 
                            ...
| Code Block | 
|---|
| 
public void consumeElement() throws InterruptedException {
  synchronized (vector) {
    while (vector.isEmpty()) {
      vector.wait(); 
    }
    // Consume when condition holds
  }
}
 | 
...
New code should use the java.util.concurrent concurrency utilities instead of the wait/notify mechanism. However, legacy code may depend upon the wait/notify mechanism.
Noncompliant Code Example
This noncompliant code example invokes the wait() method inside a traditional if block and fails to check the post-condition after the notification is received. If the notification is accidental or malicious, the thread can wake up prematurely.
| Code Block | ||
|---|---|---|
| 
 | ||
| 
synchronized (object) {
  if (<condition does not hold>) {
    object.wait();
  }
  // Proceed when condition holds
}
 | 
Compliant Solution
This compliant solution calls the wait() method from within a while loop to check the condition before and after wait() is called.
| Code Block | ||
|---|---|---|
| 
 | ||
| 
synchronized (object) {
  while (<condition does not hold>) {
    object.wait(); 
  }
  // Proceed when condition holds
}
 | 
Similarly, invocations of the await() method of the java.util.concurrent.locks.Condition interface must be enclosed in a loop.
Risk Assessment
To guarantee liveness and safety, the wait() and await() methods must always be invoked inside a while loop.
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| CON22- J | low | unlikely | medium | P2 | L3 | 
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup | 
|---|
| \[[API 06|AA. Java References#API 06]\] [Class Object|http://java.sun.com/javase/6/docs/api/java/lang/Object.html] \[[Bloch 01|AA. Java References#Bloch 01]\] Item 50: Never invoke wait outside a loop \[[Lea 00|AA. Java References#Lea 00]\] 3.2.2 Monitor Mechanics, 1.3.2 Liveness \[[Goetz 06|AA. Java References#Goetz 06]\] Section 14.2, Using Condition Queues | 
...