RLK (Resource Leak) issues are reported when resources are allocated but not properly disposed after use. Failing to properly dispose a resource can lead to such problems as:

  • too many files being open
  • an application not being able to access a temporary file when it is needed

An RLK.SQLOBJ warning indicates that a Java SQL API object (other than an SQL connection) is not closed on exit.

Vulnerability and risk

Resources such as streams, connections and graphic objects must be explicitly closed. The close operation can unblock transactions or flush file changes in the file system. While a resource will eventually be closed by the garbage collector, resource exhaustion can occur before garbage collection starts. Depending on the nature of the resource, various exceptions will be thrown on a failed attempt to allocate another resource, for example: java.io.FileNotFoundException: Too many open files or too many database connections.

Mitigation and prevention

Explicitly close all resources that have the close method, even those that you think are not doing anything significant. Future code changes will then be safe from such errors.

Example 1

     public void cleanUp(Connection con, int... ids) throws SQLException {
         PreparedStatement statement = con.prepareStatement("delete from entity where id=?"); // Resource allocated
         for (int id : ids) {
             statement.setInt(1, id);

RLK.SQLOBJ is reported for the snippet on line 18: Sql object 'statement' is not closed on exit.

Related checkers


This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.