Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A common misconception is that shared references to immutable objects are immediately visible across multiple threads as soon as they are updated. For example, a developer can mistakenly believe that a class containing fields that refer only to immutable objects is itself immutable and consequently threa thread-safe.

Section 14.10.2, "Final Fields and Security," of Java Programming Language, Fourth Edition [JPL 2006] states:

...

References to both immutable and mutable objects must be made visible to all the threads. Immutable objects can be shared safely among multiple threads. However, references to mutable objects can be made visible before the objects are fully constructed. Rule TSM03-J. Do not publish partially initialized objects describes object construction and visibility issues specific to mutable objects.

...

. Furthermore, because Helper is immutable, it is always constructed properly before its reference is made visible, in compliance with rule TSM03-J. Do not publish partially initialized objects. Unfortunately, a separate thread could observe a stale reference in the helper field of the Foo class.

...

This compliant solution synchronizes the methods of the Foo class to ensure that no thread sees a stale Helper reference.:

Code Block
bgColor#CCCCFF
final class Foo {
  private Helper helper;

  public synchronized Helper getHelper() {
    return helper;
  }

  public synchronized void setHelper(int num) {
    helper = new Helper(num);
  }
}

The immutable Helper class remains unchanged.

Compliant Solution (

...

volatile)

References to immutable member objects can be made visible by declaring them volatile.:

Code Block
bgColor#CCCCFF
final class Foo {
  private volatile Helper helper;

  public Helper getHelper() {
    return helper;
  }

  public void setHelper(int num) {
    helper = new Helper(num);
  }
}

...

This compliant solution wraps the mutable reference to the immutable Helper object within an AtomicReference wrapper that can be updated atomically.:

Code Block
bgColor#CCCCFF
final class Foo {
  private final AtomicReference<Helper> helperRef =
      new AtomicReference<Helper>();

  public Helper getHelper() {
    return helperRef.get();
  }

  public void setHelper(int num) {
    helperRef.set(new Helper(num));
  }
}

...

The incorrect assumption that classes that contain only references to immutable objects are themselves immutable can cause serious thread-safety issues.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

VNA01-J

lowLow

probableProbable

mediumMedium

P4

L3

Automated Detection

Some static analysis tools are capable of detecting violations of this rule.

ToolVersionCheckerDescription
ThreadSafe
Include Page
ThreadSafe_V
ThreadSafe_V

CCE_SL_INCONSISTENT
CCE_CC_CALLBACK_ACCESS
CCE_SL_MIXED
CCE_SL_INCONSISTENT_COL
CCE_SL_MIXED_COL
CCE_CC_UNSAFE_CONTENT

Implemented

 

Bibliography

[API 20062014]

 

[JPL 2006]

Section 14.10.2, "Final Fields and Security"

Issue Tracking

Tasklist
Review List
Review List
||Completed||Priority||Locked||CreatedDate||CompletedDate||Assignee||Name||
|F|M|F|1270826173609|          |dmohindr|"Unfortunately, a separate thread -could- *can* observe a stale reference in the helper field of the Foo class."|
|T|M|F|1270826698362|1271441478121|svoboda|"This compliant solution synchronizes the methods of *class* Foo -class- " (it sounds strange with class occuring after Foo)|

...