...
The ordering problem can be dangerous when dealing with native code. For example, if object A references object B (either directly or reflectively) and the latter gets finalized first, A's finalizer may end up dereferencing dangling native pointers. To impose an explicit ordering on finalizers, make sure that B remains reachable until A's finalizer has concluded. This can be achieved by adding a reference to B in some global state variable and removing it when A's finalizer executes. An alternative is to use the java.lang.ref references.
MET12-EX1: A class may use an empty final finalizer to prevent a finalizer attack, as specified in rule OBJ11-J. Be wary of letting constructors throw exceptions.
Risk Assessment
Improper use of finalizers can result in resurrection of garbage-collection ready objects and result in denial-of-service vulnerabilities.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e4539724b71479d8-b3f6ab84-408c4c0f-9a76abfa-458afae04e5cdc127d43eb2e"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [finalize() | http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Object.html#finalize()] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="588bebcea74c8808-bd8ca560-4ae34a6c-9fe8a02c-79b5a2cc8a9e5709d97d4380"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 7, Avoid finalizers | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e37a776724641579-70f6eeb3-466845b2-bb5cbe3d-d155cd4c8ed2f6c9bcf0d65a"><ac:plain-text-body><![CDATA[ | [[Boehm 2005 | AA. Bibliography#Boehm 05]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c3885fdd6cd24416-381f04ed-48d54210-b844af71-2e0d39f17a8f617df5da1136"><ac:plain-text-body><![CDATA[ | [[Coomes 2007 | AA. Bibliography#Coomes 07]] | "Sneaky" Memory Retention | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f0f2c8da321b2720-32f7ab04-42c245e9-840e8bad-f39f5ae06eb02aa21fed356f"><ac:plain-text-body><![CDATA[ | [[Darwin 2004 | AA. Bibliography#Darwin 04]] | Section 9.5, The Finalize Method | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cad8a4cae29bf7f6-22e8da89-426d457f-a7a68692-270b1cc53997bdad9675b64b"><ac:plain-text-body><![CDATA[ | [[Flanagan 2005 | AA. Bibliography#Flanagan 05]] | Section 3.3, Destroying and Finalizing Objects | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ab9bc239dd9cf55e-f67ab2f5-41274713-9302813d-e00150730d150872bcd87a94"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | §12.6, Finalization of Class Instances | ]]></ac:plain-text-body></ac:structured-macro> |
...