Skip to content

Java: Add java/javautilconcurrentscheduledthreadpoolexecutor query for zero thread pool size #19844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Java: Add java/javautilconcurrentscheduledthreadpoolexecutor query for zero thread pool size #19844

wants to merge 1 commit into from

Conversation

tamasvajk
Copy link
Contributor

@tamasvajk tamasvajk commented Jun 23, 2025
edited
Loading

This pull request introduces a new query to identify potential issues with setting the corePoolSize of ScheduledThreadPoolExecutor to zero, which may lead to unintended behavior and programmer error. The changes include adding the query logic, documentation, test cases, and integration into the query suite.

MRVA top 100 only reports 4 alerts. I checked autofix on 3 of these. Two autofix suggestions completely removed the executor.setCorePoolSize(0) calls, the third one changed the 0 value to Schedulers.DEFAULT_POOL_SIZE, which is the value used in setMaximumPoolSize.

@tamasvajk tamasvajk force-pushed the tamasvajk/threadpoolexecutor branch from e2b0faa to c6a4221 Compare June 23, 2025 10:11
@tamasvajk tamasvajk force-pushed the tamasvajk/threadpoolexecutor branch from c6a4221 to 60e726b Compare June 23, 2025 10:52
@tamasvajk tamasvajk marked this pull request as ready for review June 24, 2025 10:59
@tamasvajk tamasvajk requested a review from a team as a code owner June 24, 2025 10:59
@tamasvajk tamasvajk added the no-change-note-required This PR does not need a change note label Jun 24, 2025
michaelnebel
michaelnebel reviewed Jun 24, 2025
View reviewed changes
java/ql/src/Likely Bugs/Concurrency/ScheduledThreadPoolExecutorZeroThread.ql

from IntegerLiteral zero, Sink set
where
DataFlow::localFlow(DataFlow::exprNode(zero), DataFlow::exprNode(set.getArgument(0))) and
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any particular reason why only local flow is used (instead of making a data flow configuration and using global flow)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know if there's any reason. I simply migrated the query as is from the private repo.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just tried the below:

private module FlowConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source.asExpr().(IntegerLiteral).getIntValue() = 0 }

  predicate isSink(DataFlow::Node sink) { exists(Sink s | s.getArgument(0) = sink.asExpr()) }
}

private module Flow = DataFlow::Global<FlowConfig>;

from DataFlow::Node sinkNode, Sink s
where Flow::flow(_, sinkNode) and s.getArgument(0) = sinkNode.asExpr()
select s, "ScheduledThreadPoolExecutor.corePoolSize is set to have 0 threads."

It resulted in some new findings, for example this, which is a FP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelnebel michaelnebel michaelnebel left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
documentation Java no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tamasvajk @michaelnebel