You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

To avoid data corruption in multithreaded Java programs, one has to protect the data that is shared between multiple threads as described in detail in CON30-J. Synchronize access to shared mutable variables. This can be done at the object level by using synchronized blocks (coarse-grained locking), as a result locking out other threads from interfering. If synchronization is used judiciously, (See CON00-J. Do not invoke a superclass method or constructor from a synchronized region in the subclass) deadlocks do not usually crop up.

If however, one follows a fine-grained locking approach by using member locks, deadlocks can still arise unless it is ensured that each and every thread always requests locks in the same order.

Noncompliant Code Example

In this noncompliant code example, a deadlock occurs if the transfer method acquires the monitors in decreasing numeric order, while the sumHelper method uses an increasing numeric order to acquire its locks.

class Stocks implements FundConstants {
  static int[] balances = new int[noOfStocks];
  static Object[] locks = new Object[noOfStocks];
  static
  {
    for (int n=0; n<noOfStocks; n++) {
      balances[n] = 10000;
      locks[n] = new Object();
    }
  }

  static void transfer(Transfer t) {
    int lo, hi;
    if (t.fundFrom > t.fundTo) {// acquires the monitors in decreasing numeric order
      lo = t.fundFrom;
      hi = t.fundTo;
     } else {
      lo = t.fundTo;
      hi = t.fundFrom;
     }
     
     synchronized (locks[lo]) {
       synchronized (locks[hi]) {
         balances[t.fundFrom] -= t.amount;
         balances[t.fundTo] += t.amount;
       }
      }
    }

  static int sumHelper (int next) {
    synchronized (locks[next]) {
      if (next == (noOfStocks-1)) {
        return balances[next];
      } else {
       return balances[next] + sumHelper(next+1);
     }
   }
 }

  static void checkSystem() {
    int actual = 0;
    actual = sumHelper(0);
    System.out.println("Actual balance is" + actual);
  }
}

Compliant Solution

To implement a fine-grained locking strategy, request a separate lock for each position in the balances array. Since one cannot lock on primitive types, a direct lock on the items in the balances array cannot be obtained. Instead, one has to create an array of Object (locks).

This compliant solution avoids deadlocks because every thread requests monitors in the same order and as a result the locks are acquired (and released) correctly.

class Stocks implements FundConstants {
  static int[] balances = new int[noOfStocks];
  static Object[] locks = new Object[noOfStocks];
  
  static
  {
     for (int n=0; n<noOfStocks; n++) {
       balances[n] = 10000;
       locks[n] = new Object();
     }
  }

  static void transfer(Transfer t) {
    int lo, hi;
    if (t.fundFrom < t.fundTo) {
      lo = t.fundFrom;
      hi = t.fundTo;
    } else {
        lo = t.fundTo;
        hi = t.fundFrom;
    }
    synchronized (locks[lo]) {
      synchronized (locks[hi]) {
        balances[t.fundFrom] -= t.amount;
        balances[t.fundTo] += t.amount;
      }
    }
  }

  static int sumHelper (int next) {
    synchronized (locks[next]) {
      if (next == (noOfStocks-1)) {
        return balances[next];
      } else {
        return balances[next] +
        sumHelper(next+1);
      }
    }
  }

  static void checkSystem() {
    int actual = 0;
    actual = sumHelper(0);
    System.out.println("Actual balance is " + actual);
  }
}

Risk Assessment

Fine-grained locking may result in deadlocks if some thread does not always request locks in the same order as others.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CON34- J

low

likely

high

P3

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[JLS 05]] Chapter 17, Threads and Locks
[[SDN 08]] Sun Developer Network Tech tips 
[[MITRE 09]] CWE ID 412 "Unrestricted Lock on Critical Resource"


CON33-J. Address the shortcomings of the Singleton design pattern      09. Concurrency (CON)      CON35-J. Do not try to force thread shutdown

  • No labels