Java 7 Ships With Severe Bug 180
Lisandro writes "Lucid Imagination just posted an announcement about a severe bug in the recently released Java 7. Apparently some loops are mis-compiled due to errors in the HotSpot compiler optimizations, which causes programs to fail. This bug affects several Apache projects directly — Apache Lucene Core and Apache Solr have already raised a warning, noting that the bug might be present in Java 6 as well."
Sounds just about right for Oracle. (Score:4, Insightful)
So well known for product "quality"
Re: (Score:2)
Yeah because the numerous bugs and security vulnerabilities in the Sun version of the JVM was such great "quality" in itself, right?
Re:Sounds just about right for Oracle. (Score:4, Insightful)
Can you name an instance where Sun knew the thing miscompiled loops before release and put it out anyway with no warning to users about the error?
I can't. Sun got stuff wrong sometimes, but this is an incredible level of actively poor judgement from Oracle. Anybody sane would have delayed this release.
Re: (Score:3)
Emphasis in the original. So it looks more like Oracle turned on more aggressive optimizations by default. And if it's such an obvious bug, one would think it would have turned up in the last 29 version 6 releases?
Re:Sounds just about right for Oracle. (Score:5, Informative)
No, honestly. This wasn't caught before because nobody used those flags. Oracle decided that these flags should be turned on by default. Therefore, the onus was on Oracle to thoroughly and broadly test these flags before promoting them to be used by default.
I guarantee you'll find some hairy bugs if you enable lots of random, rarely enabled flags in just about any compiler. The difference between a good compiler and a bad compiler is that a good compiler tests flags thoroughly before either enabling any the flags by default or rolling them into a commonly used option. In effect, what Oracle did was to take an obscure, poorly tested code path and promote it into the hot path through their code. This is something that any first-year CS student should know is risky.
The best part of this is that (assuming other Slashdot comments are correct) this occurs in commonly used third-party libraries, and was disclosed to Oracle several days before the release shipped. Where I work, that's what is known as a P1 block-ship bug, and people will be called in to work on it day and night until the problem is resolved, and if necessary, features will get temporarily pulled (e.g. turning that optimization back off by default).
For shame, Oracle.
Re: (Score:2)
Nobody used aggressive optimizations? You're off your rocker. I think that's one of the first tweaks people go to when they're trying to tune Java performance. Yes, it wasn't used by the majority of people, but it would have been excusable to think that these options had seen enough testing from those enabling the option to catch any obvious bugs.
Re: (Score:2)
Nobody used aggressive optimizations? You're off your rocker. I think that's one of the first tweaks people go to when they're trying to tune Java performance. Yes, it wasn't used by the majority of people, but it would have been excusable to think that these options had seen enough testing from those enabling the option to catch any obvious bugs.
Obviously "nobody" is a sweeping generalization, but if someone is tuning Java performance, and it breaks when a particular switch is turned on, the switch is just going to be left off from then on. Maybe they'll turn revert a few other previously changed options, but unless it stops being broken as a result...
Re: (Score:2)
Re: (Score:2)
exactly - and to top it off according to Apache.. Oracle has put the fix in a timeline to be released on Java 7 update 2.. so something that should never have gone out the door isn't going to be fixed for this or the next update.. that's just stupid.
Re: (Score:2)
You'll find bugs in software every time you change software. Hopefully in alpha and regression testing. Or in Beta testing, if you do it old-school and dogfood it instead of pretending that the first release to the public is Beta testing, or just skip it altogether.
Seems Oracle should have had test cases for these (Score:2)
If not, I hope they update their validation testing suite to compile and run the code giving problems everyone is finding and sharing.
Re: (Score:2)
Heh... Yeah, we have one of those severity levels in the tracking system too. Simply put, this shows you just what Oracle thinks about "quality", more than anything else.
Re: (Score:2)
Excessive hyperbole is a good way of making an otherwise sound argument sound silly.
I remember when I was a Computing Science first-year student (18+ in my country, but 17+ in the educational system I went to university in). Compiler options beyond input and output files names were not on the agenda. "This is se
Re: (Score:2)
I hope not. But they should have it drilled into their heads from day one that code has bugs, and you have to test code before you submit it to the teacher. If you decide to include that chunk of code that hasn't been tested when you turn it in to your teacher, you're risking getting a bad grade.
This is essentially what Oracle did when they enabled by default an option
Re: (Score:2)
TBH though, as I get longer and longer in the tooth, I'm finding that I get more and more cautious about validating input. I see that the actual programmers in the sand pit do too, as the version number of our package edges upwards.
Re: (Score:2)
Obviousness is irrelevant if the part of the article that says:
"""These problems were detected only 5 days before the official Java 7 release, so Oracle had no time to fix those bugs,"""
is accurate then Oracle are way past poor judgement.
You have a bug in your compiler/jvm/whatever which will cause some programs to crash and others to give the wrong output.Do you:
1. Release it anyway and hope no one notices.
2. Release it anyway and warn people about it.
3. Delay the release until it is fixed.
4. Disable that,
Re: (Score:2)
You should do 3 or 4, documenting things in the case of '4'. 1's not acceptable as is 2, really, when you get to brass tacks.
Re: (Score:2)
Ah, but the problem is...Oracle knew about a week before release that this was going on- and did and said nothing about it and shipped it with that problem. Sorry, they're not getting an out just because it was the previous version where it wasn't the default behavior.
Re: (Score:2)
Remarkable amount of spittle flying in this thread...
I expect most major technical artefacts from javac to SUVs to space ships go out the door with known defects; heck I worked on a major defence project where the ship had to ship without most of its code, with the significant risk of killing innocent passers-by. And 5 days may simply not be enough time to repackage everything for a bug that's going to affect very few people. (Except possibly some loud ones with an axe to grind?)
In fact, back in C/C++ lan
Re:Sounds just about right for Oracle. (Score:5, Interesting)
It's quite common for more aggressive optimization flags on any compiler to come with warnings that things may break in odd ways. It's even considered acceptable as long as those flags default to off.
It is NOT acceptable to set them on by default in that condition. At no point did Sun violate that, but Oracle just did.
Re: (Score:2)
Did you miss the part from the article that this was a bug in the JVM since well before Oracle even took over? Oh right, you probably didn't. Who cares about pesky facts when we can bash Oracle instead.
Re: (Score:2)
It was an Oracle product when they turned on the optimize flags that revealed the bug, were notified of the bug, and decided to ship with the flags on anyway.
If it had been Sun they would have delayed the release, because Java was Sun's poster product. Oracle has either canned or driven away so much talent that they probably have no clue what Java is at this point.
Re: (Score:2)
To Ellison, it's something to strip mine profits from.
Re: (Score:2)
Did you miss that it doesn't matter that they had it in the JVM before they took over. They turned it on as a default behavior for the release, didn't check that it broke anything, and then shipped it anyway when they found it out 5 days before the ship date .
No company that cares about quality would've EVER done things like this. Seriously. It's called delay ship or back out the default behavior and document the problem with the optimization flag. They knew within enough time to fix it enough to ship w
Re: (Score:2)
Accuseth locopuyo:
Oracle is an evil corporation bent on world domination.
Well, I work there, and speaking strictly for myself: No on 1, Yes on 2
Re: (Score:3)
Re: (Score:2)
The last major version of Java came out in December 2006. If that's not enough of a delay, I don't know what is.
Re: (Score:2)
Uh, that's not the point and if you're being honest, you know that to be the case. This is a "showstopper" bug where most other places would've delayed the release a bit further (yes...in addition to the "delay" you refer to...) or back that change out. Seriously.
Re: (Score:2)
Either you're joking, or you just have no idea what you're talking about.
Re: (Score:2)
Sounds all too familiar.
Just finished a project where several workarounds were needed because a well-known bug in Oracle's own damn JDBC driver hasn't been fixed in over three years.
Re: (Score:2)
Yea... Their most recent JDBC driver is also significantly slower than the previous version and contains a boolean conversion error.
Re: (Score:2)
So well known for product "quality"
I once had a heck of a time installing an Oracle product for a client. I finally figure out that the install script had a developer's home directory hard-coded into it. When I googled this path, I found an Oracle messageboard thread that had started almost three years earlier on the problem.
I had downloaded the package from Oracle that day.
Re: (Score:2)
Name a single large software package that hasn't had at least one major serious screw-up like this in the last few years. The industry's retarded to keep allowing code to be handled as if it weren't real engineering with building codes, inspectors, etc.
Re: (Score:2)
If I'm not mistaken, mis-compiled loops are patented!
Yes, but by Microsoft, not Google. Since Microsoft consider Google to be Enemy #1, I doubt they'll help Google with it.
Then again, Oracle must be pretty high up on MS's enemy list, so maybe they'll sue over it themselves...
Should I turn off javascript in my browser for now (Score:4, Funny)
Or is it only a desktop problem?
Re: (Score:2)
Troll fail.
Try again next time.
Re: (Score:3)
He was a fail troll yet got multiple people to fall for it? It's amazing how easy it is for people like the GP to continue to bait people with such obvious trolling.
Re: (Score:2)
Hehe, when I replied there were no other replies to him. Sad.
Moderator Advice: mod parent +1 Funny (Score:2)
Re:Should I turn off javascript in my browser for (Score:4, Funny)
You may think that the joke was obvious, but today is System Administrator Day. People who don't know that difference (or the difference between a CPU and hard drive, for that matter) is what sysadmins deal with every day. Nine times out of ten when users ask a really stupid question it's because they really don't know.
You would probably think I was joking if I told you that a user was worried because his java had a hot spot. The joke would be on you.
Re: (Score:2)
So you're a sysadmin? Great! I have a couple of questions maybe you could help me with.
First, how do I work this foot-peddle thingy with the two buttons and a little roller on it?
Second, where can I get a new coffee cup holder? I broke mine off. You know, the cup holder that pops out of the computer when you press the little button thingy on the front.
Thanks in advance.
Re: (Score:2)
Re: (Score:2)
Of course it does! I love a good cup of java in the morning, but my assistant keeps making it wrong. I tried explaining how to get it Done Right, but he just doesn't listen.
In the end I had to write out a script for him to follow. So yeah, in my experience, good Java comes from a good Javascript.
Java script means Everyday coffee made acceptably!
They released this anyway (Score:5, Insightful)
Relevant part:
These problems were detected only 5 days before the official Java 7 release,
so Oracle had no time to fix those bugs, affecting also many more
applications. In response to our questions, they proposed to include the
fixes into service release u2 (eventually into service release u1, see [6]).
This means you cannot use Apache Lucene/Solr with Java 7 releases before
Update 2! If you do, please don't open bug reports, it is not the
committers' fault! At least disable loop optimizations using the
-XX:-UseLoopPredicate JVM option to not risk index corruptions.
If this was known before the release and it's as severe as it's being made out to be, why the hell didn't they postpone the release? It's not like the world is dependent on Java 7 being released on time.
This isn't a little issue, either. It's extremely irresponsible for Oracle to put this kind of release out knowing of a bug this severe without any kind of warning on it.
Re: (Score:3)
There's a manager at Oracle who would have lost his quarterly bonus if 7 didn't ship on time, you wouldn't have wanted him to do that, would you?
Re: (Score:2)
Yeah that's probably the answer. Some suit somewhere decided on a release date and minor details like the product not working won't deter it.
Re: (Score:3)
Re: (Score:2)
This ain't no "corner case" . These guys enabled broken optimizations that break loops, knowingly... in a production release. I completely agree with the parent poster, this is way irresponsible of Oracle. It's akin to releasing a new car model where the steering wheel doesn't work properly.
Re: (Score:2)
Yeah, well, ok, but how many programs use these "loop" thingies? Right? You can code around them. Just do something else. I hear "recursion" is a good workaround. Amiright?
Good car analogy, btw, but I think it's more like the steering working just fine unless you want to turn. Then it snap-oversteers across the sidewalk and into the side of a building. Just keep steering straight and there'll be no problem. A steering system which permits turning, curving, or lane-changing is schedule for Q4 2011 or Q1 2012
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
Would you go as far as to say "culpably" irresponsible? Would some kind of lawsuit help, or are Oracle too big for the law?
I believe they are willing to refund the entire purchase price for the compiler.
Re: (Score:2)
Shitty products are not a crime.
Re: (Score:2)
Shitty products are not a crime.
They can be, but I wouldn't think that Java would be one of the cases where that is so. When dealing with programming tools, you're supposed to be careful. The licenses all say it, and for good reason. It's the user of those tools, the programmer (or deployer in some cases), who warrants that the produced piece of software is actually useful.
Re: (Score:2)
I don't see any sign that this is affecting many users other than the two Apache projects noted. The linked article says that the best case with the loop optimizations is a crash and worst case is incorrect behavior- but they're conveniently not mentioning how likely it is that your code would trigger this bug. I see no signs that the "Donâ(TM)t use Java 7 for anything" conclusion is anything other than totally overblown.
The fact that the bug is also present in Java 6 if you enable the (fairly common)
Horse-puckey (Score:2)
Yeah because applications out there are magic, they read the release notes for each java release and they automatically use the correct command line switches for each of the different versions of java.
don't get smart with me, young man (Score:3)
No, but if you're a sysadmin you should read release notes before making major upgrades. Not too many end-users out there using Lucene or Solr. It's also not like Sun has pushed Java 7 to end users through Java Update either (I imagine it will be quite some time before they do that).
So only the dedicated early adopters who replace what all their enterprise search software is running on with a brand-new release branch immediately after its release without reading the release notes would be affected.
Re: (Score:2)
Re: (Score:2)
why the hell didn't they postpone the release?
You know the open source motto: Never show weakness to your enemies. Oh, no, wait, that's not how it works.
Re: (Score:2)
Not to mention, they were unable to change the defaults on a couple of options back to off in a few days time?
Those were known bugs. (Score:3, Insightful)
Damn those bugs where known but Oracle choose to ship Java 7, knowing that it would crash on some very known and used Apache libraries. (And most likely other code too).
To quote:
"These problems were detected only 5 days before the official Java 7 release,
so Oracle had no time to fix those bugs, affecting also many more. "
Here is a hint to Oracle: If you find a fatal bug 5 days before launch and don't have time to fix it, you either disable the specific optimization with the know bug, or you postpone the launch and start working on a fix. Just shipping like this is stupid.
Re:Those were known bugs. (Score:4, Insightful)
Another way of looking at this is to realize that the pre-release versions of Java 7 have been out there for a long, long time, and nobody from these Apache projects felt like testing their (rather important) open source projects against it, so they could have found and reported the bug earlier.
It seems to me that fault lies in both directions here.
A more correct rewrite of the bug teaser would be, "Don't use Java 7 for anything if you are incapable of passing an extra command line argument to it".
Re: (Score:3)
Umm no. It's not the customers fault for not testing the product. It's Oracles fault. In fact, Oracle could have been using Apache in their test suite - it's not like it's a closed source product. This really raises
Re: (Score:2)
I probably forgot to hit submit on my previously-written response to your note. I intended no disrespect to you or Apache's process. I'm just expressing the general frustration that Java programmers everywhere must feel at the prospect of having a broken JDK7 out there, when it seems like it was preventable. Of course, the devil is in the details, as always. Could the bug have been identified earlier? Was the bug exhibited by a failure of an automated test suite within the Apache project, or did it manifest
Re: (Score:2)
Agreed. If the release was too close to cancel, then it should have already been released.
Otherwise, they should have disabled the optimization and put it into the release notes, thus avoiding the issue (as, apparently, using the optimizations in Java 6's HotSpot also caused the same problem) until they had time to resolve it.
Re: (Score:2)
How is 5 days "no time"?
Just how dumb are the people who write Java?
Re: (Score:2)
Ahahahahahahh! Made my day. This is the PERFECT answer !
Re: (Score:2)
They apparently also had no time to add a big fat warning to the release. I'm thinking the old skull and crossbones + Mr. Yuk would have done it.
Not just a malware trap (Score:5, Interesting)
And I was only avoiding updating it because the last time our PCs were clamoring for Java updates it was actually a (well disguised) trojan.
The next thing Windows needs to add is a "don't bother me with this update" API where software vendors need to ask the OS permission before prompting the user for updates - and also allow preference settings like "don't install a damn desktop launch icon when you update" (looking at you Adobe.) Personally, I'd set my preferences to "don't tell me about updates until they are at least a month old." There is a balance to strike between getting the latest patches for security and waiting until a patch has proven itself in the wild.
Of course, we could all just stop using software from vendors who don't do these things voluntarily (like check for bugs before pushing an update, or making an easy to access preference for launch icon settings (hint: if I've deleted the last 12 of them, I likely don't want the 13th!) but the software that I'm talking about here is Java and Acrobat - kind of hard to get around the web without those.
Re: (Score:2)
When you see a popup alerting you to an update for software you actually have installed being available, the best thing to do is go directly to the company's website and update from there...
I learned a long time ago to never trust *ANY* popups.. regardless of what they appear to be from.
Re: (Score:2)
Actually, the best thing is to wait a few days and watch relevant forums for people ripping their hair out about how the update killed their productivity (or PC) dead with nasty bugs.
Re: (Score:3)
Perhaps a bit off-topic, but relevant to the OP...
In Linux everything I need comes from one or more trusted software repositories, and all of the updates are performed through the same tool in the same way, so I do not need to familiarize myself with the different update systems for different pieces of software.
In iOS everything is downloaded and installed through the app store, updates are similarly pushed through a single (presumably trusted) source. Same with Android and the various marketplaces and pre
Larry Ellison can't hear you (Score:3)
Bug? (Score:3)
> This bug affects several Apache projects directly — Apache Lucene Core
So... from Oracle's standpoint, it's a feature?
Re: (Score:3)
The bug is called "Java" (Score:2)
And unfortunately it infects many, many computers.
Can anybody honestly tell me why people still develop in Java? It's nothing but a gigantic pain in the ass. And why does each new version of the JVM break programs written for previous versions? Is there no backwards compatibility at all??
Re: (Score:2)
Please, can you name a programming language/compiler that's more backwards compatible?
Re: (Score:2)
sh, Perl 5, Lisp, Javascript, everything IBM produces, ...
Re: (Score:2)
sh is not a programming language.
I knew all those shell scripts wasn't programming! mmh wait a minute...
Re: (Score:2)
gcc
Re: (Score:2)
Are you serious? I think Java is the only modern language i can think of that forces you to be careful when updating versions. Or porting to different platforms - hell, Perl and Python are, in many ways, much more stable and portable than Java.
Re: (Score:2)
IIRC java 6 is bytecode compatible with java 1.1, but correct me if I'm wrong. Citing Python seems weird, as the Python 3.x breaks nearly all 2.x libraries.
Re: (Score:2)
Python recompiles files to .pyc bytecode dynamically, so you don't even have to care about it. I haven't had any issues migrating code from 2.x to 3.x.
Re: (Score:2)
Nonsense. I have Java code that I knocked out for Netscape 2 that basically still runs happily in current browsers, and is non-trivial.
And I fold that same code into a current Java application, and optimise across the old and new with Progard.
Couldn't really do that with (say) C or C++, and I've been paid shedloads to port them over the years.
The only other language that I know and use with the practical backward compatibility of Java (ie stuff more than an decade old runs perfectly surviving many OS chang
Re: (Score:2)
Well, then explain to me why every place I've ever worked I've had to maintain several different versions of Java on most servers/desktops because certain apps refuse to work correctly with the most recent version and require an older version? Hell, many apps now go as far as to just install their own version of Java somewhere to get around the fact that their shit probably won't work with whatever version you have have installed.
Currently where I work our time and attendance software (from a major vendor)
Re: (Score:2)
1) They wrote some low level C hooks that makes the application not "pure" java.
2) They want to milk you for a new version of the software that "supports java X now"
3) They have bad programmers that don't really understand there code, there is some voodoo magic in that specific version of java is needed.
4) The company wants to assume no deviation in run time environment such to lower any support cost for there number 3 mistakes. Most likely is number 3, they just
Re: (Score:2)
I am a sysadmin and have been for over 25 years, as well as a developer and consultant and architect, and I eat my own dogfood.
A Java runtime is no worse than (say) a C++ one from an admin point of view, IMHO.
Rgds
Damon
Re: (Score:2)
I'm just telling you my experience. Hey, I'm glad it's always "just worked" for you. That's not ever been my experience.
Write once, test everywhere (Score:2)
Nothing has changed in 15 years
Re: (Score:2)
Re: (Score:2)
How else??? (Score:2)
"upgrading to the latest version of your development environment, literally on the day of release, seems to be rather poor practice."
It's THE ONLY REASONABLE practice if you wish to actually find the bugs in your system.
If you were talking about "production environment" I would agree with you.
If the software on your development system is not working right, the only one impacted is YOU.
The sooner you install that new software and fire it up, the sooner you can submit your bug reports and the sooner they will
Re: (Score:3)
Re: (Score:2)
Except I called it the "it's still fucking Java" bug. That bug report didn't go over too well :P
Brendan Eich didn't like it when I filed a similar bug about JavaScript. And yes, I know the two aren't related.
Re:God,talk about Sensitizing (Score:5, Insightful)
a) some of these bugs where filed months ago, and yet those hotspot "optimizations" are still on by default
b) it's true that some problems can be avoided by deliberately disabling these optimizations, but w/o raising big warning alarms to users, people aren't going to know they need to go out of their way to do that. For crash bugs, it may not be so bad -- they see the crash and google to find out why it crashed. For miss-evaluation of loops that can lead to silent data corruption it's a different story -- how would users ever know that they need to disable those options if developers don't yell and holler from the roof tops?
Re: (Score:2)
+1
Re: (Score:2)
Yep, there's your deep concern for the stability of the customer's operations that every great enterprise grade vendor should have!
Perhaps it's time to reconsider PostgreSQL. They seem to have a pretty good release testing policy.
Re: (Score:2)
Ha ha, but seriously: Android's Dalvik virtual machine does not use the Hotspot compiler, so I think it should be unaffected by this bug.
Re: (Score:2)
Re: (Score:2)