Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A significant number of concurrency vulnerabilities arise from locking on the wrong kind of object. It is important to consider the properties of the lock object rather than simply scavenging for objects on which to synchronize.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

LCK01-J

medium

probable

medium

P8

L2

Automated Detection

Some static analysis tools can detect violations of this rule.

ToolVersionCheckerDescription
The Checker Framework

Include Page
The Checker Framework_V
The Checker Framework_V

Lock CheckerConcurrency and lock errors (see Chapter 6)
CodeSonar
Parasoft Jtest
Include Page
CodeSonar
Parasoft_V
CodeSonar
Parasoft_V
FB
CERT.
MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_BOOLEAN
FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE
FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_SHARED_CONSTANT
LCK01.SCSDo not synchronize on constant Strings
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V6070
Synchronization on Boolean
Synchronization on boxed primitive
Synchronization on interned StringParasoft Jtest Include PageParasoft_VParasoft_VTRS.SCSImplemented

SonarQube
Include Page
SonarQube_V
SonarQube_V
S1860
 

ThreadSafe
Include Page
ThreadSafe_V
ThreadSafe_V

CCE_CC_REUSEDOBJ_SYNC

Implemented

Bibliography

[API 2006]

Class String, Collections

[Findbugs 2008]

 


[Miller 2009]

Locking

[Pugh 2008]

Synchronization

[Tutorials 2008]

Wrapper Implementations

...


...