Functions Only Have Mode "in" (RPP07)

Level \(\rightarrow\) Required

Category

Safety:

\(\checkmark\)

Cyber:

\(\checkmark\)

Goal

Maintainability:

\(\checkmark\)

Reliability:

\(\checkmark\)

Portability:

\(\checkmark\)

Performance:

Security:

Remediation \(\rightarrow\) Low

Verification Method \(\rightarrow\) GNATcheck rule: function_out_parameters

Reference

N/A

Description

Functions must have only mode in.

As of Ada 2012, functions are allowed to have the same modes as procedures. However, this can lead to side effects and aliasing.

This rule disallows all modes except mode in for functions.

Applicable Vulnerability within ISO TR 24772-2

• 6.24 Side-effects and order of evaluation [SAM]

Noncompliant Code Example

function Noncompliant (Value : in out Integer) return Integer is
begin
   if Value < Integer'last then
      Value := Value + 1;
   end if;
   return Value;
end Noncompliant;

Compliant Code Example

function Compliant (Value : Integer) return Integer is
begin
   return Value + 1;
end Compliant;

OR

procedure Compliant (Value : in out Integer) is
begin
   if Value < Integer'last then
      Value := Value + 1;
   end if;
end Compliant;

Notes

Violations are detected by SPARK.