SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 146

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2021.1

...

  • Use of locks or other synchronization-based mechanisms within a finalizer can cause deadlock or starvation. This possibility arises because neither the invocation order nor the specific executing thread or threads for finalizers can be guaranteed or controlled.

Object finalizers have also been deprecated since Java 9. See MET02-J. Do not use deprecated or obsolete classes or methods for more information.

Because of these problems, finalizers must not be used in new classes.

...

This noncompliant code example uses the System.runFinalizersOnExit() method to simulate a garbage-collection run. Note that this method is deprecated because of thread-safety issues; see MET02-J. Do not use deprecated or obsolete classes or methods.

According to the Java API [API 2014] class System, runFinalizersOnExit() method documentation,

...

Joshua Bloch [Bloch 2008] suggests implementing a stop() method explicitly such that it leaves the class in an unusable state beyond its lifetime. A private field within the class can signal whether the class is unusable. All the class methods must check this field prior to operating on the class. This is akin to the "initialized flag"–compliant solution discussed in OBJ11-J. Be wary of letting constructors throw exceptions. As always, a good place to call the termination logic is in the finally block.

Exceptions

MET12-J-EX0: Finalizers may be used when working with native code because the garbage collector cannot reclaim memory used by code written in another language and because the lifetime of the object is often unknown. Again, the native process must not perform any critical jobs that require immediate resource deallocation.

...

The ordering problem can be dangerous when dealing with native code. For example, if object A references object B (either directly or reflectively) and the latter gets finalized first, A's finalizer may end up dereferencing dangling native pointers. To impose an explicit ordering on finalizers, make sure that B remains reachable until A's finalizer has concluded. This can be achieved by adding a reference to B in some global state variable and removing it when A's finalizer executes. An alternative is to use the java.lang.ref references.

MET12-J-EX1: A class may use an empty final finalizer to prevent a finalizer attack, as specified in OBJ11-J. Be wary of letting constructors throw exceptions.

...

Improper use of finalizers can result in resurrection of garbage-collection-ready objects and result in denial-of-service vulnerabilities.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET12-J

Medium

Probable

Medium

P8

L2

Automated Detection

Tool
Version
Checker
Description
Coverity
CodeSonar
7
4.
5FB
2
CALL_SUPER
DC.THREADING
FB.BAD_PRACTICE.FI_EMPTY
FB.BAD_PRACTICE.FI_EXPLICIT_INVOCATION
FB.BAD_PRACTICE.FI_FINALIZER_NULLS_FIELDS
FB.BAD_PRACTICE.FI_FINALIZER_ONLY_NULLS_FIELDS
FB.BAD_PRACTICE.FI_MISSING_SUPER_CALL
FB.BAD_PRACTICE.FI_NULLIFY_SUPER
_CALL
FB.FI_NULLIFY_SUPER
FB.FI_USELESS
FB.FI_PUBLIC_SHOULD_BE_ PROTECTED

FB.MALICIOUS_CODE.FI_PUBLIC_SHOULD_BE_PROTECTED
FB.BAD_PRACTICE.FI_USELESS

Empty finalizer should be deleted
Explicit invocation of finalizer
Finalizer nulls fields
Finalizer nulls fields
Finalizer does not call superclass finalizer
Finalizer nullifies superclass finalizer
Finalizer should be protected, not public
Finalizer does nothing but call superclass finalizer

Coverity7.5

CALL_SUPER
DC.THREADING
FB.FI_EMPTY
FB.FI_EXPLICIT_INVOCATION
FB.FI_FINALIZER_NULLS_FIELDS
FB.FI_FINALIZER_ONLY_NULLS_FIELDS
FB.FI_MISSING_SUPER_CALL
FB.FI_NULLIFY_SUPER
FB.FI_USELESS
FB.FI_PUBLIC_SHOULD_BE_ PROTECTED

Implemented
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V

CERT.MET12.MNDF
CERT.MET12.FCF
CERT.MET12.FM
CERT.MET12.IFF
CERT.MET12.NCF
CERT.MET12.OF
CERT.MET12.EF
CERT.MET12.FCSF
CERT.MET12.MFP

Do not define 'finalize()' method in bean classes
Call 'super.finalize()' from 'finalize()'
Do not use 'finalize()' methods to unregister listeners
Call 'super.finalize()' in the "finally" block of 'finalize()' methods
Do not call 'finalize()' explicitly
Do not overload the 'finalize()' method
Avoid empty 'finalize()' methods
Avoid redundant 'finalize()' methods which only call the superclass' 'finalize()' method
Give "finalize()" methods "protected" access
SonarQube
Include Page
SonarQube_V
SonarQube_V
S1113
S1111
S1174
S2151
S1114		The Object.finalize() method should not be overriden
The Object.finalize() method should not be called
"Object.finalize()" should remain protected (versus public) when overriding
"runFinalizersOnExit" should not be called
"super.finalize()" should be called at the end of "Object.finalize()" implementations
Implemented

Related Vulnerabilities

AXIS2-4163 describes a vulnerability in the finalize() method in the Axis web services framework. The finalizer incorrectly calls super.finalize() before doing its own cleanup, leading to errors in GlassFish when the garbage collector runs.

Related Guidelines

MITRE CWE

CWE-586, Explicit call to Finalize()

CWE-583, finalize() Method Declared Public

CWE-568, finalize() Method without super.finalize()

Bibliography

[API 2014]

Class System
finalize()

[Bloch 2008]

Item 7, "Avoid Finalizers"

[Boehm 2005]

 


[Coomes 2007]

"'Sneaky' Memory Retention"

[Darwin 2004]

Section 9.5, "The Finalize Method"

[Flanagan 2005]

Section 3.3, "Destroying and Finalizing Objects"

[JLS 2015]

§12.6, "Finalization of Class Instances"

...


...

Image Modified Image Modified Image Modified