rspec/rules/S1860/java/rule.adoc

== Why is this an issue?

Objects which are pooled and potentially reused should not be used for synchronization. If they are, it can cause unrelated threads to deadlock with unhelpful stacktraces. Specifically, ``++String++`` literals, and boxed primitives such as Integers should not be used as lock objects because they are pooled and reused. The story is even worse for ``++Boolean++`` objects, because there could possibly be only two instances of ``++Boolean++``, ``++Boolean.TRUE++`` and ``++Boolean.FALSE++`` and every class that uses a Boolean will be referring to one of the two.


Here is the list of types which shouldn't be used for synchronization:

* The primitive wrapper classes in java.lang;
* The class java.lang.Runtime.Version;
* The "optional" classes in java.util: Optional, OptionalInt, OptionalLong, and OptionalDouble;
* Many classes in the java.time API: Instant, LocalDate, LocalTime, LocalDateTime, ZonedDateTime, ZoneId, OffsetTime, OffsetDateTime, ZoneOffset, Duration, Period, Year, YearMonth, and MonthDay, and, in java.time.chrono: MinguoDate, HijrahDate, JapaneseDate, and ThaiBuddhistDate;
* The interface java.lang.ProcessHandle and its implementation classes;
* The implementation classes of the collection factories in java.util: List.of, List.copyOf, Set.of, Set.copyOf, Map.of, Map.copyOf, Map.ofEntries, and Map.entry.


=== Noncompliant code example

[source,java]
----
private static final Boolean bLock = Boolean.FALSE;
private static final Integer iLock = Integer.valueOf(0);
private static final String sLock = "LOCK";
private static final List<String> listLock = List.of("a", "b", "c", "d");

public void doSomething() {

  synchronized(bLock) {  // Noncompliant
    // ...
  }
  synchronized(iLock) {  // Noncompliant
    // ...
  }
  synchronized(sLock) {  // Noncompliant
    // ...
  }
  synchronized(listLock) {  // Noncompliant
    // ...
  }
----


=== Compliant solution

[source,java]
----
private static final Object lock1 = new Object();
private static final Object lock2 = new Object();
private static final Object lock3 = new Object();
private static final Object lock4 = new Object();

public void doSomething() {

  synchronized(lock1) {
    // ...
  }
  synchronized(lock2) {
    // ...
  }
  synchronized(lock3) {
    // ...
  }
  synchronized(lock4) {
    // ...
  }
----


== Resources

* https://wiki.sei.cmu.edu/confluence/x/1zdGBQ[CERT, LCK01-J.] - Do not synchronize on objects that may be reused
* https://openjdk.java.net/jeps/390[JEP-390.] - JEP 390: Warnings for Value-Based Classes


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			Objects which are pooled and potentially reused should not be used for synchronization. If they are, it can cause unrelated threads to deadlock with unhelpful stacktraces. Specifically, ``++String++`` literals, and boxed primitives such as Integers should not be used as lock objects because they are pooled and reused. The story is even worse for ``++Boolean++`` objects, because there could possibly be only two instances of ``++Boolean++``, ``++Boolean.TRUE++`` and ``++Boolean.FALSE++`` and every class that uses a Boolean will be referring to one of the two.


			`Here is the list of types which shouldn't be used for synchronization:`

			`* The primitive wrapper classes in java.lang;`
			`* The class java.lang.Runtime.Version;`
			`* The "optional" classes in java.util: Optional, OptionalInt, OptionalLong, and OptionalDouble;`
			`* Many classes in the java.time API: Instant, LocalDate, LocalTime, LocalDateTime, ZonedDateTime, ZoneId, OffsetTime, OffsetDateTime, ZoneOffset, Duration, Period, Year, YearMonth, and MonthDay, and, in java.time.chrono: MinguoDate, HijrahDate, JapaneseDate, and ThaiBuddhistDate;`
			`* The interface java.lang.ProcessHandle and its implementation classes;`
			`* The implementation classes of the collection factories in java.util: List.of, List.copyOf, Set.of, Set.copyOf, Map.of, Map.copyOf, Map.ofEntries, and Map.entry.`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`private static final Boolean bLock = Boolean.FALSE;`
			`private static final Integer iLock = Integer.valueOf(0);`
			`private static final String sLock = "LOCK";`
			`private static final List<String> listLock = List.of("a", "b", "c", "d");`

			`public void doSomething() {`

			`synchronized(bLock) { // Noncompliant`
			`// ...`
			`}`
			`synchronized(iLock) { // Noncompliant`
			`// ...`
			`}`
			`synchronized(sLock) { // Noncompliant`
			`// ...`
			`}`
			`synchronized(listLock) { // Noncompliant`
			`// ...`
			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`private static final Object lock1 = new Object();`
			`private static final Object lock2 = new Object();`
			`private static final Object lock3 = new Object();`
			`private static final Object lock4 = new Object();`

			`public void doSomething() {`

			`synchronized(lock1) {`
			`// ...`
			`}`
			`synchronized(lock2) {`
			`// ...`
			`}`
			`synchronized(lock3) {`
			`// ...`
			`}`
			`synchronized(lock4) {`
			`// ...`
			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
			`* https://wiki.sei.cmu.edu/confluence/x/1zdGBQ[CERT, LCK01-J.] - Do not synchronize on objects that may be reused`
			`* https://openjdk.java.net/jeps/390[JEP-390.] - JEP 390: Warnings for Value-Based Classes`
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::message.adoc[]`

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::comments-and-links.adoc[]`
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`