This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Code Correctness: Call to System.gc()

From OWASP
Revision as of 17:44, 18 July 2006 by Weilin Zhong (talk | contribs)

Jump to: navigation, search
This article includes content generously donated to OWASP by MicroFocus Logo.png

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Abstract

Explicit requests for garbage collection are a bellwether indicating likely performance problems.

Description

At some point in every Java developer's career, a problem surfaces that appears to be so mysterious, impenetrable, and impervious to debugging that there seems to be no alternative but to blame the garbage collector. Especially when the bug is related to time and state, there may be a hint of empirical evidence to support this theory: inserting a call to System.gc() sometimes seems to make the problem go away.

In almost every case we have seen, calling System.gc() is the wrong thing to do. In fact, calling System.gc() can cause performance problems if it is invoked too often.

Examples

Related Threats

Related Attacks

Category:API Abuse Attack

Related Vulnerabilities

Related Countermeasures

Categories