Page History

...

Improper use of finalizers can result in resurrection of garbage-collection-ready objects and result in denial-of-service vulnerabilities.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
MET12-J	Medium	Probable	Yes	NoMedium	P8	L2

Automated Detection

Tool

Version

Checker

Description

Coverity

7.5

CALL_SUPER
DC.THREADING
FB.FI_EMPTY
FB.FI_EXPLICIT_INVOCATION
FB.FI_FINALIZER_NULLS_FIELDS
FB.FI_FINALIZER_ONLY_NULLS_FIELDS
FB.FI_MISSING_SUPER_CALL
FB.FI_NULLIFY_SUPER
FB.FI_USELESS
FB.FI_PUBLIC_SHOULD_BE_ PROTECTED

Implemented

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

JD.UMC.RUNFIN
SV.EXPOSE.FIN
FIN.EMPTY
FIN.NOSUPER
JD.UMC.FINALIZE

Parasoft Jtest

Include Page

	Parasoft_V
	Parasoft_V

CERT.MET12.MNDF
CERT.MET12.FCF
CERT.MET12.FM
CERT.MET12.IFF
CERT.MET12.NCF
CERT.MET12.OF
CERT.MET12.EF
CERT.MET12.FCSF
CERT.MET12.MFP

Do not define 'finalize()' method in bean classes
Call 'super.finalize()' from 'finalize()'
Do not use 'finalize()' methods to unregister listeners
Call 'super.finalize()' in the "finally" block of 'finalize()' methods
Do not call 'finalize()' explicitly
Do not overload the 'finalize()' method
Avoid empty 'finalize()' methods
Avoid redundant 'finalize()' methods which only call the superclass' 'finalize()' method
Give "finalize()" methods "protected" access

SonarQube

Include Page

	SonarQube_V
	SonarQube_V

S1113
S1111
S1174
S2151
S1114

The Object.finalize() method should not be overriden
The Object.finalize() method should not be called
"Object.finalize()" should remain protected (versus public) when overriding
"runFinalizersOnExit" should not be called
"super.finalize()" should be called at the end of "Object.finalize()" implementations

...

Space shortcuts

Page tree

Versions Compared

Old Version 164

New Version Current

Key

Automated Detection