...
| Code Block | ||
|---|---|---|
| ||
public final class Client {
private final Lock lock = new ReentrantLock();
public void doSomething(File file) {
InputStream in = null;
try {
lock.lock(in = new FileInputStream(file);
in = new FileInputStream(filelock.lock();
// Perform operations on the open file
lock.unlock();
} catch (FileNotFoundException x) {
// Handle exception
} finally {
if (in != null) {
try {
in.close();
} catch (IOException x) {
// Handle exception
}
}
}
}
} |
...
Failure to release locks on exceptional conditions could lead to thread starvation and deadlock.
Rule | Severity | Likelihood | Detectable |
|---|
Repairable | Priority | Level | |
|---|---|---|---|
LCK08-J | Low | Likely | Yes |
Yes | P9 | L2 |
Automated Detection
Some static analysis tools are capable of detecting violations of this rule.
| Tool | Version | Checker | Description |
|---|---|---|---|
| Parasoft Jtest |
|
|
|
| CERT.LCK08.RLF |
CERT. |
| LCK08.LOCK |
| Release Locks in a "finally" block Do not abandon unreleased locks | |||||||||
| ThreadSafe |
| CCE_LK_UNRELEASED_ON_EXN | Implemented |
Related Vulnerabilities
The GERONIMO-2234 issue report describes a vulnerability in the Geronimo application server. If the user single-clicks the keystore portlet, the user will lock the default keystore without warning. This causes a crash and stack trace to be produced. Furthermore, the server cannot be restarted because the lock is never cleared.
Related Guidelines
Bibliography
...
...