[gclist] Java finalizers

Hans Boehm boehm@hoh.engr.sgi.com
Thu, 17 Jun 1999 15:15:56 -0700

On Jun 17,  2:04pm, Kragen Sitaker wrote:
> Subject: [gclist] Java finalizers
> Fiterman conjectured that the run-once rule in Java was created because
> it fell out of the finalization implementation, if I understand correctly.
> I seem to remember that early versions of Java allowed finalizers to
> run repeatedly, and this was considered a security flaw, because the
> finalizers could repeatedly resurrect the object, rendering it
> immortal, phoenix-like.
> I suspect that this change was made to kill the phoenix objects.
If this was the reasoning, I don't quite understand it.  You would presumably
need a "re-enable finalization" call to the runtime to allow a second
finalization.  Thus infinitely repeated finalization doesn't seem much
different from any of several other ways client code can tie up resources.  As
far as I know, Java makes no claims about resource consumption of applets.
 Thus I don't see how this could be a security flaw.

Xerox Cedar does provide this facility.  As far as I know, it was even
occasionally used to implement caches of available objects that were expensive
to reconstruct.  It allows you to recycle otherwise dead objects into new ones
without reinitializing them.  Omitting it seems to me like a hole in the
language design, but not one that you're likely to fall into very regularly,
nor one that would be high up on my list of holes to fix.

Hans-J. Boehm