Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Deadlock prevents multiple threads from progressing, halting program execution. A denial-of-service attack is possible if the attacker can create the conditions for deadlock.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

CON35-C

Low

Probable

No

Medium

No

P4

P2

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V
deadlockSupported by sound analysis (deadlock alarm)
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
CONCURRENCY.LOCK.ORDERConflicting lock order
Coverity
Include Page
Coverity
6.5DEADLOCKFully implemented
_V
Coverity_V
ORDER_REVERSALFully implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-con35-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C1772, C1773
Klocwork
Include Page
Klocwork_V
Klocwork_V

CONC.DL
CONC.NO_UNLOCK


Parasoft C/C++test
9.5BD-TRS-DLOCK
Include Page
Parasoft_V
Parasoft_V
CERT_C-CON35-a

Do not acquire locks in different order

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

2462

Fully supported

Fully implemented

Polyspace Bug Finder
R2016aDeadlock

Call sequence to lock functions cause two tasks to block each other

...

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule CON35-C

Checks for deadlock (rule partially covered)

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT Oracle Secure Coding Standard for JavaLCK07-J. Avoid deadlock by requesting and releasing locks in the same order
MITRE CWECWE-764, Multiple Locks of a Critical Resource
Prior to 2018-01-12: CERT: Unspecified Relationship

  

...

Image Modified Image Modified Image Modified