Categories
Featured Google Guest Post Java Language Tech News Uncategorized Unicorns

Google Open-Sources The App Engine Standard Java runtime

The introduction of Google App Engine in 2008 opened up a whole new world for developers – one without worrying about infrastructure management or scaling web applications. Java 8, 11 and 17 all run on this platform along with alternative JVM languages like Apache Groovy or Kotlin are also part of it.

But now, Google has finally opened-source the Java Source code for its Google App Engine Standard environment, which includes all of its production runtime features as well as APIs and local SDKs.

In the below picture representation, items in orange are public modules artifacts and items in yellow are internal ones. Modules ending with * are only used on the production server-side:

Source: https://github.com/GoogleCloudPlatform/appengine-java-standard
PackageDescription
com.google.appengine.apiProvides facilities for server lifecycle management, threading and namespaces/multitenancy.
com.google.appengine.api.appidentityProvides a service to sign arbitrary byte arrays using an internally-generated, rotated private key.
com.google.appengine.api.backendsProvides access to long-running, addressable servers.
com.google.appengine.api.blobstoreProvides management and persistent storage of large, immutable byte arrays.
com.google.appengine.api.capabilitiesProvides status information about the services available via the Google App Engine APIs.
com.google.appengine.api.datastoreProvides persistent storage, also accessible via JDO or JPA interfaces.
com.google.appengine.api.filesProvides a service for file storage and access.
com.google.appengine.api.imagesProvides facilities for the creation and manipulation of images.
com.google.appengine.api.logProvides access to request logs and application logs.
com.google.appengine.api.mailProvides a service to send email messages on behalf of administrators or authenticated users, also accessible via a JavaMail interface.
com.google.appengine.api.memcacheProvides fast but unreliable data storage, also accessible via a JCache interface.
com.google.appengine.api.modulesUtility functions for working with modules.
com.google.appengine.api.oauthProvides a method for clients to access server resources on behalf of a resource owner, as well as a process for end-users to authorize third-party access to their server resources without sharing their credentials.
com.google.appengine.api.quotaProvides measurement of API and CPU usage during requests.
com.google.appengine.api.searchProvides a service for indexing documents and retrieving them using search queries.
com.google.appengine.api.search.checkers 
com.google.appengine.api.search.query 
com.google.appengine.api.taskqueueProvides a mechanism to perform work initiated by a user request, outside of that request.
com.google.appengine.api.urlfetchProvides a service to make HTTP/S requests of other servers on the internet.
com.google.appengine.api.usersProvides facilities to check if a user has authenticated, retrieve their email address, and check if they are an administrator for this application.
com.google.appengine.api.utilsProvides common utility classes.
com.google.apphosting.apiProvides access to the ApiProxy, which dispatches API calls to backend services.

Github: https://github.com/GoogleCloudPlatform/appengine-java-standard

References:

  • https://cloud.google.com/appengine/docs/standard/java/javadoc
  • https://cloud.google.com/blog/topics/developers-practitioners/open-sourcing-app-engine-standard-java-runtime
  • https://www.infoq.com/news/2022/03/google-appengine-java/
Categories
Featured Guest Post Java Language Tech News Uncategorized

The Java Concurrency Model: Project Loom Introduces Lightweight and Efficient Virtual Threads Called Fibers

Lightweight and efficient virtual threads called fibers have been introduced by Project Loom, massively increasing resource efficiency while preserving the same simple thread abstraction for developers.

Loom is an up-and-coming project in the Java/JVM ecosystem (hosted by OpenJDK) that aims to offer a more practical approach than traditional threads. It does this with new language constructs for managing them and some lighter alternatives.

The project will accomplish this by adding these new constructs:

  • Virtual threads
  • Delimited continuations
  • Tail-call elimination

The Fiber class is a virtual thread that allows developers to use asynchronous Acrobatics. This under-the-hood work will make it easier for them, as well as provide an opportunity of moving forward with existing code without too much trouble or confusion about how things should be done differently now because there’s some new framework available called “Fiber.”

A very simple example of using fibers is shown below:

Thread.startVirtualThread(
  () -> {
    System.out.println("Hello World");
  }
);

Loom’s fibers are different than any other concurrent programming model, but they’re not meant to break your code. This is a rather Herculean task, given how much needs change in order for everything just to work better with fibers- but they’re committed! You don’t need any more than what’s already there; all your threads should continue working fine even after adopting this new system.

Project: https://wiki.openjdk.java.net/display/loom/Main

References:

  • https://blogs.oracle.com/javamagazine/post/going-inside-javas-project-loom-and-virtual-threads
  • https://www.infoworld.com/article/3652596/project-loom-understand-the-new-java-concurrency-model.html
Categories
Featured Guest Post Java Language Meta Tech News Unicorns

Meta Open-Sources A Compositional Deadlock Detector for Android Java

The research team at Meta has developed a new static analyzer that catches deadlocks in Java code for Android without ever running the app. What distinguished this work from past efforts is its ability to analyze revisions within large software libraries with hundreds of millions of lines–enough time and space so problems can be found before they manifest themselves as bugs or crashes. The proposed analyzer is open-sourced and forms part of the Infer static analysis framework.

Using abstract interpretation techniques, the proposed analyzer has been designed to summarize how each method behaves when acquiring locks and releasing them and whether it can run on the main thread or background task. This is done elegantly by compounding all behaviors into one summary that reflects what callers will be affected if their operation depends upon this particular piece of code being fast enough for them not to experience lags while running through various parts within your application’s workflow process.

This tool takes a different approach by not analyzing all source files in an app. Instead, it starts with the revisions’ modified methods first and uses that data for its analysis – which can be scalable because of this heuristic.

The team’s research proves that their analysis is sound and complete for a non-deterministic programming language, which means it can detect all deadlocks without false positives.

The static detection of deadlocks has been very valuable in analyzing and diagnosing. Our approach achieves this goal while also making it sufficiently scalable to deploy analyzers on large codebases.

Paper: https://discovery.ucl.ac.uk/id/eprint/10140070/1/deadlocks_final.pdf

Reference: https://engineering.fb.com/2022/03/08/android/deadlock-detector-for-android-java/

Categories
Featured Java Language Tech News Uncategorized

Java Plans To Release Java Development Kit (JDK-18) in March 2022: Checkout the Features

Java Development Kit (JDK) 18 is scheduled for release on March 22, 2022. The new version of standard Java will have nine features with the feature set having been frozen as of December 9th. JDKs are released every six months and JDK 17 just came out in September so expect another one soon.

JDK 18 Features

Seven out of these nine features can be placed into Core Java Library. These seven include:

The rest the two out of these nine features can be placed under Java Tools.

References:

  • https://openjdk.java.net/projects/jdk/18/#Schedule
  • https://www.infoworld.com/article/3630510/jdk-18-the-new-features-in-java-18.html
  • https://www.infoq.com/news/2022/03/java-18-so-far/
Categories
Amazon Featured Java Language Python Tech News Unicorns

AWS’s CodeGuru Reviewer Now Has New Features To Spots Log4Shell-Like Bugs In Java And Python Code

The Amazon Web Services’ CodeGuru Reviewer Tool’s ‘detectors’ has been updated to seek out potential flaws like the recently disclosed Log4J bug.

Two new features are now available for CodeGuru Reviewer, an AWS scanner that uses machine learning to check code during reviews and suggest improvements. The tool aims to improve reviews in the context of continuous integration processes (CI/CD) developed by developers with source codes stored on GitHub or Bitbucket; after they commit their work onto these platforms, it will be easy for them to add CodeGuru Reviewer as a code reviewer.

This past year, the company added new features to help flesh out their security checks. The first is CodeGuru Reviewer Secrets Detector which detects risky hardcoded secrets in source code and configuration files for Java or Python applications like passwords (and API access keys).

With the new features for CodeGuru Review, which includes the ‘Detector Library,’ you can now detect common security flaws affecting Java and Python web applications as well as several detectors specifically aimed at Log4Shell-like log injection.

The detector library is a great resource for reviewing the many different types of vulnerabilities that can occur in your code. It contains information about each security issue, including its severity and how it may affect an application process or system functionality. With over 91 Java and 69 Python detectors to choose from, the library’s comprehensive security system has you covered.

References:

  • https://aws.amazon.com/blogs/aws/new-for-amazon-codeguru-reviewer-detector-library-and-security-detectors-for-log-injection-flaws/
  • https://www.zdnet.com/article/awss-ai-code-reviewer-now-spots-log4shell-like-bugs-in-java-and-python-code/