Enable Optional Warnings and Treat As Errors (SWE02)

Level \(\rightarrow\) Required

Category

Safety:: \(\checkmark\)
Cyber:: \(\checkmark\)

Goal

Maintainability:: \(\checkmark\)
Reliability:: \(\checkmark\)
Portability:
Performance:
Security:: \(\checkmark\)

Remediation \(\rightarrow\) Low

Verification Method \(\rightarrow\) Compiler restrictions

Reference

Power of 10 rule #10: All code must be compiled, from the first day of development, with all compiler warnings enabled at the most pedantic setting available. All code must compile without warnings.

Description

The Ada compiler does a degree of static analysis itself, and generates many warnings when they are enabled. These warnings likely indicate very real problems so they should be examined and addressed, either by changing the code or disabling the warning for the specific occurrence flagged in the source code.

To ensure that warnings are examined and addressed one way or the other, the compiler must be configured to treat warnings as errors, i.e., preventing object code generation.

Note that warnings will occasionally be given for code usage that is intentional. In those cases the warnings should be disabled by using pragma Warnings with the parameter Off, and a string indicating the error message to be disabled. In other cases, a different mechanism might be appropriate, such as aspect (or pragma) Unreferenced.

Applicable Vulnerability within ISO TR 24772-2

6.18 Dead Store [WXQ]
6.19 Unused variable [YZS]
6.20 Identifier name reuse [YOW]
6.22 Initialization of variables [LAV]

Noncompliant Code Example

procedure P (This : Obj) is
begin
   ... code not referencing This
end P;

The formal parameter controls dispatching for the sake of selecting the subprogram to be called but does not participate in the implementation of the body.

Compliant Code Example

procedure P (This : Obj) is
   pragma Unreferenced (This);
begin
   ... code not referencing This
end P;

The compiler will no longer issue a warning that the formal parameter This is not referenced. Of course, if that changes and This becomes referenced, the compiler will flag the pragma.

Notes

This rule can be applied via the GNAT -gnatwae compiler switch, which both enables warnings and treats them as errors. Note that the switch enables almost all optional warnings, but not all. Some optional warnings correspond to very specific circumstances, and would otherwise generate too much noise for their value.