...
Even though thread groups are useful for keeping threads organized, programmers seldom benefit from their use because many of the methods of the ThreadGroup class (for example, allowThreadSuspension(), resume(), stop(), and suspend()) are deprecated. Furthermore, many nondeprecated methods are obsolete in that they offer little desirable functionality. Ironically, a few ThreadGroup methods are not even thread-safe [Bloch 2001].
Insecure yet non-deprecated nondeprecated methods include
ThreadGroup.activeCount()
According to the Java API [API 2014], theactiveCount()method
This method is often used as a precursor to thread enumeration. Threads that have never started nevertheless reside in the thread group and are considered to be active. The active count is also affected by the presence of certain system threads [API 2014]. Consequently, thereturns an estimate of the number of active threads in the current thread's thread group and its subgroups.
activeCount()method might fail to reflect the actual number of running tasks in the thread group.
...
Use of the ThreadGroup APIs may result in race conditions, memory leaks, and inconsistent object state.
Rule | Severity | Likelihood | Detectable | Remediation CostRepairable | Priority | Level |
|---|---|---|---|---|---|---|
THI01-J | Low | Probable | Yes | MediumNo | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Klocwork |
| JAVA.THREADGROUP | |||||||
| Parasoft Jtest |
| CERT.THI01.AUTG | Do not use variables of the unsafe type 'java.lang.ThreadGroup' | ||||||
| SonarQube |
| S3014 | "ThreadGroup" should not be used |
Bibliography
[API 2006] | Class |
Item 53, "Avoid Thread Groups" | |
Item 73, "Avoid Thread Groups" | |
Section 7.3.1, "Uncaught Exception Handlers" | |
Section 13.1, " | |
| [Java Tutorials] | |
[JPL 2006] | Section 23.3.3, "Shutdown Strategies" |
[SDN 2006] | Bug ID 4089701 |
...