SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 2

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Declaring an immutable or thread-safe object as volatile ensures that a thread will not observe the object in an inconsistent state prior to its initialization. However, declaring mutable or thread-unsafe objects volatile does not offer any such advantages.

Noncompliant Code Example

This noncompliant code example declares an instance field of type Date as volatile. The problem is that the field can be changed using a setter method setDate(). Even if one thread sees the new reference, the object state that it observes may change in the meantime.

...

The client code depends on the publication of the Date object to carry out its operations. There is a race condition between setting the date and checking in the client code, whether it is null. During the race window interval, the state of the Date object could change.

Compliant Solution

The object can only be safely published if it is immutable or thread-safe. Otherwise, explicit synchronization is required to ensure thread safety. This compliant solution uses volatile to guard retrievals that use the getter method. A synchronized setter method is used to set the value of the Date object to ensure thread-safety. Defensive copies of the setter argument must be made to make the class Foo effectively immutable.

Code Block
bgColor#ccccff
public class Foo {
  public volatile Date d;
    
  public Foo() {
    d = new Date();  
  }
  
  public synchronized void setDate(Date date) {    
    // Defensive copying
    d = date.clone();
  }
  
  public Date getDate() {
    return d.clone();
  }  
}

Compliant Solution

This compliant solution ensures that the Foo object is immutable by removing the setter method. The Date object can be safely published as a result.

Code Block
bgColor#ccccff
public class Foo {
  public final volatile Date d;
    
  public Foo() {
    d = new Date();  
  }
    
  public Date getDate() {
    return d;
  }  
}

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CON26- J

medium

probable

medium

P12

L1

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Goetz 07|AA. Java References#Goetz 07]\] Pattern #2: "one-time safe publication"

...