Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

11. Concurrency (CON)

Created by Dhruv Mohindra, last modified on Dec 18, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Guidelines

CON00-J. Declare shared variables as volatile to ensure visibility and prevent reordering of statements

CON01-J. Design APIs that ensure atomicity of composite operations and visibility of results

CON02-J. Always synchronize on the appropriate object

CON03-J. Do not use background threads during class initialization

CON04-J. Use the private lock object idiom instead of intrinsic synchronization

CON05-J. Ensure that threads do not fail during activation

CON06-J. Do not defer a thread that is holding a lock

CON07-J. Ensure atomicity of calls to thread-safe APIs

CON08-J. Do not invoke a superclass method or constructor from a synchronized region in the subclass

CON09-J. Do not call overridable methods from synchronized regions

CON10-J. Methods that override synchronized methods must also possess synchronization capabilities

CON11-J. Do not assume that declaring an object volatile guarantees visibility of its members

CON12-J. Avoid deadlock by requesting locks in the proper order

CON13-J. Do not try to force thread shutdown

CON14-J. Do not let the "this" reference escape during object construction

CON15-J. Ensure actively held locks are released on exceptional conditions

CON16-J. Do not expect sleep() and yield() methods to have any synchronization semantics

CON17-J. Avoid using ThreadGroup APIs

CON18-J. Always invoke wait() and await() methods inside a loop

CON19-J. Use notifyAll() instead of notify() to resume waiting threads

CON20-J. Never apply a lock to methods making network calls

CON21-J. Facilitate thread reuse by using Thread Pools

CON22-J. Do not use incorrect forms of the double-checked locking idiom

CON23-J. Address the shortcomings of the Singleton design pattern

CON24-J. Use a unique channel to acquire locks on any file

CON25-J. Ensure atomicity when reading and writing 64-bit values

CON26-J. Do not publish partially-constructed objects

Risk Assessment Summary

Guideline	Severity	Likelihood	Remediation Cost	Priority	Level
CON00-J	medium	probable	medium	P8	L2
CON01-J	medium	probable	medium	P8	L2
CON02-J	low	likely	high	P3	L3
CON03-J	low	probable	medium	P4	L3
CON04-J	low	probable	medium	P4	L3
CON05-J	low	probable	medium	P4	L3
CON06-J	low	probable	medium	P4	L3
CON07-J	low	likely	high	P3	L3
CON08-J	low	likely	high	P3	L3
CON09-J	low	probable	medium	P4	L3
CON10-J	low	probable	medium	P4	L3
CON11-J	low	likely	high	P3	L3
CON12-J	low	probable	medium	P4	L3
CON14-J	low	probable	medium	P4	L3
CON15-J	low	likely	low	P9	L2
CON16-J	low	probable	medium	P4	L3
CON17-J	low	probable	low	P6	L2
CON18-J	low	unlikely	medium	P2	L3
CON19-J	low	unlikely	medium	P2	L3
CON20-J	low	probable	high	P2	L3
CON21-J	low	probable	high	P2	L3
CON22-J	low	probable	medium	P4	L3
CON23-J	low	unlikely	medium	P2	L3
CON24-J	low	unlikely	medium	P2	L3
CON25-J	low	unlikely	medium	P2	L3

IDS17-J. Understand how escape characters are interpreted when String literals are compiled The CERT Sun Microsystems Secure Coding Standard for Java VOID CON00-J. Synchronize access to shared mutable variables

No labels