All geek questions in one place

In Java9, finalizers are deprecated; cleaners have been introduced instead. What is the difference between the two?

In Java9, finalizers are deprecated and a new concept for cleaning products has been introduced. What was its specific reason? Is there any specific scenario or reason why cleaning products should be preferable to a finalizer (given that none of them are recommended).?

+5
source share
2 answers

Finalizer rejection in registries indicates the reason for the decision: -

Finalizers are inherently problematic, and their use can lead to performance problems, deadlocks, freezes, and other problematic behavior.

In addition, the finalization time is unpredictable, without guaranteeing that the finalizer will be called. Classes whose instances contain heapless resources must provide a method to ensure that these resources are explicitly released, and if necessary they must also implement java.lang.AutoCloseable .

The proposed solution, as an alternative to using finalizers, was introduced by Cleaners , which would provide easy registration and deletion of cleaning functions for objects.

Cleaner and PhantomReference provide more flexible and efficient ways to free resources when an object becomes inaccessible.

Applications create a cleanup service for their own use, and the service terminates when it is no longer in use.

To use . When an object has become Phantom reachable , the cleaning actions performed on them are logged and managed by the Cleaner. Registering an object reference and the corresponding cleansing action returns Cleanable . The most efficient use is to explicitly call the clean method when the object is closed or no longer needed.

Note Prior to Java9, a similar implementation of Cleaner was in the sun.misc folder .

+7
source

I recommend really trying not to use finalizers or cleaning products. Create an AutoCloseable class and do any cleanup in the close() method.

Cleaners are an attempt to have a finalizer, such as a routine, that is less susceptible to finalizer attacks. But Cleaners are very difficult to write correctly.

What is a Finalizer attack?
The finalizer is launched even when the object is not completely constructed (for example, if it throws an exception inside the constructor). An attacker can subclass your vulnerable class and override its finalize method, possibly bypassing security checks or invariants made inside the constructor.

So why use a cleaner.

  • Doesn't pollute the public class API (since cleaners and related objects are closed)
  • You do not need to create an empty final finalize method, even if you do not need it, to prevent subclasses from being overridden as part of the attack.
  • Prevents Finalizer attacks.
  • The cleaner only works once

EDIT: after reviewing, I realized that Cleaners do not prevent a finalizer attack. Therefore, even if you use a cleaner in a class other than the final, create an empty final finalize method.

+1
source

Source: https://habr.com/ru/post/1275064/

More articles:


All Articles