Java: exclude overloads of finalize

Author: Jami Cogswell

java/ql/src/Violations of Best Practice/Undesirable Calls/DoNotCallFinalize.md

@@ -1,10 +1,10 @@
 ## Overview
 
-Calling `finalize` in application code may cause inconsistent program state or unpredicatable behavior.
+Calling `finalize()` in application code may cause inconsistent program state or unpredicatable behavior.
 
 ## Recommendation
 
-Avoid calling `finalize` in application code. Allow the JVM to determine a garbage collection schedule instead.
+Avoid calling `finalize()` in application code. Allow the JVM to determine a garbage collection schedule instead.
 
 ## Example
 
@@ -19,7 +19,7 @@ public class Test {
 
 # Implementation Notes
 
-This rule is focused on the use of existing `finalize` invocations rather than attempts to write a custom implementation.
+This rule is focused on the use of existing `finalize()` invocations rather than attempts to write a custom implementation.
 
 ## References
 

java/ql/src/Violations of Best Practice/Undesirable Calls/DoNotCallFinalize.ql

@@ -1,8 +1,8 @@
 /**
  * @id java/do-not-call-finalize
  * @previous-id java/do-not-use-finalizers
- * @name Do not call `finalize`
- * @description Calling `finalize` in application code may cause
+ * @name Do not call `finalize()`
+ * @description Calling `finalize()` in application code may cause
  *              inconsistent program state or unpredicatable behavior.
  * @kind problem
  * @precision high
@@ -16,13 +16,13 @@ import java
 
 from MethodCall mc
 where
-  mc.getMethod().hasName("finalize") and
-  // The Java documentation for `finalize` states: "If a subclass overrides
+  mc.getMethod() instanceof FinalizeMethod and
+  // The Java documentation for `finalize()` states: "If a subclass overrides
   // `finalize` it must invoke the superclass finalizer explicitly". Therefore,
-  // we do not alert on `super.finalize` calls that occur within a callable
+  // we do not alert on `super.finalize()` calls that occur within a callable
   // that overrides `finalize`.
   not exists(Callable caller, FinalizeMethod fm | caller = mc.getCaller() |
     caller.(Method).overrides(fm) and
     mc.getQualifier() instanceof SuperAccess
   )
-select mc, "Call to 'finalize'."
+select mc, "Call to 'finalize()'."

java/ql/src/change-notes/2025-03-20-do-not-call-finalize.md

@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* Added a new quality query, `java/do-not-call-finalize`, to detect calls to `finalize`.
+* Added a new quality query, `java/do-not-call-finalize`, to detect calls to `finalize()`.

java/ql/test/query-tests/DoNotCallFinalize/DoNotCallFinalize.expected

@@ -1,2 +1 @@
-| Test.java:4:9:4:23 | finalize(...) | Call to 'finalize'. |
-| Test.java:25:9:25:33 | finalize(...) | Call to 'finalize'. |
+| Test.java:4:9:4:23 | finalize(...) | Call to 'finalize()'. |

java/ql/test/query-tests/DoNotCallFinalize/Test.java

@@ -10,7 +10,7 @@ void f1() throws Throwable {
 
     @Override
     protected void finalize() throws Throwable {
-        // COMPLIANT: If a subclass overrides `finalize`
+        // COMPLIANT: If a subclass overrides `finalize()`
         // it must invoke the superclass finalizer explicitly.
         super.finalize();
     }
@@ -20,9 +20,9 @@ protected void finalize(String s) throws Throwable {
         System.out.println(s);
     }
 
-    // NON_COMPLIANT: call to overload of `finalize`
+    // COMPLIANT: call to overload of `finalize`
     void f2() throws Throwable {
-        this.finalize("overload"); // $ Alert
+        this.finalize("overload");
     }
 
 }