Planet Classpath

Over the last twelve months or so, one of my projects has been fixing and reviewing fixes of javac lint warnings in the JDK 9 code base (varargs, fallthrough, serial, finally, overrides, deprecation, raw and unchecked) and once a warning category is cleared, making new instances of that category a fatal build error. Ultimately, all the warnings in the jdk repository were resolved and -Xlint:all -Werror is now used in the build.

Being involved in fixing several thousand warnings, I'd like to share some tips for developers who want to undertake an analogous task of cleaning up the technical debt of javac lint warnings in their own code base. First, I recommend tackling the warnings in a way that aligns well with the build system of the project, with a consideration of getting some code protected by the compiler from some warning categories as soon as possible. While the build of the JDK has been re-engineered over the course of the warnings cleanup, to a first approximation the build has been organized around Hg repositories. (At present, in JDK 9 the build is actually arranged around modules. A few years ago, the build was organized around Java packages rather than repositories.) A warnings cleanup isn't really done until introducing new instances of the warning cause a build failure; new warnings are too easy to ignore otherwise. Therefore, for JDK 9, the effort was organized around clearing the whole jdk repository of a warning category and then enabling that warning category in the build as opposed to, say, completely clearing a particular package of all warnings and then moving to the next package.

There are two basic approaches to resolving a warning: suppressing it using the @SuppressWarnings mechanism or actually fixing the code triggering the warning. The first approach is certainly more expedient. While it doesn't directly improve the code base, it can offer an indirect benefit of creating a situation where new warnings can be kept out of the code base by allowing a warning to be turned on in the build sooner. The different warning categories span a range of severity levels and while some warnings are fairly innocuous, others are suspicious enough that I'd recommend always fixing them if a fix is feasible. When resolving warnings in the JDK, generally the non-deprecation warnings categories were fixed while the deprecation warnings were suppressed with a follow-up bug filed. The non-deprecation warnings mostly require Java language expertise to resolve and little area expertise; deprecation warnings are the reverse, often quite deep area expertise is needed to develop and evaluate a true fix.

Tips on addressing specific categories of lint warnings:

[cast]: Warn about use of unnecessary casts.
Since these warnings are generated entirely from the the contents of method bodies, there is no impact to potential callers of the code. Also, the casts analyzed as redundant by javac are easy and safe to remove; fixing cast warnings is essentially a zero-risk change.
[fallthrough]: Warn about falling through from one case of a switch statement to the next.
When such a falling through is not intentional, it can be a very serious bug. All fallthrough switch cases should be examined for correctness. An idiomatic and intentional fallthrough should have two parts: first, the cases in question should be documented in comments explaining that the fallthrough is expected and second, an @SuppressWarnings({"fallthrough"}) annotation should be added to the method containing the switch statement.

See also the discussion of switch statements in Java Puzzlers, Puzzler 23: No Pain, No Gain.

[static]: Warn about accessing a static member using an instance.
This is an unnecessary and misleading coding idiom that should be unconditionally removed. The fix is to simply refer to the static member using the name of the type rather than an instance of the type.

This coding anti-pattern is discussed in Java Puzzlers, Puzzle 48: All I Get Is Static.

[dep-ann]: Warn about items marked as deprecated in JavaDoc but not using the @Deprecated annotation
Since Java SE 5.0, the way to mark an element as deprecated is to modify it with a @Deprecated annotation. While a @deprecated javadoc tag should be used to describe all @Deprecated elements, the javadoc tag is informative only and does not mean the element is treated as deprecated by the compiler.

A element should have an @deprecated javadoc tag in its javadoc if and only if the element is @Deprecated.

Therefore, the fix should be to either remove the @deprecated javadoc tag if the element should not be deprecated or add the @Deprecated annotation if it should be deprecated.

[serial]: Warn about Serializable classes that do not provide a serialVersionUID.
Serialization is a subtle and complex protocol whose compatibility impact on evolving a type should not be underestimated. To check for compatibility between the reader of serial stream data and the writer of the data, besides matching the names of the reader and writer, identification codes of the reader and the writer are also compared and the serial operation fails if the codes don't match. When present, a serialVersionUID field of a class stores the identification code, called a Stream Unique Identifier (SUID) in serialization parlance. When a serialVersionUID field is not present, a particular hashing algorithm is used to compute the SUID instead. The hash algorithm is perturbed by many innocuous changes to a class and can therefore improperly indicate a serial incompatibility when no such incompatibility really exists. To avoid this hazard, a serialVersionUID field should be present on all Serializable classes following the usual cross-version serialization contracts, including Serializable abstract superclasses.

If a Serializable class without a serialVersionUID has already been shipped in a release, running the serialver tool on the type in the shipped release will return the serialVersionUID declaration needed to maintain serial compatibility.

For further discussion, see Effective Java, 2nd Edition, Item 74: Implement Serializable judiciously.

[overrides]: Warn about issues regarding method overrides.
As explained in Effective Java, 2nd Edition, Item 9: Always Override hashCode when you override equals, for objects to behave properly when used in collections, they must have correct equals and hashCode implementations. The invariant checked by javac is more nuanced than the one discussed in Effective Java; javac checks that if a class overrides equals, hashCode has been overriden somewhere in the superclass class chain of the class. It is common for a set of related classes to be able to share a hashCode implementation, say a function of a private field in the root superclass in a set of related types. However, each class will still need to have its own equals method for the usual instanceof check on the argument to equals.
[deprecation]: Warn about use of deprecated items.
Well documented @Deprecated elements suggest a non-deprecated replacement. When using a replacement is not feasible, or no such replacement exists, @SuppressWarnings("deprecation") can be used to acknowledge the situation and remove the warning. A small language change made in JDK 9 makes suppressing deprecation warnings tractable.
[rawtypes]: Warn about use of raw types.
[unchecked]: Warn about unchecked operations.
Both rawtypes and unchecked warnings are linked to the same underlying cause: incomplete generification of APIs and their implementations. Generics shipped in 2004 as part of Java SE 5.0; Java code written and used today should be generics aware! Being generics-aware has two parts, using generics property in the signature / declaration of a method, constructor, or class and using generics property in method and constructor bodies. Many uses of generics are straightforward; if you have a list that only contains strings, it should probably be declared as a List<String>. However, some uses of generics can be subtle and are out of scope for this blog entry. However, extensive guides are available with detailed advice. IDEs also provide refactorings for generics; check their documentation for details.

I hope these tips help you make your own Java project warnings-free.

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.5.x series with the January 2014 security fixes.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Full details of the release can be found below.

What’s New?

New in release 2.5.4 (2015-01-21)

  • Security fixes
  • Backports
    • S6461635: [TESTBUG] test fails intermittently
    • S6545422: [TESTBUG] uses wrong path name in exec
    • S6653795: C2 intrinsic for Unsafe.getAddress performs pointer sign extension on 32-bit systems
    • S7028073: The currency symbol for Peru is wrong
    • S7047033: (smartcardio) Card.disconnect(boolean reset) does not reset when reset is true
    • S7183753: [TEST] Some colon in the diff for this test
    • S7077119, PR2165, G534118: remove past transition dates from file
    • S7085757: Currency Data: ISO 4217 Amendment 152
    • S7169142: CookieHandler does not work with localhost
    • S7172012, PR2067: Make test-in-build an option (Queens)
    • S7185456: (ann) Optimize Annotation handling in java/sun.reflect.* code for small number of annotations
    • S7195759: ISO 4217 Amendment 154
    • S8000897, RH1155012: VM crash in CompileBroker
    • S8001105: findVirtual of Object[].clone produces internal error
    • S8005232: (JEP-149) Class Instance size reduction
    • S8006748: getISO3Country() returns wrong value
    • S8012026: [macosx] Component.getMousePosition() does not work in an applet on MacOS
    • S8015421: NegativeArraySizeException occurs in ChunkedOutputStream() with Integer.MAX_VALUE
    • S8020190, PR2160, RH1176718: Fatal: Bug in native code: jfieldID must match object
    • S8021121: ISO 4217 Amendment Number 156
    • S8021372: NetworkInterface.getNetworkInterfaces() returns duplicate hardware address
    • S8022721: TEST_BUG: throws java.lang.IllegalStateException: unexpected condition
    • S8025051: Update resource files for TimeZone display names
    • S8026792: HOTSPOT: licensee reports a JDK8 build failure after 8005849/8005008 fixes integrated.
    • S8027359: XML parser returns incorrect parsing results
    • S8028623, PR2112, RH1168693: SA: hash codes in SymbolTable mismatching java_lang_String::hash_code for extended characters.
    • S8028627: Unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store codebase mappings
    • S8028726: (prefs) Check src/solaris/native/java/util/FileSystemPreferences.c for JNI pending exceptions
    • S8029153: [TESTBUG] test/compiler/7141637/ fails because it expects NullPointerException
    • S8031046: Native Windows ccache might still get unsupported ticket
    • S8031502: JSR292: IncompatibleClassChangeError in LambdaForm for CharSequence.toString() method handle type converter
    • S8032078: [macosx] CPlatformWindow.setWindowState throws RuntimeException, if windowState=ICONIFIED|MAXIMIZED_BOTH
    • S8032669: Mouse release not being delivered to Swing component in 7u45
    • S8032788: ImageIcon constructor throws an NPE and hangs when passed a null String parameter
    • S8032909: XSLT string-length returns incorrect length when string includes complementary chars
    • S8034200: Test java/net/CookieHandler/ fails after fix of JDK-7169142
    • S8036863: Update jdk7 testlibrary to match jdk8 in hotspot
    • S8040168: Set hotspot version to hs24.66 and build to b01 for 7u66
    • S8040617: [macosx] Large JTable cell results in a OutOfMemoryException
    • S8041132: Increment hsx 24.66 build to b02 for 7u66-b09
    • S8041408: Increment hsx 24.55 build to b04 for 7u55-b34
    • S8041572: [macosx] huge native memory leak in AWTWindow.m
    • S8041990: [macosx] Language specific keys does not work in applets when opened outside the browser
    • S8043610: Sorting columns in JFileChooser fails with AppContext NPE
    • S8044603: Increment minor version of HSx for 7u71 and initialize the build number
    • S8046343: (smartcardio) CardTerminal.connect(‘direct’) does not work on MacOSX
    • S8049250: Need a flag to invert the Card.disconnect(reset) argument
    • S8049343: (tz) Support tzdata2014g
    • S8049758: Increment minor version of HSx for 7u75 and initialize the build number
    • S8050485: super() in a try block in a ctor causes VerifyError
    • S8051359: JPopupMenu creation in headless mode with JDK9b23 causes NPE
    • S8051614: smartcardio TCK tests fail due to lack of ‘reset’ permission
    • S8055222: Currency update needed for ISO 4217 Amendment #159
    • S8056211: api/java_awt/Event/InputMethodEvent/serial/index.html#Input[serial2002] failure
    • S8057184: JCK8′s api/javax_swing/JDesktopPane/descriptions.html#getset failed with GTKLookAndFeel on Linux and Solaris
    • S8058715: stability issues when being launched as an embedded JVM via JNI
    • S8059206: (tz) Support tzdata2014i
    • S8060474: Resolve more parsing ambiguity
    • S8061685: Increment hsx 24.75 build to b02 for 7u75-b06
    • S8061785: [TEST_BUG] serviceability/sa/jmap-hashcode/ has utf8 character corrupted by earlier merge
    • S8061826: Part of JDK-8060474 should be reverted
    • S8062561: Test bug8055304 fails if file system default directory has read access
    • S8062807: Exporting RMI objects fails when run under restrictive SecurityManager
    • S8064300: Increment hsx 24.75 build to b03 for 7u75-b06
    • S8064560: (tz) Support tzdata2014j
    • S8065608: 7u75 l10n resource file translation update
    • S8065787: Increment hsx 24.75 build to b04 for 7u75-b10
    • S8066747: Backing out Japanese translation change in
    • S8067364, PR2145, RH114622: Printing to Postscript doesn’t support dieresis
  • Bug fixes
    • PR2064: Unset OS before running OpenJDK build
    • PR2069: Type-punning warnings still evident on RHEL 5
    • PR2094, RH1163501: 2048-bit DH upper bound too small for Fedora infrastructure
    • PR2123: SunEC provider crashes when built using system NSS
    • PR2124: Synchronise elliptic curves in with those listed by NSS
    • PR2135: Race condition in SunEC provider with system NSS
    • PR2161: RHEL 6 has a version of GIO which meets the version criteria, but has no g_settings_*
    • PR2032: CACAO lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3
  • JamVM
    • PR2050: JamVM lacks JVM_FindClassFromCaller introduced by security patch in 2.5.3
    • PR2171: JamVM builds with executable stack, causing failures on SELinux & PaX kernels
  • AArch64 port
    • Use the IcedTea7 fork version rather than the one based on HotSpot 25.
    • Add arch-specific processing of tmp1 register needed for d/f2i
    • Add char_array_equals intrinsic
    • Add CNEG and CNEGW to macro assembler.
    • Add frame anchor fences.
    • Add missing instruction synchronization barriers and cache flushes.
    • Add some memory barriers for object creation and runtime calls.
    • Add support for A53 multiply accumulate
    • Add support for AES Intrinsics
    • Add support for pipeline scheduling
    • Add support for String.indexOf intrinsic
    • Added make rules to allow aarch64-x86 hybrid build to progress
    • Added missing aarch64-specific include
    • Added missing aarch64-specific make file
    • Added missing changes for debug code
    • Added missing inline method
    • Added missing shared global UseCRC32Intrinsics
    • Added pd global UseVectoredExceptions
    • Add local method to redirect to AbstractAssembler::relocate
    • Add missing declarations for CRC32 methods
    • Add missing include
    • Add missing special case code for aarch64
    • Add rules to assemble .S files
    • Add support for storing aarch64 call format
    • Add wrapper method to avoid dependency on not yet defined code buffer class
    • Added missing endif
    • Allow for 0×400 aligned offsets for byte_map_base
    • Array load must only read 32 bits
    • A more efficient sequence for C1_MacroAssembler::float_cmp.
    • Backout 8c8b5e62e624 and instead move .S rule from zeroshark.make to rules.make
    • Backout additional changes made in ec6a6772fed6, which revert parts of the PPC/AIX port and IcedTea fixes.
    • Call ICache::invalidate_range() from Relocation::pd_set_data_value().
    • Changed klass oop encode to heap oop encode
    • Changed Method* to methodOop
    • Correct assert to allow for AArch64
    • Correct for difference in include hierarchy
    • Correct typos
    • Corrected error in disassembler code
    • Corrected include
    • Corrected include path
    • Corrected pipeline class for countTrailingZerosL
    • Corrected type
    • Corrected typo
    • Correct includes
    • Correct Method to methdoOopDesc
    • Define uabs(). Use it everywhere an absolute value is wanted.
    • Defn of BIND does not need to use __ macro
    • Delete dead code.
    • Disassembler library should be built as
    • Don’t test arraycopy routines when using AArch64 simulator
    • Emit_int64 is renamed
    • Ensure byte_map_base can be loaded using adrp with no need for following ldr
    • Ensure C1 static call stub employs absolute move to allow patching
    • Ensure C2 static calls use correct call adddress in static stub reloc
    • Ensure perm gen size is not rounded down to zero
    • Ensure rmethod is reloaded from stack when interpreter makes non leaf VM call
    • Ensure we pick up if BUILTIN_SIM is true
    • Fix couple of mistakes in generate of method handle dispatch
    • Fix cut and paste-o in header
    • Fixed another typo
    • Fixed error in include
    • Fixed hsdis for aarch64 native or simulated
    • Fixed various typos and omissions
    • Fixed various typos, overlooked cases and wrong accessors
    • Fix error introduced into profiling code
    • Fix guarantee failure in synchronizer.cpp
    • Fix more errors introduced into interpreter profile counter increment
    • Fix relocations
    • Fix several small typos
    • Fix some typos
    • Fix thinko in Atomic::xchg_ptr.
    • Fix typo
    • Fix up aarch64-specific patching code
    • Fix up crc32 support
    • Fix various typos
    • Get rid of unnecessary declaration
    • Guess at how to implement C1 deoptimize_trap generator
    • Initial cut of aarch64 code pulled from jdk8 tree
    • Make aarch64-x86 hybrid build use correct paths
    • Make hsdis handle aarch64 native case
    • Make static stubs load methodOop in cpool to avoid problems at GC
    • Miscellaneous bug fixes.
    • Missing change needed to support aarch64 build
    • Modified make files to support aarch64 build
    • Modified shared src to support full aarch64 backport
    • Moved fields which need access from java to top level
    • Need to actually return the adapter code size
    • Need to pass CFLAGS when assembling .S files using CC_COMPILE
    • Need to use class handle not class
    • Provide missing CRC32 methods
    • Reload rcpool register after a VM call in case a permgen GC has moved the cache
    • Relocated aarch64 vtable generate code to conform to jdk7
    • Remove comment to avoid breaking macro
    • Removed aarch64 compiled_IC implementation to conform to jdk7
    • Removed metaspaceShared code to conform to jdk7
    • Removed redundant field use_XOR_for_compressed_class_base
    • Removed some errors in signal handling code
    • Removed undefined metadata case
    • Remove redundant bracket
    • Remove support for volatile load/store rules in ad file
    • Renamed emit_int32 to emit_long and added local emit_long64 in place of missing emit_int64
    • Restored missing open brace
    • Restored several load_heap_oop calls lost in translation
    • Restore working x86 build
    • Reverted aarch64 architecture description (ad) file to conform to jdk7
    • Reverted aarch64 c1_xxx files to conform to jdk7
    • Reverted aarch64 c2 globals to conform to jdk7
    • Reverted aarch64 frame code to conform to jdk7
    • Reverted aarch64 runtime code to conform to jdk7
    • Reverted aarch64 stubs code to conform to jdk7
    • Reverted aarch64 template interpreter code to conform to jdk7
    • Reverted aarch64 vm structs code to conform to jdk7
    • Reverted aarch64 vm version code to conform to jdk7
    • Reverted aarch64 vtable stubs code to conform to jdk7
    • Reverted assembler_aarch64.cpp/hpp to conform to jdk7
    • Reverted bytecodeInterpreter_aarch64 to conform to jdk7
    • Reverted global defs code to conform to jdk7
    • Reverted instr cache code to conform to jdk7
    • Reverted interpreter code to conform to jdk7
    • Reverted interpreter masm code to conform to jdk7
    • Reverted jni code to conform to jdk7
    • Reverted method handles code to conform to jdk7
    • Reverted native instr code to conform to jdk7
    • Reverted os_cpu/linux_aarch64 code to conform to jdk7
    • Reverted reloc info code to conform to jdk7
    • Revert Method:: etc to methodOopDesc:: etc
    • Scripts to build aarch64-x86 hybrid and aarch64 native debug images
    • Some errors revealed when building debug image
    • Temporarily disable running test_gamma
    • Tidy up allocation prefetch
    • Use correct post-increment size in repne_scanw
    • Use membar rules and delete special case volatile rules
    • Use method register to access counter increment field
    • Use movoop in C1 ic_call to keep verifier happy
    • Use os::malloc to allocate the register map.
    • Use the correct return value from the VM resolve call
    • Use TLS for ThreadLocalStorage::thread()
    • Various changes to accommodate inclusion of ppc port in icedtea7
    • Various concurrency fixes.
    • Work around weird compiler issue

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

  • PGP Key: rsa4096/248BDC07 (hkp://
  • Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

I’m transitioning to the use of a new key for signing releases over the next year. Signatures made with this key are available at:

and the new key is:

  • PGP Key: ed25519/35964222 (hkp://
  • Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222

SHA256 checksums:

  • 5301b9a8592af2cf8e3e7a3650e5e1fe744c6d2de7f8ff78080b2eeae86a9800 icedtea-2.5.4.tar.gz
  • 379388e05eeb2076fad256c95e8045f5b83ce18f9aac4f9d3875eafe840cb6e6 icedtea-2.5.4.tar.gz.sig
  • 3d34129aa9c85f7e0cf8a90b8456a750a05951928d32ca00170dcb7b02ef5b05
  • 1b50f5c42417c899e0dc831351470557c504c4e648f72cc621be9318c215ffda icedtea-2.5.4.tar.xz
  • c86eeaefb7c7b6e869c24933da07882a2779d045b1d6b05d77f36ac7a089aeb0 icedtea-2.5.4.tar.xz.sig

The checksums can be downloaded from:

A 2.5.4 ebuild for Gentoo is available.

The following people helped with these releases:

  • Andrew Dinn (AArch64 backport)
  • Andrew Hughes (all backports & bug fixes, release management)
  • Robert Lougher (JamVM build fix)
  • Xerxes Rånby (CACAO build fix)
  • Pavel Tisnovsky (executable stack issue with JamVM)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.5.4.tar.gz


$ tar x -I xz -f icedtea-2.5.4.tar.xz


$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.5.4/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

For technical reason and in accordance with the speakers, I changed slightly the schedule.

The “Fortress” talk has been canceled, while I switched “Building an open Internet of Things with Java and Eclipse IoT” and “Java restart with WebFX“, and this last one will get a slightly longer slot:

12:30 – 12:55  Building an open Internet of Things with Java and Eclipse IoT
17:00 – 17:55  Java restart with WebFX

The full schedule is already online:

At work I have cause to edit a TWiki that my team uses for internal documentation. I wanted to use Emacs for this task, so that I wouldn’t need to interact with a web browser text area widget. I couldn’t find anything that did that, so I took the closest thing I could find, erin.el, a TWiki markup mode, and added connectivity to it via Emacs’s url package.

The result is a fork of erin.el that supports these new operations:

Log in: M-x erin-log-in
Edit a topic: M-x erin-edit-topic
Commit edits: C-c C-c
Cancel edits: C-c C-k
Log out: M-x erin-log-out

without ever leaving Emacs. Now with EWW to see the resulting pages, there’s no need to leave Emacs at all.

This being a fork, it doesn’t qualify for MELPA, and I can’t get in touch with the original author, so it will stay in limbo as a raw repo, without ever being packaged.

A while after I did this development, emacs-twiki-mode sprang up. It looks like it has some nice advantages, like orgtbl editing. If it used Emacs’s built-in URL handling instead of an external bash script I would probably switch to it. For now my erin.el fork works well enough for me. I do wish there were one monster Emacs mode that would handle all Wiki server implementations, including connectivity; a sort of Gnus for Wikis. Oh well.

I recently had occasion to scan some papers using a sheet-fed Ricoh printer/scanner/fax/copier. It seems to think that about 6 MB is as big of an email attachment as it can send so it splits up the PDFs into base64-encoded attachments. If you find yourself in a similar situation:

  • save the raw base64 text (if you’re using GMail, “show original” is your friend) and trim the extraneous text.
  • concatenate the multiple pieces together: cat part1 part2 > all.base64.
  • decode the whole thing: cat all.base64 | base64 -d > myscan.pdf.

As part of milling Project Coin in JDK 9, the try-with-resources statement has been improved. If you already have a resource as a final or effectively final variable, you can use that variable in the try-with-resources statement without declaring a new variable in the try-with-resources statement.

For example, given resource declarations like

        // A final resource
        final Resource resource1 = new Resource("resource1");
        // An effectively final resource
        Resource resource2 = new Resource("resource2");

the old way to write the code to manager these resources would be something like:

        // Original try-with-resources statement from JDK 7 or 8
        try (Resource r1 = resource1;
             Resource r2 = resource2) {
            // Use of resource1 and resource 2 through r1 and r2.

while the new way can be just

        // New and improved try-with-resources statement in JDK 9
        try (resource1;
             resource2) {
            // Use of resource1 and resource 2.

An initial pass has been made over the java.base module in JDK 9 to update the JDK libraries to use this new language feature.

You can try out these changes in your own code using a JDK 9 snapshot build. Enjoy!

I just committed  ACPI support on OpenBSD for GAP's Battery Monitor.
Check it out and enjoy GNUstep on your laptops.

The second release candidate is available. It can be downloaded here or from NuGet.

What's New (relative to rc 0):

  • Fixed build error when using Java 8u25 or newer.
  • Bug fix. Unsafe.compareAndSwapObject should resolve field before passing it to MakeTypedReference.
  • Implemented OperatingSystemMXBean.getFreePhysicalMemorySize and OperatingSystemMXBean.getTotalPhysicalMemorySize.

Binaries available here:


DataBasin 0.8 is out!

After several months of development and testing, many news:
  • DataBasin is now divided in its DataBasinKit framework which is LGPL'd and the application itself
  • (CSV writing) Support of empty fields in empty semi-joined objects through query parsing
  • (CSV writing) Support for writing fields in exact order as in user query, trough query parsing
  • Select Identify supports LIMIT
  • Customizable CSV file quoting and separator
  • Support for COUNT and aggregate queries
  • Object Inspector supports selection of values in cells
The most important news is the DataBasinKit separation.
The most important feature instead is DataBasin ability to parse the SOQL query and thus rearrange the output fields in CSV files not as Salesforce returns them but as the user requested them. The same feature allows related objects (. notation) to be null and retain the correct columns in the CSV file.

The schedule for the Free Java Devroom just appeared online:

I’m looking forward to enjoy this Fosdem, not only the Free Java DevRoom itself has lots of great content, but as it is usually the case the same can be said about most other DevRooms. It will be a very difficult choice to decide where to go and what to see :)

As I wrote previously, Project Jigsaw is coming into JDK 9 in several large steps. JEP 200 defines the modular structure of the JDK, JEP 201 reorganizes the JDK source code into modular form, and JEP 220 restructures the JDK and JRE run-time images to support modules. The actual module system will be defined in JSR 376, which is just getting under way, and implemented by a corresponding JEP, yet to be submitted.

We implemented the source-code reorganization (JEP 201) last August. This step, by design, had no impact on developers or end users.

Most of the changes for modular run-time images (JEP 220) were integrated late last week and are now available in JDK 9 early-access build 41. This step, in contrast to the source-code reorganization, will have significant impact on developers and end users. All of the details are in the JEP, but here are the highlights:

  • JRE and JDK images now have identical structures. Previously a JDK image embedded the JRE in a jre subdirectory; now a JDK image is simply a run-time image that happens to contain the full set of development tools and other items historically found in the JDK.

  • User-editable configuration files previously located in the lib directory are now in the new conf directory. The files that remain in the lib directory are private implementation details of the run-time system, and should never be opened or modified.

  • The endorsed-standards override mechanism has been removed. Applications that rely upon this mechanism, either by setting the system property java.endorsed.dirs or by placing jar files into the lib/endorsed directory of a JRE, will not work. We expect to provide similar functionality later in JDK 9 in the form of upgradeable modules.

  • The extension mechanism has been removed. Applications that rely upon this mechanism, either by setting the system property java.ext.dirs or by placing jar files into the lib/ext directory of a JRE, will not work. In most cases, jar files that were previously installed as extensions can simply be placed at the front of the class path.

  • The internal files rt.jar, tools.jar, and dt.jar have been removed. The content of these files is now stored in a more efficient format in implementation-private files in the lib directory. Class and resource files previously in tools.jar and dt.jar are now always visible via the bootstrap or application class loaders in a JDK image.

  • A new, built-in NIO file-system provider can be used to access the class and resource files stored in a run-time image. Tools that previously read rt.jar and other internal jar files directly should be updated to use this file system.

We’re aware that these changes will break some applications, in particular IDEs and other development tools which rely upon the internal structure of the JDK. We think that the improvements to performance, security, and maintainability enabled by these changes are, however, more than worth it. We’ve already reached out to the maintainers of the major IDEs to make sure that they know about these changes, and we’re ready to assist as necessary.

If you have trouble running an existing application on JDK 9 build 41 or later and you think it’s due to this restructuring, yet not caused by one of the changes listed above or in JEP 220, then please let us know on the jigsaw-dev mailing list (you’ll need to subscribe first, if you haven’t already), or else submit a bug report via Thanks!

The first release candidate is available. It can be downloaded here or from NuGet.

What's New (relative to IKVM.NET 7.4):

  • Merged OpenJDK 8 b132.
  • Support for Java 8 features.
  • Improvements to sun.misc.Unsafe compatibility.
  • Various bug fixes.

Changes since previous development snapshot:

  • Assemblies are strong named.

Binaries available here:


For almost a year now I’ve had a Yoga 2 Pro. Despite some people thinking the name is silly and me only using the screen rotation once (on a plane), it’s a nice machine and Fedora 20 running GNOME is great on it. The only non-stock thing to do1 is, in Firefox, open about:config and set layout.css.devPixelsPerPx to 2.

When I bought it, I cheaped out and got the 256 GB disk. I shouldn’t have, so I recently bought a 1 TB mSATA disk to replace it. I also bought an mSATA -> USB3 enclosure to use for dding everything over to the new disk.

For reasons I can’t recall I have my encrypted /home *not* on a logical volume so growing it into the free space on the new disk basically just involved booting from a live USB stick, unlocking the LUKS volume, using gdisk to delete the existing partition and creating a new, larger one starting at the same offset, e2fsck, and resize2fs. If you’re going to do this yourself, you should of course back up your data first.

Physically changing the disk involved removing the 11 T5 bolts on the bottom and the pesky Phillips 00 bolt holding the SSD in place.


Well, depending upon how old your kernel is, you may also need to rmmod/blacklist ideapad_laptop.

I'll be back again at EclipseCon Europe in Ludwigsburg, Germany on October 28th to speak Tuesday afternoon at 3 PM, and enjoy Simon Ritter's Lambda tutorial on Tuesday morning at 9 AM.

As usual, if there is something around OpenJDK you'd like to chat about, let me know on Twitter (or send me an e-mail), and we'll find some space and time.

See you there!
This year's JavaOne featured a new press release from Oracle mentioning OpenJDK. Here are the relevant excerpts:

Since its launch, Java SE 8 has seen record adoption, and the OpenJDK Community continues to thrive with contributions from Oracle as well as from other companies, researchers, and individual developers.

Oracle has begun work on the JDK 9 Project in the OpenJDK Community. New features will focus on modularity, performance, stability, and portability.

The OpenJDK Community continues to host the development of both the Java SE Platform Specification and its Reference Implementation, the JDK, fueled by contributions from Oracle and new and existing organizations and individuals. New participants in OpenJDK include:
* The FreeBSD Foundation, which will be collaborating with Oracle and others on producing OpenJDK binaries targeted to FreeBSD users via the FreeBSD Ports Collection
* The Digital Energy Business of the General Electric Company, which recently joined the OpenJDK Community and will be collaborating with Oracle and others on improving stability and performance of multilanguage virtual machine support via the invokeDynamic (JSR 292) API
* Microsoft Open Technologies, Inc., which will be contributing its expertise in networking, performance, and integration to the community.
The OpenJDK Community hosts many new projects that will continue to move the Java SE platform forward. These include Valhalla, which is exploring advanced language and JVM features; Panama, which aims to improve the connections between Java and native code; and smaller efforts such as Annotations Pipeline 2.0,, Device I/O, and Memory Model Update.

Taken from the Oracle press release titled Oracle Highlights Continued Java SE Momentum and Innovation at JavaOne 2014.

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as the ability to build against system libraries and support for alternative virtual machines and architectures beyond those supported by OpenJDK.

This release updates our OpenJDK 7 support in the 2.5.x series with the October 2014 security fixes.

If you find an issue with the release, please report it to our bug database under the appropriate component. Development discussion takes place on the distro-pkg-dev OpenJDK mailing list and patches are always welcome.

Note that alternate virtual machines (e.g. CACAO, JamVM) will be broken by this release, until such a time as they introduce support for JVM_FindClassFromCaller, a new virtual machine interface function added by S8015256

Full details of the release can be found below.

What’s New?

New in release 2.5.3 (2014-10-14)

  • Security fixes
  • Backports
    • S4963723: Implement SHA-224
    • S7044060: Need to support NSA Suite B Cryptography algorithms
    • S7122142: (ann) Race condition between isAnnotationPresent and getAnnotations
    • S7160837: DigestOutputStream does not turn off digest calculation when “close()” is called
    • S8006935: Need to take care of long secret keys in HMAC/PRF compuation
    • S8012637: Adjust CipherInputStream class to work in AEAD/GCM mode
    • S8028192: Use of PKCS11-NSS provider in FIPS mode broken
    • S8038000: java.awt.image.RasterFormatException: Incorrect scanline stride
    • S8039396: NPE when writing a class descriptor object to a custom ObjectOutputStream
    • S8042603: ‘SafepointPollOffset’ was not declared in static member function ‘static bool Arguments::check_vm_args_consistency()’
    • S8042850: Extra unused entries in ICU ScriptCodes enum
    • S8052162: REGRESSION: sun/java2d/cmm/ColorConvertOp tests fail since 7u71 b01
    • S8053963: (dc) Use DatagramChannel.receive() instead of read() in connect()
    • S8055176: 7u71 l10n resource file translation update
  • Bug fixes
    • PR1988: C++ Interpreter should no longer be used on ppc64
    • PR1989: Make handle missing programs better and be more verbose
    • PR1992, RH735336: Support retrieving proxy settings on GNOME 3.12.2
    • PR2000: Synchronise HEAD tarball paths with release branch paths
    • PR2002: Fix references to following PR2000
    • PR2003: –disable-system-gtk option broken by refactoring in PR1736
    • PR2009: Checksum of policy JAR files changes on every build
    • PR2014: Use version from to create tarball filename
    • PR2015: Update documentation in INSTALL
    • PR2025: LCMS_CFLAGS & LCMS_LIBS should not be used unless SYSTEM_LCMS is enabled
    • RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError (revised comprehensive fix)
  • AArch64 port
    • AArch64 C2 instruct for smull
    • Add frame anchor fences.
    • Add MacroAssembler::maybe_isb()
    • Add missing instruction synchronization barriers and cache flushes.
    • Add support for a few simple intrinsics
    • Add support for builtin crc32 instructions
    • Add support for Neon implementation of CRC32
    • All address constants are 48 bits in size.
    • array load must only read 32 bits
    • Define uabs(). Use it everywhere an absolute value is wanted.
    • Fast string comparison
    • Fast String.equals()
    • Fix register usage in generate_verify_oop().
    • Fix thinko in Atomic::xchg_ptr.
    • Fix typo in fsqrts
    • Improve C1 performance improvements in ic_cache checks
    • Performance improvement and ease of use changes pulled from upstream
    • Remove obsolete C1 patching code.
    • Replace hotspot jtreg test suite with tests from jdk7u
    • S8024648: 7141246 breaks Zero port
    • Save intermediate state before removing C1 patching code.
    • Unwind native AArch64 frames.
    • Use 2- and 3-instruction immediate form of movoop and mov_metadata in C2-generated code.
    • Various concurrency fixes.

The tarballs can be downloaded from:

We provide both gzip and xz tarballs, so that those who are able to make use of the smaller tarball produced by xz may do so.

The tarballs are accompanied by digital signatures available at:

These are produced using my public key. See details below.

SHA256 checksums:

  • 44df11ac8e5ace7194e7372ef169909e0dab31d6b2f6bbae9a9c33af2cc54540 icedtea-2.5.3.tar.gz
  • ac7c1ae97eef2d1c650ab7a21091f71e83a984f37a12c802c0f319f1438b0101 icedtea-2.5.3.tar.gz.sig
  • f4f2922cfec262496e935f81c1d39af66a789f69aa12d1ceee51bcca8934f1f0 icedtea-2.5.3.tar.xz
  • ed9b9cbc1237bfbf619e2cccfddf1002901371e94177a8becd85036be1ccf29a icedtea-2.5.3.tar.xz.sig

The checksums can be downloaded from:

A 2.5.3 ebuild for Gentoo is available.

The following people helped with these releases:

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-2.5.3.tar.gz


$ tar x -I xz -f icedtea-2.5.3.tar.xz


$ mkdir icedtea-build
$ cd icedtea-build
$ ../icedtea-2.5.3/configure
$ make

Full build requirements and instructions are available in the INSTALL file.

Happy hacking!

I started hacking on firefox recently. And, of course, I’ve configured emacs a bit to make hacking on it more pleasant.

The first thing I did was create a .dir-locals.el file with some customizations. Most of the tree has local variable settings in the source files — but some are missing and it is useful to set some globally. (Whether they are universally correct is another matter…)

Also, I like to use bug-reference-url-mode. What this does is automatically highlight references to bugs in the source code. That is, if you see “bug #1050501″, it will be buttonized and you can click (or C-RET) and open the bug in the browser. (The default regexp doesn’t capture quite enough references so my settings hack this too; but I filed an Emacs bug for it.)

I put my .dir-locals.el just above my git checkout, so I don’t end up deleting it by mistake. It should probably just go directly in-tree, but I haven’t tried to do that yet. Here’s that code:

 ;; Generic settings.
 (nil .
      ;; See C-h f bug-reference-prog-mode, e.g, for using this.
      ((bug-reference-url-format . "")
       (bug-reference-bug-regexp . "\\([Bb]ug ?#?\\|[Pp]atch ?#\\|RFE ?#\\|PR [a-z-+]+/\\)\\([0-9]+\\(?:#[0-9]+\\)?\\)")))

 ;; The built-in javascript mode.
 (js-mode .
     ((indent-tabs-mode . nil)
      (js-indent-level . 2)))

 (c++-mode .
	   ((indent-tabs-mode . nil)
	    (c-basic-offset . 2)))

 (idl-mode .
	   ((indent-tabs-mode . nil)
	    (c-basic-offset . 2)))


In programming modes I enable bug-reference-prog-mode. This enables highlighting only in comments and strings. This would easily be done from prog-mode-hook, but I made my choice of minor modes depend on the major mode via find-file-hook.

I’ve also found that it is nice to enable this minor mode in diff-mode and log-view-mode. This way you get bug references in diffs and when viewing git logs. The code ends up like:

(defun tromey-maybe-enable-bug-url-mode ()
  (and (boundp 'bug-reference-url-format)
       (stringp bug-reference-url-format)
       (if (or (derived-mode-p 'prog-mode)
	       (eq major-mode 'tcl-mode)	;emacs 23 bug
	       (eq major-mode 'makefile-mode)) ;emacs 23 bug
	   (bug-reference-prog-mode t)
	 (bug-reference-mode t))))

(add-hook 'find-file-hook #'tromey-maybe-enable-bug-url-mode)
(add-hook 'log-view-mode-hook #'tromey-maybe-enable-bug-url-mode)
(add-hook 'diff-mode-hook #'tromey-maybe-enable-bug-url-mode)

I’ve been working on an odd Emacs package recently — not ready for release — which has turned into more than the usual morass of prefixed names and double hyphens.

So, I took another look at Nic Ferrier’s namespace proposal.

Suddenly it didn’t seem all that hard to implement something along these lines, and after a bit of poking around I wrote emacs-module.

The basic idea is to continue to follow the Emacs approach of prefixing symbol names — but not to require you to actually write out the full names of everything.  Instead, the module system intercepts load and friends to rewrite symbol names as lisp is loaded.

The symbol renaming is done in a simple way, following existing Emacs conventions.  This gives the nice result that existing code doesn’t need to be updated to use the module system directly.  That is, the module system recognizes name prefixes as “implicit” modules, based purely on the module name.

I’d say this is still a proof-of-concept.  I haven’t tried hairier cases, like defclass, and at least declare-function does not work but should.

Here’s the example from the docs:

(define-module testmodule :export (somevar))
(defvar somevar nil)
(defvar private nil)
(provide 'testmodule)

This defines the public variable testmodule-somevar and the “private” function testmodule--private.

Thanks to everybody who commented on the JamVM 2.0.0 release, and apologies it's taken so long to approve them - I was expecting to get an email when I had an unmoderated comment but I haven't received any.

To answer the query regarding Nashorn.  Yes, JamVM 2.0.0 can run Nashorn.  It was one of the things I tested the JSR 292 implementation against.  However, I can't say I ran any particularly large scripts with it (it's not something I have a lot of experience with).  I'd be pleased to hear any experiences (good or bad) you have.

So now 2.0.0 is out of the way I hope to do much more frequent releases.  I've just started to look at OpenJDK 9.  I was slightly dismayed to discover it wouldn't even start up (java -version), but it turned out to be not a lot of work to fix (2 evenings).  Next is the jtreg tests...

JFreeChart version 1.0.19 has been uploaded to SourceForge and the Maven Central Repository. This release contains additional rendering hints to improve output quality across a range of targets, plus some important fixes for the recently added JavaFX support.


In the download we've also included a preview of JSFreeChart, a 2D charting framework written in JavaScript that is conceptually similar to JFreeChart but runs directly in browsers. This is being developed in collaboration with AG, creators of the open source KNIME Analytics Platform.

I'm pleased to announce a new release of JamVM.  JamVM 2.0.0 is the first release of JamVM with support for OpenJDK (in addition to GNU Classpath). Although IcedTea already includes JamVM with OpenJDK support, this has been based on periodic snapshots of the development tree.

JamVM 2.0.0 supports OpenJDK 6, 7 and 8 (the latest). With OpenJDK 7 and 8 this includes full support for JSR 292 (invokedynamic). JamVM 2.0.0 with OpenJDK 8 also includes full support for Lambda expressions (JSR 335), type annotations (JSR 308) and method parameter reflection.

In addition to OpenJDK support, JamVM 2.0.0 also includes many bug-fixes, performance improvements and improved compatibility (from running the OpenJDK jtreg tests).

The full release notes can be found here (changes are categorised into those affecting OpenJDK, GNU Classpath and both), and the release package can be downloaded from the file area.


We've just released FXGraphics2D version 1.1, a Java2D to JavaFX bridge, a small and fast library that takes Java2D API calls and maps them to a JavaFX Canvas node. We developed this library to add JavaFX support to our charting libraries (JFreeChart and Orson Charts) but, as you'll see later in this post, FXGraphics2D is a standalone library that can be used by other Java code as well.

What's New?

First, we've added detection for the KEY_STROKE_CONTROL rendering hint, which provides sharper looking output particularly for horizontal and vertical lines. Compare the axis and grid lines in the following two charts (based on one of the JFreeChart demos). The first chart has the stroke normalisation applied (the axis and gridlines are sharp and well defined):

The second chart has no stroke normalisation and you can see that the axis lines are blurred (and, in some cases, the grid lines also):

A clipping issue that was affecting a subset of charts (combined plots) in JFreeChart has been fixed.

We addressed an issue with glyph positioning when using TextLayout rendering, first reported by Christoph Nahr in relation to our other Graphics2D implementations, JFreeSVG and Orson PDF.

We addressed a memory leak that was reported for the demo applications (it is important that each repaint for the Canvas is preceded with a call to clearRect() to clear an internal queue of drawing commands that JavaFX uses).

Finally, we've included Maven build support and you can now find FXGraphics2D on the Central Repository.

General Use

FXGraphics2D includes demos that use JFreeChart and Orson Charts to generate the graphical content that is rendered by the FXGraphics2D code. However, it is important to realise that FXGraphics2D is a standalone API and can be used with any Java code that uses the Java2D drawing API, so it enables a lot of existing Java2D code to be retained for use in JavaFX applications.

To illustrate, here is a screenshot of a small demo application that renders equations using JLaTeXMath and FXGraphics2D:


You can see the source code and some discussion about this example at Stack Overflow.


FXGraphics2D 1.1 is a general purpose graphics utility that extends the reach of Java2D code to include JavaFX applications. This latest release improves the quality of the library following community feedback.

Sad to receive news this morning that a long time friend and colleague, Peter Miller, had passed.

Peter Miller

“After fighting cancer for many years, finally lost”. No, not lost; if there was ever anyone who fought the battle of life and won it was be Peter. Even knowing he was at his last days he was unbowed. Visiting him last week he proudly showed us the woodworking plans and cut lists for some cabinets he was making for his wife MT. He had created the diagrams himself, writing C++ code to call manually drive a drawing library, outputting postscript. Let’s see you do architectural drawing without a CAD program. The date on the printout was two weeks ago.

“The world is a less interesting place today,” wrote another friend. No. Peter firmly believed that interest comes from within. The world is there to be explored, I can hear him saying. He taught us to go forth, wonder, and understand. And so we should.


Project Jigsaw has, for the last several years, been in an exploratory phase in which we’ve designed and prototyped one particular approach to addressing a draft set of requirements.

It’s now time to switch gears and focus on creating a production-quality design and implementation suitable for JDK 9 and thence Java SE 9, as previously proposed.

To begin this phase I’ve drafted a new document to collect goals and requirements. It reflects a new emphasis on security, as motivated by recent experience, it takes into account lessons learned from the prototype, and it’s written at a broader and more abstract level than the previous document so as not to over-constrain the solution space. This document will be one of the starting points of the upcoming Java Platform Module System JSR.

Jigsaw as a whole will bring enormous changes to the JDK; it would be unwise to wait until it’s completely finished before merging any of it. Our intent, therefore, is to proceed in large steps, each of which will have a corresponding JEP. The first three JEPs will propose a specific modular structure for the JDK, reorganize the JDK source code (but not binaries) along those lines, and then later modularize the binary images.

A fourth JEP will introduce the module system itself, which will be aligned with the module-system JSR. It may seem odd that the module system JEP comes last, but the earlier JEPs need make only minimal assumptions about its capabilities, hence work on them can proceed in parallel with work on the module-system JEP and JSR.

Comments, questions, and suggestions are welcome on the jigsaw-dev mailing list. (If you haven’t already subscribed to that list then please do so first, otherwise your message will be discarded as spam.)

There’s an interesting spectrum of events in the technical space. Conferences are the mainstay obviously; usually very intense and high-calibre thanks to the hard work of papers committees and of course the presenters themselves. You become invigorated hearing the experiences and results of other people, sharing ideas in the hallway, and of course the opportunity to vehemently explain why vi is better than emacs over drinks in the bar later is essential to the progress of science.

For a given community, though, conferences are relatively infrequent; often only once a year for a given country (, Australia’s annual Linux conference, say) and sometimes only once a year globally (ICFP, the international functional programming conference with numerous collocated symposiums and events taking advantage of the fact it’s the one event everyone turns up at is a notable example in computing).

More locally, those in major cities are able to organize monthly meetups, networking events, user groups, and the like. Which are fun; lovely to see friends and continue to build relationships with people you’d otherwise only see once a year.

Finally there are hackfests, often on the order of a weekend in duration. The tend to draw people in from a wide area, and sometimes are in an unusual milieu; Peter Miller’s CodeCon camping and hacking weekends are infamous in the Sydney Linux community; rent a small quiet generator, find a state forest, set up tents and hack on whatever code you want to for a few days. Blissful.

The local monthly events are the most common, though. Typically two or three people offer to give presentations to an audience of 30-50 people. And while hearing talks on a range of topics is invaluable, the fact that so many smart people are in the room passively seems a lost opportunity.

For a while now I’ve been musing whether perhaps there is something between meetups and hackfests. Wouldn’t it be cool to get a bunch of people together, put a problem on the board, and then for an hour go around the room and have a debate about whether the problem is even the right question to be asking, and different approaches to tackling the issue? Something short, relatively focused, and pragmatic; rather than being a presentation of results a consideration of approaches. If we do it in a bit of rotation, each time one person being tasked with framing the question, then over time participants each have the benefit of bringing the collective firepower of the group to bear on one of the problems they’re working.

Needs a name. Seminar? No, that’s what university departments do. Symposium? Too grand. Something more informal, impromptu, but organized. You know, like a jazz jam session. Ah, there we go: gonna call these sessions.

It might be nice to complement the monthly functional programming meetup (fp-syd) that happens in Sydney with something a little more interactive and Haskell focused. And as I’m looking to improve the depth of experience with Haskell in the Engineering group at Anchor, this seemed like a nice fit. So we’re holding the first of the Haskell Sessions tomorrow 2pm, at Anchor’s office in Sydney.

Here’s one to start us off:

Industrial code has to interact with the outside world, often on external dependencies such as databases, network services, or even filesystem operations. We’re used to the ability to separate pure code from that with side-effects, but what abstractions can we use to isolate the dependent code from the rest of the program logic?

I know we’re not the first ones to blunder in to this; I’ve heard plenty of people discussing it. So I’m going to hand around a single page with the type signatures of the functions involved at various points, freshly sharpen some whiteboard markers, and we’ll see what ideas come to light!

If you’re interested in coming, drop me a line.


Another company is refusing to issue a Java RIA code signing certificate for individual. Even if they openly declare they do in they website. Even after I provided the notary-confirmed copies of all documents they requested and they have had two phone interviews with me. Seems really the end of the project. Dalibor, are you reading this?

I wrote a quick fuzzer for libiberty’s demangler this morning. Here’s how to get and use it:

$ mkdir workdir
$ cd workdir
$ git clone src
$ cd src
$ git co demangler
$ cd ..
$ mkdir build
$ cd build
$ CFLAGS="-g -O0" ../src/configure --with-separate-debug-dir=/usr/lib/debug
$ make
$ ../src/ 
+ /home/gary/workdir/build/fuzzer
../src/ line 12: 22482 Segmentation fault      (core dumped) $fuzzer
# copy the executable and PID from the two lines above
$ gdb -batch /home/gary/workdir/build/fuzzer core.22482 -ex "bt"
Core was generated by `/home/gary/workdir/build/fuzzer'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000000000040d5f2 in op_is_new_cast (op=0x7ffffac19930) at libiberty/cp-demangle.c:3064
3064	  const char *code = op->u.s_operator.op->code;
#0  0x000000000040d5f2 in op_is_new_cast (op=0x7ffffac19930) at libiberty/cp-demangle.c:3064
#1  0x000000000040dc6f in d_expression_1 (di=0x7ffffac19c90) at libiberty/cp-demangle.c:3232
#2  0x000000000040dfbc in d_expression (di=0x7ffffac19c90) at libiberty/cp-demangle.c:3315
#3  0x000000000040cff6 in d_array_type (di=0x7ffffac19c90) at libiberty/cp-demangle.c:2821
#4  0x000000000040c260 in cplus_demangle_type (di=0x7ffffac19c90) at libiberty/cp-demangle.c:2330
#5  0x000000000040cd70 in d_parmlist (di=0x7ffffac19c90) at libiberty/cp-demangle.c:2718
#6  0x000000000040ceb8 in d_bare_function_type (di=0x7ffffac19c90, has_return_type=0) at libiberty/cp-demangle.c:2772
#7  0x000000000040a9b2 in d_encoding (di=0x7ffffac19c90, top_level=1) at libiberty/cp-demangle.c:1287
#8  0x000000000040a6be in cplus_demangle_mangled_name (di=0x7ffffac19c90, top_level=1) at libiberty/cp-demangle.c:1164
#9  0x0000000000413131 in d_demangle_callback (mangled=0x7ffffac19ea0 "_Z1-Av23*;cG~Wo2Vu", options=259, callback=0x40ed11 , opaque=0x7ffffac19d70)
    at libiberty/cp-demangle.c:5862
#10 0x0000000000413267 in d_demangle (mangled=0x7ffffac19ea0 "_Z1-Av23*;cG~Wo2Vu", options=259, palc=0x7ffffac19dd8) at libiberty/cp-demangle.c:5913
#11 0x00000000004132d6 in cplus_demangle_v3 (mangled=0x7ffffac19ea0 "_Z1-Av23*;cG~Wo2Vu", options=259) at libiberty/cp-demangle.c:6070
#12 0x0000000000401a87 in cplus_demangle (mangled=0x7ffffac19ea0 "_Z1-Av23*;cG~Wo2Vu", options=259) at libiberty/cplus-dem.c:858
#13 0x0000000000400ea0 in main (argc=1, argv=0x7ffffac1a0a8) at /home/gary/workdir/src/fuzzer.c:26

The symbol that crashed it is one frame up from the bottom of the backtrace.

It was pretty easy to write a new graphical backend for Jainja using the Pepper Plugin API. So it's possible to write Java graphical user interfaces on NaCl now !

A demo is available on the Chrome Web Store.

Bradley M. Kuhn wrote an analysis on the recent Appeals Court Decision in Oracle v. Google. Pointing out who the real winners are and that it will now take years before we will have more clarity:

The case is remanded, so a new jury will first sit down and consider the fair use question. If that jury finds fair use and thus no infringement, Oracle’s next appeal will be quite weak, and the Appeals Court likely won’t reexamine the question in any detail. In that outcome, very little has changed overall: we’ll have certainty that API’s aren’t copyrightable, as long as any textual copying that occurs during reimplementation is easily called fair use. By contrast, if the new jury rejects Google’s fair use defense, I suspect Google will have to appeal all the way to SCOTUS. It’s thus going to be at least two years before anything definitive is decided, and the big winners will be wealthy litigation attorneys — as usual.

You will want to read the whole thing to know why from a copyleft perspective this decision will give that strange feeling of simultaneous annoyance and contentment.

Java browser plugin has been here for a very long time, and for many years it was available on lots of machines. Yet, there were relatively few reports about somebody successfully using any security holes ever discovered.

We are currently under heavy rain of reports about Java applet security exploits on the wild. Some of these are, most likely, true.

How this could be? If some security bug (or fundamental platform weakness whatsoever) already existed for more than a decade, why nobody used if for exploit before? Why intruders spend so much of they time writing exploits of the now rather legacy platform? Where were they using this time before, instead of attacking the platform that at that time was significantly more widespread and relevant?