Estimating Throughput Now there is a task which execution time is divided into 2 parts, the first part does math and the second part waits for IO. these two parts are called compute operation and wait operation. So now we need to estimate the peak throughput that can be achieved by executing this task with the CPU at full power. Then we need to know how much time it takes to execute this task, how much time is spent on the computation part and how much time is spent on the wait part.
Overview In Java 9, the underlying String object has been changed from char to byte, which has the immediate benefit of being more memory-efficient, hence the name Compact Strings Improvement. Because in Java char takes up 2 bytes and byte takes up 1 byte, while a Unicode character does not necessarily need 2 bytes to be represented, at least ASCII characters only need 1 byte to be done. That is, if your string is full of ASCII characters, half the space would be wasted if you use char.
Recently I encountered a problem, a Java process using Runtime().exec() to execute script files, creating a large number of zombie processes, while the Java process is running in the container. At that time, I saw this situation on the Host machine, and I could see that there were a large number of zombie processes. Locate the zombie process by ps aux | grep Z. 1 2 3 4 5 6 7 8 9 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 2518 0.
According to the foreign media Phoronix presentation: This week’s Linux 5.18 merge window has two driver PRs for the Microsoft exFAT file system, both of which are very important driver patches, albeit small in number. exFAT on Linux 5.18+ adds an option to allow access to paths with trailing points. Until now, the exFAT driver unconditionally removed trailing dots from path components, while Linux 5.18 introduced the exFAT “keep_last_dots” mount option, which can be used to control whether trailing dots are removed.
Preface PipedInputStream and PipedOutputStream are designed to solve cross-thread byte data transfers. They always come in pairs and can only be used on two different threads, using piped input and output streams in one thread can cause deadlocks. In some business scenarios, using pipeline streams will increase the speed of file uploads and reduce CPU and IO overhead, this is very practical, so this article talks about Practical application scenarios for pipeline stream.
1. Introduction Atomic means “the smallest particle that cannot be further divided”, and atomic operation means “an operation or series of operations that cannot be interrupted”. Implementing atomic operations on a multiprocessor becomes a bit complicated. In this article, let’s talk about how atomic operations are implemented on Intel processors and in Java. 2. Definition of Terms Compare and Swap CAS operations require two values to be entered, an old value (the value before the desired operation) and a new value, during which the old value is compared to the new value if it has not changed, and not exchanged if it.
Just yesterday Spring officially announced a Spring Framework RCE vulnerability CVE-2022-22965. Upgrading to Spring Framework 5.3.18+ or 5.2.20+ remains the main official Spring recommendation, which officially claims to address the root cause and prevent some other vulnerability attacks, and these also provide fixes for other CVEs. Although the vulnerability is not in Tomcat itself, the Apache Tomcat team has also released versions 10.0.20, 9.0.62 and 8.5.78 with it, which are the official Tomcat solutions for the reported CVE-2022-22965 vulnerability, which has been addressed in the above versions, for older The above version has resolved the CVE-2022-22965 vulnerability, and for older, unsupported versions of Spring Framework, the vulnerability can be circumvented by upgrading the Tomcat version.
Preface When it comes to java thread pools nothing is more familiar than the ExecutorService interface. jdk1.5 adds java.util.concurrent package under this api, which greatly simplifies the development of multi-threaded code. Whether you use FixedThreadPool or CachedThreadPool the implementation behind it is ThreadPoolExecutor. threadPoolExecutor is a typical product of cache pooling design, because the pool has a size, when the pool volume is not enough to carry, it involves a rejection policy.
Updates: [15:40 BST] Spring Boot 2.6.6 is available. [14:38 BST] Spring Boot 2.5.12 is available. [14:00 BST] CVE-2022-22965 is published. [13:03 BST] Added section “Misconceptions”. [12:34 BST] Added section “Am I Impacted”. [12:11 BST] Fix minor issue in the workaround for adding disallowedFields . [11:59 BST] Spring Framework versions 5.3.18 and 5.2.20 , which address the vulnerability, are now available. The release process for Spring Boot is in progress. Overview I would like to announce an RCE vulnerability in the Spring Framework that was leaked out ahead of CVE publication.
What is Reflection In the runtime state, for any class, you can know all the properties and methods of the class; for any object, you can call any of its methods and properties; this dynamically obtained information and dynamic invocation of the object’s methods is called the reflection mechanism of the Java language. So what can we do with reflection? Analyze classes at runtime. Look at objects at runtime. We can also use reflection to write a toString method for all classes to use.
ThreadLocal is a tool provided by JDK 1.2, a tool mainly to solve the problem of sharing resources under multi-threaded, In the next section, we will analyze how ThreadLocal can be used to solve concurrency problems and improve code efficiency in development, starting from the definition of ThreadLocal and its application scenarios. Scenario 1, ThreadLocal is used to save objects that are unique to each thread, creating a copy for each thread so that each thread can modify the copy it owns without affecting the other threads’ copies, ensuring thread safety.
According to a report in the foreign media The Register and feedback from major enterprises, Oracle has recently begun to include Java in its software licensing review, with the aim of Oracle’s move is an effort to push companies to pay, an operation it routinely employs to boost payment rates. Oracle introduced two licensing models for Java SE. In April 2019, Oracle began charging a license fee for Java that was previously free, which requires users to pay for a subscription to a commercial Java SE product in order to receive patches and updates.
Information indicates that an RCE 0day vulnerability has been reported in the Spring Framework. If the target system is developed using Spring and has a JDK version above JDK9, an unauthorized attacker can exploit this vulnerability to remotely execute arbitrary code on the target device. 1. Vulnerability Situation Analysis The Spring framework is the most widely used lightweight open source framework for Java, and in the JDK9 version of the Spring framework (and above), a remote attacker can obtain an AccessLogValve object through the framework’s parameter binding feature and use malicious field values to trigger the pipeline mechanism and write to a file in an arbitrary path if certain conditions are met.
I. What is DoS? DoS is short for Denial of Service, which means denial of service. The attack that causes DoS is called a DoS attack, and its purpose is to make the computer or network unable to provide normal services. Denial of Service exists on various web services, this web service can be implemented in c, c++, or go, java, php, python, and other languages. II. Status of Java DoS In various open source and closed source java system products, we often see announcements about DoS defects, most of which are CPU exhaustion type or business offload type DoS.
JDK 18 / Java 18 GA is released. JDK 18 is a short-term maintenance release that will receive six months of support. Despite this, it is still available for use in production environments. According to the development plan, JDK 19 will be released this September, and the next LTS version, JDK 21, will be released in September 2023. JDK 18 includes a total of nine JEPs, as well as hundreds of smaller enhancements and more than a thousand bug fixes.
Instructions In project development, in order to ensure the security of data and user privacy, we usually encrypt key information, this article details how to use hutool in java language to quickly encrypt and decrypt data, hope you can help. If your project is built on Maven, you can introduce Hutool through pom to use the encryption and decryption function. 1 2 3 4 5 <dependency> <groupId>cn.hutool</groupId> <artifactId>hutool-crypto</artifactId> <version>5.7.15</version> </dependency> If your project is not built based on maven, you can also directly download the jar package to use.
Basic Format Run java -help to see the basic format and options 1 2 3 4 5 6 7 8 [root@localhost ~]# java -help Usage: java [-options] class [args...] (execute class) or java [-options] -jar jarfile [args...] (execute jar file) Startup options are omitted [-options]: options [-options]: options [args...] : Passes a parameter to the main method Standard options -help / -? : output help information -version : output version information -classpath / -cp: class search path for directories and zip/jar files .
Zero-copy in the Linux operating system Let’s start with the general I/O process of Linux This is a procedure that reads from a disk file and writes to it via socket, and the corresponding system call is as follows. 1 2 read(file, tmp_buf, len); write(socket, tmp_buf, len); The program uses the read() system call to change the system from user state to kernel state, and the data from the disk is read into the kernel buffer by means of DMA (Direct memory access).