SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 9

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Winfried Gerlach

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Static shared data should not be protected using instance locks because the Programs must not use instance locks to protect static shared data because instance locks are ineffective when two or more instances of the class are created. Consequently, failure to use a static lock object leaves the shared state is not safe for unprotected against concurrent access unless a static lock object is used. Ideally, the lock should . Lock objects for classes that can interact with untrusted code must also be private and final, as per CON04shown in LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code.

Noncompliant Code Example (

...

Nonstatic Lock Object for Static Data)

This noncompliant code example uses a non-static lock object attempts to guard access to a the static counter field counter. If using a nonstatic lock object. When two Runnable tasks are started, they will create two instances of the lock object and lock on each instance separately.

Code Block
bgColor#FFcccc

public final class CountBoxes implements Runnable {
  private static volatile int counter;
  // ...
  private final Object lock = new Object();    

  @Override public void run() {
    synchronized (lock) {
      counter++; 
      // ... 
    } 
  }

  public static void main(String[] args) {
    for (int i = 0; i < 2; i++) {
      new Thread(new CountBoxes()).start();
    }
  }
}

This does not example fails to prevent either thread from observing an inconsistent value of counter because the increment operation on volatile fields is not fails to be atomic in the absence of proper synchronization (see VNA02-J. Ensure that compound operations on shared variables are atomic for more information).

Noncompliant Code Example (

...

Method Synchronization for Static Data)

This noncompliant code example uses method synchronization to protect access to a static class counter field counter. :

Code Block
bgColor#FFcccc

public final class CountBoxes implements Runnable {
  private static volatile int counter;
  // ...

  public synchronized void run() {
    counter++; 
    // ... 
  }
  // ...
}

In this case, the method synchronization uses the intrinsic lock is associated with each instance of the class and not rather than the intrinsic lock associated with the class itself. Consequently, threads constructed using different Runnable instances may observe inconsistent values of the counter.

Compliant Solution (

...

Static Lock Object)

This compliant solution declares the lock object as static and consequently, ensures the atomicity of the increment operation .by locking on a static object:

Code Block
bgColor#ccccff

public class CountBoxes implements Runnable {
  private static int counter;
  // ...
  private static final Object lock = new Object();    
  
  public void run() {
    synchronized (lock) {
      counter++; 
      // ...
    }
  }
  // ...
}

There is no requirement for declaring It is unnecessary to declare the counter variable as volatile when using synchronization is used.

Risk Assessment

Using an instance lock to protect static shared data does not provide any synchronization properties and can lead to non-deterministic can result in nondeterministic behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CON34

LCK06-J

medium

Medium

probable

Probable

medium

Medium

P8

L2

Automated Detection

The following table summarizes the examples flagged as violations by SureLogic Flashlight:

Noncompliant Code Example

Flagged

Message

non-static lock object for static data

No

No obvious issues

method synchronization for static data

No

No obvious issues

The following table summarizes the examples flagged as violations by SureLogic JSure:

Noncompliant Code Example

Flagged

Message

non-static lock object for static data

Yes

modeling problem: static region "counter" should be protected by a static field

method synchronization for static data

Yes

modeling problem: static region "counter" should be protected by a static field

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\]

Some static analysis tools can detect violations of this rule.

ToolVersionCheckerDescription
Parasoft Jtest

Include Page
Parasoft_V
Parasoft_V

CERT.LCK06.INSTLOCKDo not use an instance lock to protect shared static data
SpotBugs

Include Page
SpotBugs_V
SpotBugs_V

SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATAImplemented since 4.6.0

Related Guidelines

MITRE CWE

CWE-667, Improper Locking

Bibliography

[API 2014]

Issue Tracking

Tasklist
Review List
Review List
 
||Completed||Priority||Locked||CreatedDate||CompletedDate||Assignee||Name|| 
|T|M|F|1270215165305|1271447005294|rcs_mgr|"Ideally, the lock should also be private and final" => I have been penalized for using "ideally" before. I would just remove that sentence or make it more definitive. Note that we also have an NCE that uses method synchronization. Perhaps we also need a CS with a static method.|


...

Image Added Image Added Image AddedVOID CON00-J. Synchronize access to shared mutable variables      11. Concurrency (CON)      CON03-J. Do not use background threads during class initialization