Linked by Thom Holwerda on Wed 10th Oct 2012 23:47 UTC, submitted by MOS6510
Java "Java is a programming language that allows developers to write once and deploy everywhere - from high-end gaming desktops to smartphones. Its OS-agnostic and widespread nature is one of its strongest selling points, but one area where it can fall flat is performance. Generally, Java applications are not going to perform as well as native applications written for a specific OS. However, thanks to Project Sumatra that performance gap may soon become less of an issue."
Thread beginning with comment 538259
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Security
by moondevil on Thu 11th Oct 2012 05:55 UTC in reply to "RE[3]: Security"
moondevil
Member since:
2005-07-08

If your talking about a vulnerability in the Java VM, then it may or may not be a cross platform vulnerability. Remember that the VM itself is a native application that has to be written to support every target platform. A bug in the just-in-time-compiler for x86 isn't necessarily going to appear in the JIT compiler for x86-64 or ARM.


At least in OpenJDK/JVM this might improve when project Graal gets integrated.

Graal is the project to integrate Maxime JIT which is 100% Java code.

The idea is to follow Jikes, Maxime and Squawk VM projects where the Java was used to write the VM, with a very minimal set of native code.

Reply Parent Score: 2

RE[5]: Security
by Alfman on Thu 11th Oct 2012 14:34 in reply to "RE[4]: Security"
Alfman Member since:
2011-01-28

moondevil,

"Graal is the project to integrate Maxime JIT which is 100% Java code."

I wasn't aware, that's very interesting. I wonder how you bootstrap such a thing. Do you need another VM to bootstrap the Maxime JIT's code?

Nice diagram for a project you mentioned:
http://labs.oracle.com/projects/squawk/squawk-rjvm.html


"Even with VM exploits it depends on which VM you are using, there are many more out there, besides Oracle's."

I'm not ready to stop calling it Sun's VM ;)

Reply Parent Score: 2

RE[6]: Security
by moondevil on Thu 11th Oct 2012 18:55 in reply to "RE[5]: Security"
moondevil Member since:
2005-07-08

Graal:
http://openjdk.java.net/projects/graal/
http://www.oracle.com/technetwork/java/javase/community/jvmls2012-1...


Graal is based on Maxime's work,
https://wikis.oracle.com/display/MaxineVM/Home

I wasn't aware, that's very interesting. I wonder how you bootstrap such a thing. Do you need another VM to bootstrap the Maxime JIT's code?


In a way yes.

This paper provides a nice overview how bootstraping works,
https://wikis.oracle.com/display/MaxineVM/Technical+Report

The idea is quite simple, you use the JIT compiler offline to generate the basic VM image for the classes that take care of the VM ground work.

The compiler recognises special annotations that allow trusted Java code to perform unsafe operations, this minimizes the requirements to native methods.

Additionally you have a thin layer for the native methods.

Another example is the Jikes RVM,
http://jikesrvm.org/Presentations

What I miss is that the official JDK still lacks an AOT compiler, while other vendors do offer them. It is not easy to convince project managers to pay for native code compilers for Java, unless the project really requires them.

I'm not ready to stop calling it Sun's VM ;)


I used to write Sun/Oracle VM in the last months, but one needs to face the sad reality that Sun is gone.

Reply Parent Score: 2