How should the service behave when the out param is passed as NULL

[kanjoe24]

In AIDL, the return value of a function is converted into a pointer and passed as the last argument of the generated function.

For example, a service function defined as:

Capabilities getCapabilities();

is generated as:

::android::binder::Status DeviceInfo::getCapabilities(Capabilities* _aidl_return);

What should be the expected behaviour of the service when _aidl_return is NULL?
Should the service raise an exception in this case? If so, which one would be appropriate — EX_NULL_POINTER or EX_ILLEGAL_ARGUMENT?

[Ulrond]

Hi @kanjoe24,

This is not something the HAL service needs to handle. The AIDL-generated client proxy always allocates the return variable and passes a valid pointer to the service. The service will never receive a NULL _aidl_return through normal Binder IPC.

The flow is:

1. Client calls getCapabilities() on the generated proxy
2. The proxy creates a local Capabilities object and passes its address as _aidl_return
3. The service populates *_aidl_return and returns binder::Status::ok()
4. The proxy reads the parcelled result back to the client

There is no code path where the framework passes NULL to the service. If a malformed raw Binder transaction somehow omitted the reply parcel, it would fail at the transport layer before the service method is ever invoked.

The HAL service should not add NULL checks on _aidl_return — it is a framework guarantee, and defensive checks against it would be dead code.