sqc 0.4.13

Software Code Quality - CERT C compliance checker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

[metadata]
id = "POS50-C"
type = "rule"
category = "POS"
number = 50
title = "Declare objects shared between POSIX threads with appropriate storage durations"
description = """
Accessing the stack or thread-local variables of a thread from another thread
can cause invalid memory accesses because the execution of threads can be
interwoven within the constraints of the synchronization model. As a result, the
referenced stack frame or thread-local variable may not be valid when the other
thread tries to access it. Regular shared variables should be protected by
thread synchronization mechanisms. However, local variables should not be shared
in the same fashion because the referenced stack frame's thread would have to
stop executing, or some other way must be found to ensure that the referenced
stack frame is still valid. SeeCON32-C. Prevent data races when accessing bit-
fields from multiple threadsfor information on how to securely share
nonautomatic and non-thread-local variables. SeeDCL30-C. Declare objects with
appropriate storage durationsfor information on how to declare objects with
appropriate storage durations when data is not being shared between threads.
Note that this is a specific instance ofCON34-C. Declare objects shared between
threads with appropriate storage durationsfor POSIX threads. It is important to
note that local data can be used securely with threads when using other non-
POSIX thread interfaces, so the programmer should not always copy data into
nonlocal memory when sharing data with threads. For example, thesharedkeyword
inOpenMPcan be used in combination with OpenMP's threading interface to share
local memory without having to worry about whether local automatic variables
remain valid. Furthermore, copying the shared data into dynamic memory may
completely negate the performance benefits of multithreading.
ThecreateThread()function allocates an integer on the stack and passes a void
pointer, spawning off a new thread,childThread(). The order of thread execution
is interleaved, sovalcan reference an object outside of its lifetime, causing
the child thread to access an invalid memory location.
"""
severity = "Medium"
likelihood = "Probable"
priority = "P4"
level = "L3"
cert_version = "2016 Edition (Wiki)"
last_modified = "May 05, 2025"

[rules.cert_c.POS50-C]
enabled = true

[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/POS50-C.+Declare+objects+shared+between+POSIX+threads+with+appropriate+storage+durations"