| Wiki Markup |
|---|
Misuse of synchronization primitives is a common source of implementation errors. Many concurrency vulnerabilities arise from locking on the wrong kind of objects. An analysis of the JDK 1.6.0 source code unveiled at least 31 bugs that fell into this category. \[[Pugh 08|AA. Java References#Pugh 08]\]. It is important to recognize the entities with whom synchronization is required rather than indiscreetly scavenging for variables or objects to synchronize on. |
Noncompliant Code Example (Boolean lock object)
...
| Code Block | ||
|---|---|---|
| ||
// ...
Map<Integer, String> map = Collections.synchronizedMap(new HashMap<Integer, String>());
public void doSomething() {
synchronized(map) { // Synchronize on map, not set
for(Integer k : map) {
// Do something
}
}
}
|
...
Risk Assessment
Synchronizing on an inappropriate field can provide a false sense of thread safety and result in non-deterministic behavior.
...