SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 44

changes.mady.by.user Pennie Walters

Saved on

compared with

New Version 45

changes.mady.by.user Pennie Walters

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Wiki Markup
    It is not advisable to use any lock or sharing based mechanisms within a finalizer because of the inherent dangers of deadlock and starvation. On the other hand, it is easy to miss that there can be synchronization issues with the use of finalizers even if the source program is single-threaded. This is because the {{finalize()}} methods are called from their own threads (not from the {{main()}} thread). If a finalizer is necessary, the cleanup data structure should be protected from concurrent access (See \[[Boehm 05|AA. Java References#Boehm 05]\]).

Noncompliant Code Example

This noncompliant code example uses the System.runFinalizersOnExit() method to simulate a garbage collection run (note that this method is deprecated because of thread-safety issues MET36-J. Do not use deprecated or obsolete methods).

...

Code Block
Subclass finalize!
Superclass finalize!
This is sub-class! The date object is: null

Compliant Solution

This compliant solution eliminates the call to the overridable doLogic() method from within the finalize() method.

Code Block
bgColor#ccccff
class BaseClass {
  protected void finalize() throws Throwable {
    System.out.println("superclass finalize!");
    // Eliminate the call to the overridden doLogic().
  }
  ...
}

Compliant Solution (finalization)

Wiki Markup
Joshua Bloch \[[Bloch 08|AA. Java References#Bloch 08]\] suggests implementing a {{stop()}} method explicitly such that it leaves the class in an unusable state beyond its lifetime. A {{private}} field within the class can signal whether the class is unusable. All the class methods must check this field prior to operating on the class. This is akin to *EX1* discussed in [OBJ04-J. Do not allow partially initialized objects to be accessed]. As always, a good place to call the termination logic is in the {{finally}} block.

Exceptions

OBJ02-EX1: Sometimes it is necessary to use finalizers especially when working with native code. This is because the garbage collector cannot re-claim memory used by code written in another language. Also, the lifetime of the object is often unknown. Again, the native process must not perform any critical jobs that require immediate resource deallocation.

...

Code Block
Class MyFrame {
  private JFrame frame; 
  private byte[] buffer = new byte[16 * 1024 * 1024]; // now decoupled
}

Risk Assessment

Improper use of finalizers can result in resurrection of garbage-collection ready objects and result in denial of service vulnerabilities.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

OBJ02- J

medium

probable

medium

P8

L2

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] Section 12.6, Finalization of Class Instances
\[[API 06|AA. Java References#API 06]\] [finalize()|http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Object.html#finalize()]
\[[Bloch 08|AA. Java References#Bloch 08]\] Item 7, Avoid finalizers 
\[[Darwin 04|AA. Java References#Darwin 04]\] Section 9.5, The Finalize Method
\[[Flanagan 05|AA. Java References#Flanagan 05]\] Section 3.3, Destroying and Finalizing Objects
\[[Coomes 07|AA. Java References#Coomes 07]\] "Sneaky" Memory Retention
\[[Boehm 05|AA. Java References#Boehm 05]\] 
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 586|http://cwe.mitre.org/data/definitions/586.html] "Explicit Call to Finalize()", [CWE ID 583|http://cwe.mitre.org/data/definitions/583.html] "finalize() Method Declared Public", [CWE ID 568|http://cwe.mitre.org/data/definitions/568.html] "finalize() Method Without super.finalize()"

...