SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 35

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
Do not submit tasks that do not support interruption using {{Thread.interrupt()}} to a thread pool if it is necessary to shutdown the thread pool or to cancel individual tasks within the thread poolit.   According to the Java API interface \[[API 062006|AA. Java References#API 06]\], the {{java.util.concurrent.ExecutorService.shutdownNow()}} method:

Attempts to stop all actively executing tasks, halts the processing of waiting tasks, and returns a list of the tasks that were awaiting execution. There are no guarantees beyond best-effort attempts to stop processing actively executing tasks. For example, typical implementations will cancel via Thread.interrupt(), so any task that fails to respond to interrupts may never terminate.

...

Because the task does not support interruption using the Thread.interrupt() method, there is no guarantee that the shutdownNow() method will shutdown the thread pool. Using the shutdown() method does not fix the problem either , because it waits until all executing tasks have finished.

...

Code Block
bgColor#ccccff
public final class SocketReader implements Runnable {
  private final SocketChannel sc;
  private final Object lock = new Object();

  public SocketReader(String host, int port) throws IOException {
    sc = SocketChannel.open(new InetSocketAddress(host, port));
  }

  @Override public void run() {
    ByteBuffer buf = ByteBuffer.allocate(1024);
    try {
      synchronized (lock) {
        while (!Thread.interrupted()) {
          sc.read(buf);
          // ...
        }
      }
    } catch (IOException ie) {
      // Forward to handler
    }
  }
}

public final class PoolService {
  // ...
}

Exceptions

CON31TPS02-EX1: Short-running tasks that execute without blocking are not required to adhere to this guideline.

...

Submitting tasks that are not interruptible may preclude the thread pool from shutting down and cause denial of service.

Rule Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

CON31 TPS02- J

low

probable

medium

P4

L3

...

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 062006|AA. Java References#API 06]\] interface ExecutorService
\[[Goetz 062006|AA. Java References#Goetz 06]\] Chapter 7: Cancellation and shutdown

...