SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 39

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 40

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
public class SomeObjSomeObject {
  public synchronized void changeValue() { // Locks on the class object's monitor
    // ...   
  }
}

// Untrusted code
synchronized (someObject) {
  while(true) {
    Thread.sleep(Integer.MAX_VALUE); // Indefinitely delay someObject
  }
}

...

Code Block
bgColor#ccccff
public class SomeObjSomeObject {
  private final Object lock = new Object(); // private lock object

    public void changeValue() {
      synchronized(lock) { // Locks on the private Object
        // ...
      }
    }
}

For more details on using the private Object lock refer to CON02-J. Always synchronize on the appropriate object. There is some performance impact associated with using block synchronization instead of method synchronization but the difference is usually negligible. In the presence of statements that do not require synchronization amongst those that do, block synchronization tends to be a better performer.

Risk Assessment

Exposing the class object to untrusted code can result in denial-of-service.

...