java 如何修复 Fortify Race Condition:Singleton Member Field 问题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/38757923/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to fix Fortify Race Condition: Singleton Member Field issue
提问by Hamilton Lin
I encounter a problem. we use Spring MVC framework in my Project,but Spring MVC default Controller is Singleton Model. I change Controller use @Scope("session") by session to avoid race Condition problem(everyone has own Controller).
我遇到了一个问题。我们在我的项目中使用 Spring MVC 框架,但 Spring MVC 默认控制器是单例模型。我通过会话更改控制器使用 @Scope("session") 以避免竞争条件问题(每个人都有自己的控制器)。
@Controller
@Scope("session")
public class AP0Controller extends BaseController {
@Autowired
GnRecService gnRecService;
Integer seq = null;//Global variable
@RequestMapping(value = "/agn/AP1W01A_004", method=RequestMethod.GET)
public ModelAndView welcomeGrid(@RequestParam("payType")String payType){
seq = gnRecService.findTheLastPK(payType);
ModelAndView view = new ModelAndView(".agn.AP1W01A_004");
return view;
}
public ModelAndView showPk() {
seq +=2;
ModelAndView view = new ModelAndView(".agn.AP1W01A_004");
view.addObject("seq",seq)
return view;
}
}
After Scanned By HP Fortify,the report indicated this will cause Race Condition. How can I fix it and pass the issue?
HP Fortify 扫描后,报告指出这将导致竞争条件。我该如何解决并通过问题?
seq +=2;//Race Condition: Singleton Member Field
采纳答案by Vladimiro Corsi
Try do redesign your controller to not put state in it. Alternatively you can think about using AtomicInteger
尝试重新设计您的控制器,不要将状态放入其中。或者你可以考虑使用 AtomicInteger
AtomicInteger seq = new AtomicInteger();//Global variable
@RequestMapping(value = "/agn/AP1W01A_004", method=RequestMethod.GET)
public ModelAndView welcomeGrid(@RequestParam("payType")String payType){
seq.set(gnRecService.findTheLastPK(payType));
ModelAndView view = new ModelAndView(".agn.AP1W01A_004");
return view;
}
public ModelAndView showPk() {
final int localSeq = seq.addAndGet(2);
ModelAndView view = new ModelAndView(".agn.AP1W01A_004");
view.addObject("seq",localSeq)
return view;
}
回答by Manas
Race condition occurs when we declare an instance variable in a class and use the same in any of the method inside the same class.
当我们在类中声明一个实例变量并在同一个类中的任何方法中使用相同的实例变量时,就会发生竞争条件。
public class Test {
private boolean isRaceCondition;
private String myRaceCondition;
public void testMyMethod(){
If(isRaceCondition){
myRaceCondition= "Yes It is";
}
else{
myRaceCondition= "No It is not";
}
}}
The above code will run correctly in single threaded environment but in multithreaded environment, it is possible that more than one thread is working on the same piece of code and can cause data integrity issue.
上述代码在单线程环境中可以正确运行,但在多线程环境中,可能有多个线程正在处理同一段代码,并可能导致数据完整性问题。
For example Thread T1 set the value of isRaceCondition= true but before T1 can execute the method testMyMethod(), another thread T2 reset the value of isRaceCondition= false so now when T1 try to execute the testMyMethod() it will see isRaceCondition to false and it will set myRaceCondition= “No It is not”;
例如线程 T1 将 isRaceCondition 的值设置为 true 但在 T1 可以执行方法 testMyMethod() 之前,另一个线程 T2 重置了 isRaceCondition= false 的值,所以现在当 T1 尝试执行 testMyMethod() 时,它会看到 isRaceCondition 为 false 并且它将设置 myRaceCondition="No It is not";
To resolve this issue, the simplest solution is In case we can set initial value to variable and essentially they are constant.
为了解决这个问题,最简单的解决方案是万一我们可以将初始值设置为变量,并且本质上它们是常量。
private static final boolean isRaceCondition=True;
private static final String myRaceCondition="Yes It is" ;
Otherwise in case we CANNOT set initial value, we use volatile. This will ensure that value of variable is always fetched from memory before they are used
否则,如果我们无法设置初始值,我们将使用volatile。这将确保变量的值在使用之前总是从内存中获取
private static volatile boolean isRaceCondition;
private static volatile String myRaceCondition;
