...
A significant number of concurrency vulnerabilities arise from locking on the wrong kind of object. It is important to consider the properties of the lock object rather than simply scavenging for objects on which to synchronize.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
LCK01-J | medium | probable | medium | P8 | L2 |
Automated Detection
Some static analysis tools can detect violations of this rule.
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
The Checker Framework |
| Lock Checker | Concurrency and lock errors (see Chapter 6) |
FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE
FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_SHARED_CONSTANT
Synchronization on boxed primitive
Synchronization on interned String
Parasoft Jtest |
| CERT.LCK01.SCS | Do not synchronize on constant Strings | ||||||
PVS-Studio |
| V6070 | |||||||
SonarQube |
|
| S1860 |
ThreadSafe |
| CCE_CC_REUSEDOBJ_SYNC | Implemented |
Bibliography
...
...