Linked by Thom Holwerda on Wed 10th Oct 2012 23:47 UTC, submitted by MOS6510
Java "Java is a programming language that allows developers to write once and deploy everywhere - from high-end gaming desktops to smartphones. Its OS-agnostic and widespread nature is one of its strongest selling points, but one area where it can fall flat is performance. Generally, Java applications are not going to perform as well as native applications written for a specific OS. However, thanks to Project Sumatra that performance gap may soon become less of an issue."
Thread beginning with comment 538336
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Security
by Alfman on Thu 11th Oct 2012 14:52 UTC in reply to "RE[2]: Security"
Member since:


"The difference is that you can write 'perfect' java code and still your app will be potentially vulnerable (outside your control), whereas in C[++] it's all about the written code (under your control)"

I disagree. A "perfect" ANSI-C program can still be vulnerable to libc bugs (aka malloc, fscanf, etc).

Also, modern C code compilation can be incredibly complex. There are memory barriers, aliasing constraints, auto SIMD/pipelining, overflow assumptions, threading related bugs, etc. A bug or bad assumption in any of these features might be remotely exploitable (ie a JPEG rasterization library).

To the extent that a JIT compiler is more complex, I'll grant you that it is more likely to contain bugs, but bugs are inherently possible whether the code compilation happens ahead of time or at run time.

Reply Parent Score: 2