Bug 991388 - RTGov uses Strings as lock objects
RTGov uses Strings as lock objects
Status: CLOSED CURRENTRELEASE
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: RT Governance (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity low
: ER1
: 6.0.0
Assigned To: Gary Brown
Jiri Sedlacek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-02 06:18 EDT by Jiri Pechanec
Modified: 2015-08-02 19:44 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-06 10:25:16 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker RTGOV-242 Major Closed Change string sync objects to Object 2014-07-02 05:18:50 EDT

  None (edit)
Description Jiri Pechanec 2013-08-02 06:18:38 EDT
There are multiple places in RTGov that uses constant string as a lock object
rtgov/modules/activity-analysis/reports/src/main/java/org/overlord/rtgov/reports/ReportManagerAccessor.java:    private static final String SYNC=new String("sync");
rtgov/modules/activity-management/activity/src/main/java/org/overlord/rtgov/activity/validator/ActivityValidatorManagerAccessor.java:    private static final String SYNC=new String("sync");
rtgov/modules/activity-management/activity/src/main/java/org/overlord/rtgov/activity/processor/InformationProcessorManagerAccessor.java:    private static final String SYNC=new String("sync");
rtgov/modules/activity-management/activity/src/main/java/org/overlord/rtgov/activity/collector/ActivityCollectorAccessor.java:    private static final String SYNC=new String("sync");
rtgov/modules/event-processor-network/epn-core/src/main/java/org/overlord/rtgov/epn/EPNManagerAccessor.java:    private static final String SYNC=new String("sync");
rtgov/modules/active-queries/active-collection/src/main/java/org/overlord/rtgov/active/collection/ActiveCollectionManagerAccessor.java:    private static final String SYNC=new String("sync");

This is an antipattern and can lead to unpredictable behaviour as the String constant acts as a global JVM lock

https://www.securecoding.cert.org/confluence/display/java/LCK01-J.+Do+not+synchronize+on+objects+that+may+be+reused
Comment 1 Gary Brown 2013-08-02 06:29:13 EDT
These are not string constants, they are string instances. If you look on the referenced page under "Compliant Solution (String Instance)" you will find they are ok.
Comment 2 Jiri Pechanec 2013-08-02 06:36:26 EDT
Right, under these conditions I am lowering the severity to low - refer to the sentence
-- Nevertheless, a better approach is to synchronize on a private final lock object, as shown in the following compliant solution. --
Comment 3 Jiri Pechanec 2013-09-16 05:29:19 EDT
Verified in ER2
Comment 7 JBoss JIRA Server 2014-07-02 05:18:50 EDT
Gary Brown <gary@brownuk.com> updated the status of jira RTGOV-242 to Closed

Note You need to log in before you can comment on or make changes to this bug.