trailofbits.go.nondeterministic-select.nondeterministic-select

profile photo of trailofbitstrailofbits
Author
232
Download Count*
CC BY-NC-SA 4.0
License

Logic executed as a result of ticker $TICKER may execute more times than desired. When both $TICKER and $DONECHAN are written to at the same time, the scheduler randomly picks a case to execute. As a result, the $TICKER.C may excute one more time than expected.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: nondeterministic-select
    patterns:
      - pattern: |
          $TICKER := time.NewTicker(...)
          ...
          for {
            ...
            select {
              case <- $DONECHAN: return
              case <- $TICKER.C: ...
            }
          }
      - pattern-not: |
          $TICKER := time.NewTicker(...)
          ...
          for {
            select {
              case <-$DONECHAN: return
              default:
            }
            ...
            select {
              case <- $DONECHAN: return
              case <- $TICKER.C: ...
            }
          }
    message: >
      Logic executed as a result of ticker `$TICKER` may execute more times than
      desired.

      When both `$TICKER` and `$DONECHAN` are written to at the same time, the scheduler randomly picks a

      case to execute. As a result, the `$TICKER.C` may excute one more time than expected.
    severity: WARNING
    languages:
      - go
    metadata:
      license: CC-BY-NC-SA-4.0