...
This makes the originally proposed double-checked locking pattern insecure. The rule CON26-J. Do not publish partially-constructed objectsobjects that are partially initialized discusses further the possibility of a non-null reference to a helper object that observes default values for fields in the helper object.
...
Note that if Foo was mutable, the Helper field would need to be declared volatile as shown in CON00-J. Ensure visibility of shared primitive variables on accesses. Also, the method getHelper() is an instance method and the accessibility of the helper field is private. This allows safe publication of the Helper object, in that, a thread cannot observe a partially initialized Foo object (CON26-J. Do not publish partially-constructed objectsobjects that are partially initialized).
Exceptions
EX1: Explicitly synchronized code (that uses method synchronization or proper block synchronization, that is, enclosing all initialization statements) does not require the use of double-checked locking.
...