MISRA C:2012 Rule 9.7

Atomic objects shall be appropriately initialized before being accessed

Since R2025b

expand all in page

Description

Rule Definition

Atomic objects shall be appropriately initialized before being accessed.1

Rationale

Atomic objects are typically used without the explicit protection of mutexes. If the atomic objects are not initialized completely before they are used in concurrent code, they can be concurrently accessed while being initialized. This leads to data race. Initializing an atomic object within a thread makes the code dependent on thread ordering.

Polyspace Implementation

Polyspace® considers an _Atomic object to be appropriately initialized if any of these conditions are true:

  • The object is a global or static.

  • The object is local and explicitly initialized during their declaration.

  • The object is local and explicitly initialized by calling the function atomic_init() before any access. Polyspace checks for the call to atomic_init() in the same function where the local atomic object is declared.

If an _Atomic object is not appropriately initialized and used in the code, Polyspace reports a violation. An uninitialized _Atomic object that is unused in the code is not reported as a violation.

Troubleshooting

If you expect a rule violation but Polyspace does not report it, see Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

In this example, the function compliant_initialization() shows atomic variables that are appropriately initialized before access. Polyspace reports no violations. In the function non_compliant_initialization(), the atomic variables are accessed before they are initialized. Polyspace reports violations.

#include <threads.h>
#include <stdint.h>
#include <stdatomic.h>
_Atomic int32_t g_atomic1;               /* Compliant - default initialization */
static _Atomic int32_t g_atomic2;        /* Compliant - static storage */
void compliant_initialization() {
    static _Atomic int32_t ls_atomic1;   /* Compliant - static storage */
    _Atomic int32_t l_atomic1 = 0x123;   /* Compliant - default initialization */
    _Atomic int32_t l_atomic2;           /* Compliant - Initialized with atomic_init before any usage. */
    atomic_init(&l_atomic2, 0x123);
    /* Use of declared atomic variables */
    ls_atomic1 = 0x123;
    l_atomic1 = 0x123;
    l_atomic2 = 0x123;
}

thrd_t thread_id;
int32_t a_thread_entry(void *ptr);
void non_compliant_initialization() {
    _Atomic int32_t l_atomic1;           /* Noncompliant, not initialized with atomic_init */
    _Atomic int32_t l_atomic2;           /* Noncompliant, used before invocation of atomic_init */
    _Atomic int32_t l_atomic3;           /* Noncompliant, used before invocation of atomic_init */
    l_atomic1 = 0x123;
    int x = l_atomic2;
    atomic_init(&l_atomic2, 0x123);
    thrd_create(&thread_id, a_thread_entry,
        &l_atomic3);
    atomic_init(&l_atomic3, 0x123);
}

Check Information

Group: Initialization
Category: Mandatory
AGC Category: Mandatory

Version History

Introduced in R2025b

See Also

Topics

1 All MISRA coding rules and directives are © Copyright The MISRA Consortium Limited 2021.

The MISRA coding standards referenced in the Polyspace Bug Finder™ documentation are from the following MISRA standards:

  • MISRA C:2004

  • MISRA C:2012

  • MISRA C:2023

  • MISRA C++:2008

  • MISRA C++:2023

MISRA and MISRA C are registered trademarks of The MISRA Consortium Limited 2021.