Avoid Shared Variables for Inter-task Communication (CON03)

Level \(\rightarrow\) Advisory

Category
Safety:

\(\checkmark\)

Cyber:

\(\checkmark\)

Goal
Maintainability:

\(\checkmark\)

Reliability:

\(\checkmark\)

Portability:

\(\checkmark\)

Performance:

\(\checkmark\)

Security:

Remediation \(\rightarrow\) High

Verification Method \(\rightarrow\) GNATcheck rule: Volatile_Objects_Without_Address_Clauses (builtin rule)

Reference

Ada Reference Manual: D.13 The Ravenscar Profile

Description

Although the Ravenscar and Jorvik profiles allow the use of shared variables for inter-task communication, such use is less robust and less reliable than encapsulating shared variables within protected objects.

Applicable Vulnerability within ISO TR 24772-2

  • 6.56 Undefined behaviour [EWF]

Applicable Common Weakness Enumeration

Noncompliant Code Example

   Global_Object : Integer
     with Volatile;
   function Get return Integer is (Global_Object);

Note that variables marked as Atomic are also Volatile, per the Ada Reference Manual: C.6 (8/3) Shared Variable Control

Compliant Code Example

When assigned to a memory address, a Volatile variable can be used to interact with a memory-mapped device, among other similar usages.

   Global_Object : Integer
     with Volatile,
          Address => To_Address (16#1234_5678#);
   function Get return Integer is (Global_Object);

Notes

In additon to GNATcheck, SPARK and CodePeer can also detect conflicting access to unprotected variables.