mult.ifario.us

PXE is composed of 30-ish (I run out of fingers and toes somewhere around 20...) modules that are all part of a central build. I typically work on one module at a time, but sometimes I don't want to commit all of my changes at once. Nonetheless, policy dictates that the mainline builds at all times, so I should rebuild and test with each major block of changes that I commit.

So, I check out a clean tree somewhere, use rsync -C to copy over the modules I've changed, then build and run smoke tests. The -C flag ignores files that would normally be ignored by CVS, so it's equivalent to having made my changes to the clean build.

Depending on how you look at things, integrated development environments (IDEs) are evil because they make it possible to write software without knowing what you're doing. With the IDE's help, it's very easy to auto-import and control-spacebar yourself into a pickle, all without reading documentation, looking at source code, or otherwise paying your dues for reusing code.

Changing your IDE to create classes that are either private or at least package-private by default (as opposed to public) is a good ten-second hit of preventative medicine for ensuring that visibility helps to enforce architectural constraints. In fact, package-private is what you get by default in Java unless you type public or private on purpose (i.e., for some reason), but most IDEs ship with configurations that make decisions for you.

An internetnews.com article on IBM's acquisition of Ascential had an interesting comment from Ron Schmelzer:

"[...] I think we're seeing just the beginning of consolidation in this space. I would expect to see more around process, management, security, event-driven capabilities, policy and performance. [This year] will be a big year for consolidation. The question remains: is there room for start ups?"

Consolidation in integration is making room for startup ventures, although not necessarily in integration as such. The bigger the animal, the bigger the meals and the bigger the, um..., poops; any or all of these may make a fertile habitat for some new creatures. Hopefully, this is the genesis of all kinds of interesting critters that couldn't have existed otherwise.

As of today, I'm a dad.

Here's an otherwise innocuous utility method:

public static Object toObject(byte[] bytes) throws IOException,
    ClassNotFoundException
{
  ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
  ObjectInputStream ois = new ObjectInputStream(bis);
  return ois.readObject();
}

Why would something that works in a unit testing environment fail with a StreamCorruptedException in a more complex container? (HINT: Class loading is almost always the culprit...) As the javadoc for toObject() says, a StreamCorruptedException can result if the stream violates internal consistency checks, but what does this have to do with class loading?

Well... if you trace through the source, which is no mean feat, you'll see that ObjectInputStream uses the most recent non-null ClassLoader from the call stack, i.e., the ClassLoader that loaded the class with the utility method, when trying to locate classes by name. The StreamCorruptedException will show up if you use non-default serialization for a class and that class is not visible to the ClassLoader that loaded the class with the utility method!

Thus, if you must, a better form for the method would be:

public static Object toObject(byte[] bytes, ClassLoader cl)
    throws IOException, ClassNotFoundException
{
  ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
  ObjectInputStream ois = new ObjectInputStream(bis) {
    protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException,
      ClassNotFoundException
    {
      String name = desc.getName();
      Class c = cl.loadClass(name);
      return c;
    }
  };
  return ois.readObject();
}

This can have security implications (some folks don't want you to subclass on ObjectInputStream for obvious reasons), but it will work right under most circumstances, unlike the original. For what it's worth, it's probably better to not use a utility method and locate this operation with the caller and avoid the issue in the first place.

You just never know when Class.forName() is going to jump out and bite you...

On a lark, I decided to try the Code Analysis Plugin for Eclipse, but I immediately ran into an error:

Exception in thread "main" java.lang.InternalError: Can't start the AWT because
Java was started on the first thread.  Make sure StartOnFirstThread is not
specified in your application's Info.plist or on the command line
	at java.lang.ClassLoader$NativeLibrary.load(Native Method)
[etc.]

It turns out that this is the result of a fundamental disconnect between SWT and AWT on the Mac! A quick Google for StartOnFirstThread gives a snapshot of some of the afflicted plugins, none of which are on my must-have list, so it won't send me running for Netbeans or Linux. Nonetheless, it does raise some doubts in my mind about both SWT and Mac OS X.

Via Charles Miller, a link to Fred Brooks's classic essay, "No Silver Bullet". (You can also get it at the IEEE Computer Society, here.)

As a small advertisement, here's a quote:

I believe the hard part of building software to be the specification, design, and testing of this conceptual construct, not the labor of representing it and testing the fidelity of the representation. We still make syntax errors, to be sure; but they are fuzz compared with the conceptual errors in most systems.

If this is true, building software will always be hard. There is inherently no silver bullet.

The essay is also included in the most recent edition of Brooks's The Mythical Man Month, which is also required reading. (I've blogged elsewhere about this previously.)

Discovery occurs only through experience. Expecting to get it wrong the first time -- which you will -- and then being ready to throw it away are the first steps to getting it (more) right the next time. Ignorance of this fact is damaging to everyone who builds and uses software, whether the project in question is an internal application, a product, or a specification. (There are plenty of examples of crimes perpetrated on the community by committees, and there are more coming.)