CRITICAL
Rule Definition
Blocking calls can result in system failure if the called process fails. If the timeout is infinite that may cause the application to hang forever. Operations on the standard input/output streams depend directly on other processes outside of the Java VM. If they decide to block forever, so will reads/writes to these streams in the application.
Remediation
For Socket You should use call connect(SocketAddress endpoint, int timeout) instead of calling java.net.Socket.connect(SocketAddress endpoint) or connect(SocketAddress endpoint, int 0) True for child classes too For Future : As remediation, you should use java.util.concurrent.Future.get(long timeout, TimeUnit unit) for all classes that implement the interface such as java.util.concurrent.FutureTask, java.util.concurrent.ForkJoinTask ... and all classes that implement a sub-interface of Future. For JMS: You should call javax.jms.MessageConsumer.receive(long timeout) instead of calling methods that implement javax.jms.MessageConsumer.receive() or javax.jms.MessageConsumer.receive(0)
Violation Code Sample
FOR SOCKET: void TKO() throws IOException, InterruptedException { SocketAddress me = new InetSocketAddress("127.0.0.1", SERVER_PORT); Socket s = new Socket(); s.connect(me,0); OutputStream os = s.getOutputStream(); os.write("CONNECT \n\n".getBytes()); os.flush(); os.close(); Thread.sleep(50); } ----------------------------------------------------------------------------- FOR FUTURE: FutureTask futureTask_1 = new FutureTask(new CallableCalculater(0, MAX_NUMBER / 2, DIVISOR)); taskList.add(futureTask_1); executor.execute(futureTask_1); FutureTask futureTask_2 = new FutureTask(new CallableCalculater(MAX_NUMBER / 2 + 1, MAX_NUMBER, 3)); taskList.add(futureTask_2); executor.execute(futureTask_2); ------------------------------------------------------------------------------ FOR JMS: public void receiveAndRespondWithMessageIdAsCorrelationId(ConnectionFactory connectionFactory, String queueName) throws JMSException { Connection connection = connectionFactory.createConnection(); Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); MessageConsumer consumer = session.createConsumer(session.createQueue(queueName)); final javax.jms.Message inMessage = consumer.receive();
Fixed Code Sample
public static boolean pingHost(String host, int port, int timeout) { try (Socket socket = new Socket()) { socket.connect(new InetSocketAddress(host, port), timeout); return true; } catch (IOException e) { return false; // Either timeout or unreachable or failed DNS lookup. } } -------------------------------------------------------------------------- import java.util.concurrent.*; import java.util.*; class SimpleThreadPool{ public static void main(String args[])throws Exception{ List<Future<String>> l1 = new ArrayList<Future<String>> (); ExecutorService exec = new ThreadPoolExecutor(3, 3, 0L, TimeUnit.MILLISECONDS, new LinkedBlockingQueue<Runnable>()); CallableTask tasks[] =new CallableTask[5]; for(int i=0; i<5; i++){ tasks[i] = new CallableTask("task" + i); Future<String> future = exec.submit(tasks[i]); l1.add(future); try{ System.out.println(future.get(100,TimeUnit.MILLISECONDS)); } catch(TimeoutException e){ System.out.println(e); } } -------------------------------------------------------------------------------------------------------- public void testChangeMutableObjectInObjectMessageThenRollback() throws Exception { ArrayList<String> list = new ArrayList<String>(); list.add("First"); Message outbound = session.createObjectMessage(list); outbound.setStringProperty("foo", "abc"); beginTx(); producer.send(outbound); commitTx(); LOG.info("About to consume message 1"); beginTx(); Message message = consumer.receive(5000);
Reference
ASCRM 1.0, Automated Source Code Reliability Measure, Object Management Group.
https://www.owasp.org/index.php/Hibernate
http://satishgopal.wordpress.com/2011/04/24/ejb-3-1-asynchronous-methods/
http://docs.oracle.com/javaee/1.3/jms/tutorial/1_3_1-fcs/doc/client.html
http://stackoverflow.com/questions/1164301/how-do-i-call-some-blocking-method-with-a-timeout-in-java
Related Technologies
JEE
Technical Criterion
Efficiency - Memory, Network and Disk Space Management
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.