Wednesday, February 16, 2011
Friday, December 31, 2010
Die Klasse Namen
I just noticed that the IBM JDK class libraries include these klasses:
Huck huck.
Ach! Der InputStream ist ein ... NuisanceStream! Der Value, Der. No one who speaks German could be an evil man!
Happy New Year!
- com.ibm.security.util.DerInputStream and
- com.ibm.security.util.DerValue.
Huck huck.
Ach! Der InputStream ist ein ... NuisanceStream! Der Value, Der. No one who speaks German could be an evil man!
Happy New Year!
Tuesday, December 28, 2010
-XX:+UseCompressedStrings explained
It looks like Oracle has finally released some documentation for those options they've been using in SPECjbb2005 submissions. The doc is here and it looks like it appeared on Christmas eve.
Like I guessed, they're using a byte[] array instead of a char[] array for Strings wherever they can.
Presumably this makes the code path more complicated, because every time the JVM deals with a String it now needs to check what kind it is. The space savings are probably worth it, at least in some applications.
Why isn't it on by default? Two possibilities:
(Of course that assumes that there's no penalty for using non-ASCII Strings beyond the extra space. If the option is implemented in an all-or-nothing fashion, e.g. if it stops using byte[] arrays the first time it encounters a non-ASCII String, then non-ASCII applications wouldn't benefit at all.)
Like I guessed, they're using a byte[] array instead of a char[] array for Strings wherever they can.
Presumably this makes the code path more complicated, because every time the JVM deals with a String it now needs to check what kind it is. The space savings are probably worth it, at least in some applications.
Why isn't it on by default? Two possibilities:
- The penalty is too high in many applications. In my opinion, this would make it a bit of a benchmark special.
- The option isn't quite ready for prime time yet, but they plan to turn it on by default later.
(Of course that assumes that there's no penalty for using non-ASCII Strings beyond the extra space. If the option is implemented in an all-or-nothing fashion, e.g. if it stops using byte[] arrays the first time it encounters a non-ASCII String, then non-ASCII applications wouldn't benefit at all.)
Friday, December 24, 2010
Working backwards
Sometimes I get a bug that I just can't figure out. If the problem is reproducible with a good test case it's usually fairly easy to narrow the problem down pretty quickly. But what do you do if your product crashed once on a customer's server, and hasn't failed again?
Well, you start with the logs and diagnostic files. Usually we can figure it out from tracepoints and a core file. But sometimes this doesn't work.
In cases like this I don't like to throw in the towel without doing something. It feels like defeat (probably because it is). Instead, I always try to figure out what additional information could have helped me solve the problem.
How did we get to the point of failure? If I can identify two or three paths to the failure point and can't infer which one was taken I'll add some tracepoints to those paths. Or maybe I can add assertions on those paths to detect the error a bit earlier.
Since the problem isn't reproducible they won't help me now, but they might help me in the future. If the problem does occur again (and 'not reproducible' really just means 'very rare') hopefully these diagnostics will get me one step closer to the actual problem. And if it didn't hit any of my new tracepoints or assertions when it reoccurs, that's useful (and potentially maddening) too.
Of course I still might not be able to figure out what's happening. Then I add another round of tracepoints and assertions. Each failure gets me one step closer to the solution.
Well, you start with the logs and diagnostic files. Usually we can figure it out from tracepoints and a core file. But sometimes this doesn't work.
In cases like this I don't like to throw in the towel without doing something. It feels like defeat (probably because it is). Instead, I always try to figure out what additional information could have helped me solve the problem.
How did we get to the point of failure? If I can identify two or three paths to the failure point and can't infer which one was taken I'll add some tracepoints to those paths. Or maybe I can add assertions on those paths to detect the error a bit earlier.
Since the problem isn't reproducible they won't help me now, but they might help me in the future. If the problem does occur again (and 'not reproducible' really just means 'very rare') hopefully these diagnostics will get me one step closer to the actual problem. And if it didn't hit any of my new tracepoints or assertions when it reoccurs, that's useful (and potentially maddening) too.
Of course I still might not be able to figure out what's happening. Then I add another round of tracepoints and assertions. Each failure gets me one step closer to the solution.
Saturday, November 6, 2010
Amiguous Java packages and innner classes
Yesterday, when I should have been paying attention to my breathing during yoga, I was instead thinking about inner classes. Specifically I was wondering how Java resolves ambiguities between package names and inner class names.
In Java, an inner class is specified using its parent's name, a dot, and its name. for example, Foo.Bar is an inner class named "Bar" in the parent class "Foo". But this is also how Java names packages. Bar could just as easily be a first class class in package Foo.
Note that there's no ambiguity once the code has been compiled. The class file format uses / as a package separator and $ as an inner class separator, so Foo$Bar is an inner class, and Foo/Bar is a top level class in package Foo. The ambiguity is only present in the compiler, where "." serves both purposes.
I wrote a simple test case. I created a simple Foo.java file with a public static inner class Bar, and a Foo/Bar.java file with a public class Bar. Then I wrote a test class like this:
public class Test {
public static void main(String[] args) {
System.out.println(new Foo.Bar());
}
}
What happens when you compile and run this?
peter$ java Test
Foo$Bar@c53dce
Notice the '$' in the name? The inner class won, so it looks like javac resolves the ambiguity in favour of the inner class.
But what if we really want to mess with the compiler? What happens if you try to compile this file?
public class java {
public static class lang {
public static class Object {
}
}
}
Yes, the file is called java.java. None of these names are reserved in Java, so this ought to be a perfectly legitimate class named java. It has an inner class, java.lang, with its own inner class, java.lang.Object (not to be confused with java.lang.Object, the superclass of each of these classes).
javac doesn't seem to like this class very much, at least not the version installed on my Mac:
tmp peter$ javac java.java
An exception has occurred in the compiler (1.6.0_17). Please file a bug at the Java Developer Connection (http://java.sun.com/webapps/bugreport) after checking the Bug Parade for duplicates. Include your program and the following diagnostic in your report. Thank you.
java.lang.NullPointerException
at com.sun.tools.javac.comp.Flow.visitIdent(Flow.java:1214)
at com.sun.tools.javac.tree.JCTree$JCIdent.accept(JCTree.java:1547)
at com.sun.tools.javac.tree.TreeScanner.scan(TreeScanner.java:35)
...
I don't think that this is a security hole, since the ambiguity is only present in the compiler. It's possible that there's a similar ambiguity in reflection, but I'm not sure. That might be somewhat higher risk.
Update: Eclipse compiles this java.java file with no problem. Looks like it's just an obscure bug in javac.
Further update: I'm not the first person to discover this: http://www.bodden.de/tag/name-resolution/
In Java, an inner class is specified using its parent's name, a dot, and its name. for example, Foo.Bar is an inner class named "Bar" in the parent class "Foo". But this is also how Java names packages. Bar could just as easily be a first class class in package Foo.
Note that there's no ambiguity once the code has been compiled. The class file format uses / as a package separator and $ as an inner class separator, so Foo$Bar is an inner class, and Foo/Bar is a top level class in package Foo. The ambiguity is only present in the compiler, where "." serves both purposes.
I wrote a simple test case. I created a simple Foo.java file with a public static inner class Bar, and a Foo/Bar.java file with a public class Bar. Then I wrote a test class like this:
public class Test {
public static void main(String[] args) {
System.out.println(new Foo.Bar());
}
}
What happens when you compile and run this?
peter$ java Test
Foo$Bar@c53dce
Notice the '$' in the name? The inner class won, so it looks like javac resolves the ambiguity in favour of the inner class.
But what if we really want to mess with the compiler? What happens if you try to compile this file?
public class java {
public static class lang {
public static class Object {
}
}
}
Yes, the file is called java.java. None of these names are reserved in Java, so this ought to be a perfectly legitimate class named java. It has an inner class, java.lang, with its own inner class, java.lang.Object (not to be confused with java.lang.Object, the superclass of each of these classes).
javac doesn't seem to like this class very much, at least not the version installed on my Mac:
tmp peter$ javac java.java
An exception has occurred in the compiler (1.6.0_17). Please file a bug at the Java Developer Connection (http://java.sun.com/webapps/bugreport) after checking the Bug Parade for duplicates. Include your program and the following diagnostic in your report. Thank you.
java.lang.NullPointerException
at com.sun.tools.javac.comp.Flow.visitIdent(Flow.java:1214)
at com.sun.tools.javac.tree.JCTree$JCIdent.accept(JCTree.java:1547)
at com.sun.tools.javac.tree.TreeScanner.scan(TreeScanner.java:35)
...
I don't think that this is a security hole, since the ambiguity is only present in the compiler. It's possible that there's a similar ambiguity in reflection, but I'm not sure. That might be somewhat higher risk.
Update: Eclipse compiles this java.java file with no problem. Looks like it's just an obscure bug in javac.
Further update: I'm not the first person to discover this: http://www.bodden.de/tag/name-resolution/
Saturday, October 16, 2010
RIP Benoit Mandelbrot
Benoit Mandelbrot, the father of fractals, is dead at 85.
When I was in high school I was fascinated by the Mandelbrot set. I wrote a program which rendered it (quite slowly) on my 286. It let you draw a line anywhere across the set and play it as musical tones. (Well, as musical as a PC's speaker could be.)
When I was in high school I was fascinated by the Mandelbrot set. I wrote a program which rendered it (quite slowly) on my 286. It let you draw a line anywhere across the set and play it as musical tones. (Well, as musical as a PC's speaker could be.)
Saturday, October 2, 2010
Data Mining 101: Amazon Wishlists
I was searching for someone's Amazon wishlist and found this link, instead: Data Mining 101: Finding Subversives with Amazon Wishlists. It's nearly 5 years old, so you probably discovered this long before I did, but it's pretty interesting how much data he could find just linking together a few public, free databases.
It reminded me of an ad I saw on a website yesterday. (I should have captured it.) It said something like "Searching for Gary Gnu?" and then provided links to a couple of sites ostensibly selling Gary Gnu (Buy Gary Gnu on eBay.ca!). I had done a Google search for Gary Gnu a few days before; the ad must have been sniffing my browser history to figure that out, possibly using the old link coloring trick.
Is privacy dead? Probably, but I think it has been for a long time now. The only real difference is that we know it, and I guess that's half the battle.
It reminded me of an ad I saw on a website yesterday. (I should have captured it.) It said something like "Searching for Gary Gnu?" and then provided links to a couple of sites ostensibly selling Gary Gnu (Buy Gary Gnu on eBay.ca!). I had done a Google search for Gary Gnu a few days before; the ad must have been sniffing my browser history to figure that out, possibly using the old link coloring trick.
Is privacy dead? Probably, but I think it has been for a long time now. The only real difference is that we know it, and I guess that's half the battle.
Subscribe to:
Posts (Atom)