SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 46

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version 47

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: done

...

Wiki Markup
Reliance on {{ConcurrentModificationException}} is insufficient to stop side effects resulting from modifying an underlying Collection while simultaneously iterating over the collection. The fail-fast behavior may occur only after processing an arbitrary number of elements. In _Java Concurrency 
In Practice_ \[[Goetz 2006|AA. Bibliography#Goetz 06]\], Göetz et al. note "\[Fail-fast iterators\] are implemented by associating a modification count with the collection: if the modification count changes during iteration, {{hasNext}} or {{next}} throws {{ConcurrentModificationException}}. However, this check is done without synchronization, so there is a risk of seeing a stale value of the modification count and therefore that the iterator does not realize a modification has been made. This was a deliberate design tradeoff to reduce the performance impact of the concurrent modification detection code" \[[Goetz 2006|AA. Bibliography#Goetz 06]\].

Note that the enhanced for loop (for-each idiom) uses an Iterator internally. Consequently, enhanced for loops can also participate in concurrent modification issues, even though they lack an obvious iterator.

...

Code Block
bgColor#ccccff
// ...
if (s.equals("one")) {
  iter.remove();
}
// ...

...

Although acceptable in a single-threaded environment, this noncompliant code example is insecure in a multithreaded environment because it is possible for another thread to modify the widgetList while the current thread iterates over the widgetList using the code shown below. Additionally, the doSomething() method could also modify the collection during iteration.

...

The Coverity Prevent Version 5.0 INVALIDATE_ITERATOR checker can detect the instance where an iterator is being used after the source container of the interator iterator is modified.

Related Vulnerabilities

The Apache Geronimo bug HARMONY-6236 documents an ArrayList breaking when given concurrent collections as input.

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fc8c14a257d2b107-53f842aa-47af4ffc-9f8e8eb0-e6ce28672493073065b0e053"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

Class [ConcurrentModificationException

http://java.sun.com/j2se/1.5.0/docs/api/java/util/ConcurrentModificationException.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="05eed268ad638bb1-4a260b1d-4dd9494b-b04d807f-f797f0fdf237d6846330ec06"><ac:plain-text-body><![CDATA[

[[SDN 2008

AA. Bibliography#SDN 08]]

[Sun Bug database, Bug ID:6687277

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6687277]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a93210ca920183ce-d08f2887-40ef4092-9b95827a-0da0133792a07e3e19f68001"><ac:plain-text-body><![CDATA[

[[Goetz 2006

AA. Bibliography#Goetz 06]]

5.1.2. Iterators and Concurrentmodificationexception

]]></ac:plain-text-body></ac:structured-macro>

...