SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 66

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 67

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Java Language Specification allows 64-bit long and double values to be treated as two 32-bit values. For example, a 64-bit write operation may be performed as two separate, 32-bit operations.

Wiki Markup
According to the _Java Language Specification_ \[[JLS 052005|AA. Java References#JLS 05]\], Section 17.7 "Non-Atomic Treatment of {{double}} and {{long}}"

...

A similar problem may occur if i is declared as a double.

Compliant Solution (Volatile)

This compliant solution declares i as volatile. Writes and reads of long and double volatile values are always atomic.

...

It is important to ensure that the argument to the assignValue() method is obtained from a volatile variable or as a result of explicitly passing an integer value. Otherwise, a read of the variable argument maycan, itself, expose a vulnerability.

Semantics of volatile do not guarantee the atomicity of compound operations that involve read-modify-write sequences such as incrementing a value. See guideline VNA02-J. Ensure that compound operations on shared variables are atomic for more information.

Exceptions

CON05VNA05-EX1: If all reads and writes of 64-bit long and double values occur within a synchronized region, the atomicity of the read/write is guaranteed. This requires that no unsynchronized methods in the class expose the value and that the value is inaccessible (directly or indirectly) from other code. (For more information, see guidline VNA02-J. Ensure that compound operations on shared variables are atomic.)

CON05VNA05-EX2: Systems This guideline can be ignored for systems that guarantee that 64-bit, long and double values are read and written as atomic operations may safely ignore this guideline.

Risk Assessment

Failure to ensure the atomicity of operations involving 64-bit values in multithreaded applications can result in reading and writing indeterminate values. Many Java Virtual Machines ( JVMs ) read and write 64-bit values atomically, even though the specification does not require them to.

Rule Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

CON05 VNA05- J

low

unlikely

medium

P2

L3

Automated Detection

...

References

Wiki Markup
\[[JLS 052005|AA. Java References#JLS 05]\] 17.7 Non-Atomic Treatment of double and long
\[[Goetz 062006|AA. Java References#Goetz 06]\] 3.1.2. Non-Atomic 64-Bit Operations
\[[Goetz 04c2004c|AA. Java References#Goetz 04c]\]
\[[MITRE 092009|AA. Java References#MITRE 09]\] [CWE ID 667|http://cwe.mitre.org/data/definitions/667.html] "Insufficient Locking"

...