The C Standard, subclause 5.1.2.3, paragraph 2 [ISO/IEC 9899:2011], says,:
Accessing a volatile object, modifying an object, modifying a file, or calling a function that does any of those operations are all side effects, which are changes in the state of the execution environment. Evaluation of an expression in general includes both value computations and initiation of side effects. Value computation for an lvalue expression includes determining the identity of the designated object.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <Windows.h>
static volatile LONG account_balance;
CRITICAL_SECTION flag;
/* Initialize flag */
InitializeCriticalSection(&flag);
int debit(unsigned int amount) {
EnterCriticalSection(&flag);
account_balance -= amount; /* Inside critical section */
LeaveCriticalSection(&flag);
return 0;
}
|
Risk Assessment
Recommendation | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
CON02-C | Medium | Probable | No |
No |
P4 |
L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| LANG.TYPE.IVD | Inappropriate volatile declaration | ||||||
| Helix QAC |
| C1770 | |||||||
| Parasoft C/C++test |
Related Guidelines
| CERT_C-CON02-a | Do not use the volatile keyword | ||||||
| Security Reviewer - Static Reviewer | 6.02 | C11 | Fully Implemented |
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C |
| CON01-CPP. Do not use volatile as a synchronization primitive | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
| [IEEE Std 1003.1:2013] | Section 4.11, "Memory Synchronization" |
| [ISO/IEC 9899:2011] | Subclause 5.1.2.3, "Program Execution" |
| [MSDN] |
...
...