Microservices Expo Authors: Jason Bloomberg, Elizabeth White, Karthick Viswanathan, Cameron Van Orman, Pat Romanski

Related Topics: @CloudExpo, Java IoT, Containers Expo Blog

@CloudExpo: Blog Feed Post

How Memory Leaks Happen in a Java Application | @CloudExpo #JVM #Java #Virtualization

One of the core benefits of Java is the JVM, which is an out-of-the-box memory management

How Memory Leaks Happen in a Java Application
By Eugen Paraschiv

Introduction to Memory Leaks In Java Apps
One of the core benefits of Java is the JVM, which is an out-of-the-box memory management. Essentially, we can create objects and the Java Garbage Collector will take care of allocating and freeing up memory for us.

Nevertheless, memory leaks can still occur in Java applications.

In this article, we're going to describe the most common memory leaks, understand their causes, and look at a few techniques to detect/avoid them. We're also going to use the Java YourKit profiler throughout the article, to analyze the state of our memory at runtime.

1. What is a Memory Leak in Java?
The standard definition of a memory leak is a scenario that occurs when objects are no longer being used by the application, but the Garbage Collector is unable to remove them from working memory - because they're still being referenced. As a result, the application consumes more and more resources - which eventually leads to a fatal OutOfMemoryError.

For a better understanding of the concept, here's a simple visual representation:

How memory leaks happen in Java

As we can see, we have two types of objects - referenced and unreferenced; the Garbage Collector can remove objects that are unreferenced. Referenced objects won't be collected, even if they're actually not longer used by the application.

Detecting memory leaks can be difficult. A number of tools perform static analysis to determine potential leaks, but these techniques aren't perfect because the most important aspect is the actual runtime behavior of the running system.

So, let's have a focused look at some of the standard practices of preventing memory leaks, by analyzing some common scenarios.

2. Java Heap Leaks
In this initial section, we're going to focus on the classic memory leak scenario - where Java objects are continuously created without being released.

An advantageous technique to understand these situations is to make reproducing a memory leak easier by setting a lower size for the Heap. That's why, when starting our application, we can adjust the JVM to suit our memory needs:



These parameters specify the initial Java Heap size as well as the maximum Heap size.

2.1. Static Field Holding On to the Object Reference
The first scenario that might cause a Java memory leak is referencing a heavy object with a static field.

Let's have a look at a quick example:

private Random random = new Random();
public static final ArrayList<Double> list = new ArrayList<Double>(1000000);

public void givenStaticField_whenLotsOfOperations_thenMemoryLeak() throws InterruptedException {
for (int i = 0; i < 1000000; i++) {

Thread.sleep(10000); // to allow GC do its job

We created our ArrayList as a static field - which will never be collected by the JVM Garbage Collector during the lifetime of the JVM process, even after the calculations it was used for are done. We also invoked Thread.sleep(10000) to allow the GC to perform a full collection and try to reclaim everything that can be reclaimed.

Let's run the test and analyze the JVM with our profiler:

Java static memory leak

Notice how, at the very beginning, all memory is, of course, free.

Then, in just 2 seconds, the iteration process runs and finishes - loading everything into the list (naturally this will depend on the machine you're running the test on).

After that, a full garbage collection cycle is triggered, and the test continues to execute, to allow this cycle time to run and finish. As you can see, the list is not reclaimed and the memory consumption doesn't go down.

Let's now see the exact same example, only this time, the ArrayList isn't referenced by a static variable. Instead, it's a local variable that gets created, used and then discarded:

public void givenNormalField_whenLotsOfOperations_thenGCWorksFine() throws InterruptedException {
Thread.sleep(10000); // to allow GC do its job

private void addElementsToTheList(){
ArrayList<Double> list = new ArrayList<Double>(1000000);
for (int i = 0; i < 1000000; i++) {

Once the method finishes its job, we'll observe the major GC collection, around 50th second on the image below:

Java static no memory leak

Notice how the GC is now able to reclaim some of the memory utilized by the JVM.

How to prevent it?
Now that you understand the scenario, there are of course ways to prevent it from occurring.

First, we need to pay close attention to our usage of static; declaring any collection or heavy object as static ties its lifecycle to the lifecycle of the JVM itself, and makes the entire object graph impossible to collect.

We also need to be aware of collections in general - that's a common way to unintentionally hold on to references for longer than we need to.

2.2. Calling String.intern() on Long String
The second group of scenarios that frequently causes memory leaks involves String operations - specifically the String.intern() API.

Let's have a look at a quick example:

public void givenLengthString_whenIntern_thenOutOfMemory()
throws IOException, InterruptedException {

String str
= new Scanner(new File("src/test/resources/large.txt"), "UTF-8")


Here, we simply try to load a large text file into running memory and then return a canonical form, using .intern().

The intern API will place the str String in the JVM memory pool - where it can't be collected - and again, this will cause the GC to be unable to free up enough memory:

Java String intern memory leak

We can clearly see that in the first 15th seconds JVM is stable, then we load the file and JVM perform garbage collection (20th second).

Finally, the str.intern() is invoked, which leads to the memory leak - the stable line indicating high heap memory usage, which will never be released.

How to prevent it?
Please remember that interned String objects are stored in PermGen space - if our application is intended to perform a lot of operations on large strings, we might need to increase the size of the permanent generation:


The second solution is to use Java 8 - where the PermGen space is replaced by the Metaspace - which won't lead to any OutOfMemoryError when using intern on Strings:

Finally, there are also several options of avoiding the .intern() API on Strings as well.

2.3. Unclosed Streams
Forgetting to close a stream is a very common scenario, and certainly, one that most developers can relate to. The problem was partially removed in Java 7 when the ability to automatically close all types of streams was introduced into the try-with-resource clause.

Why partially? Because the try-with-resources syntax is optional:

@Test(expected = OutOfMemoryError.class)
public void givenURL_whenUnclosedStream_thenOutOfMemory()
throws IOException, URISyntaxException {
String str = "";
URLConnection conn
= new URL("http://norvig.com/big.txt").openConnection();
BufferedReader br = new BufferedReader(
new InputStreamReader(conn.getInputStream(), StandardCharsets.UTF_8));

while (br.readLine() != null) {
str += br.readLine();


Let's see how the memory of the application looks when loading a large file from an URL:

Java unclosed streams memory leak

As we can see, the heap usage is gradually increasing over time - which is the direct impact of the memory leak caused by not closing the stream.

How to prevent it?
We always need to remember to close streams manually, or to make a use of the auto-close feature introduced in Java 8:

try (BufferedReader br = new BufferedReader(
new InputStreamReader(conn.getInputStream(), StandardCharsets.UTF_8))) {
// further implementation
} catch (IOException e) {

In this case, the BufferedReader will be automatically closed at the end of the try statement, without the need to close it in an explicit finally block.

2.4. Unclosed Connections
This scenario is quite similar to the previous one, with the primary difference of dealing with unclosed connections (e.g. to a database, to an FTP server, etc.). Again, improper implementation can do a lot of harm, leading to memory problems.

Let's see a quick example:

@Test(expected = OutOfMemoryError.class)
public void givenConnection_whenUnclosed_thenOutOfMemory()
throws IOException, URISyntaxException {

URL url = new URL("ftp://speedtest.tele2.net");
URLConnection urlc = url.openConnection();
InputStream is = urlc.getInputStream();
String str = "";


The URLConnection remains open, and the result is, predictably, a memory leak:

Java unclosed connections memory leak

Notice how the Garbage Collector cannot do anything to release unused, but referenced memory. The situation is immediately clear after the 1st minute - the number of GC operations rapidly decreases, causing increased Heap memory use, which leads to the OutOfMemoryError.

How to prevent it?
The answer here is simple - we need to always close connections in a disciplined manner.

2.5. Adding Objects with no hashCode() and equals() into a HashSet
A simple but very common example that can lead to a memory leak is to use a HashSet with objects that are missing their hashCode() or equals() implementations.

Specifically, when we start adding duplicate objects into a Set - this will only ever grow, instead of ignoring duplicates as it should. We also won't be able to remove these objects, once added.

Let's create a simple class without either equals or hashCode:

public class Key {
public String key;

public Key(String key) {
Key.key = key;

Now, let's see the scenario:

@Test(expected = OutOfMemoryError.class)
public void givenMap_whenNoEqualsNoHashCodeMethods_thenOutOfMemory()
throws IOException, URISyntaxException {
Map<Object, Object> map = System.getProperties();
while (true) {
map.put(new Key("key"), "value");

This simple implementation will lead to the following scenario at runtime:

Java no hascode equals memory leak

Notice how the garbage collector stopped being able to reclaim memory around 1:40, and notice the memory leak; the number of GC collections dropped almost four times immediately after.

How to prevent it?
In these situations, the solution is simple - it's crucial to provide the hashCode() and equals() implementations.

One tool worth mentioning here is Project Lombok - this provides a lot of default implementation by annotations, e.g. @EqualsAndHashCode.

3. How to Find Leaking Sources in Your Application
Diagnosing memory leaks is a lengthy process that requires a lot of practical experience, debugging skills and detailed knowledge of the application.

Let's see which techniques can help you in addition to standard profiling.

3.1. Verbose Garbage Collection
One of the quickest ways to identify a memory leak is to enable verbose garbage collection.

By adding the -verbose:gc parameter to the JVM configuration of our application, we're enabling a very detailed trace of GC. Summary reports are shown in default error output file, which should help you understand how your memory is being managed.

3.2. Do Profiling
The second technique is the one we've been using throughout this article - and that's profiling. The most popular profiler is Visual VM - which is a good place to start moving past command-line JDK tools and into lightweight profiling.

In this article, we used another profiler - YourKit - which has some additional, more advanced features compared to Visual VM.

3.3. Review Your Code
Finally, this is more of a general good practice than a specific technique to deal with memory leaks.

Simply put - review your code thoroughly, practice regular code reviews and make good use of static analysis tools to help you understand your code and your system.

In this tutorial, we had a practical look at how memory leaks happen on the JVM. Understanding how these scenarios happen is the first step in the process of dealing with them.

Then, having the techniques and tools to really see what's happening at runtime, as the leak occurs, is critical as well. Static analysis and careful code-focused reviews can only do so much, and - at the end of the day - it's the runtime that will show you the more complex leaks that aren't immediately identifiable in the code.

Finally, leaks can be notoriously hard to find and reproduce because many of them only happen under intense load, which generally happens in production. This is where you need to go beyond code-level analysis and work on two main aspects - reproduction and early detection.

The best and most reliable way to reproduce memory leaks is to simulate the usage patterns of a production environment as close as possible, with the help of a good suite of performance tests.

And early detection is where a solid performance management solution and even an early detection solution can make a significant difference, as it's the only way to have the necessary insight into the runtime of your application in production.

The full implementation of this tutorial can be found over on GitHub. This is a Maven based project, so it can simply be imported and run as it is.

The post How Memory Leaks Happen in a Java Application appeared first on Stackify.

Read the original blog entry...

More Stories By Stackify Blog

Stackify offers the only developers-friendly solution that fully integrates error and log management with application performance monitoring and management. Allowing you to easily isolate issues, identify what needs to be fixed quicker and focus your efforts – Support less, Code more. Stackify provides software developers, operations and support managers with an innovative cloud based solution that gives them DevOps insight and allows them to monitor, detect and resolve application issues before they affect the business to ensure a better end user experience. Start your free trial now stackify.com

@MicroservicesExpo Stories
Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, will answer these questions and demonstrate techniques for implementing advanced scheduling. For example, using spot instances ...
These days, APIs have become an integral part of the digital transformation journey for all enterprises. Every digital innovation story is connected to APIs . But have you ever pondered over to know what are the source of these APIs? Let me explain - APIs sources can be varied, internal or external, solving different purposes, but mostly categorized into the following two categories. Data lakes is a term used to represent disconnected but relevant data that are used by various business units wit...
DevSecOps – a trend around transformation in process, people and technology – is about breaking down silos and waste along the software development lifecycle and using agile methodologies, automation and insights to help get apps to market faster. This leads to higher quality apps, greater trust in organizations, less organizational friction, and ultimately a five-star customer experience. These apps are the new competitive currency in this digital economy and they’re powered by data. Without ...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
With the modern notion of digital transformation, enterprises are chipping away at the fundamental organizational and operational structures that have been with us since the nineteenth century or earlier. One remarkable casualty: the business process. Business processes have become so ingrained in how we envision large organizations operating and the roles people play within them that relegating them to the scrap heap is almost unimaginable, and unquestionably transformative. In the Digital ...
With the rise of DevOps, containers are at the brink of becoming a pervasive technology in Enterprise IT to accelerate application delivery for the business. When it comes to adopting containers in the enterprise, security is the highest adoption barrier. Is your organization ready to address the security risks with containers for your DevOps environment? In his session at @DevOpsSummit at 21st Cloud Expo, Chris Van Tuin, Chief Technologist, NA West at Red Hat, will discuss: The top security r...
The nature of the technology business is forward-thinking. It focuses on the future and what’s coming next. Innovations and creativity in our world of software development strive to improve the status quo and increase customer satisfaction through speed and increased connectivity. Yet, while it's exciting to see enterprises embrace new ways of thinking and advance their processes with cutting edge technology, it rarely happens rapidly or even simultaneously across all industries.
Most of the time there is a lot of work involved to move to the cloud, and most of that isn't really related to AWS or Azure or Google Cloud. Before we talk about public cloud vendors and DevOps tools, there are usually several technical and non-technical challenges that are connected to it and that every company needs to solve to move to the cloud. In his session at 21st Cloud Expo, Stefano Bellasio, CEO and founder of Cloud Academy Inc., will discuss what the tools, disciplines, and cultural...
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
‘Trend’ is a pretty common business term, but its definition tends to vary by industry. In performance monitoring, trend, or trend shift, is a key metric that is used to indicate change. Change is inevitable. Today’s websites must frequently update and change to keep up with competition and attract new users, but such changes can have a negative impact on the user experience if not managed properly. The dynamic nature of the Internet makes it necessary to constantly monitor different metrics. O...
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
Many organizations are now looking to DevOps maturity models to gauge their DevOps adoption and compare their maturity to their peers. However, as enterprise organizations rush to adopt DevOps, moving past experimentation to embrace it at scale, they are in danger of falling into the trap that they have fallen into time and time again. Unfortunately, we've seen this movie before, and we know how it ends: badly.
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
Many organizations adopt DevOps to reduce cycle times and deliver software faster; some take on DevOps to drive higher quality and better end-user experience; others look to DevOps for a clearer line-of-sight to customers to drive better business impacts. In truth, these three foundations go together. In this power panel at @DevOpsSummit 21st Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, industry experts will discuss how leading organizations build application success from all...
The last two years has seen discussions about cloud computing evolve from the public / private / hybrid split to the reality that most enterprises will be creating a complex, multi-cloud strategy. Companies are wary of committing all of their resources to a single cloud, and instead are choosing to spread the risk – and the benefits – of cloud computing across multiple providers and internal infrastructures, as they follow their business needs. Will this approach be successful? How large is the ...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
"NetApp's vision is how we help organizations manage data - delivering the right data in the right place, in the right time, to the people who need it, and doing it agnostic to what the platform is," explained Josh Atwell, Developer Advocate for NetApp, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
One of the biggest challenges with adopting a DevOps mentality is: new applications are easily adapted to cloud-native, microservice-based, or containerized architectures - they can be built for them - but old applications need complex refactoring. On the other hand, these new technologies can require relearning or adapting new, oftentimes more complex, methodologies and tools to be ready for production. In his general session at @DevOpsSummit at 20th Cloud Expo, Chris Brown, Solutions Marketi...