Java Developer Tools

Audit - Rules - Finalization

Description
This group contains audit rules that check for problems with the use of the finalization mechanism (the finalize method).

Rules:

Details

Avoid Finalizers

Summary
Avoid finalizers.

Description
Finalizers should be avoided because they can lead to obscure bugs and apparent consumption of operating system resources.

Example
Any method with the signature "finalize()" will be flagged.

Do Not Create Finalizable Objects

Summary
Finalizable objects should not be instantiated.

Description
This audit rule checks for instance creation expressions in which the object being created implements the finalize() method. Finalization is expensive and error prone, so finalizable objects should not be used.

Example
If the class ResourceHandle defines the finalize method, then the following instance creation expression would be flagged as a violation:

    ResourceHandle handle = new ResourceHandle(resourceId);

Empty Finalize Method

Summary
The body of a finalize method should never be empty.

Description
This audit rule finds finalize methods whose body is empty.

Example
    protected void finalize()
    {
    }

Explicit Invocation of Finalize

Summary
The method finalize() should never be explicitly called.

Description
This audit rule looks for explicit invocations of the method finalize(). The finalize method should only be invoked by the VM.

Example
The following method invocation would be flagged as a violation:

    object.finalize();

Finalize Method Definition

Summary
Finalize methods should not have parameters or a non-void return type.

Description
The only way to declare a finalize method is

    protected void finalize() [throws Throwable]

You can create other finalize methods that take parameters, but they will not be called automatically by the system, and may confuse anyone reading the code. You should reserve the name finalize for the real finalize method. This audit rule finds finalize() methods that have parameters or do not have a void return type.

Example
The following method declaration would be flagged as a violation because the method returns an integer:

    protected int finalize()
    {
        ...
    }

Finalize Should Not Be Public

Summary
Finalize methods declared within an Applet should not be public

Description
This audit rule flags any declarations of the Object.finalize that are public and within an Applet. If the finalize method is declared properly, then the method should not need to be public.

Security Implications
Malicious users can perform attacks on Applets by calling public finalize methods.

Example
The following declaration of finalize would be flagged:

    class A extends java.applet.Applet {
        public void finalize() {}
    }

Invoke super.finalize() from within finalize()

Summary
Every implementation of finalize() should invoke super.finalize().

Description
This audit rule looks for implementations of the method finalize() that do not invoke the inherited finalize() method.

Example
The following definition of the method finalize() would be flagged because it does not invoke the inherited implementation of finalize():

    protected void finalize()
        throws Throwable
    {
        if (fileReader != null) {
            fileReader.close();
            fileReader = null;
        }
    }

Proper Finalize Usage

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.