Common High Integrity Restrictions (DYN01)
Level \(\rightarrow\) Required
- Category
- Safety:
\(\checkmark\)
- Cyber:
\(\checkmark\)
- Goal
- Maintainability:
\(\checkmark\)
- Reliability:
\(\checkmark\)
- Portability:
- Performance:
- Security:
\(\checkmark\)
Remediation \(\rightarrow\) Low
Verification Method \(\rightarrow\) Compiler restrictions
Reference
Description
The following restrictions must be in effect:
No_Anonymous_Allocators
No_Coextensions
No_Access_Parameter_Allocators
Immediate_Reclamation
The first three restrictions prevent problematic usage that, for example, may cause un-reclaimed (and unreclaimable) storage. The last restriction ensures any storage allocated by the compiler at run-time for representing objects is reclaimed at once. (That restriction does not apply to objects created by allocators in the application.)
Applicable Vulnerability within ISO TR 24772-2
4.10 Storage Pool
Applicable Common Weakness Enumeration
Noncompliant Code Example
For No_Anonymous_Allocators
:
X : access String := new String'("Hello"); ... X := new String'("Hello");
For No_Coextensions
:
type Object (Msg : access String) is ... Obj : Object (Msg => new String'("Hello"));
For No_Access_Parameter_Allocators
:
procedure P (Formal : access String); ... P (Formal => new String'("Hello"));
Compliant Code Example
For No_Anonymous_Allocators
, use a named access type:
type String_Reference is access all String; S : constant String_Reference := new String'("Hello"); X : access String := S; ... X := S;
For No_Coextensions
, use a variable of a named access type:
type Object (Msg : access String) is ... type String_Reference is access all String; S : String_Reference := new String'("Hello"); Obj : Object (Msg => S);
For No_Access_Parameter_Allocators
, use a variable of a named access type:
procedure P (Formal : access String); type String_Reference is access all String; S : String_Reference := new String'("Hello"); ... P (Formal => S);
Notes
The compiler will detect violations of the first three restrictions. Note that GNATcheck can detect violations in addition to the compiler.
The fourth restriction is a directive for implementation behavior, not subject to source-based violation detection.