ThreadSafe

Last updated
ThreadSafe
Developer(s) Contemplate
Stable release
1.3 / March 28, 2014;10 years ago (2014-03-28)
Operating system Cross-platform: Linux, OS X, Windows
Type Static code analysis
License Proprietary software
Website www.contemplateltd.com/threadsafe

ThreadSafe is a source code analysis tool that identifies application risks and security vulnerabilities associated with concurrency in Java code bases, using whole-program interprocedural analysis. [1] [2] [3] [4] ThreadSafe is used to identify and avoid software failures in concurrent applications running in complex environments. [1] [2] [5] [6]

Contents

Features

ThreadSafe detects Java concurrency defects: [2] [3] [4]

ThreadSafe is integrated with the Eclipse software development environment and with the SonarQube software quality management platform. Contextual information is provided within the development environment to assist the developer with the investigation and resolution of concurrency issues, directly in the code. [2] [3] [4] A command-line version is available for users of IDEs other than Eclipse and for build process integration.

Checking adherence to standards

ThreadSafe detects violations of the concurrency-related rules in the CERT Oracle Secure Coding Standard for Java. [8]

See also

Related Research Articles

<span class="mw-page-title-main">Garbage collection (computer science)</span> Form of automatic memory management

In computer science, garbage collection (GC) is a form of automatic memory management. The garbage collector attempts to reclaim memory that was allocated by the program, but is no longer referenced; such memory is called garbage. Garbage collection was invented by American computer scientist John McCarthy around 1959 to simplify manual memory management in Lisp.

In multi-threaded computer programming, a function is thread-safe when it can be invoked or accessed concurrently by multiple threads without causing unexpected behavior, race conditions, or data corruption. As in the multi-threaded context where a program executes several threads simultaneously in a shared address space and each of those threads has access to all every other thread's memory, thread-safe functions need to ensures all those threads behave properly and fulfill their design specifications without unintended interaction.

In software engineering, double-checked locking is a software design pattern used to reduce the overhead of acquiring a lock by testing the locking criterion before acquiring the lock. Locking occurs only if the locking criterion check indicates that locking is required.

In computer science, a lock or mutex is a synchronization primitive that prevents state from being modified or accessed by multiple threads of execution at once. Locks enforce mutual exclusion concurrency control policies, and with a variety of possible methods there exist multiple unique implementations for different applications.

<span class="mw-page-title-main">Race condition</span> When a systems behavior depends on timing of uncontrollable events

A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events, leading to unexpected or inconsistent results. It becomes a bug when one or more of the possible behaviors is undesirable.

In computer science and engineering, transactional memory attempts to simplify concurrent programming by allowing a group of load and store instructions to execute in an atomic way. It is a concurrency control mechanism analogous to database transactions for controlling access to shared memory in concurrent computing. Transactional memory systems provide high-level abstraction as an alternative to low-level thread synchronization. This abstraction allows for coordination between concurrent reads and writes of shared data in parallel systems.

<span class="mw-page-title-main">Java collections framework</span> Collections in Java

The Java collections framework is a set of classes and interfaces that implement commonly reusable collection data structures.

In computer science, synchronization is the task of coordinating multiple processes to join up or handshake at a certain point, in order to reach an agreement or commit to a certain sequence of action.

The Java programming language and the Java virtual machine (JVM) is designed to support concurrent programming. All execution takes place in the context of threads. Objects and resources can be accessed by many separate threads. Each thread has its own path of execution, but can potentially access any object in the program. The programmer must ensure read and write access to objects is properly coordinated between threads. Thread synchronization ensures that objects are modified by only one thread at a time and prevents threads from accessing partially updated objects during modification by another thread. The Java language has built-in constructs to support this coordination.

<span class="mw-page-title-main">Parasoft</span> Software testing framework

Parasoft is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working hypercube computer built.

Intel Inspector is a memory and thread checking and debugging tool to increase the reliability, security, and accuracy of C/C++ and Fortran applications.

PVS-Studio is a proprietary static code analyzer on guard of code quality, security, and code safety supporting C, C++, C++11, C++/CLI, C++/CX, C# and Java.

The Maxine virtual machine is an open source virtual machine that is developed at the University of Manchester. It was formerly developed by Sun Microsystems Laboratories, since renamed Oracle Labs. The emphasis in Maxine's software architecture is on modular design and code reuse for flexibility, configurability, and productivity for industrial and academic virtual machine researchers. It is one of a growing number of Java virtual machines written entirely in Java in a meta-circular style. Examples include Squawk and Jikes RVM.

Astrée is a static analyzer based on abstract interpretation. It analyzes programs written in the programming languages C and C++, and emits an exhaustive list of possible runtime errors and assertion violations. The defect classes covered include divisions by zero, buffer overflows, dereferences of null or dangling pointers, data races, deadlocks, etc. Astrée includes a static taint checker and helps finding cybersecurity vulnerabilities, such as Spectre. It is proprietary software written in the language OCaml.

High performance computing applications run on massively parallel supercomputers consist of concurrent programs designed using multi-threaded, multi-process models. The applications may consist of various constructs with varying degree of parallelism. Although high performance concurrent programs use similar design patterns, models and principles as that of sequential programs, unlike sequential programs, they typically demonstrate non-deterministic behavior. The probability of bugs increases with the number of interactions between the various parallel constructs. Race conditions, data races, deadlocks, missed signals and live lock are common error types.

JetBrains s.r.o. is a Czech software development private limited company which makes tools for software developers and project managers. The company has its headquarters in Prague, and has offices in China, Europe, and the United States.

Research and literature on concurrency testing and concurrent testing typically focuses on testing software and systems that use concurrent computing. The purpose is, as with most software testing, to understand the behaviour and performance of a software system that uses concurrent computing, particularly assessing the stability of a system or application during normal activity.

The Java programming language's Java Collections Framework version 1.5 and later defines and implements the original regular single-threaded Maps, and also new thread-safe Maps implementing the java.util.concurrent.ConcurrentMap interface among other concurrent interfaces. In Java 1.6, the java.util.NavigableMap interface was added, extending java.util.SortedMap, and the java.util.concurrent.ConcurrentNavigableMap interface was added as a subinterface combination.

References

  1. 1 2 Grazi, Victor (August 28, 2013). "ThreadSafe Concurrency Static Analysis Tool Announces First Public Release". InfoQ.com.
  2. 1 2 3 4 Taft, Darryl (September 4, 2013). "Contemplate Delivers ThreadSafe Java Concurrency Static Analysis Tool". DevX.com.
  3. 1 2 3 Atkey, Robert (January 14, 2014). "Discover and Diagnose Java Concurrency Problems Using Contemplate's ThreadSafe". InfoQ.com.
  4. 1 2 3 Atkey, Robert; Sannella, Donald (2015). "ThreadSafe: Static Analysis for Java Concurrency". Electronic Communications of the EASST. 72. doi:10.14279/tuj.eceasst.72.1025.995.
  5. Roy, Ritobaan (May 1, 2013). "Software Errors: New Technology Briefing For CFOs". CFO Insight. Archived from the original on October 14, 2013.
  6. Rubens, Paul (March 12, 2014). "Why Software Testing Can't Save You From IT Disasters". Reference to ThreadSafe on page 2. CIO.com. Archived from the original on March 14, 2014. Retrieved April 18, 2014.
  7. Raible, Matt (June 26, 2014). "Contemplate ThreadSafe Introduces Deadlock Detection". InfoQ.com.
  8. "SEI CERT Oracle Coding Standard for Java". Software Engineering Institute, Carnegie Mellon University. Retrieved March 18, 2016.