On Thu, 7 Apr 2022 10:51:13 GMT, Daniel Fuchs <dfu...@openjdk.org> wrote:
>> Please review the update to remove finalizer method in the >> java.security.jgss module. It is one of the efforts to clean up the use of >> finalizer method in JDK. > > src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSCredElement.java > line 74: > >> 72: name = srcName; >> 73: >> 74: Cleaner.create().register(this, this::dispose); > > This will create a memory leak: `this` will never be garbage collected if > it's referenced by the cleaner action. The cleaner gets triggered when the instance is unreachable, no values from that instance can be modified or referenced. Any information needed for the cleanup must be in a separate object. In this case, that is pCred and cStub. Typically, new nested class is defined that holds the pCred and cStub and has a run() method that calls `cStub.releaseCred(pCred)`. But the package access to non-final `pCred` raises a flag about when its mutated. If its mutated after the cleaner is created, the cleaner will release the wrong cred. If the GSSCredElement is itself just a holder of the credentials, then perhaps the cleaner should be triggered on the instance that is referring to the GSSCredElement being unreachable. ------------- PR: https://git.openjdk.java.net/jdk/pull/8136
