This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Code Correctness: Call to System.gc()

Jump to: navigation, search


#REDIRECT Failure to follow guideline/specification

Last revision (mm/dd/yy): 04/7/2009


Explicit requests for garbage collection are a bellwether indicating likely performance problems.

At some point in every Java developer's career, a problem surfaces that appears to be so mysterious, impenetrable, and impervious to debugging that there seems to be no alternative but to blame the garbage collector. Especially when the bug is related to time and state, there may be a hint of empirical evidence to support this theory: inserting a call to System.gc() sometimes seems to make the problem go away.

In almost every case we have seen, calling System.gc() is the wrong thing to do. In fact, calling System.gc() can cause performance problems if it is invoked too often.

Risk Factors




Related Attacks

Related Vulnerabilities

Related Controls

Related Technical Impacts


Note: A reference to related CWE or CAPEC article should be added when exists. Eg: