Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Methods that can both can modify a static field and also can be invoked from untrusted code must synchronize access to the static field. Even when client-side locking is a specified requirement of the method, untrusted clients can fail to synchronize (whether inadvertently or maliciously). Because the static field is shared by all clients, untrusted clients may violate the contract by failing to provide suitable locking.

Wiki MarkupAccording to Joshua Bloch \ [[Bloch 2008|AA. Bibliography#Bloch 08]\]]:

If a method modifies a static field, you must synchronize access to this field, even if the method is typically used only by a single thread. It is not possible for clients to perform external synchronization on such a method because there can be no guarantee that unrelated clients will do likewise.

...

This noncompliant code example fails to synchronize access to the static counter field.:

Code Block
bgColor#FFCCCC

/** This class is not thread-safe */
public final class CountHits {
  private static int counter;

  public void incrementCounter() {
    counter++;
  }
}

This class definition complies with rule VNA02-J. Ensure that compound operations on shared variables are atomic, which applies only applies to classes that promise thread-safety. However, this class has a mutable static counter field that is modified by the publicly accessible incrementCounter() method. Consequently, this class cannot be used securely by trusted client code, because because untrusted code can purposely fail to externally synchronize access to the field.

...

This compliant solution uses a static private final lock to protect the counter field and , consequently , lacks any dependence on external synchronization. This solution also complies with rule LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code.

Code Block
bgColor#ccccff

/** This class is thread-safe */
public final class CountHits {
  private static int counter;
  private static final Object lock = new Object();

  public void incrementCounter() {
    synchronized (lock) {
      counter++;
    }
  }
}

Risk Assessment

Failure to internally internally synchronize access to static fields that can be modified by by untrusted code risks incorrect synchronization , because the author of the untrusted code can inadvertently or maliciously ignore the synchronization policy (whether inadvertently or maliciously).

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

LCK05-J

low

Low

probable

Probable

medium

Medium

P4

L3

Automated Detection

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.CONCURRENCY.UG.METH

Unguarded Method (Java)

Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.LCK05.IASFInspect accesses to "static" fields which may require synchronization

Related Guidelines

MITRE CWE

CWE-820,

"

Missing Synchronization

"

Bibliography

...

[

[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

API 2014]


[Bloch 2008

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="74fd3107-6efd-4336-9e66-56b04bc85e0e"><ac:plain-text-body><![CDATA[

[[Bloch 2008

AA. Bibliography#Bloch 08]

]

Item 67

:

, "Avoid

excessive synchronization"

]]></ac:plain-text-body></ac:structured-macro>

Issue Tracking

...

 
||Completed||Priority||Locked||CreatedDate||CompletedDate||Assignee||Name|| 

Excessive Synchronization"


...

Image Added Image Added Image Removed      08. Locking (LCK)