 
                            The Java Language Specification (JLS) allows 64-bit long and double values to be treated as two 32-bit values. For example, a 64-bit write operation may could be performed as two separate 32-bit operations.unmigrated-wiki-markup
According   to   the  Java Language Specification \[[ JLS 05|AA. Java References#JLS 05]\], Section 17.7 , §17.7, "Non-Atomic   Treatment   of  {{double}}  and  {{long}}" [JLS 2015]:
... this behavior is implementation specific; Java virtual machines are free to perform writes to
longanddoublevalues atomically or in two parts. For the purposes of the Java programming language memory model, a single write to a non-volatilelongordoublevalue is treated as two separate writes: one to each 32-bit half. This can result in a situation where a thread sees the first 32 bits of a 64-bit value from one write, and the second 32 bits from another write....
Some implementations may find it convenient to divide a single write action on a 64-bit
longordoublevalue into two write actions on adjacent 32-bit values. For efficiency's sake, this behavior is implementation-specific; an implementation of the Java Virtual Machine is free to perform writes tolonganddoublevalues atomically or in two parts.
This behavior can result in indeterminate values being read in code that is required to be thread-safe. Consequently, multithreaded programs must ensure atomicity when reading or writing 64-bit values.
Noncompliant Code Example
In this noncompliant code example, if one thread repeatedly calls the assignValue() method and another thread repeatedly calls the printLong() method, the printLong() method could occasionally print a value of i that is neither zero nor the value of the j argument. :
| Code Block | ||
|---|---|---|
| 
 | ||
| class LongContainer { private long i = 0; void assignValue(long j) { i = j; } void printLong() { System.out.println("i = " + i); } } | 
A similar problem may can occur if when i is declared as a double.
Compliant Solution (Volatile)
This compliant solution declares i as volatile. Writes and reads of long and double volatile values are always atomic.
| Code Block | ||
|---|---|---|
| 
 | ||
| class LongContainer { private volatile long i = 0; void assignValue(long j) { i = j; } void printLong() { System.out.println("i = " + i); } } | 
It is important to ensure that the argument to the assignValue() method is obtained from a volatile variable or obtained as a the result of explicitly passing an integer valueatomic read. Otherwise, a read of the variable argument may, can itself , expose a vulnerability.
Semantics The semantics of volatile do not explicitly exclude any guarantee of the atomicity of compound operations that involve read-modify-write sequences such as incrementing a value . See CON02(see VNA02-J. Ensure that compound operations on shared variables are atomic for more information).
Exceptions
CON05VNA05-J-EX1EX0: If all reads and writes of 64-bit long and double values occur within a synchronized region, the atomicity of the read/write is guaranteed. This requires that no unsynchronized both that the value is exposed only through synchronized methods in the class expose the value and that the value is inaccessible from other code (whether directly or indirectly) from other code. ( For more information, see CON02 VNA02-J. Ensure that compound operations on shared variables are atomic.)
CON05VNA05-J-EX2: Systems EX1: This rule can be ignored for platforms that guarantee that 64-bit long and double values are read and written as atomic operations may safely ignore this guideline. Note, however, that such guarantees are not portable across different platforms.
Risk Assessment
Failure to ensure the atomicity of operations involving 64-bit values in multithreaded applications can result in reading and writing indeterminate values. Many However, many Java Virtual Machines (JVMs) read and write 64-bit values atomically , even though the specification does not require them to.
| Rule | Severity | Likelihood | Detectable | 
|---|
| Repairable | Priority | Level | 
|---|
| VNA05-J | Low | 
| Unlikely | 
| Yes | 
| No | P2 | L3 | 
Related Vulnerabilities
Automated Detection
Some static analysis tools are capable of detecting violations Any vulnerabilities resulting from the violation of this rule are listed on the CERT website.
References
| Wiki Markup | 
|---|
| \[[JLS 05|AA. Java References#JLS 05]\] 17.7 Non-Atomic Treatment of double and long
\[[Goetz 06|AA. Java References#Goetz 06]\] 3.1.2. Non-Atomic 64-Bit Operations
\[[Goetz 04c|AA. Java References#Goetz 04c]\] 
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 667|http://cwe.mitre.org/data/definitions/667.html] "Insufficient Locking" | 
Issue Tracking
...
.
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| ThreadSafe | 
 | CCE_SL_INCONSISTENT | Implemented | 
Related Guidelines
Bibliography
| Section 3.1.2, "Non-atomic 64-Bit Operations" | |
| [JLS 2015] | 
...
...
||Completed||Priority||Locked||CreatedDate||CompletedDate||Assignee||Name||
|F|M|F|1269650712386|          |dmohindr|Section 17.7 "Non-Atomic Treatment of {{double}} and {{long}}" ... Non-Atomic is Non-atomic in JLS 05, should we retain the lower-case for "atomic" as given in the reference?|
CON04-J. Ensure that calls to chained methods are atomic 11. Concurrency (CON) CON06-J. Do not assume that declaring an object reference volatile guarantees visibility of its members