SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 3

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Wiki Markup
    "The Java programming language imposes no ordering on finalize method calls. Finalizers may be called in any order, or even concurrently." \[[JLS 05|AA. Java References#JLS 05]\] Section 12.6.2: Finalizer Invocations are Not Ordered]\].
  • Effect of uncaught exceptions: An uncaught exception thrown during finalization is ignored. The finalization process itself stops immediately so it fails to accomplish its purpose.

...

Wiki Markup
Alternatively, a more expensive solution is to declare an anonymous class so that the {{finalize}} method is guaranteed to run for the superclass. This solution is applicable to public non-final classes. "The finalizer guardian object forces {{super.finalize}} to be called if a subclass overrides finalize and does not explicitly call {{super.finalize}}". \[[JLS 05|AA. Java References#JLS 05]\] Section 12.6.1: Implementing Finalization]\].

Code Block
public class Foo {
  // The finalizeGuardian object finalizes the outer Foo object
  private final Object finalizerGuardian = new Object() {
    protected void finalize() throws Throwable {
    // Finalize outer Foo object
    }
  };
  //...
}

Risk Assessment

TODOFinalizers can have unexpected behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

OBJ02-J

?? medium ??

low

?? high

P??

L??

Automated Detection

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] Section
JLS, 
12.6: Finalization of Class
Instances
Effective Java: Programming Language Guide, Item 6, Avoid finalizers
Java Cookbook, Ian Darwin, 9.5 The Finalize Method
Java in a nutshell, 3.3. Destroying and Finalizing Objects
Java API Documentation 
 Instances
\[[Bloch 08|AA. Java References#Bloch 08]\] Item 7, Avoid finalizers 
\[[Darwin 04|AA. Java References#Darwin 04]\]Java Cookbook, Ian Darwin, 9.5 The Finalize Method
\[[Flanagan 05|AA. Java References#Flanagan 05]\] Section 3.3, Destroying and Finalizing Objects
\[[API 06|AA. Java References#API 06]\] [finalize()|http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Object.html#finalize(
Image Removed
)]