Menu
been having this discussion with a colleague. when languages such as c# or java garbage collect objects such as strings, returning them back to the heap, do they also clean out this memory block, for example overwriting with 0's or 1's?
my assumption is that the block is returned as is, unless one uses classes such as securestring with finalize overload, to 0 out the block.
608
In computer science, garbage collection (GC) is a form of automatic memory management. The garbage collector attempts to reclaim memory which was allocated by the program, but is no longer referenced; such memory is called garbage.
The garbage collector will free the memory after you "destroy" the reference. i. 3 Setting the object reference to null. You can use forced garbage collection option but you should use it with care.
No. The garbage collector does only manage heap memory. All values on the stack are expected to be needed again when the program returns to that stack frame, so they must not be collected.
Garbage collection then goes through the three phases: mark, sweep, and, if required, compaction.
Practically speaking, no, this doesn't happen. Overwriting memory you've just freed takes time, so there are performance penalties. "Secure" objects like SecureString are just wiping themselves, not relying on the GC.
More broadly, it depends very much on that particular implementation of that particular language. Every language that assumes the existence of a GC (like C#) specifies different rules about how and when garbage collection should happen.
To take your C# example, the C# specification does not require that objects be overwritten after being freed, and it doesn't forbid it either:
Finally, at some time after the object becomes eligible for collection, the garbage collector frees the memory associated with that object.
§3.9 C# 5.0 Language Specification
If the memory is later assigned to a reference type, you'll have a constructor that does your own custom initialization. If the memory is later assigned to a value type, it gets zeroed out before you can start reading from it:
Initialization to default values is typically done by having the memory manager or garbage collector initialize memory to all-bits-zero before it is allocated for use. For this reason, it is convenient to use all-bits-zero to represent the null reference.
§5.2 C# 5.0 Language Specification
Additionally, there's at least two implementations of C# -- Microsoft's implementation and Mono's implementation, so just saying "C#" isn't specific enough. Each implementation might decide to overwrite memory (or not).
186
To the extend of my knowledge there's not a single garbage collector who actually wipes memory with 0's or any number at all. C# and Java garbage collectors reclaim memory from unused objects and mark it as available. SecureString wipes itself at finalization but that is not a GC thing.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
