Avoid Shared Variables for Inter-task Communication (CON03)
Level \(\rightarrow\) Advisory
- Category
- Safety:
\(\checkmark\)
- Cyber:
\(\checkmark\)
- Goal
- Maintainability:
\(\checkmark\)
- Reliability:
\(\checkmark\)
- Portability:
\(\checkmark\)
- Performance:
\(\checkmark\)
- Security:
Remediation \(\rightarrow\) High
Verification Method \(\rightarrow\) GNATcheck rule:
Volatile_Objects_Without_Address_Clauses
Reference
Description
Although the Ravenscar and Jorvik profiles allow the use of shared variables for inter-task communication, such use is less robust and less reliable than encapsulating shared variables within protected objects.
Applicable Vulnerability within ISO TR 24772-2
6.56 Undefined behaviour [EWF]
Noncompliant Code Example
Global_Object : Integer
with Volatile;
function Get return Integer is (Global_Object);
Note that variables marked as Atomic are also Volatile, per the
Ada Reference Manual: C.6 (8/3) Shared Variable Control
Compliant Code Example
When assigned to a memory address, a Volatile variable can be used to
interact with a memory-mapped device, among other similar usages.
Global_Object : Integer
with Volatile,
Address => To_Address (16#1234_5678#);
function Get return Integer is (Global_Object);
Notes
In additon to GNATcheck, SPARK and CodePeer can also detect conflicting access to unprotected variables.