rspec/rules/S1860/java/rule.adoc

== Why is this an issue?

Instances of value-based classes, which are pooled and potentially reused, should not be used for synchronization. If they are, it can cause unrelated threads to deadlock with unhelpful stacktraces.

Within the JDK, types which should not be used for synchronization include:

* `String` literals
* Primitive wrapper classes in `java.lang` (such as `Boolean` with `Boolean.FALSE` and `Boolean.TRUE`)
* The class `java.lang.Runtime.Version`
* The `Optional*` classes in `java.util`: `Optional`, `OptionalInt`, `OptionalLong`, and `OptionalDouble`
* Various classes in the `java.time` API: `Instant`, `LocalDate`, `LocalTime`, `LocalDateTime`, `ZonedDateTime`, `ZoneId`, `OffsetTime`, `OffsetDateTime`, `ZoneOffset`, `Duration`, `Period`, `Year`, `YearMonth`, and `MonthDay`
* Various classes in the `java.time.chrono` API: `MinguoDate`, `HijrahDate`, `JapaneseDate`, and `ThaiBuddhistDate`
* The interface `java.lang.ProcessHandle` and its implementation classes
* The implementation classes of the collection factories in `java.util`: `List.of`, `List.copyOf`, `Set.of`, `Set.copyOf`, `Map.of`, `Map.copyOf`, `Map.ofEntries`, and `Map.entry`.

== How to fix it

Replace instances of value-based classes with a new object instance to synchronize on.

== Code examples

=== Noncompliant code example

[source,java,diff-id=1,diff-type=noncompliant]
----
private static final Boolean bLock = Boolean.FALSE;
private static final Integer iLock = Integer.valueOf(0);
private static final String sLock = "LOCK";
private static final List<String> listLock = List.of("a", "b", "c", "d");

public void doSomething() {

  synchronized(bLock) {  // Noncompliant
      ...
  }
  synchronized(iLock) {  // Noncompliant
      ...
  }
  synchronized(sLock) {  // Noncompliant
      ...
  }
  synchronized(listLock) {  // Noncompliant
      ...
  }
----


=== Compliant solution

[source,java,diff-id=1,diff-type=compliant]
----
private static final Object lock1 = new Object();
private static final Object lock2 = new Object();
private static final Object lock3 = new Object();
private static final Object lock4 = new Object();

public void doSomething() {

  synchronized(lock1) { // Compliant
      ...
  }
  synchronized(lock2) { // Compliant
      ...
  }
  synchronized(lock3) { // Compliant
      ...
  }
  synchronized(lock4) { // Compliant
      ...
  }
----


== Resources

* https://wiki.sei.cmu.edu/confluence/x/1zdGBQ[Do not synchronize on objects that may be reused - CERT, LCK01-J.]
* https://openjdk.java.net/jeps/390[JEP 390: Warnings for Value-Based Classes - OpenJDK]
* https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/lang/doc-files/ValueBased.html[Value-based Classes - Java SE 17 API Documentation]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Synchronize on a new "Object" instead.


'''
== Comments And Links
(visible only on this page)

=== relates to: S2445

endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`Instances of value-based classes, which are pooled and potentially reused, should not be used for synchronization. If they are, it can cause unrelated threads to deadlock with unhelpful stacktraces.`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`Within the JDK, types which should not be used for synchronization include:`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			* `String` literals
			* Primitive wrapper classes in `java.lang` (such as `Boolean` with `Boolean.FALSE` and `Boolean.TRUE`)
			* The class `java.lang.Runtime.Version`
			* The `Optional*` classes in `java.util`: `Optional`, `OptionalInt`, `OptionalLong`, and `OptionalDouble`
			* Various classes in the `java.time` API: `Instant`, `LocalDate`, `LocalTime`, `LocalDateTime`, `ZonedDateTime`, `ZoneId`, `OffsetTime`, `OffsetDateTime`, `ZoneOffset`, `Duration`, `Period`, `Year`, `YearMonth`, and `MonthDay`
			* Various classes in the `java.time.chrono` API: `MinguoDate`, `HijrahDate`, `JapaneseDate`, and `ThaiBuddhistDate`
			* The interface `java.lang.ProcessHandle` and its implementation classes
			* The implementation classes of the collection factories in `java.util`: `List.of`, `List.copyOf`, `Set.of`, `Set.copyOf`, `Map.of`, `Map.copyOf`, `Map.ofEntries`, and `Map.entry`.
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`== How to fix it`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`Replace instances of value-based classes with a new object instance to synchronize on.`

			`== Code examples`
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`[source,java,diff-id=1,diff-type=noncompliant]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`private static final Boolean bLock = Boolean.FALSE;`
			`private static final Integer iLock = Integer.valueOf(0);`
			`private static final String sLock = "LOCK";`
			`private static final List<String> listLock = List.of("a", "b", "c", "d");`

			`public void doSomething() {`

			`synchronized(bLock) { // Noncompliant`
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`...`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`}`
			`synchronized(iLock) { // Noncompliant`
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`...`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`}`
			`synchronized(sLock) { // Noncompliant`
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`...`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`}`
			`synchronized(listLock) { // Noncompliant`
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`...`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`[source,java,diff-id=1,diff-type=compliant]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`private static final Object lock1 = new Object();`
			`private static final Object lock2 = new Object();`
			`private static final Object lock3 = new Object();`
			`private static final Object lock4 = new Object();`

			`public void doSomething() {`

SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`synchronized(lock1) { // Compliant`
			`...`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`}`
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`synchronized(lock2) { // Compliant`
			`...`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`}`
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`synchronized(lock3) { // Compliant`
			`...`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`}`
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`synchronized(lock4) { // Compliant`
			`...`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
SONARJAVA-4485 Modify rule S1860: Update rule in line with LayC (#2061) 2023-06-07 17:17:58 +02:00			`* https://wiki.sei.cmu.edu/confluence/x/1zdGBQ[Do not synchronize on objects that may be reused - CERT, LCK01-J.]`
			`* https://openjdk.java.net/jeps/390[JEP 390: Warnings for Value-Based Classes - OpenJDK]`
			`* https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/lang/doc-files/ValueBased.html[Value-based Classes - Java SE 17 API Documentation]`
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`Synchronize on a new "Object" instead.`

RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== relates to: S2445`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`