JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
A synchronized statement is needed to access a field.
Programmers often forget about the consistent use of synchronization statements, which results in fields being accessed without the required lock being held. This checker identifies such situations, even without any explicit annotation by the programmer.
The analyzer uses a statistical approach: if most accesses to a particular field are synchronized then it is likely that all accesses are intended to be synchronized, so a warning will be issued if there is an unsynchronized access to that field.
Java uses synchronized statements and methods to guarantee that data is accessed in a sequential way and avoid race conditions in multithreaded applications. Incorrect uses of synchronization result in unexpected behaviors and subtle bugs, very hard to identify and reproduce.
Checks for this warning class make use of annotations @com.juliasoft.julia.checkers.guardedBy.GuardedBy and @com.juliasoft.julia.checkers.guardedBy.Holding. Add these annotations to your code to identify synchronization requirements for CodeSonar to check.
The @GuardedBy annotation for fields and parameters and the @Holding annotation for methods and constructors accept a string argument, according to the following syntax.
| Class Name | Missing synchronized Statement (Java) | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Significance | reliability | |||||||||||||||
| Mnemonic | JAVA.CONCURRENCY.SYNC.MSS | |||||||||||||||
| Categories |
|
|||||||||||||||
| Availability | Available for Java and Kotlin. |
|||||||||||||||
| Enabling | Checks for this warning class are
disabled by default. To enable them, add the following WARNING_FILTER
rule to the project configuration file.
WARNING_FILTER += allow class="Missing synchronized Statement (Java)" |
Japanese (ja)
import java.util.HashSet;
import java.util.Set;
public class UserRegistry {
private final Set<String> users = new HashSet<String>();
public void register(String user) {
synchronized (users) {
users.add(user);
}
}
public void unregister(String user) {
synchronized (users) {
users.remove(user);
}
}
public boolean isRegistered(String user) {
return users.contains(user); // "Missing synchronized Statement (Java)" warning issued here
}
public int countUsers() {
synchronized (users) {
return users.size();
}
}
}
In this case, the programmer should add a synchronization on the access to field users inside method isRegistered() as well. We recall that hashsets are not synchronized in Java and concurrent access to the same hashset might result in inconsistent behaviors or even deadlock. Another solution, here, would be to use a synchronized or concurrent set, by exploiting the classes already available in the standard Java library. In that case, no synchronized statement would be needed anymore.
Verify if the missing synchronization should actually be there. Annotate fields and methods with the lock that must be held when they are accessed or called, by using the @GuardedBy and @Holding annotations. If this checker does not accept those annotations, it is likely the case that your program has a synchronization problem.
The following configuration file parameters affect checks for this warning class.
To report problems with this documentation, please visit https://support.codesecure.com/.