CWE-585 空的同步代码块

Empty Synchronized Block

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: unkown

基本描述

The software contains an empty synchronized block.

扩展描述

An empty synchronized block does not actually accomplish any synchronization and may indicate a troubled section of code. An empty synchronized block can occur because code no longer needed within the synchronized block is commented out without removing the synchronized block.

相关缺陷

• cwe_Nature: ChildOf cwe_CWE_ID: 1071 cwe_View_ID: 1000 cwe_Ordinal: Primary

• cwe_Nature: ChildOf cwe_CWE_ID: 1071 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Name': 'Java', 'cwe_Prevalence': 'Undetermined'}

常见的影响

可能的缓解方案

Implementation

策略:

When you come across an empty synchronized statement, or a synchronized statement in which the code has been commented out, try to determine what the original intentions were and whether or not the synchronized block is still necessary.

示例代码

例

The following code attempts to synchronize on an object, but does not execute anything in the synchronized block. This does not actually accomplish anything and may be a sign that a programmer is wrestling with synchronization but has not yet achieved the result they intend.

bad Java

Instead, in a correct usage, the synchronized statement should contain procedures that access or modify data that is exposed to multiple threads. For example, consider a scenario in which several threads are accessing student records at the same time. The method which sets the student ID to a new value will need to make sure that nobody else is accessing this data at the same time and will require synchronization.

good

分类映射

引用

• REF-478 Intrinsic Locks and Synchronization (in Java)

文章来源于互联网:scap中文网