Contemplate Delivers ThreadSafe Java Concurrency Static Analysis Tool

Contemplate Delivers ThreadSafe Java Concurrency Static Analysis Tool

Contemplate, a U.K. startup focused on software quality, has announced ThreadSafe 1.2, a new version of its tool to help Java developers better handle concurrency in applications they build.

ThreadSafe identifies application risks and security vulnerabilities associated with concurrency problems in Java code. The technology was previously only available to selected customers. However, version 1.2 adds new features and opens the technology to a wide range of end users, the company said.

“Our latest release is a significant milestone for ThreadSafe,” Contemplate CEO Derick James, said in a statement. “The deep analysis capability in our previous releases is being recognized as a key tool in removing application risk. With our latest release, we have added further powerful investigation support to help the users understand often subtle and complex code issues. Customer feedback has been hugely positive about the increased ability to pinpoint flaws in their code.”

According to the U.S. National Institute of Standards and Technology (NIST) , software defects cost the U.S. economy $60 billion annually. Programming correctly with concurrency is a major challenge. Even the most experienced programmers find it difficult. Some of the most high-profile software failures in the last few years have been due to concurrency errors. Yet using concurrency is essential to exploit modern multi-core architectures, James said.

ThreadSafe uses advanced static analysis to find potential issues in code. Static analysis, which is analysis of computer software that is performed without actually executing programs, is an essential technique to harness the complexity of concurrent code because it is impossible to test every pattern of concurrent thread execution and every data value. Potential issues in code can be discovered without running the code. Problems that might only be seen in deployment can be eliminated much earlier and more cheaply.

However, identifying problems is only half of the story. ThreadSafe includes unique explanation and debugging aids that enable programmers to find the root cause of problems. For example, ThreadSafe’s Accesses View shows how locks are used in a program, allowing a developer to easily navigate between regions and find the calling contexts where locks are acquired.

ThreadSafe also has an understanding of libraries and frameworks that have concurrent behavior and multiple code entry points, including the standard java.util.concurrentlibrary. Using good frameworks can help build safe concurrent applications, but it is still possible to make fundamental mistakes, James said. ThreadSafe detects many buggy uses of concurrent collections classes, for example, he said.

ThreadSafe 1.2 is integrated into the Eclipse integrated development environment (IDE), to allow developers to interact with the tool directly while coding. It can also be run via an integration into the SonarQube code quality platform. ThreadSafe 1.2 runs on Windows, Linux and OS X.

ThreadSafe identifies application risks and security vulnerabilities associated with concurrency problems in Java code, such as:

  • Race conditions that lead to incorrect or unpredictable behavior that is difficult to reproduce in a debugger
  • Deadlocks caused by circular waits between threads waiting for shared resources
  • Unpredictable results caused by incorrect handling of concurrent collections, bad error handling, or mixed object synchronization
  • Performance bottlenecks caused by incorrect API usage, redundant synchronization and unnecessary use of a shared mutable state.

Most current static analysis tools are general purpose and catch a range of surface-level problems, Contemplate officials said. However, ThreadSafe uses deeper analysis technology, tailored toward very precise identification of concurrency problems, the company said. ThreadSafe finds concurrency problems that are missed by other static analysis tools and achieves a manageably low false-positive rate. For findings that require close inspection, the explanation aids allow the developer to efficiently investigate and annotate for future reference.

Contemplate also works with clients to provide additional custom analysis and framework support for particular projects and organizations. For example, ThreadSafe has been used on large Java projects in some of the major investment banks. Examining millions of lines of code automatically, ThreadSafe helped reduce latent risks by finding hidden concurrency faults in trading applications.

Contemplate, based in Edinburgh, is a spin-out company from the University of Edinburgh. Don Sannella, founder and chief technology officer at Contemplate, has been a professor of computer science in Edinburgh University’s School of Informatics since 1998. Sannella, whose academic career spans 30 years, became involved in Contemplate while leading the research project that led to its formation, and is co-founding director and CTO.

Share the Post:
XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing

data dictionary

Tools You Need to Make a Data Dictionary

Data dictionaries are crucial for organizations of all sizes that deal with large amounts of data. they are centralized repositories of all the data in organizations, including metadata such as