Concurrency and State Risk
Detects async void methods, blocking async calls (.Result, .Wait(), .GetAwaiter().GetResult()), lock(this), and Thread.Sleep in production code. Uses ForPatternScan to ignore matches inside // comments and string literals.
Why this rule exists
async void cannot be awaited and crashes the process on unhandled exceptions. Blocking on async in a SynchronizationContext deadlocks under load. lock(this) exposes the lock to callers. Thread.Sleep blocks thread-pool threads. Comment/string false positives are stripped before matching.
Code example
+ public async void HandleClick() { await SaveAsync(); }
+ var data = httpClient.GetStringAsync(url).Result;+ public async Task HandleClickAsync() { await SaveAsync(); }
+ var data = await httpClient.GetStringAsync(url);Configuration
Disable or adjust the severity of this rule in .gauntletci.json:
{
"rules": {
"GCI0016": { "enabled": true, "severity": "Block" }
}
}See Configuration for the full schema.
Related rules
Resource Lifecycle
Detects disposable resources allocated without a using statement or try/finally disposal, leading to connection and handle leaks.
External Service Safety
Detects unsafe HTTP client usage and external service call patterns that lack timeout, cancellation, or retry configuration.
Pattern Consistency Deviation
Detects mixed sync/async naming conventions and service locator anti-patterns introduced inconsistently within the same file.
Discussed in
A Formal Framework for Behavioral Change Risk
A structured taxonomy for behavioral, contract, concurrency, and side-effect risk in code diffs.
Can AI Code Review Tools Ever Be Deterministic?
Exploring the difference between helpful AI review and trustworthy engineering controls. Why determinism matters more than you think.
A "Performance Improvement" PR Introduced 11 Block-Level Risks
Jellyfin PR #16062 escaped code review despite introducing 11 block-level risks. Discover why traditional tools miss behavioral regressions.
log4net PR #201: 3,753+ Risk Signals in a Major Enterprise Refactor
Large-scale logging framework refactoring introducing thousands of behavioral changes across multiple code paths.
StackExchange.Redis PR #3028 Analysis
Behavioral change risk in a critical infrastructure library pull request.
State of Behavioral Change Risk in .NET
A field report from 610 merged C# PRs across 61 repositories, with raw findings, high-confidence findings, and outlier disclosure.
Automated Code Review Tools for GitHub Pull Requests
How GitHub teams should choose automated code review tools for PR comments, required checks, Actions workflows, and deterministic merge protection.
Implemented in src/GauntletCI.Core/Rules/Implementations/GCI0016_*.cs.
Eric Cogen -- Founder, GauntletCI
Twenty years as a senior technical consultant building and modernizing enterprise platforms across .NET, AWS, serverless, microservices, and AI-driven systems.