How does java function becomes vulnerable if the order is changed

I am attaching a screenshot from a code in effective java book. In this the author says  -
Note that defensive copies are made before checking the validity of the parameters (Item 38), and the validity check is performed on the copies rather than on the originals. While this may seem unnatural, it is nec- essary. It protects the class against changes to the parameters from another thread during the “window of vulnerability” between the time the parameters are checked and the time they are copied. (In the computer security community, this is known as a time-of-check/time-of-use or TOCTOU
Screen-Shot-2018-02-01-at-12.16.36-A.pngI dont get this window of vulnerability thing. What exactly he is talking about.. Please suggest an example where the check was done before the assignment and due to some multithreaded thing There was an issue.
Rohit BajajAsked:
Who is Participating?
Jan LouwerensConnect With a Mentor Software EngineerCommented:
The "end" Date object is shared between two threads.
Thread 1 calls "Period p = new Period(start, end);". (Note that this would be the unprotected version of the Period constructor.)
In the middle of the execution of the Period constructor, the thread scheduler is switched to run thread 2.
Thread 2 calls "end.setYear(78);".
The thread scheduler switches back to thread 1.
At this point in time, a portion of the Period constructor is using an "end" Date with one value (before the task switch), while the remaining portion is using and "end" Date with another value (after the task switch).
You can see from this that the results from the Period constructor are not going to be what you expect.

Any time in which the thread scheduler can switch tasks, rendering the currently executing code to become undetermined, is what's meant by the "window of vulnerability".
girionisConnect With a Mentor Commented:
Imagine the following code:

1 public Period(Date start, Date end) {
2  if (this.start.compareTo(this.end) > 0) {
3    throw new IllegalArgumentException(start + " after " + end);
4  }
6  this.start = new Date(this.start.getTime());
7  this.end = new Date(this.end.getTime());

Open in new window

Thread1 executes line 2 and it finds that the start is less than the end (so this is a valid date). Thread1 continues the flow and executes line 6 and is ready to execute line 7. Meanwhile, another thread, Thread2, changes the value of the "end" date (lets say to a date before the start date). When Thread1 executes line 7 the "end" date will have the wrong value. The window vulnerability is the time taken for Thread1 to go from line 2 to line 7. Within this time any other thread could have interacted with either "start" or "end" dates.
Both comments are correct.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.