Java: Fix FP in DoubleCheckedLocking.ql

2026-04-28 02:05:14 +02:00 · 2019-01-17 16:34:24 +01:00
parent 04c15028ab
commit 944c082a8d
6 changed files with 90 additions and 1 deletions
--- a/java/ql/test/query-tests/DoubleCheckedLocking/A.java
+++ b/java/ql/test/query-tests/DoubleCheckedLocking/A.java
@@ -72,4 +72,40 @@ public class A {
    }
    return b4;
  }
+
+  static class FinalHelper<T> {
+    public final T x;
+    public FinalHelper(T x) {
+      this.x = x;
+    }
+  }
+
+  private FinalHelper<B> b5;
+  public B getter5() {
+    if (b5 == null) {
+      synchronized(this) {
+        if (b5 == null) {
+          B b = new B();
+          b5 = new FinalHelper<B>(b); // BAD, racy read on b5 outside synchronized-block
+        }
+      }
+    }
+    return b5.x; // Potential NPE here, as the two b5 reads may be reordered
+  }
+
+  private FinalHelper<B> b6;
+  public B getter6() {
+    FinalHelper<B> a = b6;
+    if (a == null) {
+      synchronized(this) {
+        a = b6;
+        if (a == null) {
+          B b = new B();
+          a = new FinalHelper<B>(b);
+          b6 = a; // OK, published through final field with a single non-synced read
+        }
+      }
+    }
+    return a.x;
+  }
 }
--- a/java/ql/test/query-tests/DoubleCheckedLocking/DoubleCheckedLocking.expected
+++ b/java/ql/test/query-tests/DoubleCheckedLocking/DoubleCheckedLocking.expected
@@ -1 +1,2 @@
 | A.java:25:7:30:7 | stmt | Double-checked locking on the non-volatile field $@ is not thread-safe. | A.java:21:13:21:14 | b1 | b1 |
+| A.java:86:7:91:7 | stmt | Double-checked locking on the non-volatile field $@ is not thread-safe. | A.java:83:26:83:27 | b5 | b5 |