Software systems typically maintain configuration data outside of the source code, as opposed to hard-coded within source code, in order to provide maximum flexibility and extensibility. This approach, however, introduces the risk that configuration data might be corrupted or changed in some other unwanted fashion. Moreover, in a system that supports concurrency, there is the risk that two or more applications, processes, threads, etc. will not have a consistent view of the configuration data.
In a safety-critical system, configuration data is considered vital, and the foregoing risks are unacceptable. What is needed, therefore, is a mechanism that offers the advantages of maintaining configuration data outside of source code, but that guarantees that (1) no corruption of configuration data occurs prior to initialization, and (2) any change to configuration data that occurs during execution is detected.