JAVA.CONCURRENCY.UG.PARAM : Unguarded Parameter (Java)

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

A parameter of a method or constructor is accessed without the expected lock being held.

Java uses synchronized statements and methods to guarantee that data is accessed in a sequential way and avoid race conditions in multithreaded applications. Incorrect uses of synchronization result in unexpected behaviors and subtle bugs, very hard to identify and reproduce.

Checks for this warning class make use of annotations @com.juliasoft.julia.checkers.guardedBy.GuardedBy and @com.juliasoft.julia.checkers.guardedBy.Holding. Add these annotations to your code to identify synchronization requirements for CodeSonar to check.

The @GuardedBy annotation for fields and parameters and the @Holding annotation for methods and constructors accept a string argument, according to the following syntax.

@GuardedBy/@Holding("this"): the lock on the receiver of a non-static field or method must be held

@GuardedBy("itself"): the lock on the same parameter or field must be held

@GuardedBy/@Holding("field-name"): the lock on the named field of the receiver of a non-static field or method must be held

@GuardedBy/@Holding("Class.field-name"): the lock on the named static field of the named class must be held

@GuardedBy/@Holding("Class.class"): the lock of the unique class object representing the class named Class must be held

@GuardedBy/@Holding("foo()"): the lock on the return value of the named instance method called on the receiver of a non-static field or method must be held. Method foo must return a reference type

@GuardedBy/@Holding("Class.foo()"): the lock on the return value of the named static method of the named class must be held. Method foo must return a reference type.

Class Name

Unguarded Parameter (Java)

Significance

reliability

Mnemonic

JAVA.CONCURRENCY.UG.PARAM

Categories

CWE	CWE:366	Race Condition within a Thread
	CWE:567	Unsynchronized Access to Shared Data in a Multithreaded Context
CERT-Java	CERT-Java:VNA00-J	Ensure visibility when accessing shared primitive variables

Availability

Available for Java only.

Enabling

Checks for this warning class are disabled by default. To enable them, add the following WARNING_FILTER rule to the project configuration file.

WARNING_FILTER += allow class="Unguarded Parameter (Java)"

Verify if the missing synchronization should actually be there. Annotate fields and methods with the lock that must be held when they are accessed or called, by using the @GuardedBy and @Holding annotations. If this checker does not accept those annotations, it is likely the case that your program has a synchronization problem.

The following configuration file parameters affect checks for this warning class.

JAVA.CONCURRENCY.UG.PARAM : Unguarded Parameter (Java)

Summary

Properties

Resolution

Relevant Configuration File Parameters