SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 2

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0 (sch jp)

...

  • Do not depend on a finalizer for updating critical persistent state: It is possible for the JVM to terminate without invoking the finalizer on an unreachable object. Thus As a result it is not advisable to use any lock or sharing based mechanisms within an initializer. Methods such as System.gc, System.runFinalization, System.runFinalizersOnExit and Runtime.runFinalizersOnExit are either just marginally better or have been deprecated due to lack of safety and deadlock causing effects.

...

Code Block
public class Foo {
  // The finalizeGuardian object finalizes the outer Foo object
  private final Object finalizerGuardian = new Object() {
    protected void finalize() throws Throwable {
    // Finalize outer Foo object
    }
  };
  //...
}

Risk Assessment

TODO

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

OBJ02-J

??

??

??

P??

L??

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

JLS, 12.6 Finalization of Class Instances
Effective Java: Programming Language Guide, Item 6, Avoid finalizers
Java Cookbook, Ian Darwin, 9.5 The Finalize Method
Java in a nutshell, 3.3. Destroying and Finalizing Objects
Java API Documentation http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Object.html#finalize()