No Recursion (RPP12)
Level \(\rightarrow\) Advisory
- Category
- Safety:
\(\checkmark\)
- Cyber:
\(\checkmark\)
- Goal
- Maintainability:
\(\checkmark\)
- Reliability:
\(\checkmark\)
- Portability:
\(\checkmark\)
- Performance:
- Security:
Remediation \(\rightarrow\) Low
Verification Method \(\rightarrow\) GNATcheck rule:
Recursive_Subprograms
(builtin rule)
Reference
MISRA C Rule 17.2: "Functions shall not call themselves, either directly or indirectly."
Description
No subprogram shall be invoked, directly or indirectly, as part of its own execution.
In addition to making static analysis more complex, recursive calls make static stack usage analysis extremely difficult, requiring, for example, manual supply of call limits.
Applicable Vulnerability within ISO TR 24772-2
6.35 Recursion [GDL]
Applicable Common Weakness Enumeration
Noncompliant Code Example
function Noncompliant (N : Positive) return Positive is
begin
if N = 1 then
return 1;
else
return N * Noncompliant (N - 1); -- could overflow
end if;
end Noncompliant;
Compliant Code Example
function Compliant (N : Positive) return Positive is
Result : Positive := 1;
begin
for K in 2 .. N loop
Result := Result * K; -- could overflow
end loop;
return Result;
end Compliant;
Notes
The compiler will detect violations with the restriction No_Recursion
in place.
Note this is a dynamic check.
The GNATcheck rule specified above is a static check, subject to the limitations described in GNATcheck Reference Manual: Recursive Subprograms.