Java Reference
In-Depth Information
race condition
“General races cause nondeterministic execution and are failures in pro-
grams intended to be deterministic” [Netzer 1992]. “A race condition occurs when the
correctness of a computation depends on the relative timing or interleaving of multiple
threads by the runtime” [Goetz 2006].
safe publication
“To publish an object safely, both the reference to the object and the
[state of the object] must be made visible to other threads at the same time. A properly
constructed object can be safely published by:
Initializing an object reference from a static initializer;
Storing a reference to it into a volatile field or AtomicReference;
Storing a reference to it into a final field of a properly constructed object; or
Storing a reference to it into a field that is properly guarded by a lock” [Goetz
2006, §3.5 “Safe Publication”].
safety
Its main goal is to ensure that all objects maintain consistent states in a multith-
readed environment [Lea 2000].
sanitization
Validating input and transforming it to a representation that conforms to the
input requirements of a complex subsystem. For example, a database may require all in-
valid characters to be escaped or eliminated before their storage. Input sanitization is the
elimination of unwanted characters from the input by means of removing, replacing, en-
coding, or escaping the characters.
security flaw
A software defect that poses a potential security risk [Seacord 2013].
sensitive code
Any code that performs operations that would be forbidden to untrusted
code. Also, any code that accesses
sensitive data
. For example, code whose correct oper-
ation requires enhanced privileges is typically considered to be sensitive.
sensitive data
Any data that must be kept secure. Consequences of this security require-
ment include the following:
Untrusted code is forbidden to access sensitive data
Trusted code is forbidden to leak sensitive data to untrusted code
Examples of sensitive data include passwords and personally identifiable information.
shadow
One scoped identifier shadows another identifier in a containing scope if the two
identifiers are the same, and they both reference variables. They may also both reference
methods or types. The shadowed identifier is not accessible in the scope of the shadowing
identifier. See the JLS, §6.4.1, “Shadowing” [JLS 2013], for more information. Contrast
with obscure.
