Many programs must address the problem of handling a series of incoming requests. One simple concurrency strategy is the Thread-perPer-Message design pattern, which uses a new thread for each request [Lea 2000a]. This pattern is generally preferred over sequential executions of time-consuming, I/O-bound, session-based, or isolated tasks.
...
This noncompliant code example demonstrates the Thread-perPer-Message design pattern. The RequestHandler class provides a public static factory method so that callers can obtain a RequestHandler instance. The handleRequest() method is subsequently invoked to handle each request in its own thread.
...
Using simplistic concurrency primitives to process an unbounded number of requests could result in severe performance degradation, deadlock, or system resource exhaustion and DOS.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
TPS00-J | Low | Probable | High | P2 | L3 |
Automated Detection
Sound automated detection is infeasible; heuristic checks could be useful.
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest |
| CERT.TPS00.ISTART | Do not call the 'start()' method directly on Thread class instances |
Related Guidelines
Bibliography
[API 2014] | |
Chapter 8, "Applying Thread Pools" | |
Section 4.1.3, "Thread-Per-Message" |
...
...