AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Double Checked Locking

Threat safety might not be achieved with double checked locking pattern

Severity

Medium

Fix Cost

Low

Trust Level

High

Double checked locking is a software design pattern that tries to increase the performance of a locking that is used to achieve synchronization in a threaded environment.

            
private static object lockObj = new Object();

public static Singleton Resource {
get  {
if (resource == null) 
{
lock (lockObj)  {
if (resource == null)
{ 
resource = new Singleton();
}
}
}
return resource;
}
}
                 
            

The above code uses a nested if statement in order to prevent unnecessary lockings to run which eventually decreases the performance. When the first if statement fails, that means another thread already got the lock and there’s no need to execute the lock method.

However, due to compiler optimizations this pattern may allow resource singleton to be initialized more than once, which is incorrect since Singletons should be initialized only once.

Mostly in older compilers and runtime environments, when a constructor call is in progress the memory may already be initialized and in the above code while first thread is initializing the resource object, the other thread may also pass the first if statement since resource reference points to an uninitialized memory, which makes it non-null.

Double checked locking is a software design pattern that tries to increase the performance of a locking that is used to achieve synchronization in a threaded environment.

            
public Resource getResource() {
if (resource == null)
{
synchronized {
if (resource == null)
{         
resource = new Resource();   	 
}
}
}
return resource;
}
                 
            

Double checked locking is a software design pattern that tries to increase the performance of a locking that is used to achieve synchronization in a threaded environment.

            
public Resource getResource() {
if (resource == null)
{
synchronized {
if (resource == null)
{         
resource = new Resource();   	 
}
}
}
return resource;
}
                 
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!