...
Code Block | ||
---|---|---|
| ||
class MySingleton {
private static MySingleton instance;
protected MySingleton() {
instance = new MySingleton();
}
public static synchronized MySingleton getInstance() {
return instance;
}
}
|
...
Code Block | ||
---|---|---|
| ||
class MySingleton {
private static final MySingleton instance = new MySingleton();
private MySingleton() {
// Private constructor prevents instantiation by untrusted callers
}
public static synchronized MySingleton getInstance() {
return instance;
}
}
|
The MySingleton
class need not be declared final because it has a private constructor.
(Note that the initialization of instance
is done when MySingleton
is loaded, consequently it is protected by the class's initialization lock. See the JLS s12.4.2 for more information.)
Noncompliant Code Example (Visibility across Threads)
...
Code that is outside the scope can create another instance of the singleton class even though the requirement was to use only the original instance.
Because Because a singleton instance is associated with the class loader that is used to load it, it is possible to have multiple instances of the same class in the Java Virtual Machine. This situation typically occurs in J2EE containers and applets. Technically, these instances are different classes that are independent of each other. Failure to protect against multiple instances of the singleton may or may not be insecure depending on the specific requirements of the program.
...
Using improper forms of the Singleton design pattern may lead to creation of multiple instances of the singleton and violate the expected contract of the class.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC07-J | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
The Checker Framework |
| Linear Checker | Control aliasing and prevent re-use (see Chapter 19) | ||||||
Coverity | 7.5 | SINGLETON_RACE | Implemented | ||||||
Parasoft Jtest |
| CERT.MSC07.ILI |
Make lazy initializations thread-safe |
Related Guidelines
Bibliography
Item 3, "Enforce the Singleton Property with a Private Constructor or an | |
Item 15, "Avoiding Singleton Pitfalls" | |
Section 9.10, "Enforcing the Singleton Pattern" | |
[Fox 2001] | |
Singleton | |
Chapter 5, "Creational Patterns," section "Singleton" | |
[JLS 2015] |
...
...