The Parasoft AUTOSAR Compliance artifact is a set of assets for your DTP infrastructure that enable you to readily demonstrate compliance with AUTOSAR development guidelines. The AUTOSAR Compliance artifact can be adapted to support any version of the AUTOSAR standard, but it is configured by default for AUTOSAR C++ 14 (version 19.03). This artifact ships with the Automotive Compliance Pack. Contact your Parasoft representative for information about downloading and licensing the compliance pack.
In this section:
Background
AUTOSAR (AUTomotive Open System ARchitecture) is a worldwide development partnership of vehicle manufacturers, suppliers, service providers and companies from the automotive electronics, semiconductor and software industry. AUTOSAR is focused on the standardization of basic system functions and functional interfaces. The organization supports these initiatives by creating and publishing standards that provide guidance on the development of these systems.
The Parasoft AUTOSAR Compliance artifact configures code analysis to run against AUTOSAR rules and conforms the data to meet the reporting specifications defined in AUTOSAR C++14. AUTOSAR C++14 is an extension of the MISRA C++:2008 standard and uses many of the same rules, conventions, and terminology used in the MISRA standard.
Rules are classified based on the following characteristics:
Obligation Level
Rules are classified as either "required" or "advisory." Required rules are mandatory and must be complied with to claim compliance with AUTOSAR C++14. Deviations from required rules must be formally documented. Advisory rules should be followed as is reasonably practical. Deviations from advisory rules do not require formal documentation but should be raised when appropriate.
Ability to be Enforced by Static Analysis
Rules are classified as either "automated," "partially automated," or "non-automated." According AUTOSAR, automated rules are automatically enforceable with static analysis. Partially automated rules can be supported with static code analysis as support for a manual code review. Non-automated rules cannot be reasonably supported with static analysis and require other means of verification, such as manual code review.
The standard is based on assumptions about the limits of static code analysis technology. Parasoft code analysis, however, is able to check for some patterns in the code that may result in non-automated guideline violations.
Allocated Target
Rules are classified according to the target:
- architecture
- design
- implementation
- infrastructure
- toolchain
- verification
See "Guidelines for the use of the C++14 language in critical and safety-related systems" for details and specific information about AUTOSAR rules and compliance processes.
Prerequisites
The AUTOSAR artifact supports data from C/C++test (Standard or Professional) with the Flow Analysis and Automotive Compliance Pack license features enabled.
Process Overview
- Install the Automotive Compliance Pack into DTP Extension Designer
- Deploy the AUTOSAR DTP Workflow to your DTP environment. This also deploys the AUTOSAR Compliance extension assets.
- Analyze code with C/C++test using the AUTOSAR C++14 Coding Guidelines test configuration and report violations to DTP. You can configure C/C++test to use the local test configuration or the test configuration shipped with the Automotive Compliance Pack.
- Add the AUTOSAR dashboard and widgets to your DTP interface.
- Interact with the widgets and reports to identify code that needs to be fixed, as well as print out the reports for auditing purposes.
Achieving 100% Compliance
DTP reports compliance against AUTOSAR C++ 14 guidelines that are enforceable with Parasoft static analysis and enabled in the AUTOSAR C++ 14 compliance reporting.
AUTOSAR Compliance Extension Assets
The Parasoft AUTOSAR Compliance artifact helps you create the documentation required for demonstrating compliance with AUTOSAR C++14. The following assets are included:
- Compliance categories and guidelines: These files add the AUTOSAR Compliance option to DTP interfaces, such as widget configuration settings.
- Test configurations: These files specify which code analysis rules to execute. You can configure C/C++test to run the local test configuration or to run the test configuration uploaded to DTP when the compliance pack is installed.
- Dashboard template: This file enables you to add the AUTOSAR C++14 dashboard that includes a pre-defined set of AUTOSAR-related widgets.
- Model and profile: These files provide the framework for rendering the report data required to demonstrate compliance. See Profile Configuration for additional information.
- DTP Workflow: This is the DTP Enterprise Pack artifact that includes the widgets, reports, and processing logic that show violations in the context of AUTOSAR guidelines.
Installing and Deploying the DTP Workflow
- The AUTOSAR Compliance artifact is installed as part of the Automotive Compliance Pack. See Installation for instructions.
- Choose Extension Designer from the DTP settings (gear icon) menu.
- Click the Services tab and choose a service category. You can deploy the artifact to an existing service or add a new service. We recommend deploying compliance pack artifacts to a service within the DTP Workflows category.
The number of artifacts deployed to a service affects the overall performance (see Extension Designer Best Practices for additional information). If you are deploying the artifact to an existing service, choose it and continue to the next step. If you are adding a new service for the artifact, click Add Service then specify a name for the service and click Confirm. - The tabs interface within the service allows you to organize your artifacts. Organizing your artifacts across one or more tabs within the service does not affect the performance of the system. Click on a tab (or click the + icon to add a new tab) and choose Import from the vertical ellipses menu in the upper right.
- Choose Local > Flows > Workflows > Automotive > AUTOSAR Compliance and click Import.
- Click anywhere in the open area to drop the artifact into the service.
- Click Deploy to finish deploying the artifact to your DTP environment.
- Return to DTP and refresh your browser.
You will now be able to add the AUTOSAR dashboard and widgets, as well as access AUTOSAR reports.
Adding the AUTOSAR Dashboard
The AUTOSAR dashboard is configured to show custom widgets shipped as part of the AUTOSAR artifact. The dashboard also contains select native DTP widgets configured to show code analysis data within the context of AUTOSAR C++14. The information in this section is also covered in the Adding Dashboards chapter.
- Click Add Dashboard and specify a name when prompted.
- Enable Create dashboard from a template and choose AUTOSAR C++14 Compliance from the associated menu.
- Click Create to finish adding the dashboard.
In addition to the AUTOSAR-specific widgets shipped with the artifact (see Viewing AUTOSAR Compliance Widgets), the dashboard includes three implementations of the native Categories - Top 5 Table DTP widget. The widgets are configured to use the AUTOSAR C++14 compliance categories shipped with the artifact.
Top 5 AUTOSAR Violations
This widget shows the five Parasoft rules with the most violations. Click on a link in the Name column to open the Violations by Rule report. Click the more... link to open the Violations by Compliance Category report.
AUTOSAR Violations by Analysis
This widget shows the breakdown of violations by ability to be enforced (see Ability to be Enforced by Static Analysis). Click on a link in the Name column to open the Violations by Rule report.
Top 5 AUTOSAR Guidelines
This widget shows the five AUTOSAR guidelines with the most violations. Click on a link in the Name column to open the Violations by Rule report. Click the more... link to open the Violations by Compliance Category report.
Widget Configuration
The following widgets are shipped with the AUTOSAR Compliance artifact:
- AUTOSAR Compliance - Guidelines by Status
- AUTOSAR Compliance - Percentage
- AUTOSAR Compliance - Status
- AUTOSAR Violations by Obligation - TreeMap
You can configure the following settings:
Title | You can rename the widget in the Title field. |
---|---|
Filter | Choose a specific filter or Dashboard Settings from the menu. See Creating and Managing Filters for additional information. |
Target Build | Choose a specific build from the menu. The build selected for the entire dashboard is selected by default. See Using Build Administration for additional information about understanding builds. |
Obligation | This setting is available in the AUTOSAR Compliance - Guidelines by Status and AUTOSAR Compliance - Status widgets. Choose one of the following:
|
Target | This setting is available in the AUTOSAR Compliance - Guidelines by Status and AUTOSAR Compliance - Status widgets. Choose one of the following:
|
Analysis | This setting is available in the AUTOSAR Compliance - Guidelines by Status and AUTOSAR Compliance - Status widgets. Choose one of the following:
|
Compliance Profile | Specify a compliance profile (see Profile Configuration). The compliance profile is used to generate the compliance report. |
Viewing AUTOSAR Compliance Widgets
Each widget provides a different view of the code analysis data to help you achieve AUTOSAR compliance. The following widgets are shipped with the AUTOSAR Compliance DTP Workflow.
AUTOSAR Compliance - Status
This widget shows you the general state of compliance. Click the widget to open the AUTOSAR Compliance Report.
The widget can show five possible states:
- Compliant: Code meets all guidelines with no deviations or changes to the guideline categories.
- Not Compliant: Code does not meet all required guidelines.
- Missing rule(s) in analysis: Parasoft code analysis rules documented in your profile were not included in the specified build. Make sure all rules are enabled in C/C++test and re-run analysis.
- Compliant with Deviations: Code meets all guidelines, but deviations have been applied. Deviations are violations that you have determined to be acceptable (see Deviations Report for additional information about deviations).
- Compliant with Violations: Code meets all required guidelines but contains violations for advisory guidelines.
AUTOSAR Compliance - Percentage
This widget shows the completeness of AUTOSAR compliance as a percentage. Completeness is based on number of guidelines being enforced in the profile. Click the widget to open the AUTOSAR Compliance Report.
AUTOSAR Compliance - Guidelines by Status
This widget shows the compliance status for an individual obligation category (All, Required, or Advisory).
The pie chart can represent up to five different guideline statuses for the selected category:
Green | Guidelines that your code is complaint. |
Yellow | Guidelines that your code is deviating from but are still considered compliant. A deviation is when the guideline is not being followed according to the Parasoft static analysis rule but is considered acceptable because it does not affect the safety of the software. Deviations represent Parasoft static analysis rules that have been suppressed. |
Orange | Guidelines that your code is considered compliant with, even though the static analysis rules that enforce them contain violations. Only advisory guidelines can have this status. |
Red | Guidelines that your code is not compliant with. |
Maroon | Guidelines that are specified in the profile, but the Parasoft rule that enforces the guideline is missing. |
You can perform the following actions:
- Mouse over a pie slice to view details.
- Click on a section to open the AUTOSAR Compliance report filtered by the category and status.
- Click on the number of violations counter to open the AUTOSAR Compliance report filtered by the category and status.
- Click on the number of deviations counter to open the Deviations Report filtered by the category selected in the widget.
AUTOSAR Violations by Obligation - TreeMap Widget
This widget provides a representation of the highest concentration of static analysis violations per AUTOSAR obligation (required, advisory). The widget also shows the guidelines within each category in which violations were reported. Finally, the Parasoft rule(s) enforcing each guideline are also presented. Tiles are proportional to the number of static analysis violations reported for each rule.
The widget uses the hierarchy established in the model profile to correlate rules, guidelines, and categories. You can mouse over a tile in the widget to view the number of violations associated with each rule/guideline/category.
Click on a rule to see the violation in the Violations Explorer.
Viewing AUTOSAR Compliance Reports
The AUTOSAR Compliance Report provides an overview of your AUTOSAR compliance status and serves as the primary document for demonstrating compliance. It includes an entry for each guideline, its level of compliance, any deviations and/or re-categorizations, and so on.
You can perform the following actions:
- Use the menus to filter by obligation level, target, analysis, or compliance status.
- Click a guideline link in the Guideline column to open the Guideline Enforcement Plan. The link goes directly to the specific guideline so that you can review the Parasoft code analysis rule or rules enforcing the guideline.
- Click a link in the # of Violations column to view the violations in the Violations Explorer.
- Click a link in the # of Deviations column to view the suppressed violations in the Violations Explorer.
- Open one of the AUTOSAR Compliance sub-reports.
- Click Download PDF to export a printer-friendly PDF version of the report data. If you added a custom graphic to DTP as described in Adding a Custom Graphic to the Navigation Bar, the PDF will also be branded with the graphic.
The AUTOSAR Compliance Report contains the following sub-reports:
Guideline Enforcement Plan
The Guidelines Enforcement Plan (GEP) lists the AUTOSAR guidelines mapped to Parasoft code analysis rules and other information to demonstrate how compliance is checked.
This report uses the data specified in the compliance profile (see Profile Configuration). In the profile, you can add notes to the Compiler field, such as “no errors” or specific compiler settings that will be applied to document your plan. These notes appear in the Compiler column.
The Analysis Tool column should refer to the static analysis rule. The Manual Review column should contain any manual verifications that will be performed in addition to the automated checks applied by the compiler and analysis tool.
Guideline Re-categorization Plan
You can change a guideline's obligation level from advisory to required and still claim compliance with AUTOSAR C++14. Guidelines cannot, however, be re-categorized as advisory. If you changed any of the AUTOSAR guideline categories (see Profile Configuration), they will be processed and displayed in this report.
Deviation Report
A "deviation" is a documented violation of the guideline and supporting rationale for allowing the violation to remain. In the context of AUTOSAR compliance with Parasoft, deviations take the form of suppressed code analysis violations. Your project can have deviations and still be considered compliant if the deviations are documented in the report and do not impact safety.
Your code can contain violations and still be AUTOSAR-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code or in the DTP Violations Explorer. See the C++test documentation for details on suppressing violations in the code. See Suppressing Violations in the Violations Explorer documentation for information about suppressing violations in DTP.
Click the Deviations Report link in the AUTOSAR Compliance report to open the Deviations Report.
The Deviations Report shows all guideline IDs and headers, but guidelines that have been suppressed will show additional information. You can perform the following actions:
- Filter the report by obligation level, target, and analysis type (Automated, Partially Automated, Non-Automated).
- Enable Only Deviations to only show deviations.
- Enable Hide Modification History to exclude the modification history for deviations.
Build Audit Report
The main AUTOSAR Compliance Report links to the Build Audit Report, which provides access to code analysis, test results, and coverage information sent to DTP under the selected build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with AUTOSAR during a regulatory audit. The Build Audit Report is a standard report shipped with DTP and is not specific to AUTOSAR Compliance.
In order to download an archive, the build has to be locked. See Build Audit Report for additional details about this report.
Custom Configuration of Profile
The AUTOSAR Compliance DTP Workflow ships with a model profile (see Working with Model Profiles) configured to monitor compliance with AUTOSAR C++14. The profile includes information necessary for generating compliance reports (see Viewing AUTOSAR Compliance Reports). It includes a field for you to specify your compiler, as well as guideline categorization and re-categorization information. You can modify the profile if you want to re-categorize guidelines to meet your specific goals or specify additional metadata for your reports. Changes will be reflected in the Guideline Re-categorization Plan.
We recommend creating a copy of the default profile and modifying the copy.
- Choose Extension Designer from the DTP settings (gear icon) menu.
- Click the Model Profile tab and expand the AUTOSAR Compliance menu.
- Click AUTOSAR C++14 and click Export Profile to download a copy.
- Click Add Profile and provide a name when prompted.
- Click Confirm. An empty profile is added.
- Rename the exported copy of the default profile and click Import Profile.
- Browse for the copy and confirm to upload.
- Click on a guideline and specify your changes. You are allowed to change a guideline's obligation level from advisory to required and claim compliance with AUTOSAR C++14 but required rules cannot be re-categorized as advisory.
- Click Save.