Help crack the Java 1.6 Classfile Verifier

pdoubleya writes "As part of the development of Mustang (Java 1.6), Sun is developing a new, smaller and faster classfile verifier which they want your help in trying to break. As Sun VP Graham Hamilton puts it in his blog entry, "As part of Mustang we will be delivering a whole new classfile verifier implementation based on an entirely new verification approach. The classfile verifier is the very heart of the whole Java sandbox model, so replacing both the implementation and the basic verification model is a Really Big Deal.... The new verifier is faster and smaller than the classic verifier, but at the same time it doesn't have the ten years of reassuring shakedown history that we have with the classic verifier." You can read about the new verifier on Gilad Bracha's blog, and join the new Crack the Verifier initiative to if you can break it. Read all about the Crack the Verifier - Challenge."

Only an Attaboy?

[elgee]

No cold hard cash or equivalent for "cracking the verifier?"

I guess it could lead to more pay in some cases.

Re:Only an Attaboy?

[shiznatix]

Begin able to show proof that you cracked, or helped crack, the Java verifier would be a excellent addon to your resume.

Take Java seriously

[rexguo]

Before those who go on to dismiss Java for various reasons (no matter how ignorant they are), take a look at the presentation given by Google at this year's JavaZone conference on how Google is using Java internally at extreme scales. Among them are AdWords and GMail.

Re:Take Java seriously

[Naikrovek]

I don't think Java is as slow as you think it is. It is very fast lately, and it is actually giving C a run for its money in some respects. It is *definitely* not the slug everyone thinks it is.

They're probably using Java because its not as slow as its reputation, and its becoming a commodity language in the enterprise lately. My corporate overlords have dictated the use of Java (IBMs WebSphere) for all current and future enterprise development, and most of us developers couldn't be happier. Everywhere I do contracting work for lately also uses Java. Java Is A Great Language(TM), especially since 5.0.

There used to be a time when I believed that all techies had agreed that Java was slow and bloated, but once I stopped reading Slashdot comments so religiously I began to see some truth. It isn't slow, it isn't bloated, and it isn't something I expect the Slashdot crowd (that I'm a founding member of) to understand anytime soon.

Re:Take Java seriously

[bzzzt]

Cross-platform byte code enables you to deploy the same application on your PC or Mac workstation and have it function exactly the same as on a 64-processor Ultra server. It also means your application is "future-proof". Deploy it now on a 32-bits machine, later on a 64-bits machine without recompiling AND run it at speeds comparable to native code.

Also, the language is easily picked up, simple to write and the API's are quite sane compared to a lot of other languages.

Re:Take Java seriously

Java may not be "slow" any more, but it's an INSANE memory hog. Part of this is because the heap NEVER shrinks - as you allocate more memory, the heap just grows and grows until it reaches the heap limit (which can be user-set). The other part is because you need to load in large numbers of "support" classes, along with the virtual machine itself, just to get to something as simple as "Hello World".

Now, I need to explain that "heap NEVER shrinks" bit, because people are going to hop in and start talking about the garbage collector. Well, yes. The garbage collector does indeed free memory. HOWEVER, it only returns the memory to the Java VM heap, NEVER to the operating system.

So, simple real-world example. Java VM starts with 8MB heap. Your application allocates 40MB worth of objects, increasing the total heap size to 64MB. Java now has 24MB "free" memory within the VM, and 40MB used. You can determine this in code using Runtime.freeMemory() to get the memory free in the heap, and Runtime.maxMemory() to get the maximum memory the heap has available.

Your program then "releases" 38MB worth of that data as unneeded. Eventually the GC collects that. Now you have only 2MB used, but the maximum heap size (as determined by Runtime.maxMemory()) REMAINS at 64MB. So now Java has 62MB "free" within the VM. Even if your program never uses more than 8MB after that, Java will ALWAYS keep the 64MB heap. It will NEVER shrink it.

This is fine in server setups, but it absolutely blows for client apps, where it's not unusual for a certain process to require a lot of memory, and then be ready to release it back to the OS.

Ultimately, on client apps, this winds up causing swapping, as chunks of unused VM heap get swapped out in favor of applications that actually need the memory they allocate. Swapping = slow.

You could call this behavior a "memory leak" but it's almost certainly by design.

Java may not be slow, but it's definitely bloated.

Re:Take Java seriously

[srussell]

I don't think Java is as slow as you think it is.

It depends on what you mean by "slow." If you're talking about long running processes, then no, it isn't slow at all; in fact, it is quite fast. If you're talking about short-running processes, then the JVM startup time overshadows any commendable performance.

Ruby is much, much slower than Java when it comes to raw computational power, but I still use it when I'm writing non-server process apps, simply because it starts up so much more quickly.

My main complaint about Java, though, is that it is a memory hog. If I recall correctly, MacOS's answer to Java's startup lag is to pre-load a VM, which makes executing Java apps quite quick. However, the last thing I want is Java running in the background when I'm not using it, hogging my system resources.

The memory and startup issue is why I think you don't see a whole lot of Java apps, and when you do see them, they're far less popular (on average) than native apps -- even native apps that are less capable than the Java version. The obvious exception to this (that proves the rule) is Eclipse, which has won enormous mindshare even among non-Java developers.

--- SER

Re:Take Java seriously

[bbn]

You realise that the C malloc/free calls are just the same right? It never releases memory back to the OS.

The only difference in this regard, is that java might alloc extra memory from the OS, when it could have run the garbage collector and reused some memory instead.

Very few programs actually ever release memory back to the OS.

Re:Take Java seriously

[jaywee]

That depends on libc implementation. glibc for example uses mmap() for bigger allocations - therefore is able to return the freed memory to the OS.

Re:Take Java seriously

[LarsWestergren]

What I don't understand is exactly what advantage is Java providing on the server-side. Do you really need cross-platform bytecode at that level?

Certainly. Being cross-platform is always a big plus, didn't you read the Slashdot article about the large British retail chain that switched over all their POS terminals to Linux? They could do that thanks to Java. Of course, it is not COMPLETE platform independence, you are of course tied to the Java platform. You gain hardware and OS independence though, good enough for most.

As a language Java is certainly not easier to use than the higher-level languages like PHP, Perl, Ruby, etc. It's very verbose and complicated (relatively speaking). I can understand using scripting languages, it's Java that doesn't make any sense.

I mean really, is it just because Java provides a lot of easy to use API's?

Speaking from my own experience, the number one advantage Java has is that it is maintainable. The strict typing and verbose exception handling is annoying if you just want to get something done quick. However, if you have a large team of programmers (of varying skill levels) and a large code base, you start to appreciate that the language tries to force good programming practice, and that a lot of bugs are caught not at runtime but at compile time (or even as you are typing if you use a tool like Eclipse). This is a lot more important than raw performance, since a lot more time is spent on maintaining a product than building it in the first place (90% is number often cited).

Someone on Slashdot in a post way back said it drove him mad in Java to always have to declare "what he was going to do" in advance, and what he wanted to do if something went wrong -
"Now I am going to open a connection"
"Now I'm opening a connection"
"If error type one happens then..."
"If error type two happens then..."
and claimed that we don't do that in real life. Someone else pointed out a counter example - in the military and other large teams that does critical work they DO work like that. If a large ship is approaching a harbour, they don't just run in and hope nothing is in the way,
they ask
"Harbour, permission to dock?"
"Deck team, all clear?"
"Engine team, all clear?"
"Ok, commencing docking..."

Of course, there is still a lot of garbage written in java, I just think it is somewhat simpler to spot in advance. I.e. someone is catching general Exceptions and ignoring them all over the place, is using a lot of static methods, etc...

Re:Take Java seriously

[justsomebody]

While I agree with you on all accounts I can't help but comment you.

Both Java and .Net have the same problem. Sloppy memory. As long as you don't use a lot of atomic memory blocks with higher load on machine where it runs, everything is ok and just as you said it. I tested both on the same tests and always fallen in the same problem. No direct memory control, GC waited until it was too late, and everything started to crawl. GC somehow avoids doing work if software is taking most of the CPU, it is also the same reason why Java beats C or C++ on speed tests (Every speed test where they try to proove that Java or .Net is faster than C or C++) uses allocation and freeing of memory in some loop. And while both C and C++ actualy do free memory, Java and .Net just mark that as garbage and wait for GC to clean up the mess which doesn't happen if load is too high. Just take any test where Java was faster and test loop to make 2^32 instead of 1000 or 10000 calls. This way you will actualy use more memory than you actualy have with allocations.

p.s. Not bashing, just saying results of my testing. If you can suggest some approach, do that, but so far not even one person suggested something I haven't tried yet. Both Java or .Net would be a real gift for me if only I could use them for my needs.

Re:Take Java seriously

[jiushao]

It depends on what you mean by "slow." If you're talking about long running processes, then no, it isn't slow at all; in fact, it is quite fast. If you're talking about short-running processes, then the JVM startup time overshadows any commendable performance.

Yeah, it is a shame, if only Sun would do something like writing a new faster classfile verifier.

Re:Take Java seriously

[SnapShot]

On a server-side environment, the "massive overhead involved with installing the runtime everywhere" is pretty much a non-issue. It's like complaining that you can't write Ruby or Perl apps because Ruby and Perl aren't installed on every client machine. In the end, when you are doing these kind of applications, the only thing the client needs is a browsers and an internet connection.

If you're doing stand-along applications that need to be installed locally on a client then perhaps you have a point. On the other hand, it is easy enough to package the correct version of the JRE on your install CD and have you application use that.

The company I works for uses Java for basically one reason: J2EE. Fast enterprise applications that are developed very, very quickly and are delivered as HTML pages to the client's browser. JVM startup times are a non-issue since the application server is pretty much running all of the time. Memory is a non-issue since we know how much memory is available on the server and plan accordingly. It's not like someone is going to startup MS Office on the the back-up Sun server and start complaining about lack of resources. I'm guess we could do the same thing with C or Perl or some other CGI system, but Java has proven itself to be a stable development environment that is fairly safe (in terms of memory, security, and tolerance towards "newbie" programmers) so why change?

Personally, I want to experiment with Ruby on Rails to try and get a hands-on comparison since I've heard nothing but good things about both the language and the enterprise evironment. But, there is a bit of inertia with any development. Right now, at least, it is much easier to hire J2EE developers than Ruby on Rails developers.

Re:Take Java seriously

[Myolp]

Perhaps it's because there are a ton of good Java developers available, compared to the amount of C/C++ developers. But it could also be because Java is acutally faster at things like memory allocation. I also believe that the large amount of ready-to-use and stable software components available makes a difference when choosing Java for your server application. Then there are the large number of standards built on Java, like J2EE or J2ME, that allows you to focus on the application-specifics in your project and ignore all boiler-plate code necessary if you would have choosen C++ (for instance). There are also several very , very good IDEs for Java with features you won't find in IDEs for other languages.

I guess there are more reasons than these, but those were the ones that came to mind at the moment.

Re:Take Java seriously

[955301]

Yes you do. The advantages of being able to develop on my local linux notebook and deploy to a Solaris cluster should not be overlooked simploy because it's important at dev time, not production time. Recompiling on another platform means retesting on that other platform. I'd rather run my unit and integration tests off the production & staging environments, load test in staging and no testing in production. This way unit and integration can be part of my build process (http://maven.apache.org/ and not something I have to redo on the final production hardware.

And your overlooking the JIT as well.

Re:Take Java seriously

[dastrike]

"What happens when your hardware changes and that nice API isn't available for your new hardware?"

What happens when your hardware changes and that nice Java Runtime Environment isn't available for your new hardware?

Re:Take Java seriously

[AKAImBatman]

The reasons to use Java on the server are quite simple. The combination of factors that attracted developers to Java in the first place make them want to use it on the server. Those factors are:

1. Cross-platform capability - Many companies still prefer to deploy applications on large Sun, IBM, or Linux (name your brand) servers. However, these companies would also like to give their developers Windows desktops so they can interact with the rest of the company. (Who most likely uses MS Office/Outlook.) As long as you avoid explicit path names, it is quite easy (and common!) to develop on a Windows machines but deploy on a Unix or Unix-like machine.

2. Automatic Memory Management - So your server is running along, and suddenly someone generates an unexpected error. In Java you can sleep soundly because even the worst programmer would have a hard time doing anything to completely take down the application. If you use a language that allows direct memory management, you have a good chance of that new guy coding a General Protection Fault/Segfault. The result is that your entire system coredumps when you least expect it.

3. Security - While Java is able to control the Security of the ENTIRE JVM through its security framework, most companies are happy with the lack of buffer overruns, code injection techniques, and other common attacks. That's not to say that a poor programmer can't put a security hole in the application wide enough to drive a Mack truck through, but at least you can rely on the underlying system not to betray you.

4. Flexibility - The Java server side frameworks are exceedingly flexible in their designs. For example, the servlet framework allows you to plug in your own custom server page technology. I have seen many a programmer (including myself) implement something like Reports by simply linking the ".rpt" extension to a custom servlet. The servlet then loads the requested configuration file and executes it. Very nice.

Another example is servlet filters. Need a security framework added in a hurry? Just add a filter servlet! It will execute before the rest of the code, allowing you to check the variables and security permissions to ensure that the client isn't trying any funny business.

5. API - When Java was first introduced, it absolutely creamed all the competing languages in the richness of its bundled API. As time has worn on, this has changed. However, Java still enjoys a sizable lead over even C/C++ with features such as Type IV (tested cross-platform, pure Java) JDBC database drivers. Unlike ODBC, many of these drivers have been tuned for excellent performance. Similarly, there are free APIs for handling Office Documents, PDF Creation/Editing, SOAP/XML-RPC communications, Object-Relational mapping, Image Management/Creation/Editing, CORBA, XML Databases, XSL-T, etc. While these APIs are all available for C/C++, there are significant cross-platform issues with many of them, as well as a lack of common "pluggable" APIs that allow for one API to many implementations.

Other languages have a hit/miss score with these sorts of features, often not providing these features, providing only a small subset, or only being available in an expensive commercial package.

6. Dynamic Loading - While C/C++ can manage dynamic loading of shared objects, it's a very difficult thing to implement. Java does it out of the box, with a full reflection API and interface support, thus allowing such wonderful code as Beans, Servlets, Pluggable Drivers, self-organizing code, and a host of other features that other systems can't compete with.

(If you don't believe me, try adding support for a feature in PHP sometime. "It's so simple! Just install the SO and recompile PHP!" Meh.)

7. Performance - This may sound like an odd thing to say, but the performance of Java is a key selling feature. Java server applications may execute more slowly than one written in C/C++ (just as C/C++ may execute more slowly than

Re:Take Java seriously

[FatherOfONe]

I will try and summarize your main point. You don't like Java because the JVM for each platform can be upwards of 100MB and you don't like garbage collection over handling the cleanup of objects yourself in code.

To the first point. Do you develop software? I do and it sucks big time if you code for Windows. You currently have to worry about DLL issues and what service packs are installed and what the heck Microsoft is going to throw at you in the next "hotfix". You say that you want to code for Linux? Well do you want to make an RPM, shell script, YAST, Yum or Apt get? What version of libraries are they running? Do you want to include "everything" just in case they don't have the correct libraries you think they will need? Or do you just want to make the user go through something like "RPM Hell". Do you want to target a Macintosh? Well good luck there! What platform are you going for? OSX on X86 or OSX on PPC or are you going to produce "fat" binaries? I find it a bit easier to just have the user install a 1.4 JVM for their platform.

Now Java is by no means the silver bullet of programming, you still have some small library issues, however getting an application to run on multiple versions of Windows, Linux, Solaris, OSX, and just about everything else is very easy compared to what else is out there. I will actually say that there is no reason for Java in one core situation. That is if the whole world runs the latest patched version of Windows. Then, and only then does Java loose one of it's major strengths. However, as you mentioned in your post that place doesn't exist, or if a company tries to inforce those strick standards they are "broken" within a couple of years.

Now as far as garbage collection. I somewhat agree with your point, but I would say that I have created close to a million objects in a few seconds and distroyed them (let garbage collection run) and the program has run fine. I will say that it uses up a rather large amount of memory, but that wasn't your complaint and in my case it didn't matter.

I do wish that Java would do a couple of things better. One is to provide a good tool for JSF development (WYSIWYG) Studio Creator beta does not cut it! It needs some serious work. MyEclipse also doesn't quite cut it. I would also like to see AJAX support in JSF. I also wish that they would simplify developing web services a bit and perhaps their security layout as well. Much later down my list would be to address any performance/memory issues. I guess I would also wish for one more thing, and that would be to make EJB 3 very similar to hibernate (I believe that this is the case).

Re:Take Java seriously

[zootm]

I'd like to add "type safety" in there, but then I'm a programming language geek at the best of times.

Re:Take Java seriously

[icebattle]

Have you tried running your app with -XX:+UseParNewGC -XX:+UseConcMarkSweepGC?

This will allow the vm to do small amounts of gc whenever it has a chance, as opposed to wating until an allocation request will fail and then running through the entire heap.

Our app runs 24/7 and while the markets are open and 10meg+ of raw data is coming down the line every second, we can't allow the app to take a timeout for a gc run. The app runs in 256meg, too.

Re:Take Java seriously

[21mhz]

if only Sun would do something like writing a new faster classfile verifier.

They do: since (1.)5.0, JRE classes come preloaded in a shareable file.

Re:Take Java seriously

[Halo-]

I'm not bashing Java, but I don't completely agree with your statement that:

Cross-platform byte code enables you to deploy the same application on your PC or Mac workstation and have it function exactly the same as on a 64-processor Ultra server. It also means your application is "future-proof". Deploy it now on a 32-bits machine, later on a 64-bits machine without recompiling AND run it at speeds comparable to native code.

While this is theoretically true for byte code, in Java isn't not something you can depend on. I write Java code for a living, and our test team still has to test our product on every platform and OS we claim support for. Even the same version of the same vendor's JVM will have little OS-specific quirks which can add up to big problems if ignored.

More importantly, "write once, run anywhere" really should be qualified as "write once, run anywhere the exact same JVM is installed and a decent script/command/launcher exists to properly start your application with all the flags, classpaths, memory management, and other configuration needed for this platform"

This may seem sorta nit-picky but I spend a great deal of my time figuring out why a certain behavior only occurs on a certain platform. Usually it's because to do anything useful, you can only abstract the underlying operating system so far. For example, the way that Windows creates and manages a file is very different than the why most Unix systems do. An application which downloads a file from the network and overwrites an existing file often needs special handling on Windows because Windows sometimes will deny access to a file (if it thinks it is in use), or not synch the descriptors when you expect it to. This isn't either Java or Window's "fault" it's just the way things work.

However, I do agree that Java is a good language and makes a lot more "sense" from an API perspective than most other languages. Writing programs in C/C++ now seems very tedious to me. All the stuff I used to worry about without thinking about (buffer sizes, memory allocation, finding functions/libraries) in C/C++ which aren't issues in Java amazes me.

Re:Take Java seriously

[swillden]

Java will ALWAYS keep the 64MB heap. It will NEVER shrink it.

Who cares? This is completely irrelevant, as long as the JVM marks the pages it's not using as discardable, which modern JVMs on modern OSes do.

You have to remember that all memory is virtual. I can allocate a 1GB array, but as long as I never actually touch the pages (making them "dirty"), no storage, whether RAM or disk, is ever used. When the JVM allocates its 64MB, that virtual memory is initially all "clean" and therefore consumes no RAM. As it's used, it gets dirtied and physical RAM gets mapped to it... but when a garbage allocation occurs, both the Sun and IBM JVMs mark the now-unused pages as clean, allowing the OS to reuse them at will. Effectively, they no longer consume any space.

Even if the JVMs didn't mark the pages as clean, the impact of the JVM holding onto the 64MB wouldn't be that significant. The allocated, dirtied but now-unused memory will simply get swapped out to disk, allowing those pages of RAM to be used by other applications.

With a decent OS, it really doesn't matter if an app holds onto some memory that it's not using, especially if it has the decency to tell the OS that it's not actually using it.

That said, there is a "problem" here, it's just not the one you're pointing out. The problem, if you want to call it that, arises from the generational, copying, compacting garbage collector used by modern VMs. Now, don't get me wrong, this GC is very cool. It's significantly more efficient than typical malloc/free memory management, *and* it eliminates some major classes of memory leaks (programmers can still leak memory with GC, but it's harder).

Without getting into the details, although GC is safer and more efficient in terms of CPU cycles, and although on average it doesn't use a great deal more memory than manual allocation would use (particularly since many performance-sensitive manual allocation apps end up managing their own memory pools in order to avoid the run-time cost of malloc() and free()), GC does tend to increase the number of memory pages that get touched over time.

Why? Two reasons. First, suppose the application allocates a small chunk of memory, uses it, frees it, allocates another small chunk (about the same size), and then uses and frees it. Most malloc()/free() implementations will tend to return the same chunk of memory for both allocations. Repeating the process a thousand times (which isn't all that uncommon) will probably only dirty a single page of memory. With the sort of garbage collector used by current JVMs, every one of those allocations will return a different chunk of memory, and many pages will therefore be dirtied. In terms of CPU cycles, GC wins big, because, rather than a thousand small frees, there is one big one. And allocation is up to two orders of magnitude faster. It may sound like the GC approach is going to use a lot more memory, on average, but it's not that bad because of the tendency of malloc/free-managed heaps to become fragmented. On average, GC implementations don't have many more pages in use than malloc/free implementations, and may actually have less, but the GC allocators tend to "roam" across the pages.

Second, the "copying" nature of the GC. The main thing that makes generational, copying GC-based memory management so fast it that it never has to deal with fragmentation. To describe it in an oversimplified way: Every now and then, the GC relocates all of the in-use objects into a nice, compact block. That makes allocation fast, and tends to reduce the number of pages in active use, but it increases the number of pages that get dirtied and therefore require actual RAM to be provided by the OS. The copying also has a cost in CPU cycles, but it's small relative to the cost of managing and searching free lists, which is what malloc/free implementations have to do.

Theoretically, as the GC copies objects and marks the pages where they used to live as discardable, the OS coul

Re:Take Java seriously

[TheRaven64]

I would refer you to some research done around a decade ago, which involved running a MIPS emulator on a MIPS machine. The emulator was doing dynamic optimisation, and got around a 10% speed increase over the same code running directly on the hardware.

A Java VM does some things that are simply not possible with C. To inline a C function, you need the source for both - this leads to some really ugly things like putting simple functions in headers, which should be reserved for interface definitions, not implementation details. The Java VM will inline functions on the fly. This can potentially give a huge performance boost - I got almost a 50% speed increase on some C code I was recently writing by shuffling things around to allow the compiler to inline some common functions.

The other advantage of higher-level languages is that they provide more semantic information to the optimiser. Consider the trivial example of autovectorisation. In C, if you want to do an operation on a vector, you will usually iterate over every element and perform the operation. The compiler then needs to check that there are no dependencies between loop iterations, which can be non-trivial. In a language like FORTRAN or Smalltalk, you can simply perform an operation on a vector type. The compiler then just needs to check if the operation you are trying to perform corresponds to one or more vector unit instructions, and substitute these in to your code. This is much easier to do.

C is a fairly easy language to write optimised code in for any CPU up to and including a 386. For anything more modern, you will find yourself fighting a language which is simply not designed to deal with parallelism - and compiler writers find themselves fighting even harder.

Re:Take Java seriously

[bbn]

You can say the same thing about the parent comment about java memory management. The J2ME for mobilephones does indead free the memory. Funny how java for embedded systems uses the same strategy eh? J2ME works with very little memory. A Nokia 3410 only has 64 KB memory for the java games.

The parent post was obviously talking about ordinary client applications running on PC under either Windows, Linux, Mac or something simelar.

On such a system, malloc cannot map directly to the OS API, because the OS will only allocate full pages at a time. So if you want 40 bytes of memory, the OS would give you 1 KB (or whatever the page size is).

This also means that if you allocate 2x40 bytes, then free the first 40 bytes block, malloc can not free the page. It is simply not possible, since it would have to free the whole page.

Some J2ME implementations can defragment the memory in this situation, to be able to release memory back to the OS. That is impossible with a C program, where direct pointers to memory is allowed.

For large blocks you can of course go directly to the OS.

Re:Take Java seriously

[Hard_Code]

And given the escape analysis that is apparently going to be implemented in the next version of Java, it looks like a large chunk of the class of problem you propose (many small allocations/deallocations causing "roaming") may be able to be eliminated. The VM will know when some references never "escape" a certain context/scope, and adjust memory management accordingly. One common scenario, and source of many "temporary" objects, will be automatic/local variables in methods, which can be stack-allocated, eliminating this problem.

Re:Take Java seriously

[jilles]

You sound like you are a decent programmer. However, the type of problem you describe is not exactly a standard thing: multithreaded, lots of disk IO, lots of memory used. Doing this right in Java (or any other environment) requires some knowledge about how things work. In your post you make it clear you do not have more than a rough understanding of how garbage collecting is implemented in Java or indeed the ins and outs of optimizing Java's behaviour in this respect. That's pretty essential stuff for this kind of thing.

I think the key problem with your Java implementation is not that it is written in Java but that it's design is based on some wrong assumptions about how things work in Java. For example IO quickly becomes a bottleneck, did you use the nio classes? Did you run a profiler to find out where the bottlenecks were? Maybe there's some synchronization issues? There could be a whole lot of things wrong. Optimization in Java is possible, just like in C. And just like in C it requires that you understand the technology.

I'm not suggesting you should do things in Java but merely that you should be a bit more careful to blame technology for things that may also be attributed to your lack of knowledge. It isn't Java that failed here, but you and indeed the end result is the same.

Re:Take Java seriously

[Felonious+Ham]

I'd also add that the pool of Java developers is pretty substantial, making it easier to staff a project than say PHP or Ruby.

Re:Take Java seriously

[msuzio]

Thank you. "Wannabe" is just the right term. It really burns my ass when someone who is ignorant (and I mean that in the truest sense of the word -- they might not be stupid, but they obviously do not actually know what they are talking about) just spits out the standard "Java is teh suX0r!!!! It is sl0w!!!!" stuff.

*rolls eyes*

LISP weenies and C++ gurus can knock Java. They've earned the right to do so. Anyone who has written code for one of the "scripting languages" people position as competitors to Java (they aren't, just different tools for different jobs) can knock Java, because they've shown they understand the compromises and internals of designing a language. ...but if you've sorta kinda read a book on Perl, or you think PHP "r0xors" because your favorite Counterstrike fansite uses it for the forum system, or you think Java is slow because an applet of Jake waving ran slow in Netscape 3.0 in 1996, you might not quite be qualified to offer an opinion on this subject.

Re:Take Java seriously

[Jesus_666]

Yeah, the day that happens is the day Microsoft puts symlinks into NTFS.

Microsoft should take this approach

[craigmarshall]

I'm not sure how the MS beta process works, but I get the impression that it's not just a straightforward download but you need to sign up or something (passport?).

I wonder what would happen if they junked the whole exclusive beta thing (which might get some of the more privacy-concerned, tech-savvy people on board? dunno - just a guess), and then actively encourage people to try and break the security? Surely that would produce better results than product x coming out, and then massive security problems follow for days, months and years afterwards.

I'm not pretending that this would cure the world of buggy ms software, but it can't hurt, can it? They should be doing it with vista right now.

Craig

More on Gilad Bracha

[tcopeland]

If his name doesn't ring a bell, he's a Java guru who works for Sun and wrote the 2nd and 3rd editions of the Java Language Spec. A bunch of his papers are listed here.

It's a relief that JDK 1.6 won't include any language changes (as far as I know?). Updating various parsers and whatnot to work with all the JDK 1.5 language changes was a big job, although some of the new features certainly are quite handy.

Re:More on Gilad Bracha

[Naikrovek]

I believe Java 6 introduces java.io.Console, which provides several convenience methods when using the console, but other than that I don't know of any language changes.

MS Anti spyware beta

You mean like this; http://www.microsoft.com/athome/security/spyware/s oftware/default.mspx ?

Re:MS Anti spyware beta

[craigmarshall]

That's almost what I mean except everyone I know uses ad-aware and spybot S&D, so bugs in MS anti-spyware don't really have the same impact. Also - I can't see anywhere on that page inviting people to break the software, and I can't what security systems the software has that can be "broken into". I don't have lots of time at the moment, so I might have missed something.

The most damaging problems I see and hear about are related to Windows and Internet Explorer. An open beta of those (I know about the IE7 beta) with encouraged breakage and bug-reporting could do some good. I wouldn't be surprised if you're breaking some license agreement or other (nope haven't read it - just guessing) by trying to trick IE7 or Vista into buffer overflows or whatever.

Craig

Re:Condition

Here you go:
https://mustang.dev.java.net/

dotNET is overrated

[dascandy]

It allows you to work faster and create more in a short while. It allows you to create abnormally slow programs that you can't even speed up with the willpower to do so, because of Windows internals. Those exact internals that Java won't touch with a stick.

Java doesn't look like win32 because it isn't even trying to. It's trying to look platform-independant and the same on all platforms, with the option to skin it to any GUI you want. dotNET IS windows. There's no wonder that it looks a lot more like windows.

I must strongly disagree on the OO implementation however, aside from it not supporting multiple inheritance, it's just good. Microsofts methodics are plain stupid, because for everything you want to do you have to specify it so explicitly my fingers still hurt last time I tried it.

Compare:

Java:
public class xyz {
      int function() { // some function
      }
}

public class abc extends xyz {
      int function() { // different, automatic polymorphism
      }
}

C++:
class xyz {
      public: virtual int function() { // some function
      };
      public: int functiontoo() { // some function too
      };
};

class abc : xyz {
      public: virtual int function() { // some other function! again automatic!
      };
      public: int functiontoo() { // some function too, not polymorphic!
      }:
};

C#: (might contain errors, been a while)
public class xyz {
      public virtual int function() { // function
      }

      public int functiontoo() { // functiontoo
      }
}

public class abc : xyz {
      public override int function() { // override, kind of pointless...
      }

      public new int functiontoo() { // ... why new? that's reserved for memory allocation...
      }
}

My point is, .NET (in C#) requires you to make everything you want so explicit that I'm inclined to say that you're wasting time doing that more than you're gaining time due to other factors.

Plus, I just don't like their idea of a good library. Rape the C++ STL, why don't ya. Either support c++ (and the STL), or don't support it at all.

Re:dotNET is overrated

[$RANDOMLUSER]

I never got the joy of multiple inheritance, anyways.
I mean:

"It's a floor wax!"
"It's a desert topping!"
"No, it's both! New Schimmel is a floor wax and a desert topping!"
(This is from early Saturday Night Live for the humor impaired)

Re:dotNET is overrated

[smallguy78]

I believe the place that Java users discuss their religion (and the evils of that new satanic cult C#/.NET that is taking our jobs and women) is comp.lang.java.advocacy

Re:dotNET is overrated

[zootm]

C# makes a distinction between virtual and non-virtual methods (which is largely used for optimisation which is not available otherwise, as I understand it). The distinction between override (which seems a little unnecessary, but it's arguably better than ambiguity) and new stems from this.

I wouldn't say there's a huge difference between C# and Java, certainly not of the kind you're trying to imply there is. C#'s syntax is a little closer to C++, not so much the Windows API.

Re:dotNET is overrated

[$RANDOMLUSER]

Actually, I was reasonably serious, I just said it silly-like. While I can see an object having multiple begaviors (in Java-speak implementing an interface or two); I cannot see an object having multiple states, which is what's really implied by MI. To me, an (non-trivial) object is about the data it contains, and/or the state it preserves. To say that a thing is both one thing and another (from a data standpoint) in the same breath, to me just smacks of bad design. Again, nothing wrong with having unrelated behaviors, just no unrelated data, please.

Re:Aren't QA people supposed to get paid?

[Naikrovek]

the onus isn't on the community, the onus is on the developers and their QA team. This is just an attempt to get a few more eyeballs on the verifier in case something falls through. There's nothing wrong with that.

Also it is an opportunity for someone to get recognition for breaking a new peice of software.

It is important to get extra scrutiny on newly designed peices of software, for it is the new designs that usually break in the least expected ways.

Re:Don't believe the hype!

[craigmarshall]

> C is portable, fast, very complex and since 35+ years the leading standard for professional OS and APP development.

I agree that C is portable and fast, however I don't it can be called very complex.

The smallest programming language manual I have ever owned (and I've owned quite a number), has to be "The C Programming Language", often hailed as the One True Reference to the language. How can it be that complex if the manual is less than half the size of most of my other manuals? I think languages (in general) have got more complex since then. The size of the .Net Framework is huge, there's no way that's simpler than the C standard library. Then you've got to think about reflection, inheritance, dozens of things that C just doesn't have.

If what you mean is that C programs end up looking more complex, that's probably because C is used for systems programming. If you mean that you have to write more code to do it in C, then you may have a point, but I think C is actually one of the simpler languages. The closer to assembly you get, the simpler the language has to be.

Craig

Optimization and late binding

[jfengel]

Another nice thing about the new classfile specification is that it's going to make certain new kinds of optimization possible. The more you can prove about what's on the stack at any given point, the more you can inline.

Not only does inlining eliminate method call overhead, but it allows you to re-run the peephole optimizer, which can eliminate range checks, reduce redudant type checks, etc.

The ultimate performance promise of Java is that it can do optimization very, very late in the process. Native libraries are basically black boxes in C/C++, and it's very hard to do that sort of inlining because most of the type information has been lost. Java may, someday, with sufficient ingenuity, rival or even beat C++ in performance, and it already does in certain limited areas.

Of course C# has all of the same advantages, and even though it's more recent there are some areas where its performance beats Java. I'd love to see all the Microsoft reasearchers vs. all the Sun researchers coming up with increasingly brilliant ways to take advantage of the late binding to turn a performance hindrance into a benefit.

Re:Optimization and late binding

[Hard_Code]

"Java may, someday, with sufficient ingenuity, rival or even beat C++ in performance"

For long-running throughput-bound server processes, doesn't it already?

Re:Why not prove it?

[TrappedByMyself]

Why not do what it takes: Prove that it will work, and prove that it cannot be broken!

Did you just walk out of an undergrad Computer Science class? ;)
Popping in pre/postconditions and doing line-by-line proofs doesn't cut it for an application of this complexity. While that is an important part of a real process, it doesn't guarentee coverage. You still have to make assumptions about the environment, which is the gotcha. Testing and QA is all about the assumptions you make and the boundaries you set. With a complex application the number of factors grows so large, that you cannot have the resources to cover every possible test. You can grab the most common stuff, but really need to dump it to the community to get the real 'out of the box' thinking hitting it.

Re:Why not prove it?

[fuzzy12345]

Here's a flame to all the respondents to the parent post. They say (if I may paraphrase) "Code verification is hard. I want my MOOMMMMMY!" Well, it's certainly more difficult, in the short run, than the "throw it against the wall and see if it sticks" approach. But it has been done, it isn't as hard as the naysayers are making out, and it's one of those things that you don't improve at unless you try. Google VLISP for an example of a provably correct compiler.

One thing's for sure: Improvements in software quality will be harder to come by if everybody's attitude continues to be "Bugs are inevitable. Formal proofs are beyond us. Let's keep doing it the old way."

Java 1.5

[Craig+Ringer]

Java 1.5 introduced the two things that make me willing to consider Java as a practical language for real work (as opposed to a "safe to let untrained programmers run rampant, too bad about the 10000k LoC required to do anything" language). Those two things are collections and generics.

I was forced to use Java 1.2 some time ago, and found it a horrific experience with my background in dynamic languages. Since then, I've learned C++ and got used to the pluses and minuses of static languages (both in the sense of "compiled" and in the sense of "statically typed"). Java also largely ceased to suck, so having to work on it again and finding that sort code that would've been hundreds and hundreds of repetitive lines can now be expressed using a short set of comparitors and a collections-based sort was ... refreshing.

After Java 1.5, I can understand why they'd want to let things settle down for a while. It seems to me that they finally got all the really important stuff into the language.

Not execution speed, but predictability

[awol]

Look, I wish people who keep banging on about how Java is nearly as fast as C would get their heads out of their asses and realise that the biggest defect in Java is not raw execution speed but the "business processing" holiday that the system takes every "completely unpredictible once in a while". If I have a throughput capacity system, I can control the rate of throughput in a number of ways (eg selling less than my total capacity and then throttling at times of peak use) but when the system goes and does something like a garbage collection and the whole pipe goes "fnark" for a some seconds I am quite pissed since my users who want the service level in their SLA aren't getting it.

Predictability and execution control are why I use C (and to a lesser extent c++) not Java. That cannot change for languages that give me no control over the raw execution path.

Garbage Collection

[CaptainPinko]

I believe that there is a concurrent garbage collector in Sun's JVM that while not as effecient over-all but runs continously preventing pauses and bubbles associated with traditional garbage collectors.

I'm my Java in a Nutshell 4th Edition (p. 246) one of the java(the interpreter) arguments is:

-Xincgc Uses incremental garbage collection. In this mode the garbage collector eun continuously in the background, and a running program is rarely if ever, subject to noticeable pauses while gharbage collection occurs. Using this option typically results in A 10% decrease in performance overall, however. Java 1.3 and later.

As this book was written for Java 1.4 I'd bet it was fine-tuned and enhance for 1.5 and even more so for the upcoming 1.6. Might be worth trying out.

Violation of DCMA?

[XNuke]

Pardon my ignorance, but isn't this a violation of the anti cracking clauses of the DCMA?

you have no clue

[RelliK]

You obviously have never worked on large server-side applications. Other posters have already listed some reasons for java's popularity. I'll add some more:

* java is nearly as fast as C++ according to all the benchmarks I've seen. Yes, really. The perception of java as being "slow" is simply the legacy of the old awt apps. Yes, the awt gui was (and is) slow. Server-side java applications are not. The "much better performance" is simply not there, particularly for typical enterprise apps.

* *All* the enterprise apps (which is the area where java is particularly successful) store stuff in a database and/or talk to remote apps. Newsflash: a database query or a remote procedure call is *orders of magnitude slower* than an in-process procedure call. Once you include DB/RPC into the equation, whatever little speed advantage C++ has is wiped out completely.

* This is CS 101: performance of a program is largely determined by the algorithm used. You can write a linear search in assembly, and it will be very fast for small lists. But for large lists, a binary search written in shell script will beat it.

* In an enterprise application scalability is much more important than raw speed. So what if I can write a C++ app that's 20% faster than an equivalent java app? Java has frameworks that make it easy to write an app that you can scale horizontally (i.e. by adding more boxes). Easy being the keyword.

* Developer's time is much more expensive than runtime. It is *much faster* to write an app in java than in C++. And for all but the smallest/simplest apps it is faster to write the app in java than in PHP/perl/whatever.

If it's a safety/security issue then again you could build the same thing in a native compiled language, sandbox and all.

Uhhhm, yes. Safety and security are *big* issues in enterprise apps. Show me *one* native language and platform that does it. You are saying it like one can just wave a magic wand and have it built in no time. "You could build the same thing" is not "it's already built".

I mean really, is it just because Java provides a lot of easy to use API's?

Yes. among all the other things I've mentioned.

These are just a few reasons why java is so popular in enterprise apps. Sure, I wouldn't write a game in java, but for enterprise apps, it's perfect. Why java and not PHP/perl/? Simply because java is better. It has all the advantages of compiled laguages (type safety, variable declaration checking, syntax checking, etc.) without some of the disadvantages (manual memory management). Think of java compiler as a sanity checker for your code. It will catch common mistakes like typos, missing return statements, invalid function parameters, etc. A scripting language will not complain about that, but force you to spend hours tracking down the bug. That's why java is faster to develop in than any scripting language for large apps.

Cross-platform really is a big deal

[JavaRob]

What I don't understand is exactly what advantage is Java providing on the server-side. Do you really need cross-platform bytecode at that level?

Actually, yes -- the cross-platform ability is extremely useful. Speaking personally: the two biggest projects I have worked on, both for one client, are deployed (production) on a IBM iSeries server (these used to be called AS/400s -- using the OS/400 operating system), and a Solaris server respectively. Both web apps are built on the same code base, and we developed and tested them on Windows 2000 workstations (XP, now, plus I am starting to do more and more development in RedHat Fedora).

Can you imagine if I needed my own iSeries at home to run a test server here? Those things aren't cheap. Also, because the client has more in-house iSeries experience, we're going to be moving the Solaris webapp to an iSeries as well at some point -- and guess what? The Java code doesn't need any changes whatsoever; it's only the database SQL that will need to be migrated (DB2 UDB to DB2400 SQL isn't consistent).

When I'm starting new projects, I can get people started on architecture and writing code in most cases *without* finalizing the eventual platform, and without getting access to the big hardware yet. You aren't locking yourself into anything from the beginning -- this is actually a pretty serious power to have. It also allows me to run side by side performance testing on servers to see the *real* differences in capabilities; this is HUGE because the folks selling the big iron suddenly are a commodity, not an unquestioned master in a domain with benefits we can't actually measure usefully.

Just my 2 cents -- I'm sure some people wouldn't actually care (e.g., "my webhost only runs RedHat, so that's all I need to care about"), but gotcha-free cross-platform code is a big deal.

Here are some reasons:

[DimGeo]

Java Pros:
1. Zero memory fragmentation. The GC compacts the memory at runtime. This means indefinite uptimes. A server written in a refcounted script language might lack that.
2. Zero chance of a buffer overflow attack anywhere. Maybe if there is a bug in the VM, however, this might become possible.
3. All libraries in the standard distribution have been tested for almost a decade now.
4. Incredibly powerful multithreading and synchronization.
5. Rapid development of fast programs. Only someone well versed in Java can do that, but java is well worth it when you have the people. This can be done in other languages but at insane costs in security.
6. Performance costs for all of the above is within the 20% margin, which is great for a server app that does not do anything computationally expensive. Most of the work is offloaded to a fully optimized DB server anyway.
7. With the right framework, you can easily load and unload modules at runtime. Not easily done though.

Java Cons:
1. Incredibly slow startup time. It may take up to a minute for a large app to get fully loaded and JITed. This is a non-issue in a server environment, however.
2. Extreme memory usage. Up to 10 x the equivalent C++ app. However, the GC makes sure that memory usage remains almost constant under similar loads for months and years of uptime, because there is no memory fragmentation.
3. Due to 2, sometimes most of the memory gets swapped. This shouldn't happen in a server environment, but on a desktop running server apps (dev machines for instance) this is a great nuisance. It might take running a full GC manually to force your redmond-developed OS to re-load all the memory for the app. Again, a non-issue for servers.
4. The default Sun Java VM configuration makes Java run any program with a 64 megs of mem usage limit. This is ridiculous for a serious Java app. It takes passing a command-line param to fix that. People can get frustrated because of this.