SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 51

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 52

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

New code should use the java.util.concurrent concurrency utilities instead of the wait/notify mechanism. However, legacy code may depend upon the wait/notify mechanism.

Noncompliant Code Example

This noncompliant code example invokes the wait() method inside a traditional if block and fails to check the post-condition after the notification is received. If the notification is accidental or malicious, the thread can wake up prematurely.

Code Block
bgColor#FFcccc
synchronized (object) {
  if (<condition does not hold>) {
    object.wait();
  }
  // Proceed when condition holds
}

Compliant Solution

This compliant solution calls the wait() method from within a while loop to check the condition before and after wait() is called.

...

Similarly, invocations of the await() method of the java.util.concurrent.locks.Condition interface must be enclosed in a loop.

Risk Assessment

To guarantee liveness and safety, the wait() and await() methods must always be invoked inside a while loop.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CON18 CON22- J

low

unlikely

medium

P2

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\] [Class Object|http://java.sun.com/javase/6/docs/api/java/lang/Object.html]
\[[Bloch 01|AA. Java References#Bloch 01]\] Item 50: Never invoke wait outside a loop
\[[Lea 00|AA. Java References#Lea 00]\] 3.2.2 Monitor Mechanics, 1.3.2 Liveness
\[[Goetz 06|AA. Java References#Goetz 06]\] Section 14.2, Using Condition Queues

...