppressing violations in DTP.
Click on the Deviations Report link in the AUTOSAR Compliance report to open the Deviations Report.
The Deviations Report shows all guideline IDs and headers, but guidelines that have been suppressed will show additional information.
You can filter the report by obligation level, target, and analysis type (Automated, Partially Automated, Non-Automated), as well as enable the Only Deviations option to only show deviations.
Build Audit Report
The Build Audit Report shows an overview of code analysis violations, as well as test results and coverage information, associated with the build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with AUTOSAR during a regulatory audit.
In order to download an archive, the build has to be locked. See Build Audit Report for additional details about this report.
Profile Configuration
The AUTOSAR Compliance DTP Workflow ships with a model profile (see Working with Model Profiles) configured to monitor compliance with AUTOSAR C++14. The profile include information necessary for generating compliance reports (see Viewing AUTOSAR Compliance Reports). It includes a field for you to specify your compiler, as well as guideline categorization and re-categoriziation information. You can modify the profile if you want to re-categorize guidelines to meet your specific goals or specify additional metadata for your reports. Changes will be reflected in the Guideline Re-categorization Plan.
We recommend creating a copy of the default profile and modifying the copy.
- Choose Extension Designer from the DTP settings menu (gear icon).
- Click the Model Profile tab and expand the AUTOSAR Compliance menu.
- Click AUTOSAR C++14 and click Export Profile to download a copy.
- Click Add Profile and provide a name when prompted.
- Click Confirm. An empty profile is added.
- Rename the exported copy of the default profile and click Import Profile.
- Browse for the copy and confirm to upload.
- Click on a guideline and specify your changes. You are allowed to change a guideline's obligation level from advisory to required and claim compliance with AUTOSAR C++14, but required rules cannot be re-categorized as advisory.
- Click Save.
Upgrading AUTOSAR Compliance
You should update any extensions when you upgrade DTP. Extensions are designed to be forward compatible, but Parasoft does not guarantee that older extensions will function as expected with newer versions of DTP. We strongly recommend installing the latest version of the artifact and removing the older version to ensure proper functionality.
- Install the latest version of the Automotive Compliance Pack as described in the Installation section.
- Open Extension Designer from the DTP settings menu (gear icon) and click the Settings tab.
- Expand the DTP Workflow compliance category (or the category containing the service with the older AUTOSAR artifact) and click on the service.
- Click on the tab containing the AUTOSAR flow and delete all nodes. You can use your mouse to click and drag over all nodes or use the select-all keyboard shortcut.
- Import the new AUTOSAR Compliance artifact by choosing Import> Library> Workflows> Automotive> AUTOSAR Compliance from the vertical ellipses menu.
- Click Deploy to finish deploying the newer AUTOSAR assets.
- Click the Configuration tab and click the delete button (trash icon) for the older extension.