...
| Code Block | ||
|---|---|---|
| ||
class BankOperation {
private int balance = 0;
private volatile boolean initialized = false; // Declared volatile
// ...
}
|
The use of the volatile keyword is inappropriate for composite operations on shared variables (CON01-J. Ensure visibility of shared variables and atomicity of composite operations).
Risk Assessment
Failing to use volatile to guarantee visibility of shared values across multiple thread and prevent reordering of statements can result in unpredictable control flow.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] Class AtomicInteger \[[JLS 05|AA. Java References#JLS 05]\] [Chapter 17, Threads and Locks|http://java.sun.com/docs/books/jls/third_edition/html/memory.html], section 17.4.5 Happens-before Order, section 17.4.3 Programs and Program Order, section 17.4.8 Executions and Causality Requirements \[[Tutorials 08|AA. Java References#Tutorials 08]\] [Java Concurrency Tutorial|http://java.sun.com/docs/books/tutorial/essential/concurrency/index.html] \[[Lea 00|AA. Java References#Lea 00]\] Sections, 2.2.7 The Java Memory Model, 2.2.5 Deadlock, 2.1.1.1 Objects and locks \[[Bloch 08|AA. Java References#Bloch 08]\] Item 66: Synchronize access to shared mutable data \[[Daconta 03|AA. Java References#Daconta 03]\] Item 31: Instance Variables in Servlets \[[JavaThreads 04|AA. Java References#JavaThreads 04]\] Section 5.2 Atomic Variables \[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 667|http://cwe.mitre.org/data/definitions/667.html] "Insufficient Locking", [CWE ID 413|http://cwe.mitre.org/data/definitions/413.html] "Insufficient Resource Locking", [CWE ID 366|http://cwe.mitre.org/data/definitions/366.html] "Race Condition within a Thread", [CWE ID 567|http://cwe.mitre.org/data/definitions/567.html] "Unsynchronized Access to Shared Data" |
...