Page History

An empty infinite loop that does not do anything within the loop body is a suboptimal solution, and no code should use it. The solution is suboptimal because it with an empty body consumes CPU cycles but does nothing. An optimizing compiler can Optimizing compilers and just-in-time systems (JITs) are permitted to (perhaps unexpectedly) remove such a loop, and it can lead to unexpected results. Consequently, programs must not include infinite loops with empty bodies.

Noncompliant Code Example

This noncompliant code example implements an idle task that continuously executes a loop without executing any instructions within the loop. An optimizing compiler or JIT could remove the while loop in the this example.

public int nop() {
  while (true) {}
}

Compliant Solution (Thread.sleep())

To avoid optimizing out of the loop, this compliant solution uses instructions that give up the CPU This compliant solution avoids use of a meaningless infinite loop by invoking Thread.sleep() within the while loop. The loop body contains semantically meaningful operations and consequently cannot be optimized away.

public final int DURATION=10000; // inIn milliseconds

public void nop() throws InterruptedException {
  while (true) {
    // Useful operations
    Thread.sleep(DURATION);
  }
}

...

This compliant solution invokes Thread.yield(), which causes the thread running this method to consistently defer to other threads.:

public void nop() {
  while (true) {
    Thread.yield();
  }
}

Risk Assessment

Related Guidelines

CERT C Secure Coding Standard: MSC40-C. Do not use an empty infinite loop

Bibliography

\[[API 2006|https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]\]

Automated Detection

Bibliography

...

Image Added Image Added Image AddedSER03-J. Prevent serialization of unencrypted, sensitive data      16. Serialization (SER)      SER05-J. Do not allow serialization and deserialization to bypass the Security Manager