Methods that can be invoked from untrusted code to modify a static field must synchronize access to that field. That is necessary because there is no guarantee that untrusted clients will externally synchronize when accessing the field. Because a static field is shared by all clients, untrusted clients may violate the contract by failing to provide suitable locking.
...
This noncompliant code example does not synchronize access to the static counter field.
| Code Block | ||
|---|---|---|
| ||
/** This class is not thread-safe! */
public final class CountHits {
private static int counter;
public void incrementCounter() {
counter++;
}
}
|
This class definition does not violate CON01-J. Ensure that compound operations on shared variables are atomic, which only applies to classes that promise thread-safety. However, this class has a mutable static counter field that is modified by the publicly accessible incrementCounter() method. Consequently, this class cannot be used securely by trusted client code, if untrusted code can purposely fail to externally synchronize access to the field.
...