52 lines
1.6 KiB
Plaintext
52 lines
1.6 KiB
Plaintext
== Why is this an issue?
|
|
|
|
Before it reclaims storage from an object that is no longer referenced, the garbage collector calls `finalize()` on the object.
|
|
|
|
This is a good time to release resources held by the object.
|
|
|
|
Because the general contract is that the `finalize` method should only be called once per object, calling this method explicitly is misleading and does not respect this contract.
|
|
|
|
=== What is the potential impact?
|
|
|
|
An explicit call to an object's finalize method will perform operations that most likely were supposed to be performed only when the object was not referenced anymore by any thread.
|
|
|
|
Since it is an acceptable practice to override the finalize method in any subclass of `Object`, by invoking it explicitly, we will run code that was designed to only be ran at a different time.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
public void dispose() throws Throwable {
|
|
this.finalize(); // Noncompliant
|
|
}
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* https://docs.oracle.com/javase/specs/jls/se17/html/jls-12.html#jls-12.6[docs.oracle.com] - Finalization of Class Instances
|
|
* CWE - https://cwe.mitre.org/data/definitions/586[CWE-586 - Explicit Call to Finalize()]
|
|
* https://wiki.sei.cmu.edu/confluence/x/4jZGBQ[CERT, MET12-J.] - Do not use finalizers
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Remove this call to finalize().
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 3 Jul 2013, 16:56:01 Freddy Mallet wrote:
|
|
Is implemented by \http://jira.codehaus.org/browse/SONARJAVA-195
|
|
|
|
endif::env-github,rspecator-view[]
|