SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 35

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 36

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
The {{java.lang.ThreadLocal<T>}} class provides thread-local variables. According to the Java API \[[API 062006|AA. Java References#API 06]\]:

These variables differ from their normal counterparts in that each thread that accesses one (via its get or set method) has its own, independently initialized copy of the variable. ThreadLocal instances are typically private static fields in classes that wish to associate state with a thread (e.g., a user ID or Transaction ID).

Wiki Markup
The use of {{ThreadLocal}} objects requires care in classes whose objects are required to be executed by multiple threads in a thread pool. The technique of thread pooling allows threads to be reused when thread creation overhead is too expensive or when creating an unbounded number of threads can diminish the reliability of the system. Every thread that enters the pool expects to see an object in its initial, default state. However, when {{ThreadLocal}} objects are modified from a thread which is subsequently made available for reuse, the reused thread sees the state of the {{ThreadLocal}} object as set by the previous thread \[[JPL 062006|AA. Java References#JPL 06]\].

...

This noncompliant code example consists of an enumeration of days (Day) and two classes (Diary and DiaryPool). The Diary class Diary uses a ThreadLocal variable to store thread-specific information, such as each thread's current day. The initial value of the current day is Monday; this can be changed later by invoking the setDay() method. The class also contains a threadSpecificTask() instance method that performs a thread-specific task.

The DiaryPool class DiaryPool consists of two methods the doSomething1() and doSomething2() methods that each start a thread. The doSomething1() method changes the initial (default) value of the day to Friday and invokes threadSpecificTask(). On the other hand, doSomething2() relies on the initial value of the day (Monday) diary and invokes threadSpecificTask(). The main() method creates one thread using doSomething1() and two more using doSomething2().

...

The DiaryPool class creates a thread pool that reuses a fixed number of threads operating off a shared, unbounded queue. At any point, at most NoOfThreadsthreads are actively processing tasks. If additional tasks are submitted when all threads are active, they will wait in the queue until a thread is available. The thread-local state of the thread persists when a thread is recycled.

...

In this execution order, it is expected that the two tasks (t2 and t3) that started using doSomething2() will are expected to observe the current day as Monday, however. However, because pool thread 1 is reused, t3 observes the day to be Friday .

...

Code Block
bgColor#FFCCCC
public final class DiaryPool {
  final int NoOfThreads = 3;
  // ...
}

Although this produces the required results increasing the size of the thread pool resolves the problem for this example, it is not a scalable solution because changing the thread pool size is insufficient when more tasks can be submitted to the pool.

...

This compliant solution adds the removeDay() method to the Diary class and wraps the statements in the doSomething1() method of class DiaryPool in a try-finally block. The finally block restores the initial state of the thread-local days object days by removing the current thread's value from it.

...

Wiki Markup
If the thread-local variable is read by the same thread again, it is reinitialized using the {{initialValue()}} method, unless the thread explicitlyhas already setsset the variable's value before this happensexplicitly \[[API 062006|AA. Java References#API 06]\]. This solution transfers the responsibility for maintenance to the client ({{DiaryPool}}) but is a good option when the {{Diary}} class cannot be modified.

...

This compliant solution uses a custom ThreadPoolExecutor that extends ThreadPoolExecutor and overrides the beforeExecute() method. This That method is invoked before the Runnable task is executed in the specified thread to reinitialize . The method reinitializes the thread-local variable before task r is executed by thread t.

Code Block
bgColor#ccccff
class CustomThreadPoolExecutor extends ThreadPoolExecutor {
  public CustomThreadPoolExecutor(int corePoolSize, int maximumPoolSize,
     long keepAliveTime, TimeUnit unit, BlockingQueue<Runnable> workQueue) {
        super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue);
  }

  @Override
  public void beforeExecute(Thread t, Runnable r) {
    if (t == null || r == null) {
      throw new NullPointerException();
    }
    Diary.setDay(Day.MONDAY);
    super.beforeExecute(t, r);
  }
}

public final class DiaryPool {
  // ...
  DiaryPool() {
    exec = new CustomThreadPoolExecutor(NoOfThreads, NoOfThreads,
             10, TimeUnit.SECONDS, new ArrayBlockingQueue<Runnable>(10));
    diary = new Diary();
  }
  // ...
}

Exceptions

CON33TPS04-EX1: There is no need to reinintialize a ThreadLocal object that does not change state after initialization. For example, there may be only one type of database connection represented by the initial value of the ThreadLocal object.

...

Objects using ThreadLocal data and executed by different threads in a thread pool without reinitialization might be in an unexpected state when reused.

Rule Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

CON33 TPS04- J

medium

probable

high

P4

L3

Automated Detection

TODO

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 062006|AA. Java References#API 06]\] class {{java.lang.ThreadLocal<T>}}
\[[JPL 062006|AA. Java References#JPL 06]\] 14.13. ThreadLocal Variables

...