Writing software for a virtual machine enables developers to forget about machine code assembly, interrupts, and processor caches. This makes Java a convenient language, but all too many developers see the JVM as a black box and are often unsure of how to optimize their code for performance. This unfortunately adds credence to the myth that Java is always outperformed by native languages. This session takes a peek at the inner workings of Oracle’s HotSpot virtual machine, its just-in-time compiler, and the interplay with a computer’s hardware. From this, you will understand the more common optimizations a virtual machine applies, to be better equipped to improve and reason about a Java program’s performance and how to correctly measure runtime!
At first glance, writing concurrent programs in Java seems like a straight-forward task. But the devil is in the detail. Fortunately, these details are strictly regulated by the Java memory model which, roughly speaking, decides what values a program can observe for a field at any given time. Without respecting the memory model, a Java program might behave erratic and yield bugs that only occure on some hardware platforms. This presentation summarizes the guarantees that are given by Java's memory model and teaches how to properly use volatile and final fields or synchronized code blocks. Instead of discussing the model in terms of memory model formalisms, this presentation builds on easy-to follow Java code examples.
Java agents and their instrumentation API offer developers the most powerful toolset to interact with a Java application. Using this API, it becomes possible to alter the code of running applications, for example to add monitoring or to inject security checks as it is done by many enterprise products for the Java ecosystem.
In this session, developers will learn how to program Java agents of their own that make use of the instrumentation API. Doing so, developers learn how the majority of tooling for the JVM is implemented and will learn about Byte Buddy, a high level code generation library that does not require any knowledge of Java byte code that is normally required for writing agents. In the process, developers will see how Java classes can be used as templates for implementing highly performant code changes that avoid the boilerplate of alternative solutions such as AspectJ or Javassist while still performing better than agents implemented in low-level libraries such as ASM.
In Java 8, the java.util.function has numerous built-in interfaces. Other packages in the Java library (notably java.util.stream package) make use of the interfaces defined in this package. Java 8 developers should be familiar with using key interfaces provided in this package. This presentation provides an overview of four key functional interfaces (Consumer, Supplier, Function, and Predicate) provided in this package.
The document discusses the use of the "this" and "final" keywords in Java. It explains that "this" refers to the current class object and is used to disambiguate class attributes or methods from method parameters. It provides an example class demonstrating how "this" is used to assign values to object attributes. It also explains that "final" can be used for variables, methods, and classes to indicate something cannot be changed. It shows final can make variables constant and also prevents classes from being inherited when applied to a class.
Final keyword are used in java for three purpose;
1. Final keyword is used in java to make variable constant
2. Final keyword restrict method overriding
3. It used to restrict Inheritance
http://www.tutorial4us.com/java/java-final-keyword
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016Christian Schneider
The hidden danger of Java deserialization vulnerabilities – which often lead to remote code execution – has gained extended visibility in the past year. The issue has been known for years; however, it seems that the majority of developers were unaware of it until recent media coverage around commonly used libraries and major products. This talk aims to shed some light about how this vulnerability can be abused, how to detect it from a static and dynamic point of view, and -- most importantly -- how to effectively protect against it. The scope of this talk is not limited to the Java serialization protocol but also other popular Java libraries used for object serialization.
The ever-increasing number of new vulnerable endpoints and attacker-usable gadgets has resulted in a lot of different recommendations on how to protect your applications, including look-ahead deserialization and runtime agents to monitor and protect the deserialization process. Coming at the problem from a developer’s perspective and triaging the recommendations for you, this talk will review existing protection techniques and demonstrate their effectiveness on real applications. It will also review existing techniques and present new gadgets that demonstrates how attackers can actually abuse your application code and classpath to craft a chain of gadgets that will allow them to compromise your servers.
This talk will also present the typical architectural decisions and code patterns that lead to an increased risk of exposing deserialization vulnerabilities. Mapping the typical anti-patterns that must be avoided, through the use of real code examples we present an overview of hardening techniques and their effectiveness. The talk will also show attendees what to search the code for in order to find potential code gadgets the attackers can leverage to compromise their applications. We’ll conclude with action items and recommendations developers should consider to mitigate this threat.
--
This talk was presented by Alvaro Muñoz & Christian Schneider at the OWASP AppSecEU 2016 conference in Rome.
At first glance, writing concurrent programs in Java seems like a straight-forward task. But the devil is in the detail. Fortunately, these details are strictly regulated by the Java memory model which, roughly speaking, decides what values a program can observe for a field at any given time. Without respecting the memory model, a Java program might behave erratic and yield bugs that only occure on some hardware platforms. This presentation summarizes the guarantees that are given by Java's memory model and teaches how to properly use volatile and final fields or synchronized code blocks. Instead of discussing the model in terms of memory model formalisms, this presentation builds on easy-to follow Java code examples.
Java agents and their instrumentation API offer developers the most powerful toolset to interact with a Java application. Using this API, it becomes possible to alter the code of running applications, for example to add monitoring or to inject security checks as it is done by many enterprise products for the Java ecosystem.
In this session, developers will learn how to program Java agents of their own that make use of the instrumentation API. Doing so, developers learn how the majority of tooling for the JVM is implemented and will learn about Byte Buddy, a high level code generation library that does not require any knowledge of Java byte code that is normally required for writing agents. In the process, developers will see how Java classes can be used as templates for implementing highly performant code changes that avoid the boilerplate of alternative solutions such as AspectJ or Javassist while still performing better than agents implemented in low-level libraries such as ASM.
In Java 8, the java.util.function has numerous built-in interfaces. Other packages in the Java library (notably java.util.stream package) make use of the interfaces defined in this package. Java 8 developers should be familiar with using key interfaces provided in this package. This presentation provides an overview of four key functional interfaces (Consumer, Supplier, Function, and Predicate) provided in this package.
The document discusses the use of the "this" and "final" keywords in Java. It explains that "this" refers to the current class object and is used to disambiguate class attributes or methods from method parameters. It provides an example class demonstrating how "this" is used to assign values to object attributes. It also explains that "final" can be used for variables, methods, and classes to indicate something cannot be changed. It shows final can make variables constant and also prevents classes from being inherited when applied to a class.
Final keyword are used in java for three purpose;
1. Final keyword is used in java to make variable constant
2. Final keyword restrict method overriding
3. It used to restrict Inheritance
http://www.tutorial4us.com/java/java-final-keyword
Surviving the Java Deserialization Apocalypse // OWASP AppSecEU 2016Christian Schneider
The hidden danger of Java deserialization vulnerabilities – which often lead to remote code execution – has gained extended visibility in the past year. The issue has been known for years; however, it seems that the majority of developers were unaware of it until recent media coverage around commonly used libraries and major products. This talk aims to shed some light about how this vulnerability can be abused, how to detect it from a static and dynamic point of view, and -- most importantly -- how to effectively protect against it. The scope of this talk is not limited to the Java serialization protocol but also other popular Java libraries used for object serialization.
The ever-increasing number of new vulnerable endpoints and attacker-usable gadgets has resulted in a lot of different recommendations on how to protect your applications, including look-ahead deserialization and runtime agents to monitor and protect the deserialization process. Coming at the problem from a developer’s perspective and triaging the recommendations for you, this talk will review existing protection techniques and demonstrate their effectiveness on real applications. It will also review existing techniques and present new gadgets that demonstrates how attackers can actually abuse your application code and classpath to craft a chain of gadgets that will allow them to compromise your servers.
This talk will also present the typical architectural decisions and code patterns that lead to an increased risk of exposing deserialization vulnerabilities. Mapping the typical anti-patterns that must be avoided, through the use of real code examples we present an overview of hardening techniques and their effectiveness. The talk will also show attendees what to search the code for in order to find potential code gadgets the attackers can leverage to compromise their applications. We’ll conclude with action items and recommendations developers should consider to mitigate this threat.
--
This talk was presented by Alvaro Muñoz & Christian Schneider at the OWASP AppSecEU 2016 conference in Rome.
Method overriding allows a subclass to provide a specific implementation of a method that is already provided by its superclass. The subclass method must have the same name, parameters and return type as the superclass method. This allows the subclass to modify the behavior as needed and is how polymorphism is implemented. The super keyword can be used to call the superclass method from the overriding method.
Kotlin delegates in practice - Kotlin Everywhere StockholmFabio Collini
The lazy delegate is probably the most famous Kotlin delegate, it’s easy to use and can be really useful. However delegation is a concept that can be used in many other ways in Kotlin. A delegate can be declared at two levels:
* a delegated property allows changing the way the property is managed
* an interface can be implemented delegating the methods to another object
In this talk we’ll see many practical examples to show how to leverage standard delegates and how to create new ones to improve the quality of our code and to avoid duplication.
The document discusses various Java operators including:
- Assignment operators like = that store values
- Arithmetic operators like +, -, *, /, % for math operations
- Relational operators like >, <, ==, != for comparisons
- Logical operators like &&, ||, ! for boolean logic
- Bitwise operators like &, |, ^, ~ for bit manipulation
- Shift operators like <<, >>, >>> for shifting bits left or right
Examples are provided to demonstrate the usage of each operator type.
This document discusses different types of loops in programming like while, do-while, and for loops. It also covers statements for exiting loops early like break, continue, and goto. Break exits the entire loop, continue skips to the next iteration, and goto unconditionally jumps to a labeled statement.
The document provides idiomatic Kotlin coding style guidelines and best practices for expressions, classes, functions, and the standard library. Some key recommendations include using 'when' and 'try' as expression bodies, avoiding classes just for functions, extracting non-essential APIs to extensions, using data classes, type aliases, and destructuring declarations, and leveraging functions like 'apply', 'filterIsInstance', and 'groupBy' from the standard library. Overall the document advises organizing code in a concise and functional way that fully utilizes Kotlin language features.
Slides from my talk at the Feb 2011 Seattle Tech Startups meeting. More info here (along with powerpoint slides): http://www.startupmonkeys.com/2011/02/scala-frugal-mechanic/
Functions allow programmers to break programs into smaller, reusable parts. There are two types of functions in C: library functions and user-defined functions. User-defined functions make programs easier to understand, debug, test and maintain. Functions are declared with a return type and can accept arguments. Functions can call other functions, allowing for modular and structured program design.
An interface in Java is like a class but cannot be instantiated. It defines method signatures and constant values but not method implementations. A class implements an interface by providing method bodies for the abstract methods defined in the interface. Interfaces can extend other interfaces to inherit their methods.
The document provides an agenda and introduction for a Java training over multiple days. Day 1 will cover an introduction to Java including its history, features, programming paradigm, sample program execution, JVM, data types, objects, classes, variables, and flow control statements. The training will cover key Java concepts like objects, classes, variables, different loops and conditional statements. Assignments are provided to practice the concepts covered.
All 3 Clean Code presentations provide great value by themselves, but taken together are designed to offer a holistic approach to successful software creation. This first session creates the foundation for the 2nd and 3rd Clean Code presentation on Dependency Injection, as it explains expected base knowledge. Why writing Clean Code makes us more efficient Over the lifetime of a product, maintaining the product is actually one - if not the most - expensive area(s) of the overall product costs.
We will dive into the basics of Inversion of Control (IOC) and Dependency Injection (DI) to review different ways of achieving decoupling, using and exploring both: Best Practices, Design and Anti Patterns. This presentation requires knowledge and understanding of basics like DRY, SoC, SRP, SOLID etc. which are building the base for decoupled architecture. However, we will start at the basics of DI and will work towards intermediate and advanced scenarios depending on the participating group.
This presentation is based on C# and Visual Studio 2013. However, the demonstrated patterns and practice can be applied to every other programming language too.
Note: Moving forwards this presentation will be updated with the latest version of the slides for the last event I did the presentation instead of creating new separate slide decks here on SlideShare.
Presentation dates and locations:
2015-10-03 Silicon Valley Code Camp, San Jose, CA
2015-06-27 SoCal Code Camp - San Diego, CA
2015-06-25 Bay.NET South Bay, Mountain View, CA
2014-11-14 SoCal Code Camp - Los Angeles, CA
2014-10-11 Silicon Valley Code Camp, Los Altos Hills, CA
(Video available at https://fsharpforfunandprofit.com/composition/)
Composition is a fundamental building block of functional programming, but how is it different from an object-oriented approach, and how do you use it in practice?
In this talk for beginners, we'll start by going over the basic concepts of functional programming, and then look at some different ways that composition can be used to build large things from small things.
After that, we'll see how composition is used in practice, beginning with some basic examples, and ending with a complete (object-free!) web application.
(Demo code and video available at http://fsharpforfunandprofit.com/cap/)
We all want to produce modular and robust code that is easy to test and refactor, and we have design principles such as SOLID that help us do that.
In this talk I'll look at a very different approach to design using "capabilities" and the principle of least authority. I'll show how using these design techniques throughout your core domain (and not just at your API boundary) also leads to well-designed and modular code.
I'll demonstrate how to design and use a capability based approach, how capabilities can be quickly combined and restricted easily, and how capabilities are a natural fit with a REST API that uses HATEAOS.
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016Christian Schneider
In this session we begin with modelling the attack surface of Java deserialization, which often leads to remote code execution (RCE), by showcasing vulnerabilities we found in modern and widely used applications and frameworks. We extend existing research about risks of deserialization broadening the attack surface. After a live demo of getting a Meterpreter shell in a modern Java endpoint setup we delve into the exploitation styles for this vulnerability to lay the foundation of the first of three key takeaways for the attendees:
The first key takeaway is identification of test types that should be executed during a dynamic assessment of an application in order to find this kind of vulnerability. This includes analyzing the deserialization interface and using blackbox tests to create payloads with gadgets matching the application’s classpath to verify the RCE. Discussion extends to cover indirect deserialization interfaces that use non-binary data formats, such as XML-based interfaces, which can also act as a driver for deserialization within the application.
The next key takeaway covers the realm of static code analysis (SAST). We present code patterns security reviewers should look for when doing whitebox assessments of applications or frameworks. This is especially interesting for code offering dynamic functionality including AOP, generic mappings, reflection, interceptors, etc. - all of which have a high probability of including code that can facilitate as deserialization gadgets and thus help the attackers in exploiting deserialization vulnerabilities. In this section we present the techniques used to find the vulnerabilities within the popular frameworks showcased during the live demo at the session’s start.
Finally we conclude with tips on implementing different techniques of hardening measures for applications offering deserialisation interfaces (either direct binary deserialization interfaces or indirect XML-based ones) to give the attendees the third key takeaway: protecting applications properly. This includes ways to verify data integrity prior to deserialization and ways to properly inspect the data before it’s handled by the Java deserialization process.
--
This talk was presented by Christian Schneider & Alvaro Muñoz at the OWASP BeNeLux Day 2016.
In this core java training session, you will learn Collections – Lists, Sets. Topics covered in this session are:
• List – ArrayList, LinkedList
• Set – HashSet, LinkedHashSet, TreeSet
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
Domain Driven Design with the F# type System -- NDC London 2013Scott Wlaschin
(Video of these slides here http://fsharpforfunandprofit.com/ddd)
Statically typed functional programming languages like F# encourage a very different way of thinking about types. The type system is your friend, not an annoyance, and can be used in many ways that might not be familiar to OO programmers.
Types can be used to represent the domain in a fine-grained, self documenting way. And in many cases, types can even be used to encode business rules so that you literally cannot create incorrect code. You can then use the static type checking almost as an instant unit test — making sure that your code is correct at compile time.
In this talk, we'll look at some of the ways you can use types as part of a domain driven design process, with some simple real world examples in F#. No jargon, no maths, and no prior F# experience necessary.
Code, links to video, etc., at http://fsharpforfunandprofit.com/ddd
For more on DDD and F# see:
http://fsharpforfunandprofit.com/ddd/
http://tomasp.net/blog/type-first-development.aspx/
http://gorodinski.com/blog/2013/02/17/domain-driven-design-with-fsharp-and-eventstore/
This document provides an overview of writing clean code, focusing on readability, code style, naming conventions, code comments, control structures, functions/methods, classes, and modules. Key points include formatting code for readability, using explicit and descriptive naming, minimizing comments by ensuring code is self-explanatory, limiting nested control structures and side effects, following single responsibility and encapsulation principles, and leveraging software patterns.
INTRODUCTION
COMPARISON BETWEEN NORMAL FUNCTION AND INLINE FUNCTION
PROS AND CONS
WHY WHEN AND HOW TO USED?
GENERAL STRUCTURE OF INLINE FUNCTION
EXAMPLE WITH PROGRAM CODE
Interfaces in Java declare methods but do not provide method implementations. A class can implement multiple interfaces but extend only one class. Interfaces are used to define common behaviors for unrelated classes and allow classes to assume multiple roles. Nested interfaces group related interfaces and must be accessed through the outer interface or class.
This presentation is Unary operator overloading(prefix).
Here ,I try to describe how to Unary operator overloaded and its types with example. may be you can happily read this.
At first glance, Java byte code can appear to be some low level magic that is both hard to understand and effectively irrelevant to application developers. However, neither is true. With only little practice, Java byte code becomes easy to read and can give true insights into the functioning of a Java program. In this talk, we will cast light on compiled Java code and its interplay with the Java virtual machine. In the process, we will look into the evolution of byte code over the recent major releases with features such as dynamic method invocation which is the basis to Java 8 lambda expressions. Finally, we will learn about tools for the run time generation of Java classes and how these tools are used to build modern frameworks and libraries. Among those tools, I present Byte Buddy, an open source tool of my own efforts and an attempt to considerably simplify run time code generation in Java.
Introduction to JVM languages and Fantom (very brief)Jonathan Holloway
JVM languages provide more expressiveness and help modernize programming languages. Fantom is a JVM language that compiles to JVM, CLR, and JavaScript. It is a multi-paradigm language that supports object-oriented, functional, static and dynamic typing. Fantom aims to reduce boilerplate code through features like mixins, concise accessors, null-safe fields, and closures. It also provides actor-based concurrency and foreign function interfaces.
Method overriding allows a subclass to provide a specific implementation of a method that is already provided by its superclass. The subclass method must have the same name, parameters and return type as the superclass method. This allows the subclass to modify the behavior as needed and is how polymorphism is implemented. The super keyword can be used to call the superclass method from the overriding method.
Kotlin delegates in practice - Kotlin Everywhere StockholmFabio Collini
The lazy delegate is probably the most famous Kotlin delegate, it’s easy to use and can be really useful. However delegation is a concept that can be used in many other ways in Kotlin. A delegate can be declared at two levels:
* a delegated property allows changing the way the property is managed
* an interface can be implemented delegating the methods to another object
In this talk we’ll see many practical examples to show how to leverage standard delegates and how to create new ones to improve the quality of our code and to avoid duplication.
The document discusses various Java operators including:
- Assignment operators like = that store values
- Arithmetic operators like +, -, *, /, % for math operations
- Relational operators like >, <, ==, != for comparisons
- Logical operators like &&, ||, ! for boolean logic
- Bitwise operators like &, |, ^, ~ for bit manipulation
- Shift operators like <<, >>, >>> for shifting bits left or right
Examples are provided to demonstrate the usage of each operator type.
This document discusses different types of loops in programming like while, do-while, and for loops. It also covers statements for exiting loops early like break, continue, and goto. Break exits the entire loop, continue skips to the next iteration, and goto unconditionally jumps to a labeled statement.
The document provides idiomatic Kotlin coding style guidelines and best practices for expressions, classes, functions, and the standard library. Some key recommendations include using 'when' and 'try' as expression bodies, avoiding classes just for functions, extracting non-essential APIs to extensions, using data classes, type aliases, and destructuring declarations, and leveraging functions like 'apply', 'filterIsInstance', and 'groupBy' from the standard library. Overall the document advises organizing code in a concise and functional way that fully utilizes Kotlin language features.
Slides from my talk at the Feb 2011 Seattle Tech Startups meeting. More info here (along with powerpoint slides): http://www.startupmonkeys.com/2011/02/scala-frugal-mechanic/
Functions allow programmers to break programs into smaller, reusable parts. There are two types of functions in C: library functions and user-defined functions. User-defined functions make programs easier to understand, debug, test and maintain. Functions are declared with a return type and can accept arguments. Functions can call other functions, allowing for modular and structured program design.
An interface in Java is like a class but cannot be instantiated. It defines method signatures and constant values but not method implementations. A class implements an interface by providing method bodies for the abstract methods defined in the interface. Interfaces can extend other interfaces to inherit their methods.
The document provides an agenda and introduction for a Java training over multiple days. Day 1 will cover an introduction to Java including its history, features, programming paradigm, sample program execution, JVM, data types, objects, classes, variables, and flow control statements. The training will cover key Java concepts like objects, classes, variables, different loops and conditional statements. Assignments are provided to practice the concepts covered.
All 3 Clean Code presentations provide great value by themselves, but taken together are designed to offer a holistic approach to successful software creation. This first session creates the foundation for the 2nd and 3rd Clean Code presentation on Dependency Injection, as it explains expected base knowledge. Why writing Clean Code makes us more efficient Over the lifetime of a product, maintaining the product is actually one - if not the most - expensive area(s) of the overall product costs.
We will dive into the basics of Inversion of Control (IOC) and Dependency Injection (DI) to review different ways of achieving decoupling, using and exploring both: Best Practices, Design and Anti Patterns. This presentation requires knowledge and understanding of basics like DRY, SoC, SRP, SOLID etc. which are building the base for decoupled architecture. However, we will start at the basics of DI and will work towards intermediate and advanced scenarios depending on the participating group.
This presentation is based on C# and Visual Studio 2013. However, the demonstrated patterns and practice can be applied to every other programming language too.
Note: Moving forwards this presentation will be updated with the latest version of the slides for the last event I did the presentation instead of creating new separate slide decks here on SlideShare.
Presentation dates and locations:
2015-10-03 Silicon Valley Code Camp, San Jose, CA
2015-06-27 SoCal Code Camp - San Diego, CA
2015-06-25 Bay.NET South Bay, Mountain View, CA
2014-11-14 SoCal Code Camp - Los Angeles, CA
2014-10-11 Silicon Valley Code Camp, Los Altos Hills, CA
(Video available at https://fsharpforfunandprofit.com/composition/)
Composition is a fundamental building block of functional programming, but how is it different from an object-oriented approach, and how do you use it in practice?
In this talk for beginners, we'll start by going over the basic concepts of functional programming, and then look at some different ways that composition can be used to build large things from small things.
After that, we'll see how composition is used in practice, beginning with some basic examples, and ending with a complete (object-free!) web application.
(Demo code and video available at http://fsharpforfunandprofit.com/cap/)
We all want to produce modular and robust code that is easy to test and refactor, and we have design principles such as SOLID that help us do that.
In this talk I'll look at a very different approach to design using "capabilities" and the principle of least authority. I'll show how using these design techniques throughout your core domain (and not just at your API boundary) also leads to well-designed and modular code.
I'll demonstrate how to design and use a capability based approach, how capabilities can be quickly combined and restricted easily, and how capabilities are a natural fit with a REST API that uses HATEAOS.
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016Christian Schneider
In this session we begin with modelling the attack surface of Java deserialization, which often leads to remote code execution (RCE), by showcasing vulnerabilities we found in modern and widely used applications and frameworks. We extend existing research about risks of deserialization broadening the attack surface. After a live demo of getting a Meterpreter shell in a modern Java endpoint setup we delve into the exploitation styles for this vulnerability to lay the foundation of the first of three key takeaways for the attendees:
The first key takeaway is identification of test types that should be executed during a dynamic assessment of an application in order to find this kind of vulnerability. This includes analyzing the deserialization interface and using blackbox tests to create payloads with gadgets matching the application’s classpath to verify the RCE. Discussion extends to cover indirect deserialization interfaces that use non-binary data formats, such as XML-based interfaces, which can also act as a driver for deserialization within the application.
The next key takeaway covers the realm of static code analysis (SAST). We present code patterns security reviewers should look for when doing whitebox assessments of applications or frameworks. This is especially interesting for code offering dynamic functionality including AOP, generic mappings, reflection, interceptors, etc. - all of which have a high probability of including code that can facilitate as deserialization gadgets and thus help the attackers in exploiting deserialization vulnerabilities. In this section we present the techniques used to find the vulnerabilities within the popular frameworks showcased during the live demo at the session’s start.
Finally we conclude with tips on implementing different techniques of hardening measures for applications offering deserialisation interfaces (either direct binary deserialization interfaces or indirect XML-based ones) to give the attendees the third key takeaway: protecting applications properly. This includes ways to verify data integrity prior to deserialization and ways to properly inspect the data before it’s handled by the Java deserialization process.
--
This talk was presented by Christian Schneider & Alvaro Muñoz at the OWASP BeNeLux Day 2016.
In this core java training session, you will learn Collections – Lists, Sets. Topics covered in this session are:
• List – ArrayList, LinkedList
• Set – HashSet, LinkedHashSet, TreeSet
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
Domain Driven Design with the F# type System -- NDC London 2013Scott Wlaschin
(Video of these slides here http://fsharpforfunandprofit.com/ddd)
Statically typed functional programming languages like F# encourage a very different way of thinking about types. The type system is your friend, not an annoyance, and can be used in many ways that might not be familiar to OO programmers.
Types can be used to represent the domain in a fine-grained, self documenting way. And in many cases, types can even be used to encode business rules so that you literally cannot create incorrect code. You can then use the static type checking almost as an instant unit test — making sure that your code is correct at compile time.
In this talk, we'll look at some of the ways you can use types as part of a domain driven design process, with some simple real world examples in F#. No jargon, no maths, and no prior F# experience necessary.
Code, links to video, etc., at http://fsharpforfunandprofit.com/ddd
For more on DDD and F# see:
http://fsharpforfunandprofit.com/ddd/
http://tomasp.net/blog/type-first-development.aspx/
http://gorodinski.com/blog/2013/02/17/domain-driven-design-with-fsharp-and-eventstore/
This document provides an overview of writing clean code, focusing on readability, code style, naming conventions, code comments, control structures, functions/methods, classes, and modules. Key points include formatting code for readability, using explicit and descriptive naming, minimizing comments by ensuring code is self-explanatory, limiting nested control structures and side effects, following single responsibility and encapsulation principles, and leveraging software patterns.
INTRODUCTION
COMPARISON BETWEEN NORMAL FUNCTION AND INLINE FUNCTION
PROS AND CONS
WHY WHEN AND HOW TO USED?
GENERAL STRUCTURE OF INLINE FUNCTION
EXAMPLE WITH PROGRAM CODE
Interfaces in Java declare methods but do not provide method implementations. A class can implement multiple interfaces but extend only one class. Interfaces are used to define common behaviors for unrelated classes and allow classes to assume multiple roles. Nested interfaces group related interfaces and must be accessed through the outer interface or class.
This presentation is Unary operator overloading(prefix).
Here ,I try to describe how to Unary operator overloaded and its types with example. may be you can happily read this.
At first glance, Java byte code can appear to be some low level magic that is both hard to understand and effectively irrelevant to application developers. However, neither is true. With only little practice, Java byte code becomes easy to read and can give true insights into the functioning of a Java program. In this talk, we will cast light on compiled Java code and its interplay with the Java virtual machine. In the process, we will look into the evolution of byte code over the recent major releases with features such as dynamic method invocation which is the basis to Java 8 lambda expressions. Finally, we will learn about tools for the run time generation of Java classes and how these tools are used to build modern frameworks and libraries. Among those tools, I present Byte Buddy, an open source tool of my own efforts and an attempt to considerably simplify run time code generation in Java.
Introduction to JVM languages and Fantom (very brief)Jonathan Holloway
JVM languages provide more expressiveness and help modernize programming languages. Fantom is a JVM language that compiles to JVM, CLR, and JavaScript. It is a multi-paradigm language that supports object-oriented, functional, static and dynamic typing. Fantom aims to reduce boilerplate code through features like mixins, concise accessors, null-safe fields, and closures. It also provides actor-based concurrency and foreign function interfaces.
This presentation is about Java performance and the most effective ways to work with Java memory, including memory saving techniques and overcoming of memory barriers. Moreover, it contains debunking of the most popular myths on speed boosting.
This presentation by Andrii Antilikatorov (Consultant, GlobalLogic) was delivered at GlobalLogic Java Conference #2 in Krakow on April 23, 2016.
The presentation is devoted to insights on planning business, creating a business plan and presenting it to investor(s)
This presentation by Ihor Kostiv (Director, Engineering, Lviv) was delivered at Lviv IT Arena 2017 (Kyiv) on October 1, 2017.
Software analysts around the world anticipate a concept of "Reactive Programming" to have a great future in solving the problems of big data, high load and mobile applications. TypeSafe, the developers of Scala language, created a promising "reactive" framework Akka, written in Scala and yet Java-friendly. How could it be interesting for Java developers? Can Akka+Java compete with Akka+Scala? How Java8 can help with that? This presentations provides answers to these questions.
This presentation by Dmytro Mantula (Lead Software Engineer, GlobalLogic) was delivered at GlobalLogic Java Conference #2 in Krakow on April 23, 2016.
This presentation is also available in Russian: http://www.slideshare.net/GlobalLogicUkraine/take-a-look-at-akka-java
Java 9 introduces modules to the Java programming language and its runtime. Despite this feature being optional, due to the modularization of the standard library existing applications might behave differently when running on a version 9 JVM. Furthermore, because of changes in the runtime, existing libraries and frameworks might not yet correctly process your modularized code. As a result, updating to a Java 9 VM and taking Java 9 into brings its challanges.
This talk discusses the practical implications of module boundaries and analyzes new limitations Java 9 imposes on the reflection API. This talk explains how reflection is used in popular frameworks like Spring and Hibernate and explains why existing applications might break or change their behavior when facing modularized code. Finally, this talk showcases alternatives to now failing Java programming patterns and weights their robustness with regard to the Java releases 10 and upward.
The presenter is an active contributor to open source and helped to migrate many popular Java libraries to supporting Java 9. As a consequence, he as been working with Java 9 for almost two years.
Making Java more dynamic: runtime code generation for the JVMRafael Winterhalter
While Java’s strict type system is a great help for avoiding programming errors, it also takes away some of the flexibility that developers appreciate when using dynamic languages. By using runtime code generation, it is possible to bring some of this flexibility back to the Java virtual machine. For this reason, runtime code generation is widely used by many state-of-the-art Java frameworks for implementing POJO-centric APIs but it also opens the door to assembling more modular applications. This presentation offers an introduction to the complex of runtime code generation and its use on the Java platform. Furthermore, it discusses the up- and downsides of several code generation libraries such as ASM, Javassist, cglib and Byte Buddy.
This document provides an introduction to object oriented programming in Java. It outlines the course objectives which are to learn Java basics, object oriented principles, Java APIs, exception handling, files, threads, applets and swings. It discusses key characteristics of Java including being portable, object oriented and having automatic memory management. It also provides an overview of Java environments and tools, and includes an example "Hello World" Java program.
The "n" in the PrintCompilation output indicates that the method was not compiled, but is on deck to be compiled. So in this case, java.lang.Object::hashCode was not yet compiled, but is a candidate for compilation if/when it is called more.
This document discusses various low-level exploits, beginning with creating shellcode by extracting opcodes from a compiled C program. It then covers stack-based buffer overflows, including return-to-stack exploits and return-to-libc. Next it discusses heap overflows using the unlink technique, integer overflows, and format string vulnerabilities. The document provides code examples and explanations of the techniques.
Java is a platform independent programming language similar to C++ in syntax and Smalltalk in mental paradigm. It has features like automatic type checking, garbage collection, simplified pointers and network access. Java code is compiled to bytecode, which is interpreted by the Java Virtual Machine (JVM) on various platforms, making Java portable across different operating systems and hardware. Methods and data in Java classes can be declared as public or private to control access and eliminate errors between classes.
Java Tutorial
Write Once, Run Anywhere
The document provides an overview of Java including:
- Java is a platform independent programming language similar to C++ in syntax and Smalltalk in mental paradigm.
- Key features of Java include automatic type checking, garbage collection, simplified pointers and network access, and multi-threading.
- Java code is compiled to bytecode, which is interpreted by the Java Virtual Machine (JVM) on any platform, allowing Java to be platform independent. Just-in-time compilers attempt to increase speed.
This document provides an overview of the Java programming language. It discusses key features such as platform independence, object-oriented programming principles like inheritance and polymorphism, automatic memory management, and security features. It also covers basic Java concepts like primitive data types, variables, operators, control flow statements, methods, classes and objects.
This document provides an overview of the Java programming language. It discusses key features such as platform independence, object-oriented programming principles like inheritance and polymorphism, automatic memory management, and security features. It also covers basic Java concepts like primitive data types, variables, operators, flow control statements, methods, and classes.
Java is an object-oriented programming language that is platform independent, allowing code to run on any device. It features automatic memory management, strong typing, and multi-threading. Java code is compiled to bytecode that runs on a Java Virtual Machine, providing platform independence. Methods and classes encapsulate code and data, and inheritance, polymorphism, and interfaces support object-oriented programming.
This document provides an overview of the Java programming language. It discusses key features such as platform independence, object-oriented programming principles like inheritance and polymorphism, automatic memory management, and security features. It also covers basic Java concepts like primitive data types, variables, operators, control flow statements, methods, and classes.
Java is a mature programming language that is suitable to write reliable large programs. But Java hides also many traps. This talk summarizes experience from code quality review of a large enterprise application with over 1.5 million lines of code - problems and hidden bugs in code, and how to solve them.
This document provides an overview of the Java programming language. It discusses how Java is platform independent and compiles code to bytecode that runs on the Java Virtual Machine (JVM). Key Java features like automatic memory management, object-oriented design, and security are summarized. The document also covers Java syntax like data types, operators, control flow, and classes/methods. It provides examples of working with files, streams, and serialization in Java.
RailswayCon 2010 - Dynamic Language VMsLourens Naudé
The document discusses Ruby virtual machines and optimizations. It covers topics like Ruby VM internals, system resources, Ruby optimizations like constant folding and inlining, object structures, classes and modules, method dispatch, garbage collection. The goal is to understand tools and techniques for building high performance Ruby applications.
While most bugs reveal their cause within their stack trace, Java’s OutOfMemoryError is less talkative and therefore regarded as being difficult to debug by a majority of developers. With the right techniques and tools, memory leaks in Java programs can however be tackled like any other programming error. This talks discusses how a JVM stores data, categorizes different types of memory leaks that can occur in a Java program and presents techniques for fixing such errors. Furthermore, we will have a closer look at lambda expressions and their considerable potential of introducing memory leaks when they are used incautiously.
- Java is a platform independent programming language that is similar to C++ in syntax but similar to Smalltalk in its object-oriented approach. It provides features like automatic memory management, security, and multi-threading capabilities.
- Java code is compiled to bytecode that can run on any Java Virtual Machine (JVM). The JVM then interprets the bytecode and may perform just-in-time (JIT) compilation for improved performance. This allows Java programs to run on any platform with a JVM.
- Java supports object-oriented programming principles like encapsulation, inheritance, and polymorphism. Classes can contain methods and instance variables. Methods can be called on objects to perform operations or retrieve data.
- Java is a platform independent programming language that is similar to C++ in syntax but similar to Smalltalk in its object-oriented approach. It provides features like automatic memory management, security, and multi-threading capabilities.
- Java code is compiled to bytecode that can run on any Java Virtual Machine (JVM). Only depending on the JVM allows Java code to run on any hardware or operating system with a JVM.
- Java supports object-oriented programming concepts like inheritance, polymorphism, and encapsulation. Classes can contain methods and instance variables to define objects.
- Java is a platform independent programming language that is similar to C++ in syntax but similar to Smalltalk in its object-oriented approach. It provides features like automatic memory management, security, and multi-threading capabilities.
- Java code is compiled to bytecode that can run on any Java Virtual Machine (JVM). Only depending on the JVM allows Java code to run on any hardware or operating system with a JVM.
- Java supports object-oriented programming concepts like inheritance, polymorphism, and encapsulation. Classes can contain methods and instance variables. Methods perform actions and can return values.
Java allows writing code once that can run on any platform. It compiles to bytecode that runs on the Java Virtual Machine (JVM). Key features include automatic memory management, object-oriented design, platform independence, security, and multi-threading. Classes are defined in .java files and compiled to .class files. The JVM interprets bytecode and uses just-in-time compilation to improve performance.
Semelhante a An introduction to JVM performance (20)
With its ninth version, the Java platform has shifted gear and introduced biyearly releases. This was followed by a license change where Oracle, the steward of Java, now publishes a commercial and a non-commercial release of the Java virtual machine while other vendors took more space to promote their alternative builds of the OpenJDK. And in another flood of news, the Java EE specification was terminated and resolved into the Jakarta EE namespace.
A lot has been happening in the traditionally conservative Java ecosystem, to say the least, and many users are wondering if they still can rely on the platform. This talk gives an overview of the Java ecosystem, summarizes the changes that have been, that to expect and why the evolution of the platform is good news to the community.
This document discusses Java bytecode manipulation techniques using unsafe, instrumentation, and Java agents. It covers areas where bytecode manipulation is commonly used like mocking, persistence, and security. It analyzes techniques for defining and transforming classes at runtime and discusses challenges like injecting state and working with modules. The document also proposes ideas to standardize testing support and provide a unified dynamic code generation concept in Java.
A presentation on how microservices were implemented at the Norwegian tax authority. This presentation displays concepts and shows a few implementation details of a solution for the JVM.
An overview how to realize code generation of languages on the JVM that implement other class layouts than the Java programming languages. As an example, the inline-mock-maker for Mockito is discussed which supports languages like Kotlin that make any property final by default.
micro(-service) components. While this approach to building software - if done correctly - can improve a system's maintainability and scalability, distributed applications also introduce challanges for operations. Where monolithic applications typically offered direct access to extensive monitoring dashbords, such easy overview is no longer available when multitude services are loosly connected over a network. But how to keep track of a system of such dynamic state?
Distributed tracing is a method of connecting interaction of different services on a network. Collecting and processing such tracing information again allows for the observation of a distributed system in its entirety. This talk shares the presenter's insights gained by working on the JVM-support of distributed tracing for the APM tool Instana. Doing so, it introduces the landscape of distributed tracing on the JVM, discussing popular approaches such as Dapper, Zipkin or Brave/OpenTracing. In the process, it is discussed how byte code instrumentation can be used to capture systems without requiring a user to set up the software under observation. The presentation finishes with a discussion of typical problems of distributed tracing solutions and carefully examines the performance penalties APM tools entail.
The document provides an overview of Project Jigsaw in Java 9, which introduces a modular system and module declarations. Key points include the structure of modules and module descriptors, module readability and dependencies, and how modularity addresses issues with the prior class loader-based approach. It also discusses features like services, layers, and the module reflection API.
The document summarizes the key differences between JUnit 4 and JUnit 5 (alpha). Some of the main changes in JUnit 5 include updated annotations like @Test, support for lambda-based assertions using Hamcrest matchers, assumptions and exception testing capabilities, and support for nested and parameterized tests. JUnit 5 also overhauls extension mechanisms and introduces extension points for customization. While still in development, JUnit 5 is moving to an API based on extensions and customization points rather than the runner approach used in JUnit 4.
The document discusses various techniques for unit testing concurrent code, including using JUnit, TestNG, and a custom ThreadWeaver framework to test for threading issues in a FlawedList implementation. It also covers using jcstress for concurrency stress testing and notes that jcstress results may vary between runs and depend on processor architecture memory access semantics.
At first glance, Java byte code can appear to be some low level magic that is both hard to understand and effectively irrelevant to application developers. However, neither is true. With only little practice, Java byte code becomes easy to read and can give true insights into the functioning of a Java program. In this talk, we will cast light on compiled Java code and its interplay with the Java virtual machine. In the process, we will look into the evolution of byte code over the recent major releases with features such as dynamic method invocation which is the basis to Java 8 lambda expressions. Finally, we will learn about tools for the run time generation of Java classes and how these tools are used to build modern frameworks and libraries. Among those tools, I present Byte Buddy, an open source tool of my own efforts and an attempt to considerably simplify run time code generation in Java. (http://bytebuddy.net)
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...kalichargn70th171
In today's business landscape, digital integration is ubiquitous, demanding swift innovation as a necessity rather than a luxury. In a fiercely competitive market with heightened customer expectations, the timely launch of flawless digital products is crucial for both acquisition and retention—any delay risks ceding market share to competitors.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
WWDC 2024 Keynote Review: For CocoaCoders AustinPatrick Weigel
Overview of WWDC 2024 Keynote Address.
Covers: Apple Intelligence, iOS18, macOS Sequoia, iPadOS, watchOS, visionOS, and Apple TV+.
Understandable dialogue on Apple TV+
On-device app controlling AI.
Access to ChatGPT with a guest appearance by Chief Data Thief Sam Altman!
App Locking! iPhone Mirroring! And a Calculator!!
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Liberarsi dai framework con i Web Component.pptxMassimo Artizzu
In Italian
Presentazione sulle feature e l'utilizzo dei Web Component nell sviluppo di pagine e applicazioni web. Racconto delle ragioni storiche dell'avvento dei Web Component. Evidenziazione dei vantaggi e delle sfide poste, indicazione delle best practices, con particolare accento sulla possibilità di usare web component per facilitare la migrazione delle proprie applicazioni verso nuovi stack tecnologici.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
2. Performance-talk disclaimer
EVERYTHING IS A LIE!!
Please keep in mind:
• The JVM’s performance model is an implementation detail you cannot rely on.
• Performance is hard to get right and it is difficult to measure.
• We look at HotSpot in this talk, other JVMs might behave differently.
• Occasionally, implementations are performant without appearing to be.
3. How is Java code executed?
Java javac JVM processor
source code byte code machine code
Optimizations are applied almost exclusively after handing resposibility to the
JVM. This makes them difficult to trace as the JVM is often seen as a black box.
Other compilers such as for example scalac might however apply optimizations
such as resolving tail recursion into ordinary loops.
4. HotSpot: interpretation and tiered compilation
interpreter C1 (client) C2 (server)
level 0 level 1 level 2 level 3 level 4
C2 is busy
trivial method
machine code
templating
no
profiling
simple
profiling
advanced
profiling
profile-based
optimization
Mostly, steady state performance is of interest. Compilation only of “hot spots” with
a single method as the smallest compilation unit.
5. A central building block: call sites
class Foo {
void bar() {
System.out.println("Hello!");
}
}
A call site, that is a
specific method call
instruction in the code.
void doSomething(Foo val) {
val.bar();
}
Other than in many languages, in Java, most method calls are virtual.
The question is: How does the JVM reason about what code to execute?
Method invocation is a very common task for a JVM, it better be fast!
indirection
6. Virtual method tables (vtables / itables)
# Method Code
1 hashCode() 0x234522
2 equals(Object) 0x65B4A6
3 toString() 0x588252
… … …
8 bar()
class Foo {
void bar() {
System.out.println("Hello!");
}
}
class Sub extends Foo {
@Override
void bar() {
System.out.println("Woops!");
}
}
# Method Run
1 hashCode() 0x234522
2 equals(Object) 0x65B4A6
3 toString() 0x588252
… … …
8 bar()
class Foo
class Sub
Single inheritance allows for index-based lookup of a method implementation.
But resolving this triple indirection on every method call is still too slow!
7. Inline caches
class Foo {
void bar() {
System.out.println("Hello!");
}
}
void doSomething(Foo val) {
val.bar(); [cache: val => Foo: address]
}
cachedlink
Inline caches observe instance classes and remember the address of a class’s
method implementation. This would avoid the lookup in a virtual method table.
Smalltalk is a prominent user of such caches. But this double indirection is still to slow!
8. Monomorphic (“linked”) call site
class Foo {
void bar() {
System.out.println("Hello!");
}
}
void doSomething(Foo val) {
[assert: val => Foo]
[goto: method address]
}
directlink
The JVM is based on making optimistic assumptions and adding traps when these
assumptions are not met (“adaptive runtime”). Heuristics show that most call sites only
ever observe a single class (“monomorphic”). These same heuristics also show that
non-monomorphic call sites often observe many types (“megamorphic”).
The JVM has created a
profile for this call site.
It is now optimisitc
about what instances it
will observe.
9. monomorphic bimorphic polymorphic megamorphic
direct link
vtable
lookup
(about 90%)
A call site’s profile is generated at runtime and it is adapted after collecting sufficient
information. In general, the JVM tries to be optimistic and becomes more pessimistic
once it must. This is an adaptive approach, native programs cannot do this.
optimization
deoptimization
home of rumors
conditional
direct link
(data structures) (but dominant targets)
10. Inlining
void doSomething(Foo val) {
[assert: val => Foo]
System.out.println("Hello!");
}
inlined
Inlining is often consider an “uber optimization” as it gives the JVM more code to
omtimize as a single block. The C1 compiler does only little inlining after performing “class
hierarchy analysis” (CHA). The C2 compiler inlines monomorphic and bimorphic call sites
(with a conditional jump) and the dominant target (> 90%) of a megamorphic call site.
Small methods (< 35 byte) are always inlined. Huge methods are never inlined.
class Foo {
void bar() {
System.out.println("Hello!");
}
}
void doSomething(Foo val) {
[assert: val => Foo]
[goto: method address]
}
11. Call receiver profiling: every type matters!
List<String> list = ... // either ArrayList or LinkedList
list.size(); // a bimorphic call site
// new class turns call site into megamorphic state
new ArrayList<String>() {{
add("foo");
add("bar");
}};
When the JVM profiles call sites or conducts class hierarchy analysis, it takes the receiver
type at a call site into consideration, it does not analyze if a method is actually
overridden. For this reason, every type matters (even when calling final methods).
You might wonder why this is not optimized:
Looking up an object’s class is an order-one operation. Examining a class hierarchy is not.
The JVM needs to choose a trade-off when optimizing and analyzing the hierarchy does
not pay off (educated guess). “Double brace initialization” is a however often introducing
new (obsolete) types at call sites. Often enough, this results in vtable/itable lookups!
12. Microoptimizing method dispatch
interface Foo { void m(); }
class Sub1 implements Foo { @Override void m() { ... } }
class Sub2 implements Foo { @Override void m() { ... } }
class Sub3 implements Foo { @Override void m() { ... } }
void doSomething(Foo foo) {
foo.m();
}
If all three types are
observed, this call site is
megamorphic. A target
is only inlined if it is
dominant (>90%).
Do not microoptimize, unless you must! The improvement is minimal.
In general: static/private > class virtual (null check) > interface virtual (null + type check).
This is true for all dispatchers (C2, C1, interpreter)
Source: http://shipilev.net/blog/2015/black-magic-method-dispatch/
class Foo {
int id // 1, 2, 3
static void sub1() { ... }
static void sub2() { ... }
static void sub3() { ... }
}
Fields are never
resolved dynamically.
Static call sites always
have an explicit target.
Idea: avoid dynamic
dispatch but emulate it
at the call site.
(“call by id”)
void doSomething(Foo foo) {
switch (foo.id) {
case 1: Foo.sub1(); break;
case 2: Foo.sub2(); break;
case 3: Foo.sub3(); break;
default: throw new IllegalStateException();
}
}
13. static void log(Object... args) {
System.out.println("Log: ");
for (Object arg : args) {
System.out.println(arg.toString());
}
}
void doSomething() {
System.out.println("Log: ");
System.out.println("foo".toString());
System.out.println(new Integer(4).toString());
System.out.println(new Object().toString());
}
Call site specialization
void doSomething() {
log("foo", 4, new Object());
}
inlined
void doSomething() {
System.out.println("Log: ");
Object[] args = new Object[]{"foo",4,new Object()};
for (Object arg : args) {
System.out.println(arg.toString());
}
}
Thanks to inlining (and loop unrolling), additional call sites are introduced.
This way, formerly megamorphic call sites can become monomorphic after duplication.
Generally, optimizations allow for new optimizations. This is especially true for inlining.
Unroll the entire loop as
it is now of a fixed size.
15. All programs are typed!
Types (which do not equal to classes) allow us to identify “things” in our programs
that are similar. If nothing in your program has similarities, there might be something
wrong. Thus, even machines for dynamic languages look for types. (e.g. V8, Nashorn)
var foo = { };
foo.x = 'foo';
foo.y = 42;
var bar = { };
bar.y = 42;
bar.x = 'bar';
*
x
x, y
y
y, x
If your program has no structure, how should an
optimizer find any? Any “dynamic program” is typed,
but it is so implicitly. In the end, you simply did not
make this structure explicit.
V8, hidden class
16. int size = 20_000;
int maximum = 100;
int[] values = randomValues(size, maximum);
Arrays.sort(values);
Can the outcome of this
conditional instruction be
predicted (by the processor)?
Branch prediction
A conditional control flow
is referred to as branch.
int sum = 0;
for (int i = 0; i < 1_000; i++) {
for (int value : values) {
if (value > 50) {
sum += value;
} else {
sum -= value;
}
}
}
Warning: This example is too simple, the VM (loop interchange, conditional moves) has
become smarter than that. After adding more “noise”, the example would however work.
An unfortunate example where the above problem applies are (currently!) Java 8 streams
which build on (internal) iteration and conditionals (i.e. filters). If the VM fails to inline such
a stream expression (under a polluted profile), streams can be a performance bottle neck.
17. Loop peeling (in combination with branch specialization)
int[][] matrix = ...
for (int[] row : matrix) {
boolean first = true;
for (int value : row) {
if(first) {
first = false;
System.out.println("Row: ");
}
System.out.print(value + " ");
}
System.out.println(" --- ");
}
int[][] matrix = ...
for (int[] row : matrix) {
boolean first = true;
int index = 0;
if(first) {
first = false;
System.out.println("Row: ");
}
System.out.print(value + " ");
for (index = 1; index < row.length; index++) {
if(first) {
first = false;
System.out.println("Row: ");
}
System.out.print(value + " ");
}
System.out.println(" --- ");
}
Disclaimer: There is much more “loop stuff”.
18. PREDICTION GOOD!
RANDOM BAD!
The Hulk performance rule #2
Keep in mind:
Obviously, any application contains an inherent
unpredictability that cannot be removed.
Performant programs should however not add
more complexity as necessary as this burdens
modern processors which prefer processing
long, predictable pipes of instructions.
19. List<String> list = ...;
for (String s : list) {
System.out.println(s);
}
Escape analysis
List<String> list = ...;
Iterator<String> it = list.iterator();
while (it.hasNext()) {
System.out.println(it.next());
}
object
allocation
Escape analysis is difficult (expensive) to conduct. By avoiding long scopes, i.e. writing
short methods, an object’s scope is easier to determine. This will most likely improve in
future JVM implementations.
scope
Any heap allocated object needs to be garbage collected at some point. Even worse,
accessing an object on the heap implies an indirection what should be avoided.
21. long start = System.currentTimeMillis();
long end = System.currentTimeMillis();
System.out.println("Took " + (end - start) + " ms");
int sum = 0;
for (int value : values) {
sum += value;
}
int size = 20_000;
int[] values = randomValues(size);
int sum = 0;
for (int value : values) {
sum += value;
}
int size = 20_000;
int[] values = randomValues(size);
Dead-code elimination
Also, the outcome might dependant on the JVM’s collected code profile that was
gathered before the benchmark is run. Also, the measured time represents wall-clock
time which is not a good choice for measuring small amounts of time.
22. void run() {
int size = 500_000;
for (int i = ; i < 10_000; i++) {
doBenchmark(randomValues(size));
}
int[] values = randomValues(size);
System.out.println("This time is for real!");
doBenchmark(values);
}
void doBenchmark(int[] values) {
long start = System.nanoTime();
int sum = 0;
for (int value : values) {
sum += value;
}
long end = System.nanoTime();
System.out.println("Ignore: " + sum);
System.out.println("Took " + (end - start) + " ns");
}
A better benchmark
23. A good benchmark: JMH
class Sum {
int[] values;
@Setup
void setup() {
values = randomValues(size);
}
@Benchmark
int sum() {
int sum = 0;
for (int value : values) {
sum += value;
}
return sum;
}
}
In general, avoid measuring loops.
24. Assuring JIT-compilation
void foo() {
for (int i = 0; i < 10000; i++);
// do something runtime intensive.
}
Due to “back-edge overflow”, the method is compiled upon its first invocation.
As the loop is not useful, it is eliminated as dead code.
This can sometimes help for testing long-running benchmarks that are not invoked
sufficiently often in a benchmark‘s warm-up phase which is time-constrained.
This can also be used in production systems to force the JIT to warm up a method.
The method only needs to be invoked a single time before using it. This should
however be used with care as it is making an assumption about the inner workings
of the used JVM.
25. Measuring the right thing, the right way
Measuring the performance of two operational blocks does not normally resemble the
performance of the performance of both blocks if executed subsequently.
The actual performance might be better or worse (due to “profile pollution”)!
Best example for such “volume contractions”: Repeated operations. The more the JIT
has to chew on, the more the compiler can usually optimize.
27. On-stack replacement
public static void main(String[] args) {
int size = 500_000;
long start = System.nanoTime();
int sum = 0;
for (int value : randomValues(size)) {
sum += value;
}
long end = System.nanoTime();
System.out.println("Took " + (end - start) + " ns");
}
On-stack replacement allows the compilation of methods that are already running.
If you need it, you did something wrong. (It mainly tackles awkward benchmarks.)
28. ON-STACK
REPLACEMENT?
OVERRATED!
The Hulk performance rule #5
However:
If the VM must deoptimize a running method,
this also implies an on-stack replacement of
the running, compiled method. Normally, such
deoptimization is however not referred to as
on-stack replacement.
29. Intrinsics
The HotSpot intrinsics are listed in vmSymbols.hpp
class Integer {
public static int bitCount(int i) {
i = i - ((i >>> 1) & 0x55555555);
i = (i & 0x33333333) + ((i >>> 2) & 0x33333333);
i = (i + (i >>> 4)) & 0x0f0f0f0f;
i = i + (i >>> 8); i = i + (i >>> 16);
return i & 0x3f;
}
}
On x86, this method can be reduced to the POPCNT instruction.
Ideally, the JVM would discover the legitimacy of this reduction from analyzing the
given code. Realistically, the JVM requires hints for such reductions. Therefore, some
methods of the JCL are known to the JVM to be reducible.
Such reductions are also performed for several native methods of the JCL. JNI is
normally to be avoided as native code cannot be optimized by the JIT compiler.
30. Algorithmic complexity
Remember that data structures are a sort of algorithm!
Date getTomorrowsDate() {
Thread.sleep(24 * 60 * 60 * 1000);
return new Date();
}
class ArrayList<E> implements List<E> {
E[] data;
}
class LinkedList<E> implements List<E> {
Node<E> first, last;
}
Aside access patterns, data locality is an important factor for performance.
Sometimes, you can also trade memory footprint for speed.
32. Reflection, method handles and regular invocation
Method method = Foo.class.getDeclaredMethod("bar");
int result = method.invoke(new Foo(), 42);
class Method {
Object invoke(Object obj, Object... args);
}
boxing
2xboxing
Escape analysis to the rescue? Hopefully in the future. Today, it does not look so good.
class Foo {
int bar(int value) {
return value * 2;
}
}
33. Reflection, method handles and regular invocation
class Foo {
int bar(int value) {
return value * 2;
}
}
MethodType methodType = MethodType
.methodType(int.class, int.class);
MethodHandle methodHandle = MethodHandles
.lookup()
.findVirtual(Foo.class, "bar", methodType);
int result = methodHandle.invokeExact(new Foo(), 42);
class MethodHandle {
@PolymorphicSignature
Object invokeExact(Object... args) throws Throwable;
}
This is nothing you could do but JVM magic. Method handles also work for fields.
Further intrinsification methods: share/vm/classfile/vmSymbols.hpp
38. Main memory
False sharing
class Shared {
int x;
int y;
}
14 7 “foo” 71 97 “bar”
L1 cache (1)
L1 cache (2)
1: writes x
2: writes y
14 7 “foo” 71 97 “bar”
14 7 “foo” 71 97 “bar”
24 7 “foo” 71 97 “bar”
14 1 “foo” 71 97 “bar”
contention class Shared {
@Contended
int x;
@Contended
int y;
}
14
7
“foo” 71 97 “bar”
Field annotation increases memory usage significantly! Adding “padding fields” can
simulate the same effect but object memory layouts are an implementation detail and
changed in the past. Note that arrays are always allocated in continuous blocks!
Conversely, cache (line) locality can improve a single thread‘s performance.
41. private void synchronized foo() {
// ...
}
private void synchronized bar() {
// ...
}
void doSomething() {
synchronized(this) {
foo(); // without lock
bar(); // without lock
}
}
void doSomething() {
foo();
bar();
}
Lock coarsening
private void foo() {
// ...
}
private void bar() {
// ...
}
locksandunlockstwiceLocks are initially biased towards the first locking thread. (This is currently only possible
if the Identity hash code is not yet computed.) In conflict, locks are promoted
to become “thick” locks.
43. javac optimizations: constant folding of compile-time constants
class Foo {
final boolean foo = true;
}
class Bar {
void bar(Foo foo) {
boolean bar = foo.foo;
}
}
javac inlines all compile-time constants (JLS §15.28): compile-time constants are
primitives and strings with values that can be fully resolved at javac-compilation time.
"foo" // compile-time constant
"bar".toString() // no compile-time constant
Most common use case: defining static final fields that are shared with other classes.
This does not require linking or even loading of the class that contains such constants.
This also means that the referring classes need to be recompiled if constants change!
class Foo {
final boolean foo = true;
}
class Bar {
void bar(Foo foo) {
foo.getClass(); // null check
boolean bar = true;
}
}
Be aware of compile-time constants when using reflection! Also, be aware of stackless
NullPointerExceptions which are thrown by C2-compiled Object::getClass invocations.
constant-folding
withnullcheck
indisguise(JLS!)
45. “A fool with a tool is still a fool“
The basic problem: (Heisenberg)
Once you measure a system‘s performance, you change the system.
In a simple case, a no-op method that reports its runtime is not longer no-op.
46. “A fool with a tool is still a fool“ (2)
Many profilers use the JVMTI for collecting data. Such “native-C agents” are only
activated when the JVM reaches a safe-point where the JVM can expose a sort
of “consistent state” to this “foreign code”.
blocked
running
If the application only reaches a safe point when a thread is blocked then a profiler would
suggest that the application is never running. This is of course nonsense.
“Honest profiler” (Open Source): Collects data by using UNIX signals.
“Flight recorder” (Oracle JDK): Collects data on a lower level than JVMTI.
47. “A fool with a tool is still a fool“ (3)
push %rbp
mov %rsp,%rbp
mov $0x0,%eax
movl $0x0,-0x4(%rbp)
movl $0x5,-0x8(%rbp)
mov -0x8(%rbp),%ecx
add $0x6,%ecx
mov %ecx,-0xc(%rbp)
pop %rbp
retq
int doSomething() {
int a = 5;
int b = a + 6;
return b;
}
For some use cases, it helps to look at the assembly. For this you need a development
build or you need to compile the disassembler manually. Google is your friend. Sort of
painful on Windows. JMH has great support for mapping used processor circles to
assembly using Unix’s “perf”. JITWatch is a great log viewer for JIT code.
The JVM can expose quite a lot (class loading, garbage collection, JIT compilation,
deoptimization, etc.) when using specific XX flags. Possible to print JIT assembly.
48. Generally speaking, the
JVM honors clean code,
appropriate typing, small
methods and predictable
control flow. It is a clear
strength of the JVM that
you do not need to know
much about the JVM‘s
execution model in order
to write performance
applications. When writing
critical code segments, a
closer analysis might
however be appropriate.
Professor Hulk’s general performance rule