Planet Classpath
As has been done previously during Java SE 7 and Java SE 8, the JSR 269 annotation processing API is undergoing a maintenance review (MR) as part of Java SE 9.

Most of the API changes are in support of adding modules to the platform, both as a language structure in javax.lang.model.* as well as another interaction point in javax.annotation.processing in the Filer and elsewhere. A small API change was also done to better support repeating annotations. A more detailed summary of the API changes is included in the MR material.

The API changes are intended to be largely compatible with the sources of existing processors, their binary linkage, as well as their runtime behavior. However, it would be helpful to verify that your existing processors work as expected when run under JDK 9. JDK 9 early access binaries are available for download. Please report experiences running processors under JDK 9 as comments here or to me as email. Feedback on the API changes can be sent to compiler-dev@openjdk.java.net.

Note: this article is also available in German.

What is Conversations?

Conversations is an app for Android Smartphones for sending each other messages, pictures, etc, much like WhatsApp. However, there are a number of important differences to WhatsApp:

  • Conversations does not use your phone number for identification, and doesn’t read your address book to find contacts. It uses an ID that looks much like an email address (the so-called Jabber-ID), and you can find contacts by exchanging Jabber-IDs with people, just like you do with email addresses, phone numbers, etc.
  • Conversations uses an open protocol called XMPP, that is used by many other programs on a wide range of systems, for example on desktop PCs.
  • Converations is Open Source, i.e. everybody can inspect the source code, check it for security issues, see what the program actually does, or even modify and distribute it.
  • XMPP builds on a decentralized infrastructure. This means that not one company is in control of it, but instead there are many providers, or you can even run your own server if you want.
  • Conversations does not collect and sell any information from you or your contacts.

There are more differences, but I don’t want to go into detail here, others have already done it, and better (German).

Install Conversations

From Google Play

Conversations is easily installed from Google Play. However, it currently costs 2,39€. I’d recommend everybody who can to buy the it, it supports development of this really good app.

Alternative: From F-Droid

For all those who cannot or don’t want to spend the money, there is another way to get it for free. It is available in the F-Droid. It is an alternative app store, that only distributes Open Source software. In order to do that, you first need to install F-Droid. Then you can start F-Droid and search for Conversations and install it.

Set-up Jabber account

Next step is to set up a Jabber account. You need two things: an ID, and a provider. The first part, the ID, you can choose freely, e.g. a fantasy name or something like firstname.surname, but this is really up to you. In order to find a provider, I recommend this list https://gultsch.de/compliance_ranked.html. The providers at the top of the list have best support for the XMPP features that are relevant for smartphone users. I’d recommend trashserver.net because this supports in-band registration (directly from Conversations) and is very well maintained. If you want to further support the developer of Conversations, I’d recommend an account on conversations.im, this currently costs 8€/year. I think it is worth it, but you have the choice.

If you choose, for example, the ID ‘joe.example’ on the provider ‘provider.org’, then your Jabber-ID is joe.example@provider.org. When you’re decided on a Jabber-ID, you can easily register an account by starting Conversations, entering the Jabber-ID in the set-up screen, check the box ‘register new account on server’, enter your preferred password 2x and confirm it.

Adding contacts

Adding contacts is different than WhatsApp. You have to manually add contacts to your roster. Tap on the ‘+’ symbol next to the little people icon, enter your contact’s Jabber-ID and confirm it. Now you’re ready to start chatting. Have fun!


Diesen Artikel gibt es auch in Englisch.

Was ist Conversations?

Conversations ist eine App für Android Smartphones, mit der man sich gegenseitig Nachrichten, Bilder, etc schicken kann, sehr ähnlich wie WhatsApp. Es gibt allerdings ein paar wichtige Unterschiede zu WhatsApp:

  • Conversations verwendet nicht Deine Telefon-Nummer zur Identifikation, und nicht Dein Adressbuch um Kontakte zu finden. Deine ID sieht aus wie eine Email-Adresse (Deine sogenannte Jabber-ID), und Kontakte findest Du indem Du Deine Jabber-ID mit Bekannten austauschst, genau wie bei Email-Adressen oder Telefonnummern auch.
  • Conversations benutzt ein offenes Protokoll, genannt XMPP, das von vielen anderen Programmen auf vielen verschiedenen Systemen genutzt werden kann, z.B. auch auf Desktop PCs.
  • Conversations ist Open Source, d.h. jeder kann den Quellcode einsehen, und z.B. auf Sicherheitsprobleme überprüfen, oder sich vergewissern was das Programm eigentlich macht, oder es ändern, etc.
  • XMPP baut auf eine dezentrale Infrastruktur, das bedeutet daß nicht ein Unternehmen alles kontrolliert, sondern daß es viele verschiedene Anbieter gibt, oder man z.B. selbst entsprechende Server betreiben kann, wenn man möchte.
  • Conversations sammelt und verkauft keinerlei Informationen über Dich und Deine Kontakte.

Es gibt noch einige andere Unterschiede, aber ich will hier nicht im Detail darauf eingehen, das haben andere schon viel besser getan.

Conversations installieren

Von Google Play

Conversations lässt sich ganz einfach von Google Play installieren. Es kostet dort allerdings momentan 2,39€. Ich möchte allen, die die Möglichkeit haben empfehlen, die App zu kaufen, ihr unterstützt damit die Entwicklung dieser wirklich guten App.

Alternative: Von F-Droid

Allen, die Google Play nicht nutzen können, oder die aus welchen Gründen auch immer nicht 2,39€ dafür zahlen können oder möchten, sei die Installation über F-Droid ans Herz gelegt. F-Droid ist ein alternativer App Store, der aussschliesslich Open Source Software bereitstellt. Dazu muss man sich zunächst F-Droid installieren. Dann kann man in der F-Droid App nach ‘Conversations’ suchen, und dort installieren. Das ist kostenlos und legal.

Jabber-Account einrichten

Als nächstes musst Du einen Jabber Account einrichten. Dazu benötigst Du zwei Dinge: eine ID, und einen Anbieter. Den ersten Teil, die ID, kannst Du selbst wählen, z.B. einen Phantasienamen, oder etwas wie vorname.nachname, aber das ist wirklich Dir überlassen. Um einen Anbieter zu finden, empfehle ich diese Liste: https://gultsch.de/compliance_ranked.html. Die Anbieter ganz oben unterstützen die meisten Features die für Smartphone-Nutzer wichtig sind. Ich kann trashserver.net empfehlen, da dieser Server die Registrierung direkt aus der Conversations-App heraus unterstützt, und auch sonst sehr gut gewartet wird. Wenn Du dem Entwickler von Conversations zusätzlich Unterstützung zukommen lassen möchtest, dann ist ein Account auf conversations.im empfehlenswert, dies kostet aber momentan 8 Euro im Jahr. Ich finde, das ist es wert, aber das muss jeder selbst entscheiden.

Wenn Du z.B. die ID ‘max.mustermann’ auf dem Anbieter ‘anbieter.de’ aussuchst, ist Deine Jabber-ID: max.mustermann@anbieter.de . Wenn Du Dich für eine ID und einen Anbieter entschieden hast, dann kannst Du ganz einfach einen Account einrichten, indem Du Conversations startest und im Einrichtungs-Bildschirm die gewünschte Jabber-ID eingibst, das Häkchen bei ‘Neues Konto auf Server erstellen’ aktivierst, Dein gewünschtest Passwort 2x eingibst und dann auf ‘Weiter’ tippst.

Kontakte hinzufügen

Anders als in WhatsApp musst Du in Conversations Deine Kontakte selbst hinzufügen. Dazu einfach auf das Symbol mit dem ‘+’ neben Männchen tippen, die Jabber-ID des Kontaktes eingeben, fertig. Und dann kannst Du loschatten! Viel Spaß!


The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.6.x series with the January 2017 security fixes from OpenJDK 7 u131.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.6.9 (2017-02-14)

  • Security fixes
  • Import of OpenJDK 7 u131 build 0
    • S6253144: Long narrowing conversion should describe the algorithm used and implied “risks”
    • S6328537: Improve javadocs for Socket class by adding references to SocketOptions
    • S6978886: javadoc shows stacktrace after print error resulting from disk full
    • S6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory
    • S6996372: synchronizing handshaking hash
    • S7027045: (doc) java/awt/Window.java has several typos in javadoc
    • S7054969: Null-check-in-finally pattern in java/security documentation
    • S7072353: JNDI libraries do not build with javac -Xlint:all -Werror
    • S7075563: Broken link in “javax.swing.SwingWorker”
    • S7077672: jdk8_tl nightly fail in step-2 build on 8/10/11
    • S7088502: Security libraries don’t build with javac -Werror
    • S7092447: Clarify the default locale used in each locale sensitive operation
    • S7093640: Enable client-side TLS 1.2 by default
    • S7103570: AtomicIntegerFieldUpdater does not work when SecurityManager is installed
    • S7117360: Warnings in java.util.concurrent.atomic package
    • S7117465: Warning cleanup for IMF classes
    • S7187144: JavaDoc for ScriptEngineFactory.getProgram() contains an error
    • S8000418: javadoc should used a standard “generated by javadoc” string
    • S8000666: javadoc should write directly to Writer instead of composing strings
    • S8000673: remove dead code from HtmlWriter and subtypes
    • S8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
    • S8001669: javadoc internal DocletAbortException should set cause when appropriate
    • S8008949: javadoc stopped copying doc-files
    • S8011402: Move blacklisting certificate logic from hard code to data
    • S8011547: Update XML Signature implementation to Apache Santuario 1.5.4
    • S8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo
    • S8016217: More javadoc warnings
    • S8017325: Cleanup of the javadoc <code> tag in java.security.cert
    • S8017326: Cleanup of the javadoc <code> tag in java.security.spec
    • S8019772: Fix doclint issues in javax.crypto and javax.security subpackages
    • S8020557: javadoc cleanup in javax.security
    • S8020688: Broken links in documentation at http://docs.oracle.com/javase/6/docs/api/index.
    • S8021108: Clean up doclint warnings and errors in java.text package
    • S8021417: Fix doclint issues in java.util.concurrent
    • S8021833: javadoc cleanup in java.net
    • S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods fails
    • S8022175: Fix doclint warnings in javax.print
    • S8022406: Fix doclint issues in java.beans
    • S8022746: List of spelling errors in API doc
    • S8024779: [macosx] SwingNode crashes on exit
    • S8025085: [javadoc] some errors in javax/swing
    • S8025218: [javadoc] some errors in java/awt classes
    • S8025249: [javadoc] fix some javadoc errors in javax/swing/
    • S8025409: Fix javadoc comments errors and warning reported by doclint report
    • S8026021: more fix of javadoc errors and warnings reported by doclint, see the description
    • S8037099: [macosx] Remove all references to GC from native OBJ-C code
    • S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String
    • S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits
    • S8049244: XML Signature performance issue caused by unbuffered signature data
    • S8049432: New tests for TLS property jdk.tls.client.protocols
    • S8050893: (smartcardio) Invert reset argument in tests in sun/security/smartcardio
    • S8059212: Modify sun/security/smartcardio manual regression tests so that they do not just fail if no cardreader found
    • S8068279: (typo in the spec) javax.script.ScriptEngineFactory.getLanguageName
    • S8068491: Update the protocol for references of docs.oracle.com to HTTPS.
    • S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210
    • S8076369: Introduce the jdk.tls.client.protocols system property for JDK 7u
    • S8139565: Restrict certificates with DSA keys less than 1024 bits
    • S8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
    • S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check
    • S8143959: Certificates requiring blacklisting
    • S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks
    • S8148516: Improve the default strength of EC in JDK
    • S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks
    • S8151893: Add security property to configure XML Signature secure validation mode
    • S8155760: Implement Serialization Filtering
    • S8156802: Better constraint checking
    • S8161228: URL objects with custom protocol handlers have port changed after deserializing
    • S8161571: Verifying ECDSA signatures permits trailing bytes
    • S8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar
    • S8164908: ReflectionFactory support for IIOP and custom serialization
    • S8165230: RMIConnection addNotificationListeners failing with specific inputs
    • S8166393: disabledAlgorithms property should not be strictly parsed
    • S8166591: [macos 10.12] Trackpad scrolling of text on OS X 10.12 Sierra is very fast (Trackpad, Retina only)
    • S8166739: Improve extensibility of ObjectInputFilter information passed to the filter
    • S8166875: (tz) Support tzdata2016g
    • S8166878: Connection reset during TLS handshake
    • S8167356: Follow up fix for jdk8 backport of 8164143. Changes for CMenuComponent.m were missed
    • S8167459: Add debug output for indicating if a chosen ciphersuite was legacy
    • S8167472: Chrome interop regression with JDK-8148516
    • S8167591: Add MD5 to signed JAR restrictions
    • S8168861: AnchorCertificates uses hardcoded password for cacerts keystore
    • S8168993: JDK8u121 L10n resource file update
    • S8169191: (tz) Support tzdata2016i
    • S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU
    • S8169911: Enhanced tests for jarsigner -verbose -verify after JDK-8163304
    • S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property
    • S8170268: 8u121 L10n resource file update – msgdrop 20
    • S8173622: Backport of 7180907 is incomplete
    • S8173849: Fix use of java.util.Base64 in test cases
    • S8173854: [TEST] Update DHEKeySizing test case following 8076328 & 8081760
  • Backports
  • Bug fixes
    • PR3318: Replace ‘infinality’ with ‘improved font rendering’ (–enable-improved-font-rendering)
    • PR3318: Fix compatibility with vanilla Fontconfig
    • PR3318: Fix glyph y advance
    • PR3318: Always round glyph advance in 26.6 space
    • PR3318: Simplify glyph advance handling
    • PR3324: Fix NSS_LIBDIR substitution in make_generic_profile.sh broken by PR1989
  • AArch64 port

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • 86d0fb6182e10f2f92785dce919d03602694928f5e585d42034a3f8ff3bda079 icedtea-2.6.9.tar.gz
  • 6660ee155cd6738cef2b7dcd83ce15eded595c801100900b51906c76d83b5f62 icedtea-2.6.9.tar.gz.sig
  • 8e4f3eb8d41ef66f1797825343141046973c124b18bf7d4698fae0a9a25495ea icedtea-2.6.9.tar.xz
  • ef7b9886ba619bc206a0b540b80ea11f85bac44e0658ea5588833830579c7c81 icedtea-2.6.9.tar.xz.sig

The checksums can be downloaded from:

A 2.6.9 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.6.9.tar.gz

or:

$ tar x -I xz -f icedtea-2.6.9.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.6.9/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

We are pleased to announce the release of IcedTea 3.3.0!

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 8 support with the October 2016 bug fixes from OpenJDK 8 u112 and the January 2017 security fixes from OpenJDK 8 u121.

The ‘infinality’ feature has been improved and is now known as ‘improved font rendering’. It no longer requires a patched FreeType and we intend to enable it by default from IcedTea 3.4.0 onwards.

We also make the build a little easier on some platforms by removing the requirement for wget to be installed if downloading is disabled,
and supporting older Kerberos installations which don’t use pkg-config. We also add support for picking up the strangely named JVM installation locations on RHEL 6 multilib platforms.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

New in release 3.3.0 (2017-01-28)

  • Security fixes
  • New features
    • PR3300: wget not required when downloading is disabled
    • PR3301: Support RHEL multilib installations which use the /usr/lib/jvm/java-1.x.0-openjdk.${arch} naming
    • PR3303: Allow Kerberos to be detected by old libs & headers method if pkg-config check fails
  • Import of OpenJDK 8 u112 build 16
    • S6477756: GraphicsDevice.getConfigurations() is slow taking 3 or more seconds
    • S7172749: Xrender: Class cast exception in 2D code running an AWT regression test
    • S8017629: G1: UseSHM in combination with a G1HeapRegionSize > os::large_page_size() falls back to use small pages
    • S8022203: Intermittent test failures in demo/jvmti/hprof
    • S8022582: Relax response flags checking in sun.security.krb5.KrbKdcRep.check.
    • S8027575: b113 causing a lot of memory allocation and regression for wls_webapp_atomics
    • S8028486: java/awt/Window/WindowsLeak/WindowsLeak.java fails
    • S8030780: test/com/sun/corba/cachedSocket/7056731.sh leaves HelloServer behind
    • S8036630: Null ProtectionDomain in JVM can cause NPE because principals field is not initialized to an empty array
    • S8042660: vm/mlvm/anonloader/stress/byteMutation failed with: assert(index >=0 && index < _length) failed: symbol index overflow
    • S8044193: Need to add known answer tests for AES cipher
    • S8044575: testlibrary_tests/whitebox/vm_flags/UintxTest.java failed: assert(!res || TypeEntriesAtCall::arguments_profiling_enabled()) failed: no profiling of arguments
    • S8048601: Tests for JCE crypto ciphers (part 1)
    • S8048621: Implement basic keystore tests
    • S8048622: Enhance tests for PKCS11 keystores with NSS
    • S8049021: Add smartcardio tests with APDU buffer
    • S8049312: AES/CICO test failed with on several modes
    • S8050402: Tests to check for use of policy files
    • S8050409: Test for JAAS getPrivateCredentials
    • S8054326: Confusing message in “Current rem set statistics”
    • S8055772: get_source.sh : version check assumes English localization
    • S8057791: Selection in JList is drawn with wrong colors in Nimbus L&F
    • S8058865: JMX Test Refactoring
    • S8067964: Native2ascii doesn’t close one of the streams it opens
    • S8071487: javax/management/monitor/GaugeMonitorDeadlockTest.java timed out
    • S8071909: Port testlibrary improvments in jdk/test to hotspot/test as required for DCMD test port
    • S8073542: File Leak in jdk/src/java/base/unix/native/libnet/PlainDatagramSocketImpl.c
    • S8074784: Additional tests for XML DSig API
    • S8075007: Additional tests for krb5-related cipher suites with unbound server
    • S8075297: Tests for RFEs 4515853 and 4745056
    • S8075299: Additional tests for krb5 settings
    • S8075301: Tests for sun.security.krb5.principal system property
    • S8077276: allocating heap with UseLargePages and HugeTLBFS may trash existing memory mappings (linux)
    • S8078268: javax.swing.text.html.parser.Parser parseScript incorrectly optimized
    • S8078382: Wrong glyph is displayed for a derived font
    • S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus
    • S8085903: New fix for memory leak in ProtectionDomain cache
    • S8098581: SecureRandom.nextBytes() hurts performance with small size requests
    • S8129740: Incorrect class file created when passing lambda in inner class constructor
    • S8130127: streamline input parameter of Nashorn scripting $EXEC function
    • S8130309: Need to bailout cleanly if creation of stubs fails when codecache is out of space
    • S8130317: “ant test” fails to complete on Windows when run under cygwin shell
    • S8133070: Hot lock on BulkCipher.isAvailable
    • S8133309: Some unicode characters do not display any more after upgrading to Windows 10
    • S8134232: KeyStore.load() throws an IOException with a wrong cause in case of wrong password
    • S8135322: ConstantPool::release_C_heap_structures not run in some circumstances
    • S8136998: JComboBox prevents wheel mouse scrolling of JScrollPane
    • S8137240: Negative lookahead in RegEx breaks backreference
    • S8138906: [TEST_BUG] Test test/script/trusted/JDK-8087292.js intermittently fails.
    • S8141148: LDAP “follow” throws ClassCastException with Java 8
    • S8141541: Simplify Nashorn’s Context class loader handling
    • S8143640: Showing incorrect result while passing specific argument in the Java launcher tools
    • S8143642: Nashorn shebang argument handling is broken
    • S8144160: Regression: two tests fail on Windows with “ant test” target
    • S8144221: fix Nashorn shebang argument handling on Mac/Linux
    • S8144703: ClassCastException: sun.font.CompositeFont cannot be cast to PhysicalFont
    • S8145305: fix Nashorn shebang handling on Cygwin
    • S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks
    • S8146975: NullPointerException in IIOPInputStream.inputClassFields
    • S8147026: Convert an assert in ClassLoaderData to a guarantee
    • S8147451: Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
    • S8147585: Annotations with lambda expressions has parameter result in wrong behavior.
    • S8147969: Print size of DH keysize when errors are encountered
    • S8148140: arguments are handled differently in apply for JS functions and AbstractJSObjects
    • S8148984: [macosx] Chinese Comma cannot be entered using Pinyin Input Method on OS X
    • S8150219: ReferenceError in 1.8.0_72
    • S8150234: Windows 10 App Containers disallow access to ICMP calls
    • S8150814: correct package declaration in Nashorn test
    • S8151722: TESTBUG: New test compiler/native/TestDirtyInt.sh should be modified
    • S8153149: Uninitialised memory in WinAccessBridge.cpp:1128
    • S8153192: (se) Selector.select(long) uses wrong timeout after EINTR (lnx)
    • S8153781: Issue in XMLScanner: EXPECTED_SQUARE_BRACKET_TO_CLOSE_INTERNAL_SUBSET when skipping large DOCTYPE section with CRLF at wrong place
    • S8153948: sun/security/mscapi/ShortRSAKey1024.sh fails with “Field length overflow”
    • S8154009: Some methods of java.security.Security require more permissions, than necessary
    • S8154069: Jaws reads wrong values from comboboxes when no element is selected
    • S8154144: Tests in com/sun/jdi fails intermittently with “jdb input stream closed prematurely”
    • S8154469: Update FSF address
    • S8154553: Incorrect GPL header in package-info.java reported
    • S8154558: Incorrect GPL header in ProcessEnvironment_md.c reported
    • S8154816: Caps Lock doesn’t work as expected when using Pinyin Simplified input method
    • S8154831: CastII/ConvI2L for a range check is prematurely eliminated
    • S8155001: SystemTray.remove() leaks GDI Objects in Windows
    • S8155106: MHs.Lookup.findConstructor returns handles for array classes
    • S8155214: java/lang/invoke/PermuteArgsTest.java fails due to exhausted code cache
    • S8156478: 3 Buffer overrun defect groups in jexec.c
    • S8156521: Minor fixes and cleanups in NetworkInterface.c
    • S8156714: Parsing issue with automatic semicolon insertion
    • S8156836: SIGSEGV: Test test/compiler/jsr292/VMAnonymousClasses.java fails with JTREG 4.2 b02
    • S8156896: Script stack trace should display function names
    • S8157160: JSON.stringify does not work on ScriptObjectMirror objects
    • S8157242: Some java/lang/invoke tests miss othervm
    • S8157444: exclude jjs shebang handling test from runs
    • S8157603: TestCipher.java doesn’t check one of the decrypted message as expected
    • S8157680: Callback parameter of any JS builtin implementation should accept any Callable
    • S8157819: TypeError when a java.util.Comparator object is invoked as a function
    • S8158059: The fix for 8050402 was partially committed
    • S8158072: Need a test for JDK-7172749
    • S8158111: Make handling of 3rd party providers more stable
    • S8158178: java.awt.SplashScreen.getSize() returns incorrect size for high dpi splash screens
    • S8158338: Nashorn’s ScriptLoader split delegation has to be adjusted
    • S8158373: SIGSEGV: Metadata::mark_on_stack
    • S8158467: AccessControlException is thrown on public Java class access if “script app loader” is set to null
    • S8158495: CCE: sun.java2d.NullSurfaceData cannot be cast to sun.java2d.opengl.OGLSurfaceData
    • S8158802: com.sun.jndi.ldap.SimpleClientId produces wrong hash code
    • S8158871: Long response times with G1 and StringDeduplication
    • S8159822: Non-synchronized access to shared members of com.sun.jndi.ldap.pool.Pool
    • S8160122: Backport of JDK-8159244 used wrong version of the JDK 9 fix
    • S8160518: Semicolon is not recognized as comment starting character (Kerberos)
    • S8160693: ScriptRunData.java uses bitwise AND instead of logical AND
    • S8161144: Fix for JDK-8147451 failed: Crash in Method::checked_resolve_jmethod_id(_jmethodID*)
    • S8162510: 8u112 L10n resource file updates
    • S8164453: 8u112 L10n resource file update – msgdrop 20
  • Import of OpenJDK 8 u121 build 13
    • S8037099: [macosx] Remove all references to GC from native OBJ-C code
    • S8059212: Modify sun/security/smartcardio manual regression tests so that they do not just fail if no cardreader found
    • S8139565: Restrict certificates with DSA keys less than 1024 bits
    • S8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
    • S8148516: Improve the default strength of EC in JDK
    • S8151893: Add security property to configure XML Signature secure validation mode
    • S8152438: Threads may do significant work out of the non-shared overflow buffer
    • S8153438: Avoid repeated “Please insert a smart card” popup windows
    • S8154005: Add algorithm constraint that specifies the restriction date
    • S8154015: Apply algorithm constraints to timestamped code
    • S8159410: InetAddress.isReachable returns true for non existing IP adresses
    • S8160108: Implement Serialization Filtering
    • S8161228: URL objects with custom protocol handlers have port changed after deserializing
    • S8161571: Verifying ECDSA signatures permits trailing bytes
    • S8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar
    • S8163583: [macosx] Press “To Back” button on the Dialog,the Dialog moves behind the Frame
    • S8164908: ReflectionFactory support for IIOP and custom serialization
    • S8165230: RMIConnection addNotificationListeners failing with specific inputs
    • S8166389: [TEST_BUG] closed/java/security/Security/ReadProp/ReadProp.sh failing
    • S8166393: disabledAlgorithms property should not be strictly parsed
    • S8166432: Bad 8u112 merge of sun/security/tools/jarsigner/warnings/Test.java
    • S8166591: [macos 10.12] Trackpad scrolling of text on OS X 10.12 Sierra is very fast (Trackpad, Retina only)
    • S8166739: Improve extensibility of ObjectInputFilter information passed to the filter
    • S8166875: (tz) Support tzdata2016g
    • S8166878: Connection reset during TLS handshake
    • S8167356: Follow up fix for jdk8 backport of 8164143. Changes for CMenuComponent.m were missed
    • S8167459: Add debug output for indicating if a chosen ciphersuite was legacy
    • S8167472: Chrome interop regression with JDK-8148516
    • S8167591: Add MD5 to signed JAR restrictions
    • S8168861: AnchorCertificates uses hardcoded password for cacerts keystore
    • S8168963: Backout JDK-8154005
    • S8168993: JDK8u121 L10n resource file update
    • S8169072: Backout JDK-8154015
    • S8169191: (tz) Support tzdata2016i
    • S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU
    • S8169911: Enhanced tests for jarsigner -verbose -verify after JDK-8163304
    • S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property
    • S8170268: 8u121 L10n resource file update – msgdrop 20
  • Bug fixes
    • PR3271: Always round glyph advance in 26.6 space
    • PR3271: Fix compatibility with vanilla Fontconfig
    • PR3271: Fix glyph y advance
    • PR3271: Replace ‘infinality’ with ‘improved font rendering’ (–enable-improved-font-rendering)
    • PR3271: Simplify glyph advance handling
    • PR3286: -ffp-contract not available on older GCCs
    • PR3302: zip should be optional, as it’s only used in the manually invoked dist-openjdk and dist-openjdk-fsg rules
    • PR3304: zip still a requirement of the underlying OpenJDK build
  • PPC port
    • S8170873, PR3280: PPC64/aarch64: Poor StrictMath performance due to non-optimized compilation
  • AArch64 port
    • S8130309, PR3280: Need to bailout cleanly if creation of stubs fails when codecache is out of space (AArch64 changes)
    • S8132875, PR3280: AArch64: Fix error introduced into AArch64 CodeCache by commit for 8130309
    • S8165673, PR3280: AArch64: Fix JNI floating point argument handling
    • S8170188, PR3280: jtreg test compiler/types/TestMeetIncompatibleInterfaceArrays.java causes JVM crash
    • S8170873, PR3280: PPC64/aarch64: Poor StrictMath performance due to non-optimized compilation

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

GnuPG >= 2.1 is required to be able to handle this key.

SHA256 checksums:

  • ce74a343759bfe6a7332301835e7c6e77d01db588a1dab672816c9ce338474b1 icedtea-3.3.0.tar.gz
  • efed173fa928897f02eed70c63b0e764800593c4800cb0e055a450df0d1aa045 icedtea-3.3.0.tar.gz.sig
  • b764ff09674f9139f94dfe9df8f6393ed55af149c7bb1033fbf119f68cea750b icedtea-3.3.0.tar.xz
  • 4ca9acdbec277afe2028508d36f30309a06a4317125f9207c9e95dce9335a0a0 icedtea-3.3.0.tar.xz.sig

The checksums can be downloaded from:

A 3.3.0 ebuild for Gentoo is available.

The following people helped with these releases:

  • Matthias Dahl (PR3271 font rendering improvements)
  • Andrew Hughes (all other bug fixes and backports, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-3.3.0.tar.gz

or:

$ tar x -I xz -f icedtea-3.3.0.tar.xz

then:

$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-3.3.0/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

Welcome to Wildebeest blogs. This is your first post. Edit or delete it, then start blogging!

After many years, I was finally able to update PDFKit, GNUstep's PDF Framework which is based on xpdf. The update to 3.03 and 3.04 required updates to the internal APIs.

This brings a lot of  improvements (and also all the security fixes) of the newer xpdf.

Important new fixes are flowing in too, compared to the last release.

CropSize instead of MediaSize is now used to determine the NSSize of the image, thus fixing a strange scale issue that affected certain PDFs (The view was allocated for the MediaSize, but the rendering was done on the CropSize).

Furthermore, several static instances of classes were removed, so that multiple PDF documents can be opened in an application, this was a long undiscovered issue!

Workspace Content Inspector and ViewPDF

To all steppers who use PDFKit, please test... and report issues, especially new ones, a release is due soon! No regression known at the moment.
After turning off comments on this blog a few years ago, the time has now come to remove all the posts containing links. The reason is again pretty much the same as it was when I decided to turn off the comments - I still live in Hamburg, Germany.

So, I've chosen to simply remove all the posts containing links. Unfortunately, that were pretty much all of them. I only left my old post up explaining why this blog allows no comments, now updated to remove all links, of course.

Over the past years, writing new blog posts here has become increasingly rare for me. Most of my 'social media activity' has long moved over to Twitter.

Unfortunately, I mostly use Twitter as a social bookmarking tool, saving and sharing links to things that I find interesting.

As a consequence, I've signed up for a service that automatically deletes my tweets after a short period of time. I'd link to it, but ...

A year or so ago I was asked to debug a crash in the Firefox devtools.  Crashes are easy!  I fired up gdb and reproduced the crash… which turned out to be in some code JITted by SpiderMonkey.  I was immediately lost; even a simple bt did not work.  Someone more familiar with the JIT — hi Shu — had to dig out the answer :-(.

I did take the opportunity to get some information from him about how he found the result, though.  He pointed me to the code responsible for laying out JIT stack frames.  It turned out that gdb could not unwind through JIT frames, but it could be done by hand — so I resolved then to eventually fix this.

Phase One

I knew from my gdb hacking that gdb has a JIT unwinding API.  Actually — and isn’t this the way most programs end up working? — it has two.

The first JIT API requires some extra work on the part of the JIT: it constructs an object file, typically ELF and DWARF, in memory, then calls a hook.  GDB sets a breakpoint on this hook and, when hit, it reads the data from the inferior.  This lets the JIT provide basically any kind of information — but it’s pretty heavy.

So, I focused my attention on the second API.  In this mode, the JIT author would provide a shared library that used some callbacks to inform gdb of the details of what was going on.  The set of callbacks was much more limited, but could at least describe how to unwind the registers.  So, I figured that this is what I would do.

But… I didn’t really want to write this in C.  That would be a real pain!  C is fiddly and hard to deal with, and it would mean constant rebuilding of the shared library while debugging, and SpiderMonkey already had a reasonable number of gdb-python scripts — surely this could be done in Python.

So I took the quixotic approach, namely writing a shared library that used the second gdb JIT API but only to expose this API to Python.

Of course, this turned out to be Rube Goldbergian.  Various parts of the gdb Python API could not be called from the JIT shared library, because those bits depended on other state in gdb, which wasn’t set properly when the JIT library was being called.  So, I had gdb calling into my shared library, which called my Python code, which then invoked a new gdb command (written in Python and supplied by my package) — that existed solely for the purpose of setting this internal state properly — and that in turn invoked the code I wanted to run, say to fetch memory or a register or something.

Computer Science!

Well, that took a while.  But it sort of worked!  And maybe I could just keep it in github and not put it in Mozilla Central and avoid learning about the Firefox build system and copying in some gdb header file and license review and whatnot.

So I started writing the actual Python code… OMG.  And see below since you will totally want to know about this.  But meanwhile…

… while I was hacking away on this crazy idea, someone implemented the much more sane idea of just exposing gdb’s unwinder API to gdb’s Python layer.

Hmm… why didn’t I do that?  Well, I left gdb under a bit of a cloud, and didn’t really want to be that involved at the time.  Plus, you know, gdb is a high quality project; which means that if you write a giant patch to expose the unwinding API, you have to be prepared for 17 rounds of patch review (this really happened once), plus writing documentation and tests.  Sometimes it’s just easier to channel one’s inner Rube.

Phase Two

The integrated Python API was a great development.  Now I could delete my shared library and my insane trampoline hacks, and focus on my insane unwinding code.

A lot of this work was straightforward, in the sense that the general outline was clear and just the details remained.  The details amount to things like understanding the SpiderMonkey frame descriptor (which partly describes the previous frame and partly the new frame; there’s one comment explaining this that somehow eluded me for quite a while); duplicating the SpiderMonkey JIT unwinding code in Python; and of course carefully reading the SpiderMonkey code that JITs the “entry frame” code to understand how registers are spilled.

Naturally, while doing this it turned out that I was maybe the first person to use these gdb APIs in anger.  I found some gdb crashes, oops!  The docs would have been impenetrable, except I already knew the underlying C APIs on which they were based… whew!  The Python API was unexpectedly picky in other areas, too.

But then there was also some funny business, one part in gdb, and one part in SpiderMonkey.

GDB is probably more complicated than you realize.  In this case, the complexity is that, in gdb, each stack frame can have its own architecture.  This seemingly weird functionality is actually used; I think it was invented for the SPU, but some other chips have multiple modes as well.  But what this means is that the question “what architecture is this program?” is not well-defined, and anyway gdb’s Python layer doesn’t provide you a way to find whatever approximation it is that would make sense in your specific case.  However, when writing the SpiderMonkey unwinder, it kind of actually is well-defined and we’d like to know the answer to know which unwinder to choose.

For this problem I settled on the probably terrible idea of checking whether a given register is available.  That is, if you see “$rip“, you can guess it’s x86-64.

The other problem here is that gdb thinks that, since you wrote an unwinder, it should get the first stab at unwinding.  That’s very polite!  But for SpiderMonkey, deciding “hey, is this PC in some code the JIT emitted?” is actually a real pain, or at least outside the random bits of it I learned in order to make all this work.

Aha!  I know, there’s probably a Python API to say “is this address associated with some shared library?”  I remembered reading and/or reviewing a patch… but no, gdb.solib_name is close but doesn’t do the right thing for addresses in the main executable.  WAT.

I tried several tricks without success, and in the end I went with parsing /proc/maps to get the mappings to decide whether a given frame should be handled by this unwinder or by gdb.  Horrible.  And fails with remote debugging.

Luckily, nobody does remote debugging.

Remote Debugging

Oh, wait, people do remote debugging at Mozilla all the time.  They don’t call it “remote debugging” though — they call it “using RR“, which while it runs locally, appears to be remote to gdb; and, importantly, during replay mode fakes the PID, and does other deep magic, though not deep enough to extend to making a fake map file that could be read via gdb’s remote get command.

By the way, you should be using RR.  It’s the best advance in debugging since, well, gdb.  It’s a process record-and-replay program, but unlike gdb’s built-in reverse debugging, it handles threads properly and has decent performance.

Oh Well

Oh well.  It just won’t work remotely.  Or at least not until fellow Mozillian (this always seems like it should be “Mozillan” to me, but it’s not, there really is that extra “i”) and all-star Nicolas Pierron wrote some additional Python to read some SpiderMonkey tables to make the decision in a more principled way.  Now it will all work!

Though looking now I wonder if I dreamed this, because the code isn’t checked in.  I know he had a patch but my memory is a bit fuzzy — maybe in the end it didn’t work, because RR didn’t implement the qGetTLSAddr packet, which gdb uses to read thread-local storage.  Did I mention the thread-locals?

The Real Start of the Story

So, way back at the beginning, during my initial foray into this code, I found that a crucial bit of information — the appropriately-named TlsPerThreadData — was stashed away in a thread-local variable.  Information stored here is needed by the unwinder in order to unwind from a C++ frame into a JIT frame.

Only, Firefox didn’t use “real” thread-local variables, the things that so many glibc and gcc hackers put so much effort into micro-optimizing.  No, it just used a template class that wrapped pthread_setspecific and friends in a relatively ergonomic way.

Naturally, for an unwinder this is a disaster.  Why?  Unwinding is basically the dissection of the stack; but in order to compute the value of one of these thread-local-storage objects, the unwinder would have to make some function calls in the inferior (in fact this prevents it from working on OSX).  But these would affect the stack, and also potentially let other inferior code (in other threads — remember, gdb is complicated and you can exert various unusual kinds of control like this) run as well.

So I neglected to mention the very first step: changing Firefox to use __thread.  (Ok, I didn’t really neglect to mention it, I was just being lazy and anyway it’s a shaggy dog story.)

Do Not Use libthread_db

RR did not implement qGetTLSAddr, which we needed, because  lots of people at Mozilla use RR.  So I set out to implement that.  This meant a foray into the dangerous world of libthread_db.

For reasons I do not know, and suspect that I do not want to know, glibc has historically followed many Solaris conventions.  One such Solaris innovation was libthread_db — a library that debuggers use to find certain information from libc, information like the address of a thread-local variable

On the surface this seems like a great idea: don’t bake the implementation details of the C library into the debugger.  Instead, let the debugger use a debugging library that comes with the C library.  And, if you designed it that way, it would be a good idea.

Sadly, though, libthread_db was not designed that way.  Oh no.

For example, libthread_db has a callback interface.  The calling program — gdb or rr — must provide some functions that libthread_db can call, to do some simple things like “read some memory”; or some very complicated things like “find the address of a symbol given its name”.  Normal C programmers might implement these callbacks using a structure containing function pointers.  But not libthread_db!  Instead it uses fixed symbol names that must be provided by the calling application.  Not all of these are required for it to work (you get to figure out which, yay!), but some definitely are.  And, you have to dlopen a libthread_db that matches the libc of the inferior that you’re debugging (or link against it, but that’s also obviously bad).

Wait, you say.  Doesn’t that mess up cross-debugging?  Why yes!  Yes it does!  Which is why qGetTLSAddr has to be in the gdb remote serial protocol to start with.

Hey, maybe the Linux vendors should fix this.  They are — see Gary Benson’s Infinity project — but unfortunately that’s still in development and I wanted RR to work sooner.

Ok, so whew.  I wrote qGetTLSAddr support for RR.  This was a small patch in the end, but an unusual pain in an already painful series.  Hopefully this won’t spill out into other programs.

glibc

Hahaha, you are so funny.  Of course it spills out: remember how you have to define a bunch of functions with specific names in your program in order to use libthread_db?  Well, how do you know you got the types correct?

Yeah, you include <proc_service.h> (a name deliberately chosen to confuse, I suppose, why not, it doesn’t bear any obvious relationship to the library).  Only, that was never installed by glibc.  Instead, gdb just copied it into the source tree.

So naturally I went and fixed this in glibc.  And, even more naturally, this broke the gdb build, which was autoconf’d to check for a file that never existed in the past.  LOL.

Thank You Cthulhu

At this point I figured it was only a matter of time until I had to patch the kernel.  Thankfully this hasn’t been necessary yet.

It Says What

In gdb the actual unwinding and the display of frames are separate concerns.

And let me digress here to say that gdb’s unwinder design is excellent.  I believe it was redone by Andrew Cagney (this was well before my active time in gdb, so apologies if you’re reading this and you did it and I’ve misattributed it).  Like much of gdb, many of the details are bizarre and take one back to the byte-counting days of 1987; but the high level design is very solid and has endured with, I think, just one significant change (to support inline functions) in the intervening 15 or so years.  I’ve long thought that this is a remarkable accomplishment in the programming world.

So, yes.  It’s not enough to just unwind.  Simply having an unwinder yields backtraces with lines like:

#5 0xfeefee ???

Better than nothing!  But not yet great.

The second part of the SpiderMonkey unwinder is, therefore, a gdb “frame filter”.  This is an object that takes raw frames and decorates them with information like a function name, or a file name, or arguments.

Work to add this information is ongoing — I landed one patch just yesterday, and another one, to add more information about interpreted frames, is still in the works.  And there are two more bugs filed… maybe this project, like this blog post, will never conclude.  It will just scroll endlessly.

But now, with all the code in place, bt can show something like:

#6 0x00007ffff7ff20f3 in <<JitFrame_BaselineJS "f1">> (this=JSVAL_VOID, arg1=$jsval(4700))

This is the call f1(4700).

Let’s Just Have One More

Of course we still couldn’t enable this unwinder by default.  You have to enable it by hand.

And by the way, in the first release of gdb’s Python unwinder feature, enabling or disabling an unwinder didn’t flush the frame cache, so it wouldn’t actually take effect until some invisible-to-the-user state change took place.  I fixed this bug, but here Pedro Alves also taught me the secret gdb command flushregs, which in fact just flushes the frame cache. (I’m going to go out on a limb and guess that this command predates the already ancient maint prefix command, hence its weird name.)

Anyway, you have to enable it by hand because the unwinder itself doesn’t work properly if the outermost frame is in JIT code.  The JIT, in the interest of performance, doesn’t maintain a frame pointer.  This means that in the outermost frame, there’s no reliable way to find the object that describes this frame and links to the previous frame.

Now, normally in this case gdb would either resort to debug info (not available here), or in extremis its encyclopedic suite of prologue analyzers (yes, gdb can analyze common function prologues for all architectures developed in the last 25 years to figure out stuff) — but naturally JIT compilers go their own way here as well.

Humans, like Shu back at the start of this story, can do this by dumping parts of the stack and guessing which bytes represent the frame header.

But, I’ve been reluctant and a bit afraid to hack a heuristic into the unwinder.

To sum up — in case you missed it — this means that all the code written during this entire saga would still not have helped with my original bug.

The End

This is a very important machine that really deserves to get built. Anyone who cares about Free Software should consider funding this project at some level, and spreading the word to their friends. If this project succeeds, it will bootstrap a market for new, owner-controlled performant desktop machines. If it fails, no such computers will exist. The project page and updates explain the current (rather depressing) state of general purpose computing better than I could, so take a look.

Valgrind 3.12.0 was just released with lots of exciting improvements. See the release notes for all the details. It is already packaged for Fedora 25.

Valgrind will also have a developer room at Fosdem on Saturday 4 February 2017 in Brussels, Belgium. Please join us, regardless of whether you are a Valgrind core hacker, Valgrind tool hacker, Valgrind user, Valgrind packager or hacker on a project that integrates, extends or complements Valgrind.

Please see the Call for Participation for more information on how to propose a talk or discussion topic.

I originally posted this on G+ but I thought maybe I should expand it a little and archive it here.

The patch to delete gcj went in recently.

When I was put on the gcj project at Cygnus, I remember thinking that Java was just a fad and that this was just a temporary thing for me. I wasn’t that interested in it. Then I ended up working on it for 10 years.

In some ways it was the high point of my career.

Socially it was fantastic, especially once we merged with the Classpath community — I’ve always considered Mark Wielaard’s leadership in that community as the thing that made it so great.  I worked with and met many great people while working on gcj and Classpath, but I especially wanted to mention Andrew Haley, who is the single best debugger I’ve ever met, and who stayed in the Java world, now working on OpenJDK.

We also did some cool technical things in gcj. The binary compatibility ABI was great, and the split verifier was very fun to come up with.  Per Bothner’s early vision for gcj drove us for quite a while, long after he left Cygnus and stopped working on it.

On the downside, gcj was never quite up to spec with Java. I’ve met Java developers even as recently as last year who harbor a grudge against gcj.

I don’t apologize for that, though. We were trying something difficult: to make a free Java with a relatively small team.

When OpenJDK came out, the Sun folks at FOSDEM were very nice to say that gcj had influenced the opening of the JDK. Now, I never truly believed this — I’m doubtful that Sun ever felt any heat from our ragtag operation — but it was very gracious of them to say so.

Since the gcj days I’ve been searching for basically the same combination that kept me hacking on gcj all those years: cool technology, great social environment, and a worthwhile mission.

This turned out to be harder than I expected. I’m still searching. I never thought it was possible to go back, though, and with this deletion, this is clearer than ever.

There’s a joy in deleting code (though in this case I didn’t get to do the deletion… grrr); but mainly this weekend I’m feeling sad about the final close of this chapter of my life.

The slides and video for my JavaOne 2016 talk about JDK 9 Language, Tooling, and Library Features have now been posted. There are many features in the release in addition to modules!
First, the underlying DataBasinKit framework got an important update.
[DBSoap update] now supports setting fields to null. That was quite a major detail missing: you could reset to blank even string fields.
This required me to fiddle a bit to generate the fieldsToNull list. Every field passed with an empty string value is considered to null.

<update xmlns="...">
<sobject xsi:type="sf:Account">
<id>....</id>
<fieldsToNull>AccountNumber</fieldsToNull>
<fieldsToNull>OtherCity</fieldsToNull>
<Name>New Name</Name>
</sobject>
</update>


The Object Inspector, the handy tool which allows you to inspect all field values of a record and knowing immediately their developer name given the Object Salesforce Id, how got update powers!



As the Screenshot (here on MacOS) shows, changed values show in a different color (non-updatable fields show in italics and their Cell is not editable). The total number of fields to be changed is summed up in the status field. Only fields marked as changed are updated when the Update button is pressed, other are left as-is and not overwritten for safety.

Further work has been done in the Inspector and full search filtering is now available!
Just entering a a sting will filter out the relevant rows. Both the Field Name or Developer Name are matched, as well as the content! It is thus super-easy to look for all fields (also fields not at layout) which have a certain Value. All fields false? easy as in the screenshot:



RoboVM 0.0.1 got released this week by Trillian AB.

RoboVM's main focus is to compile Java to native for deployment on mobile devices such as iOS and Android. RoboVM uses a Java to Objective-C bridge built using LLVM. Good news is that the same process work for converting Java applications to native applications on GNU/Linux systems as well!

Mario Zechner the author of libgdx posted this nice picture from inside DDD/GDB of his first HelloWorld compiled to native X86 code running on a GNU/Linux machine.
GNU/Linux machine code generated by RoboVM seen from inside DDD/GDB

http://www.robovm.org/

JogAmp is the home of high performance Java™ libraries for 3D Graphics, Multimedia and Processing.
JOGL, JOCL and JOAL provide cross platform Java™ language bindings to the OpenGL®, OpenCL™, OpenAL and OpenMAX APIs.
Running on Android, Linux, Window, OSX, and Solaris across devices using Java.

Release announcement for JogAmp 2.0.2-rc12

"You're encouraged to stop using the now-ancient 2.0-rc11!"

This 2.0.2-rc12 release include the largest security review in the 10-year history of JOGL

  • Security Fixes

    • Dynamic Linker Usage / Impl.
    • ProcAddressTable field visibility
    • Perform SecurityManager checks where required
    • Validation of property access
    • JAR Manifest tags:
      • Codebase
      • Permissions
      • Sealed
    • Use latest Java7 toolchain
      • Generating Java 1.6 bytecode
      • HTML API doc

https://jogamp.org/wiki/index.php/SW_Tracking_Report_Objectives_for_the_release_2.0.2_of_JOGL
Security fixes are marked in red on the above bug tracking page.
JogAmp send out thanks to the FuzzMyApp security researchers for healthy communication that triggered the security review work.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place inside the JogAmp forum & mailing-list and the #jogamp IRC channel on irc.freenode.net.


Meet us @

JogAmp @ SIGGRAPH 2013

If you’ve been following Infinity and would like to, you know, download some code and try it out… well, now you can!

screenshot

Project Jigsaw is an enormous effort, encompassing six JEPs implemented by dozens of engineers over many years. So far we’ve defined a modular structure for the JDK (JEP 200), reorganized the source code according to that structure (JEP 201), and restructured the JDK and JRE run-time images to support modules (JEP 220). The last major component, the module system itself (JSR 376 and JEP 261), was integrated into JDK 9 earlier this week and is now available for testing in early-access build 111.

Breaking changes Like the previous major change, the introduction of modular run-time images, the introduction of the module system might impact you even if you don’t make direct use of it. That’s because the module system is now fully operative at both compile time and run time, at least for the modules comprising the JDK itself. Most of the JDK’s internal APIs are, as a consequence, fully encapsulated and hence, by default, inaccessible to code outside of the JDK.

An existing application that uses only standard Java SE APIs and runs on JDK 8 should just work, as they say, on JDK 9. If, however, your application uses a JDK-internal API, or uses a library or framework that does so, then it’s likely to fail. In many cases you can work around this via the -XaddExports option of the javac and java commands. If, e.g., your application uses the internal sun.security.x509.X500Name class then you can enable access to it via the option

-XaddExports:java.base/sun.security.x509=ALL-UNNAMED

This causes all members of the sun.security.x509 package in the java.base module to be exported to the special unnamed module in which classes from the class path are defined.

A few broadly-used internal APIs that cannot reasonably be implemented outside of the JDK, such as sun.misc.Unsafe, are still accessible for now. As outlined in JEP 260, however, these will be removed in a future release after suitable standard replacements are available.

The encapsulation of JDK-internal APIs is the change you’re most likely to notice when running an existing application. Other relevant but, for the most part, less-noticeable changes are described in the risks-and-assumptions section of JEP 261.

If you have trouble running an existing application on JDK 9 build 111 or later, and you think that’s due to the introduction of the module system but not caused by one of the changes listed in JEPs 260 or 261, then please let us know on the jigsaw-dev mailing list (you’ll need to subscribe first, if you haven’t already), or else submit a bug report via bugs.java.com.

New features If you’d like to start learning about the module system itself, the video of my Devoxx BE 2015 keynote gives a high-level overview and The State of the Module System summarizes the design of the module system proposed for JSR 376. Further details are available in the six Jigsaw JEPs, listed on the main project page, and in videos of other sessions given at JavaOne 2015 and Devoxx BE 2015.

The module-system design will continue to evolve in the JSR for a while yet, based on feedback and experience. The implementation will evolve in parallel in the Project Jigsaw “Jake” forest, and we’ll continue to publish bleeding-edge early-access builds based on that code, separately from the more-stable JDK 9 builds.

I finished getting Excorporate and all its dependencies into GNU ELPA. Excorporate lets Emacs retrieve calendar items from an Exchange server.

Excorporate in GNU ELPA

I had to rewrite the default UI to use Org Mode, because Calfw isn’t entirely copyright-assigned to the FSF yet. The Calfw UI is still there for reference, but as a text file so that GNU ELPA’s build and publishing steps ignore it. Both UI handlers use the same updated APIs from the main excorporate.el library.

Excorporate Org handler

I made sure Excorporate and all its dependencies use only features available since GNU Emacs 24.1. This is pretty good coverage; Emacs 24.1 introduced the packaging system, so if an Emacs version supports packages, it supports Excorporate.

Other than DNS lookups, Excorporate is completely asynchronous, so it won’t block the Emacs main loop. And it is pure Emacs Lisp so it runs on any operating system that Emacs does.

In addition to Org Mode support, release 0.7.0 collects all the suggestions users have made on this blog and adds Exchange 2007 support.

To install: M-x package-install RET excorporate

To get the source code:

git clone git://git.savannah.gnu.org/emacs/elpa.git

To report bugs: M-x report-emacs-bug


EclipseCon NA 2016

It was a great pleasure to have a chance to serve on this year’s EclipseCon Program Committee. As Java SE 8 adoption took place at “record-setting pace” during the past year, I was glad to see the EclipseCon team set their sights ahead, towards JDK 9, with its own track at EclipseCon. If you’d just like to take a peek at the changes being considered, developed and integrated into the JDK 9 Project, you can check out its web site in the OpenJDK community, and try out the Early Access builds.

If you’d like to hear what JDK 9 means for Eclipse, though, then you should come to EclipseCon in March and hear about it first hand from Jay Arthanareeswaran from IBM and Manoj Palat, who will talk about Java 9 support in Eclipse. In their session, they will look at what kind of support JDT provides for developers who would like to use JDK 9 in their projects, discussing planned Eclipse features as well as what modules could mean to different projects and how to best leverage the upcoming module system.

Within the OpenJDK community, Project Jigsaw is where development of the reference implementation of JSR 376 – Java Platform Module System takes place, along with the modularization of the JDK itself and the development of a new run-time image format. That’s a lot of new stuff to digest – fortunately, we’ll have Thomas Schindl at EclipseCon to give us a personal view and overview of what he calls "most likely the biggest change in Java’s history" in the “You, Me and Jigsaw” session.

At this point, you may be wondering if JDK 9 is all about modules. Modularity plays a huge role, but there is a lot more to it – more than 70 JDK Enhancement Proposals have been targeted for the JDK 9 release so far. To walk us through some of Java 9’s other puzzle pieces, we’ll have Erik Costlow from Oracle.

Finally, closing this track on Thursday, Erik will discuss “Preparing your code for JDK 9”. There are some steps you can take already to make your code ready to benefit from the new features planned for JDK 9, such as analyzing your project’s library dependencies for unintentional reliance on JDK-internal APIs.

I hope that you will enjoy this EclipseCon track, and that you will be inspired to start experimenting with JDK 9 and Eclipse.
Today I finally moved out of my lovely Ubuntu 10.04 LTS I was so proud in 2012, sad to read. That there are no longer any updates for it, only half of the problem. Many projects I am interested in started to fail during compilation because the toolchain is getting old. I was not updating because I did not like Unity, say whatever you want about it. I could learn it, of course, I have learned lots of way more sophisticated things (what about building GNU Classpath?). But I do not like the attitude, do not like decisions being made the way they are. Design must follow the user demands. Not in reverse. I gave a try to Gnome 3 as well with Fedora 22, played for some time but was not very impressed either and decided to drop after discovering that while it is possible to install the Gnome 2 - like Mate desktop, it is very difficult to actually switch into it.

My next distribution will be Ubuntu Mate. Value your freedom otherwise you will lose it!

Unexpectedly there were significant problems during updates . While in 2012 Linux installed no problem for me, now both Ubuntu Mate and Fedora 22 have booted in UEFI mode, raising lots of esoteric complains. It took half of the day for me to find where to switch of these UEFI beaties off in my wondercard, and another half to discover that the wondercard does not remember this setting, spontaneously reverting to "UEFI on". I cannot switch into UEFI, I have two other Linux distros on the same machine and do not want to loose. But now seems done.

This month I've released Orson PDF version 1.7, a compact and fast API for creating PDF content in Java through the standard Graphics2D API. This release features:

  • support for transparent images;
  • an implementation of the create() method to better support use against existing Java2D code;
  • addition of the GNU General Public License version 3 as the default license (a commercial license remains available for those that prefer it);
  • various bug fixes;
While Orson PDF has been created to provide PDF export for any Java2D-based code, my own use for it is within JFreeChart and Orson Charts. To provide an example, here is a chart that was exported with Orson PDF being viewed within Acrobat Reader: chartpdf.png

With the new GPLv3 license option, I've now also made the OrsonPDF repo at GitHub public, which will make it easier for other developers to work directly with the source code. You can also use GitHub to report any bugs or other issues.

The original version of this blog entry is published at http://www.object-refinery.com/blog/blog-20151008.html.

The first release candidate is finally available. It can be downloaded here or from NuGet.

What's New (relative to IKVM.NET 8.0):

  • Integrated OpenJDK 8u45.
  • Many fixes to late binding support.
  • Added ikvmc support for deterministic output files.
  • Various sun.misc.Unsafe improvements.
  • Many minor bug fixes and performance tweaks.

Changes since previous development snapshot:

  • Assemblies are strong named.
  • Fix for bug #303. ikvmc internal compiler error when trying to get interfaces from type from missing assembly reference.
  • Implemented NIO atomic file move on Windows.

Binaries available here: ikvmbin-8.1.5717.0.zip

Sources: ikvmsrc-8.1.5717.0.zip, openjdk-8u45-b14-stripped.zip

There is a nice profile of me on the Java Magazine of this bimestre, and I am very flattened for this so let me share it right away with you.

There is one question I was expecting though but didn’t come: “When did you start working on Java?”.

So, in order to give some more context, let me play with it and answer my own question here (and without space limits!). I think this is important, because it is about how I started to contribute to OpenJDK, it shows that you can do the same… if you are patient.

JM: When did you start working on Java?

Torre: I started to work in Java around its 1.3 release, and I used it ever since. I did start working on Java quite later though, around the Java 1.5/1.6 era probably. I was working to create an MSN messenger clone in Java on my Linux box, since all my friends where using it (MSN I mean, not Linux unfortunately), including the dreaded emoticons, and no Linux client supported those at the time.

I had all the protocol stuff working, I could handshake and share messages (although I still had to figure out the emoticons part!), but I had a terrible problem. I needed to save user credentials. Well, Java has a fantastic Preferences API, easy enough, right? Except that what I was using wasn’t the proprietary JDK, it was the Free Software version of it: GNU Classpath.

Classpath at the time didn’t have Preferences support, so I was stuck. I think somebody was writing a filesystem based preferences, or perhaps it was in Classpath but not GCJ, which is what everybody was using as a VM with the Classpath library, anyway when I started to look at the problem, I realised it would have been nicer to offer a GConf based Preferences store, and integrate the whole thing into the Gnome desktop (at the time, Gnome was a great desktop, nothing like today’s awfulness).

I was hooked. In fact, I even never finished my MSN messenger! After GConf, all sort of stuff came in, Decimal Formatter, GStreamer Sound backend, various fixes here and here, and this is when I learned a lot of how Swing works internally by following Sven de Marothy, Roman Kennke and David Gilbert work.

When Sun was about to release OpenJDK, I was in that very first group and witnessed the whole thing, a lot of behind the scenes of the creation of this extremely important code contribution. OpenJDK license is “GPL + Classpath exception” for a reason. I remember all the heroes that made Java Free Software.

I guess I was lucky, and the timing was perfect.

However right at the beginning contributing actual code to OpenJDK wasn’t at all easy like in Classpath. There was (is!) lot of process, things took a lot of time for anything but the most trivial changes etc…

But eventually I insisted and me and Roman where the first external guys to have code landing in the JDK, Roman was, I believe, the first independent person to have commit rights (I think that the people that are still today in my team at Red Hat and then also SAP had some changes already in, but at the time we two were the only guys completely external).

It wasn’t easy, I had to challenge ourselves and push a lot, and not give up. I had to challenge Sun, and even more challenge Oracle when it took the lead. But I did it. This is what I mean that everybody can do it, you can develop the skills and then you need to build the trust and then not let it go. I’m not sure what is more complex here, but if you persist it eventually come. And then all of a sudden billions of people will use your code and you are a Java Champion.

So this is how it started.


Final 8.1 development snapshot. Release candidate 0 will be next (after .NET 4.6 RTM).

Changes:

  • Updated HOWTO reference to OpenJDK 8u45.
  • Extract Windows version from kernel32.dll to avoid version lie. Idea stolen from OpenJDK.
  • Moved unused field removal optimization to a later stage in the compilation.
  • Made field removal optimization check more strict to only remove final fields and not remove fields that have annotations.
  • Added support for automatically passing in fields to "native" methods.
  • Various minor clean ups.
  • Added FieldWrapper.IsSerialVersionUID property to properly (and consistently) detect serialVersionUID fields.
  • Improved side effect free static initializer detection.
  • Improved -removeassertions ikvmc optimization to remove more code (esp. allow otherwise empty static initializers to be optimized away).

Binaries available here: ikvmbin-8.1.5666.zip

Just a couple of days ago I found out that some of my favourite musicians decided to join together to release an album, and allowed to preorder it on a crowdfunding website, Music Raiser.

The name of the band is “O.R.k.” and the founders are none but Lef, Colin Edwin, Pat Mastelotto and Carmelo Pipitone.

You probably have heard their names, if not, Colin Edwin is the bassist from Porcupine Tree while Carmelo Pipitone is the gifted guitarist from Marta Sui Tubi, an extremely original Italian band, they probably did the most interesting things in Italian music in the last 15 years or so; Lef, aka Lorenzo Esposito Fornasari, has done so many things that is quite hard to pick just one, but in Metal community he is probably best know for Obake. Finally, Pat Mastelotto is the drummer of King Crimson, and this alone made me jump on my seat!

One of the pre-order bonus was the ability to participate to a Remix Contest, and although I only got the stems yesterday in the late morning I could not resist to at least give it a try, and it’s a great honour for me that they have put my attempt on their Youtube channel:

It’s a weird feeling editing this music, after all, who am I to cut and remix and change the drum part (King Crimson, please forgive me!), how I ever dare to touch the guitars and voice, or rearrange the bass!?🙂

But indeed it was a really fun experience, and I hope to be able do this again in the future.

And who knows, maybe they even like how I messed up their art and they decide to put me on their album! Nevertheless, it has been already a great honour for me to be able to see this material in semi-raw form (and a very interesting one!), so this has been already my first prize.

I’m looking forward now to listen the rest of the album!


I'm happy to announce that JFreeSVG version 3.0 has been uploaded to SourceForge. JFreeSVG is a fast and lightweight API for creating SVG content in Java. This release features:

  • new handling for BasicStroke cap, join and miterlimit;
  • a new ZIP option when writing SVG to files;
  • a demo for exporting Swing UIs to SVG;
  • removal of the CanvasGraphics2D implementation (to focus on SVG only);
  • a fix for handling of PathIterator.SEG_CLOSE;
  • a fix for y-coordinate bug in drawImage();
  • a workaround for ClassCastException when exporting Swing UIs on MacOSX with Nimbus L&F.

To ensure that JFreeSVG provides a fully functional Graphics2D implementation, I tested it using the Swingset3 demo with modifications to redirect the screen output directly to JFreeSVG to produce SVG output. I've always liked the way that Swing uses the Java2D API to cleanly separate its rendering from having any direct knowledge of the actual output target. Here is an example:

SVG not supported in your browser!

This turned out to be an effective test, because it uncovered a bug in one of the drawImage() methods that has remained undetected in all previous JFreeSVG releases.

One last thing...the JFreeSVG repo at GitHub is now public, which will make it easier for other developers to tweak the code for experimentation or bug fixes (if you spot a bug though, please report it to me).

If you'd like to give feedback on this post, please comment via the JFreeSVG forum.

I recently had occasion to scan some papers using a sheet-fed Ricoh printer/scanner/fax/copier. It seems to think that about 6 MB is as big of an email attachment as it can send so it splits up the PDFs into base64-encoded attachments. If you find yourself in a similar situation:

  • save the raw base64 text (if you’re using GMail, “show original” is your friend) and trim the extraneous text.
  • concatenate the multiple pieces together: cat part1 part2 > all.base64.
  • decode the whole thing: cat all.base64 | base64 -d > myscan.pdf.

As I wrote previously, Project Jigsaw is coming into JDK 9 in several large steps. JEP 200 defines the modular structure of the JDK, JEP 201 reorganizes the JDK source code into modular form, and JEP 220 restructures the JDK and JRE run-time images to support modules. The actual module system will be defined in JSR 376, which is just getting under way, and implemented by a corresponding JEP, yet to be submitted.

We implemented the source-code reorganization (JEP 201) last August. This step, by design, had no impact on developers or end users.

Most of the changes for modular run-time images (JEP 220) were integrated late last week and are now available in JDK 9 early-access build 41. This step, in contrast to the source-code reorganization, will have significant impact on developers and end users. All of the details are in the JEP, but here are the highlights:

  • JRE and JDK images now have identical structures. Previously a JDK image embedded the JRE in a jre subdirectory; now a JDK image is simply a run-time image that happens to contain the full set of development tools and other items historically found in the JDK.

  • User-editable configuration files previously located in the lib directory are now in the new conf directory. The files that remain in the lib directory are private implementation details of the run-time system, and should never be opened or modified.

  • The endorsed-standards override mechanism has been removed. Applications that rely upon this mechanism, either by setting the system property java.endorsed.dirs or by placing jar files into the lib/endorsed directory of a JRE, will not work. We expect to provide similar functionality later in JDK 9 in the form of upgradeable modules.

  • The extension mechanism has been removed. Applications that rely upon this mechanism, either by setting the system property java.ext.dirs or by placing jar files into the lib/ext directory of a JRE, will not work. In most cases, jar files that were previously installed as extensions can simply be placed at the front of the class path.

  • The internal files rt.jar, tools.jar, and dt.jar have been removed. The content of these files is now stored in a more efficient format in implementation-private files in the lib directory. Class and resource files previously in tools.jar and dt.jar are now always visible via the bootstrap or application class loaders in a JDK image.

  • A new, built-in NIO file-system provider can be used to access the class and resource files stored in a run-time image. Tools that previously read rt.jar and other internal jar files directly should be updated to use this file system.

We’re aware that these changes will break some applications, in particular IDEs and other development tools which rely upon the internal structure of the JDK. We think that the improvements to performance, security, and maintainability enabled by these changes are, however, more than worth it. We’ve already reached out to the maintainers of the major IDEs to make sure that they know about these changes, and we’re ready to assist as necessary.

If you have trouble running an existing application on JDK 9 build 41 or later and you think it’s due to this restructuring, yet not caused by one of the changes listed above or in JEP 220, then please let us know on the jigsaw-dev mailing list (you’ll need to subscribe first, if you haven’t already), or else submit a bug report via bugs.java.com. Thanks!