codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Java: Queries for thread-safe classes

Open yoff opened this issue 6 months ago • 4 comments
trafficstars

This PR introduces three queries for thread-safe classes, corresponding to three properties that such classes must possess, known as

  • P1: No escaping
  • P2: Safe publication
  • P3: Correct synchronization Each query is introduced in its own commit, P3 first since it comes with some definitions that make P2 and P1 simple to write. And then there is a fourth commit fixing up the query for P3, since its detection in the first version only works when there are no loops in the call graph. I chose to show both versions, since the first is quite simple to understand and the second is basically the same idea but operating on SCCs of the call graph.

Some considerations:

  • should (parts of) the module Monitors be moved into concurrency.qll?
  • should the severity be error?
  • the queries are being included in the code quality suite

yoff avatar May 20 '25 13:05 yoff