1 The testcase works well on dual core machines.

     2 The below output indicates a successful fix:

     3 

     4 Exception in thread "Thread-0" java.lang.NullPointerException

     5         at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:476)

     6         at SerialRace$1.run(SerialRace.java:33)

     7         at java.lang.Thread.run(Thread.java:595)

     8 

     9 

    10 When the vulnerability exists, the output of the tescase is something like this:

    11 Available processors: 2

    12 Iteration 1

    13 java.io.NotActiveException: not in readObject invocation or fields already read

    14         at java.io.ObjectInputStream$CallbackContext.checkAndSetUsed(ObjectInputStream.java:3437)

    15         at java.io.ObjectInputStream$CallbackContext.getObj(ObjectInputStream.java:3427)

    16         at java.io.ObjectInputStream.readFields(ObjectInputStream.java:514)

    17         at SerialVictim.readObject(SerialVictim.java:19)

    18         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    19         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

    20         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

    21         at java.lang.reflect.Method.invoke(Method.java:585)

    22         at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:946)

    23         at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1809)

    24         at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719)

    25         at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)

    26         at java.io.ObjectInputStream.readObject(ObjectInputStream.java:348)

    27         at SerialRace.main(SerialRace.java:65)

    28 Victim: ?

    29 Victim: $