CWE - CWE-609: Double-Checked Locking (2.4)

Home > CWE List > CWE- Individual Dictionary Definition (2.4)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives
Contact Us

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Search the Site

CWE-609: Double-Checked Locking

Double-Checked Locking

Weakness ID: 609 (Weakness Base)

Status: Draft

Description

Description Summary

The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.

Extended Description

Double-checked locking refers to the situation where a programmer checks to see if a resource has been initialized, grabs a lock, checks again to see if the resource has been initialized, and then performs the initialization if it has not occurred yet. This should not be done, as is not guaranteed to work in all languages and on all architectures. In summary, other threads may not be operating inside the synchronous block and are not guaranteed to see the operations execute in the same order as they would appear inside the synchronous block.

Time of Introduction

Implementation

Applicable Platforms

Languages

Java

Common Consequences

Scope	Effect
Integrity Other	Technical Impact: Modify application data; Alter execution logic

Demonstrative Examples

Example 1

It may seem that the following bit of code achieves thread safety while avoiding unnecessary synchronization...

(Bad Code)

Example Language: Java

if (helper == null) {

synchronized (this) {

if (helper == null) {

helper = new Helper();

}

return helper;

The programmer wants to guarantee that only one Helper() object is ever allocated, but does not want to pay the cost of synchronization every time this code is called.

Suppose that helper is not initialized. Then, thread A sees that helper==null and enters the synchronized block and begins to execute:

(Bad Code)

helper = new Helper();

If a second thread, thread B, takes over in the middle of this call and helper has not finished running the constructor, then thread B may make calls on helper while its fields hold incorrect values.

Potential Mitigations

Phase: Implementation

While double-checked locking can be achieved in some languages, it is inherently flawed in Java before 1.5, and cannot be achieved without compromising platform independence. Before Java 1.5, only use of the synchronized keyword is known to work. Beginning in Java 1.5, use of the "volatile" keyword allows double-checked locking to work successfully, although there is some debate as to whether it achieves sufficient performance gains. See references.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	361	Time and State	Development Concepts (primary)699
ChildOf	Weakness Base	667	Improper Locking	Research Concepts (primary)1000
ChildOf	Category	853	CERT Java Secure Coding Section 08 - Locking (LCK)	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ChildOf	Category	894	SFP Cluster: Synchronization	Software Fault Pattern (SFP) Clusters (primary)888
CanPrecede	Weakness Base	367	Time-of-check Time-of-use (TOCTOU) Race Condition	Research Concepts1000

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
CERT Java Secure Coding	LCK10-J		Do not use incorrect forms of the double-checked locking idiom

References

David Bacon et al. "The "Double-Checked Locking is Broken" Declaration". <http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html>.

Jeremy Manson and Brian Goetz. "JSR 133 (Java Memory Model) FAQ". <http://www.cs.umd.edu/~pugh/java/memoryModel/jsr-133-faq.html#dcl>.

[REF-7] Mark Dowd, John McDonald and Justin Schuh. "The Art of Software Security Assessment". Chapter 13, "Threading Vulnerabilities", Page 815.. 1st Edition. Addison Wesley. 2006.

Content History

Submissions
Submission Date	Submitter	Organization	Source
	Anonymous Tool Vendor (under NDA)		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Context_Notes
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Description, Relationships, Taxonomy_Mappings
2008-11-24	CWE Content Team	MITRE	Internal
2008-11-24	updated Demonstrative_Examples
2009-01-12	CWE Content Team	MITRE	Internal
2009-01-12	updated Relationships
2009-05-27	CWE Content Team	MITRE	Internal
2009-05-27	updated Relationships
2009-10-29	CWE Content Team	MITRE	Internal
2009-10-29	updated Taxonomy_Mappings
2010-12-13	CWE Content Team	MITRE	Internal
2010-12-13	updated Relationships
2011-06-01	CWE Content Team	MITRE	Internal
2011-06-01	updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11	CWE Content Team	MITRE	Internal
2012-05-11	updated Demonstrative_Examples, References, Relationships
2012-10-30	CWE Content Team	MITRE	Internal
2012-10-30	updated Potential_Mitigations
Previous Entry Names
Change Date	Previous Entry Name
2008-04-11	Double Checked Locking

Page Last Updated: February 20, 2013


	CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us