Criticism of Java

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A number of criticisms have been leveled at the Java programming language and the Java software platform for various design choices in the language and platform. Such criticisms include the implementation of generics, forced object-oriented programming only, the handling of unsigned numbers, the implementation of floating-point arithmetic, and a history of security vulnerabilities in the primary Java VM implementation HotSpot. Additionally, Java, especially its early versions, has been criticized for its performance compared to other programming languages. Developers have also remarked that differences in various Java implementations must be taken into account when writing complex Java programs that must be used across these implementations.[1]

Language syntax and semantics[edit]

Generics[edit]

Further information: Generics in Java

When generics were added to Java 5.0, there was already a large framework of classes (many of which were already deprecated), so generics were chosen to be implemented using erasure to allow for migration compatibility and re-use of these existing classes. This limited the features that could be provided by this addition as compared to other languages.[2][3]

Because generics were implemented using type erasure the actual type of a template parameter is unavailable at runtime. Thus, the following operations are not possible in java:[4]

public class MyClass<E> {
    public static void myMethod(Object item) {
        if (item instanceof E) {  //Compiler error
            ...
        }
        E item2 = new E();   //Compiler error
        E[] iArray = new E[10]; //Compiler error
    }
}

Noun-orientedness[edit]

By design, Java encourages programmers to think of a programming solution in terms of nouns (classes) interacting with each other, and to think of verbs (methods) as operations that can be performed on or by that noun.[5] Many argue that this causes an unnecessary restriction on language expressiveness because of the fact that a class can have multiple functions that operate on it, but a function is bound to a class and can never operate on multiple types.[6] This often results in Java developers spending large amounts of time writing trivial classes that exist only to perform a handful of functions on other classes.

As an example, instead of a function called "Quicksort(Object)", in Java one would more likely find a separate class called "Quicksorter" that has a constructor taking an Object as an argument, and a single method called "run()" that actually performs the operation. This extra scaffolding comes at the cost of programmer time and productivity.

Note that in many other multi-paradigm languages, there is support for functions as a top-level construct. When combined with other language features such as Function Overloading (one verb, multiple nouns) and/or Generic Functions (one verb, a family of nouns with certain properties), the programmer is given the ability to decide whether it makes more sense to solve a specific problem in terms of nouns or verbs. Java version 8 introduced some functional programming features, but the inherent static typing of the language still precludes proper higher-order functions.

Unsigned integer types[edit]

Java lacks native unsigned integer types. Unsigned data is often generated from programs written in C and the lack of these types prevents direct data interchange between C and Java. Unsigned large numbers are also used in a number of numeric processing fields, including cryptography, which can make Java more inconvenient to use for these tasks.[7] Although it is possible to partially circumvent this problem with conversion code and using larger data types, it makes using Java cumbersome for handling unsigned data. While a 32-bit signed integer may be used to hold a 16-bit unsigned value losslessly and a 32-bit unsigned value would require a 64-bit signed integer, a 64-bit unsigned value cannot be stored easily using any integer type because no type larger than 64 bits exists in the Java language. In all cases, the memory consumed may increase by a factor of up to two, and any logic that depends on the rules of two's complement overflow must typically be rewritten. If abstracted using functions, function calls become necessary for many operations which are native to some other languages. Alternatively, it is possible to use Java's signed integers to emulate unsigned integers of the same size, but this requires detailed knowledge of bitwise operations.[8] Some support for unsigned integer types will be provided in JDK 8, but not for unsigned bytes and with no support in the Java language.[9]

Compound value types[edit]

Java lacks compound value types, such as structs in C, bundles of data that are manipulated directly instead of indirectly via references. Value types can offer significant performance improvements and memory savings in some cases.[10][11][12] A typical example is Java's HashMap, which is internally implemented as an array of HashMap.Entry objects.[13] Because Java lacks value types, this array is actually an array of references (pointers) to Entry objects, which in turn contains references to key and value objects. Looking up something in the map requires inefficient double indirection. If Entry were a value type, the array could store pairs of key and value references directly, eliminating the first indirection, increasing locality and reducing memory usage and heap fragmentation. If Java further supported generic primitive types, primitive keys and values could be stored in the array directly, removing the second indirection.

Large arrays[edit]

Java has been criticized for not supporting arrays of more than 231−1 (about 2.1 billion) elements.[14][15][16] This is a limitation of the language; the Java Language Specification, Section 10.4, states that:

Arrays must be indexed by int values... An attempt to access an array component with a long index value results in a compile-time error.[17]

Supporting large arrays would also require changes to the JVM.[18] This limitation manifests itself in areas such as collections being limited to 2 billion elements[19] and the inability to memory map files larger than 2 GB.[20] Java also lacks true multidimensional arrays (contiguously allocated single blocks of memory accessed by a single indirection), which limits performance for scientific and technical computing.[11]

Integration of primitives and arrays[edit]

The fact that arrays and primitives are somewhat special and need to be treated differently from (other) objects has been criticized,[21] because it requires writing many variants when creating general libraries.

Parallelism[edit]

Per Brinch Hansen argued in 1999[22] that Java's implementation of parallelism in general and monitors in particular do not provide the guarantees and enforcements required for secure and reliable parallel programming. While it is possible for a programmer to establish design and coding conventions to, say, only access thread-global variables in a controlled fashion, the language and compiler make no attempt to enforce that controlled access. I.e. the programmer may mistakenly allow uncontrolled access to thread-global variables, and the compiler will not detect it. In contrast, he claimed that Concurrent Pascal, the language he designed, enforced a much higher degree of rigor in the design and coding of parallel algorithms.

Floating point arithmetic[edit]

While Java's floating point arithmetic is largely based on IEEE 754 (Standard for Binary Floating-Point Arithmetic), certain features are not supported even when using the strictfp modifier, such as Exception Flags and Directed Roundings — capabilities mandated by IEEE Standard 754. Additionally, the extended precision floating-point types permitted in 754 and present in many processors are not permitted in Java.[23][24][25]

Performance[edit]

Further information: Java performance

In the early days of Java (before the HotSpot VM was implemented in Java 1.3 in 2000) there were many criticisms of performance. Java has been demonstrated to run at a speed comparable with optimised native code, and modern JVM implementations are regularly benchmarked as one of the fastest language platforms available—typically within a factor of 3 relative to C and C++.[26]

Java's performance has improved substantially since the early versions.[27] Performance of JIT compilers relative to native compilers has in some optimized tests been shown to be quite similar.[27][28][29]

Java bytecode can either be interpreted at run time by a virtual machine, or it can be compiled at load time or runtime into native code which runs directly on the computer's hardware. Interpretation is slower than native execution, and compilation at load time or runtime has an initial performance penalty for the compilation. Modern performance JVM implementations all use the compilation approach, so after the initial startup time the performance is similar to native code.

Security[edit]

Further information: Java security

The Java platform provides a security architecture[30] which is designed to allow the user to run untrusted bytecode in a "sandboxed" manner to protect against malicious or poorly written software. This "sandboxing" feature is intended to protect the user by restricting access to certain platform features and APIs which could be exploited by malware, such as accessing the local filesystem, running arbitrary commands, or accessing communication networks.

In 2010, there was a significant increase in the prevalence of malicious software targeting security flaws in the sandboxing mechanism in multiple commonly used Java implementations, including Oracle's. These flaws allow untrusted code to bypass the sandbox restrictions, exposing the user to malicious attack. Sometimes the security flaws being targeted had already been fixed by security updates from the JVM maintainers, but even these exploits nonetheless attained some practical success because a significant number of computers were not updated in a timely manner.[31]

Critics have suggested that updated versions of Java are not used because there is a lack of awareness by many users that Java is installed, there is a lack of awareness of many users of how to update Java, and (on corporate computers) many companies restrict software installation and are slow to deploy updates.[31][32]

Oracle has been criticised for not providing Java security updates for known security bugs, for long periods of time, despite these security bugs having known exploits.[33] When Oracle finally acted to patch against widely exploited flaws in Java 7, they deleted Java 6 on the user's machines in spite of this being widely used by enterprise applications that Oracle had claimed were not impacted by the flaws.[34]

See also[edit]

Notes[edit]

  1. ^ Wong, William (2002-05-27). "Write Once, Debug Everywhere". electronicdesign.com. Retrieved 2008-08-03. "So far, the "write-once, run-everywhere" promise of Java hasn't come true. The bulk of a Java application will migrate between most Java implementations, but taking advantage of a VM-specific feature causes porting problems." 
  2. ^ "Generics in Java". Object Computing, Inc. Retrieved 2006-12-09. 
  3. ^ "What's Wrong With Java: Type Erasure". 2006-12-06. Retrieved 2006-12-09. 
  4. ^ "Type Erasure". 
  5. ^ "Java SE Specifications". 
  6. ^ Yegge, Steve. "Execution in the Kingdom of Nouns". 
  7. ^ "Java libraries should provide support for unsigned integer arithmetic". Bug Database, Sun Developer Network. Oracle. Retrieved 2011-01-18. 
  8. ^ Owen, Sean R. (2009-11-05). Java and unsigned integers "Java and unsigned int, unsigned short, unsigned byte, unsigned long, etc. (Or rather, the lack thereof)". Retrieved 2010-10-09. 
  9. ^ https://blogs.oracle.com/darcy/entry/unsigned_api
  10. ^ Java Grande Forum Panel (November 1998). "Java Grande Forum Report: Making Java Work for High-End Computing". SC98. 
  11. ^ a b Moreira, J.E.; S. P. Midkiff; M. Gupta; P. V. Artigas; M. Snir; R. D. Lawrence (2000). "Java programming for high-performance numerical computing". IBM Systems Journal 39 (1). CiteSeerX: 10.1.1.13.1554. "True rectangular multidimensional arrays are the most important data structures for scientific and engineering computing." 
  12. ^ Hutchinson, Ben. "The JVM needs Value Types". Retrieved 3 February 2012. 
  13. ^ "java.util.HashMap Source Code". JDK 7. Grepcode. Retrieved 3 February 2012. 
  14. ^ Arndt, Holger; Markus Bundschus; Andreas Naegele (July 2009). "Towards a Next-Generation Matrix Library for Java". 33rd Annual IEEE International Computer Software and Applications Conference 1: 460–467. "...it is not possible in Java to have arrays with more that 231 entries..." 
  15. ^ "Why does Java's Collection.size() return an int?". Stack Overflow. Retrieved 10 February 2012. 
  16. ^ Carpenter, Bob. "Big Bit-Packed Array Abstraction (for Java, C, etc.)". LingPipe Blog. Retrieved 10 February 2012. 
  17. ^ James Gosling; Bill Joy; Guy Steele; Gilad Bracha. "The Java Language Specification (Third Edition)". Addison Wesley. Retrieved 6 February 2012. 
  18. ^ Lowden, James. "Proposal: Large arrays (take two)". Java.net coin-dev mailing list. Retrieved 10 February 2012. 
  19. ^ "java.util.Collection". Java™ Platform, Standard Edition 7 API Specification. Retrieved 10 February 2012. 
  20. ^ "java.nio.ByteBuffer". Java™ Platform, Standard Edition 7 API Specification. Retrieved 6 February 2012. 
  21. ^ primitive types considered harmful
  22. ^ Brinch Hansen (April 1999). "Java's Insecure Parallelism". SIGPLAN. Retrieved 2012-10-13. ; alternate url
  23. ^ Kahan, W.; Joseph D. Darcy (1998-03-01). "How Java's Floating-Point Hurts Everyone Everywhere" (PDF). Retrieved 2006-12-09. 
  24. ^ "Types, Values, and Variables". Sun Microsystems. Retrieved 2006-12-09. 
  25. ^ "Java theory and practice: Where's your point? Tricks and traps with floating point and decimal numbers". IBM. 2003-01-01. Retrieved 2011-11-19. 
  26. ^ "Computer Language Benchmarks Game: Java vs Gnu C++". benchmarksgame.alioth.debian.org. Retrieved 2011-11-19. 
  27. ^ a b J.P.Lewis and Ulrich Neumann. "Performance of Java versus C++". Graphics and Immersive Technology Lab, University of Southern California. 
  28. ^ The Java is Faster than C++ and C++ Sucks Unbiased Benchmark
  29. ^ FreeTTS - A Performance Case Study, Willie Walker, Paul Lamere, Philip Kwok
  30. ^ Java SE Platform Security Architecture. Oracle. Retrieved 2013-04-23.
  31. ^ a b "Researchers Highlight Recent Uptick in Java Security Exploits". 
  32. ^ "Have you checked the Java?". 
  33. ^ "Oracle knew about critical Java flaws since April". 30 August 2012. Retrieved 30 August 2012. 
  34. ^ "'Silent but deadly' Java security update breaks legacy apps - dev."

External links[edit]