...
A significant number of concurrency vulnerabilities arise from locking on the wrong kind of object. It is important to consider the properties of the lock object rather than simply scavenging for objects on which to synchronize.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
LCK01-J | medium | probable | medium | P8 | L2 |
Automated Detection
Some static analysis tools can detect violations of this rule.
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
The Checker Framework |
| Lock Checker | Concurrency and lock errors (see Chapter 6) |
Parasoft Jtest |
|
|
|
CERT. |
FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE
FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_SHARED_CONSTANT
LCK01.SCS | Do not synchronize on constant Strings | |||||||
PVS-Studio |
| V6070 |
Synchronization on boxed primitive
Synchronization on interned String
SonarQube |
| S1860 |
ThreadSafe |
| CCE_CC_REUSEDOBJ_SYNC | Implemented |
Bibliography
...
...