Minimal Dynamic Allocation Policy (DYN04)
Level \(\rightarrow\) Advisory
- Category
- Safety:
\(\checkmark\)
- Cyber:
\(\checkmark\)
- Goal
- Maintainability:
\(\checkmark\)
- Reliability:
\(\checkmark\)
- Portability:
- Performance:
- Security:
Remediation \(\rightarrow\) Low
Verification Method \(\rightarrow\) Compiler restrictions
Reference
Power of Ten rule 3: "Do not use dynamic memory allocation after initialization."
Description
The following restrictions must be in effect:
No_Local_Allocators
No_Dependence
=>Ada.Unchecked_Deallocation
In this approach dynamic allocation is only allowed during "start-up" and no later. Deallocations never occur. As a result, storage exhaustion should never occur assuming the initial allotment is sufficient. This assumption is as strong as when using only declared objects on the "stack" because in that case a sufficient initial storage allotment for the stack must be made.
In this approach the following constructs are not allowed:
Unchecked Deallocations
Note that some operating systems intended for this domain directly support this policy.
Applicable Vulnerability within ISO TR 24772-2
4.10 Storage Pool
Applicable Common Weakness Enumeration
Noncompliant Code Example
Any code using the constructs listed above.
Compliant Code Example
Code performing dynamic allocations any time prior to an arbitrary point designated as the end of the "startup" interval.
Notes
The compiler, and/or GNATcheck, will detect violations of the restrictions.