Because Java is a safe language and platform, the memory is not freed. Also associated PhantomReference
s will not be enqueued upon their ReferenceQueue
s. The VM will only ever call finalize
on an object once. There's a nice state diagram in the JVM Spec.
Typically if you do use a finaliser, you should leave the declaration as @Override protected void finalize() throws Throwable
, so as not to disturb the API. Even better use a guarded finaliser, as in Effective Java 1st Ed.
This particular trick hit the headlines (of the San Jose Mercury, anyway) when a group at Princeton used it to construct a custom ClassLoader
from untrusted code. Although the spec has been slightly tightened (the Object
constructor has to finish executing normally before the finaliser can be called - specified in J2SE 5.0, implemented in Java SE 6), this still remains a problem area. If you are designing an API, make sure sensitive classes cannot be subclasses and save yourself much grief.