synchronized() bugs -

hsbcnet

浏览: 3238 次
性别:
来自: 广州

最近访客更多访客>>

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

synchronized() bugs

JVM J#

https://www.securecoding.cert.org/confluence/display/java/LCK01-J.+Do+not+synchronize+on+objects+that+may+be+reused

What I wrote here is exactlly copied from the above link, please refer to the original place

Misuse of synchronization primitives is a common source of concurrency issues. Synchronizing on objects that may be reused can result in deadlock and nondeterministic behavior.

Noncompliant Code Example (Boolean Lock Object)
This noncompliant code example synchronizes on a Boolean lock object.

private final Boolean initialized = Boolean.FALSE;

public void doSomething() {
  synchronized (initialized) {
    // ...
  }
}

The Boolean type is unsuitable for locking purposes because it allows only two values: true and false. Boolean literals containing the same value share unique instances of the Boolean class in the JVM. In this example, initialized references the instance corresponding to the value false. If any other code inadvertently synchronizes on a Boolean literal with the value false, the lock instance is reused and the system can become unresponsiveness or deadlocked.

Noncompliant Code Example (Boxed Primitive)
This noncompliant code example locks on a boxed Integer object.

int lock = 0;
private final Integer Lock = lock; // Boxed primitive Lock is shared

public void doSomething() {
  synchronized (Lock) {
    // ...
  }
}

Boxed types may use the same instance for a range of integer values and consequently suffer from the same problem as Boolean constants. If the value of the primitive can be represented as a byte, the wrapper object is reused. Note that the use of the boxed Integer wrapper object is insecure; instances of the Integer object constructed using the new operator (new Integer(value)) are unique and not reused. In general, holding a lock on any data type that contains a boxed value is insecure.

Compliant Solution (Integer)
This compliant solution recommends locking on a non-boxed Integer. The doSomething() method synchronizes using the intrinsic lock of the Integer instance, Lock.

int lock = 0;
private final Integer Lock = new Integer(lock);

public void doSomething() {
  synchronized (Lock) {
    // ...
  }
}

When explicitly constructed, an Integer object has a unique reference and its own intrinsic lock that is not shared with other Integer objects or boxed integers having the same value. While this is an acceptable solution, it can cause maintenance problems because developers can incorrectly assume that boxed integers are appropriate lock objects. A more appropriate solution is to synchronize on a private final lock object as described in the following compliant solution.

Noncompliant Code Example (Interned String Object)

This noncompliant code example locks on an interned String object.

private final String lock = new String("LOCK").intern();

public void doSomething() {
  synchronized (lock) {
    // ...
  }
}

According to the Java API class [API 2006] java.lang.String documentation

When the intern() method is invoked, if the pool already contains a string equal to this String object as determined by the equals(Object) method, then the string from the pool is returned. Otherwise, this String object is added to the pool and a reference to this String object is returned.

Consequently, an interned String object behaves like a global variable in the JVM. As demonstrated in this noncompliant code example, even if every instance of an object maintains its own lock field, the field references a common String constant. Locking on String constants has the same problem as locking on Boolean constants.

Additionally, hostile code from any other package can exploit this vulnerability, if the class is accessible. (For more information, see guideline LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code.)

Noncompliant Code Example (String Literal)
This noncompliant code example locks on a final String literal.

// This bug was found in jetty-6.1.3 BoundedThreadPool
private final String lock = "LOCK";

// ...
  synchronized (lock) {
    // ...
  }
// ...

A String literal is a constant and interned. Consequently, it suffers from the same pitfalls as the preceding noncompliant code example.

Compliant Solution (String Instance)
This compliant solution locks on a String instance that is not interned.

private final String lock = new String("LOCK");

public void doSomething() {
  synchronized (lock) {
    // ...
  }
}

A String instance differs from a String literal. The instance has a unique reference and its own intrinsic lock that is not shared by other String object instances or literals. A better approach is to synchronize on a private final lock object as shown in the following compliant solution.

Compliant Solution (Private Final Lock Object)
This compliant solution synchronizes on a private final lock object. This is one of the few cases where a java.lang.Object instance is useful.

private final Object lock = new Object();

public void doSomething() {
  synchronized (lock) {
    // ...
  }
}

For more information on using an Object as a lock, see guideline LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code.

分享到：