Avoid using 'System.gc'

Rule Definition
The garbage collector should not used explicitly in the code. It is an automated process scheduled by the Java Runtime Environment. System.gc() triggers a full collection, which includes tracing all live objects in the heap and sweeping and compacting the old generation. Lot of time can be spent during this operation. In general, it is better to let the system decide when it needs to collect the heap, and whether or not to do a full collection.

Remediation
Ensure to let the system decide when it needs to collect the heap, and whether or not to do a full collection

Violation Code Sample

public class DemoApplication { private static final Map<String, String> cache = new HashMap<String, String>(); public static void main(String[] args) { Scanner scanner = new Scanner(System.in); while (scanner.hasNext()) { final String next = scanner.next(); if ("fill".equals(next)) { for (int i = 0; i < 1000000; i++) { cache.put(randomUUID().toString(), randomUUID().toString()); } } else if ("invalidate".equals(next)) { Runtime.gc(); } else if ("gc".equals(next)) { System.gc(); } else if ("exit".equals(next)) { System.exit(0); } else { System.out.println("unknown"); } } } } The Java Language Specification does not guarantee that the JVM will start a GC when you call System.gc(). Most of JVM has a garbage collector that runs continuously, so a call to System.gc() won't do anything

Fixed Code Sample

public class DemoApplication { private static final Map<String, String> cache = new HashMap<String, String>(); public static void main(String[] args) { Scanner scanner = new Scanner(System.in); while (scanner.hasNext()) { final String next = scanner.next(); if ("fill".equals(next)) { for (int i = 0; i < 1000000; i++) { cache.put(randomUUID().toString(), randomUUID().toString()); } } else if ("invalidate".equals(next)) { cache.clear(); } else if ("gc".equals(next)) { System.out.println("known") } else if ("exit".equals(next)) { System.exit(0); } else { System.out.println("unknown"); } } } }

Reference

https://help.semmle.com/wiki/display/JAVA/Explicit+garbage+collection#:~:text=You%20should%20avoid%20making%20calls,that%20lead%20to%20decreased%20performance.

Related Technologies
JEE

Health Factor

Efficiency

Technical Criterion
PCI-DSS4-Requirement-6.2.4 - Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities

About CAST Appmarq

CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.

Benchmark Statistics

Global Compliance

100.00%

Total Violations

845

Total Opportunities

49,371,005

Average Violations / App.

0.59

The compliance score represents 1 minus the ratio between the number of times a rule has been violated compared to the number of opportunities in a set of applications that the rule could have been violated.

Industry Insights

Software ISV

99.99%

Select from drop-down

100.00%

Financial Services

100.00%

Want more stats? Register now!