SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 75

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 76

changes.mady.by.user Dean Sutherland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added normative text; tweaked grammar for precision of expression.

...

This behavior can result in indeterminate values being read in code that is required to be thread-safe. Consequently, multi-threaded programs must ensure atomicity when reading or writing 64-bit values.

Noncompliant Code Example

...

A similar problem can occur if when i is declared double.

Compliant Solution (Volatile)

...

It is important to ensure that the argument to the assignValue() method is obtained from a volatile variable or as a result of explicitly passing an integer value. Otherwise, a read of the variable argument can , itself , expose a vulnerability.

Semantics The semantics of volatile do not explicitly exclude any guarantee of the atomicity of compound operations that involve read-modify-write sequences such as incrementing a value. See guideline VNA02-J. Ensure that compound operations on shared variables are atomic for more information.

...

VNA05-EX1: If all reads and writes of 64-bit long and double values occur within a synchronized region, the atomicity of the read/write is guaranteed. This requires that no unsynchronized both that the value is exposed only through synchronized methods in the class expose the value , and also that the value is inaccessible from other code (whether directly or indirectly) from other code. ( For more information, see guideline VNA02-J. Ensure that compound operations on shared variables are atomic.)

VNA05-EX2: This guideline can be ignored for systems that guarantee that 64-bit, long and double values are read and written as atomic operations. Note, however, that such guarantees fail to be portable across systems.

Risk Assessment

Failure to ensure the atomicity of operations involving 64-bit values in multithreaded applications can result in reading and writing indeterminate values. Many JVMs read and write 64-bit values atomically, even though the specification does not require them to.

...

MITRE CWE: CWE-667 "Insufficient Locking"

Bibliography

Wiki Markup
\[[JLS 2005|AA. Bibliography#JLS 05]\] 17.7 Non-atomic Treatment of double and long
\[[Goetz 2006|AA. Bibliography#Goetz 06]\] 3.1.2. Non-Atomic 64-Bit Operations
\[[Goetz 2004c|AA. Bibliography#Goetz 04c]\]
\[[JLS 2005|AA. Bibliography#JLS 05]\] 17.7 Non-atomic Treatment of double and long

...

      07. Visibility and Atomicity (VNA)      VNA06-J. Do not assume that declaring an object reference volatile guarantees visibility of its members