Kingdom: Code Quality

Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.

Code Correctness: Non-Synchronized Method Overrides Synchronized Method

Java/JSP

Abstract

Synchronized methods should not be overridden with non-syncrhonized methods.

Explanation

A parent class declared the method synchronized, guaranteeing correct behavior when multiple threads access the same instance. All overriding methods should also be declared synchronized, otherwise unexpected behavior may occur.

Example 1: In the following code, the class Foo overrides the class Bar but does not declare the method synchronizedMethod to be synchronized:


public class Bar {
public synchronized void synchronizedMethod() {
    for (int i=0; i<10; i++) System.out.print(i);
    System.out.println();
}
}

public class Foo extends Bar {
public void synchronizedMethod() {
    for (int i=0; i<10; i++) System.out.print(i);
    System.out.println();
}
}

In this case, an instance of Foo could be cast to type Bar. If the same instance is given to two separate threads and synchronizedMethod is executed repeatedly, the behavior will be unpredictable.

References

[1] Sun Microsystems, Inc. Bug ID: 4294756 Javac should warn if synchronized method is overridden with a non synchronized

[2] TSM00-J. Do not override thread-safe methods with methods that are not thread-safe CERT

desc.structural.java.code_correctness_non_synchronized_method_overrides