Proposal to resolve comment CA-2 (2012-09)


Upon reflection, I have a proposal to make these vulnerability writeups compatible.


Firstly, even though 6.39.1 refers to the concurrency vulnerabilities in section 8, 6.39.3 still discusses task termination issues. Therefore, a discussion of task termination issues in C.39 and in G.39 could be accepted, but we still have the situation where the sequential termination issues are not addressed.


So, for C.39.1, insert before the first paragraph:

Ada provides the exception mechanism to catch errors before a final program termination would be encountered. These handlers can occur at appropriate subprogram levels and in the main subprogram to catch program terminating events. From such a handler controlled termination can be programmed, or alternative actions taken.


For multitasking environments:   . . .



for G.39, add a final paragraph:

For sequential and concurrent termination issues, Spark does not support exceptions or exception handlers. It relies instead on the formal analysis of the code to show that errors that could cause termination do not occur. Possible terminations due to external influences (such as hardware-induced failures or missing functionality) must be caught and implemented in the external environment.


These additions may need approval by WG 9 for C.39 and Praxis for G.39, but the changes are small enough that it might be doable in about a week.