...
| Code Block | ||
|---|---|---|
| ||
public final class Foo implements Runnable {
@Override public void run() {
// ...
}
public static void main(String[] args) {
Foo foo = new Foo();
new Thread(foo).start();
}
}
|
Exceptions
THI02-EX1EX0: The run() method may be invoked when unit testing functionality. Note that this method cannot be used to test a class for multithreaded use.
...
Casting a thread to Runnable before calling the run() method documents that the explicit call to Thread.run() is intentional. Adding an explanatory comment alongside the invocation is highly recommended.
THI02-EX2EX1: Runtime system code involved in starting new threads is permitted to invoke a Thread object's run() method directly; this is an obvious necessity for a working Java runtime system. Note that the likelihood that this exception applies to user-written code is vanishingly small.
...
Automated detection of direct invocations of Thread object's run() methods appears to be straightforward. Sound automated determination of which specific invocations are permitted may be infeasible. Heuristic approaches may be useful.
Related Vulnerabilities
Any vulnerabilities resulting from the violation of this rule are listed on the CERT website.
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4eaa5d2d6b855225-eeef4301-431d4a0e-a8d09718-c659e1b3c0e3e0feceecabee"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE-572 | http://cwe.mitre.org/data/definitions/572.html] "Call to Thread run() instead of start()" | ]]></ac:plain-text-body></ac:structured-macro> |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7bd70d1ef4a91971-24de9f09-48f546b2-95e7a859-56b127bd4dc75071ad398e92"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Interface Runnable and class | ]]></ac:plain-text-body></ac:structured-macro> |
...