Java Reference
In-Depth Information
when it is safe to garbage-collect without significant interruption of the program's execu-
tion.
In the Java Hotspot VM (default since JDK 1.2),
System.gc()
forces an explicit
garbagecollection. Suchcallscanbeburieddeepwithinlibraries, sotheymaybedifficult
totrace.Toignorethecallinsuchcases,usetheflag
-XX:+DisableExplicitGC
.Toavoid
longpauseswhileperformingafullgarbagecollection,alessdemandingconcurrentcycle
may be invoked by specifying the flag
-XX:ExplicitGCInvokedConcurrent
.
Applicability
Misusing garbage-collection utilities can cause severe performance degradation, which
can be exploited to cause a DoS attack. The Apache Geronimo and Tomcat vulnerability
GERONIMO-4574, reported in March 2009, resulted from
PolicyContext
handler data
objects being set in a thread and never released, causing these data objects to remain in
memory longer than necessary.
When an application goes through several phases, such as an initialization and a ready
phase, it could require heap compaction between phases. The
System.gc()
method may
be invoked in such cases, provided a suitable uneventful period occurs between phases.
Bibliography
[API 2013]
Class
System
[Bloch 2008]
Item 6, “Eliminate Obsolete Object References”
[Coomes 2007]
“Garbage Collection Concepts and Programming Tips”
[Goetz 2004]
Java Theory and Practice: Garbage Collection and Performance
[Lo 2005]
“Security Issues in Garbage Collection”
[Long 2012]
OBJ05-J. Defensively copy private mutable class members before returning
their references
OBJ06-J. Defensively copy mutable inputs and mutable internal components
