Decompiling Java code

Occasionally, there comes a need to “look under the hood” of the code in a JAR file. While java is a compiled language, it isn’t quite machine code, but rather exists in a psuedo-code form to be used by the Java Virtual Machine’s JIT (Just in Time) compiler.

A lot can be learned from looking at other source code, unfortunately when using decompiled code you don’t get the original variable names or javadoc, but you can often better understand the API’s and performance issues in particular code.

I’m personally fond of DJ Decompiler, but I list several here for your use:

Cheers!

Java Code Coverage

In my “day job” I do lot’s of code reviews. I’m a big fan of Agile Programming and JUnits, recently I was introduced to the world of code coverage tools available (for free!) to Java developers.

IMHO, here’s the three front-runners.

Personally I prefer the Eclipse integration provided by ECLEMMA, but I agree that no one tool is ever ‘best’ for all scenarios.

Some background on this topic if you are interested in learning more:

Happy coding.

Automated Java code review tools

I recently found out about ‘static analysis’ of Java code. I’ve found two of these tools that are both free and easy to use. Both provide review of java bytecode and look for common development errors and inefficiencies…
FindBugs is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons:

  • Difficult language features
  • Misunderstood API methods
  • Misunderstood invariants when code is modified during maintenance
  • Garden variety mistakes: typos, use of the wrong boolean operator

PMD scans Java source code and looks for potential problems like:

  • Possible bugs – empty try/catch/finally/switch statements
  • Dead code – unused local variables, parameters and private methods
  • Suboptimal code – wasteful String/StringBuffer usage
  • Overcomplicated expressions – unnecessary if statements, for loops that could be while loops
  • Duplicate code – copied/pasted code means copied/pasted bugs

Both integrate easily within Eclipse based (and other IDE’s) is typically done with the use of a simple plugin.

FindBugs can also run as a Java WebStart (JNLP) application, however a different UI is shown for JRE 1.4 vs. 1.5 and above (look out!).
More information:

While no tool can identify all problems, these will help you find some troublesome problems and give you areas to take a deeper look at.

Happy reviewing and fixing.

java.policy file

While it’s not preferred or even ‘secure’, sometimes the need arises to ‘open’ up the Java security model.   Fortunately this is an easy task.

This is located in a file named ‘java.policy’ in the “JRE/lib/security” folder.

Default file (from JRE 1.5.0.x) resembles the following…

// Standard extensions get all permissions by default

grant codeBase “file:${{java.ext.dirs}}/*” {
permission java.security.AllPermission;
};

// default permissions granted to all domains

grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See “http://java.sun.com/notes” for more information.
permission java.lang.RuntimePermission “stopThread”;

// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission “localhost:1024-“, “listen”;

// “standard” properies that can be read by anyone

permission java.util.PropertyPermission “java.version”, “read”;
permission java.util.PropertyPermission “java.vendor”, “read”;
permission java.util.PropertyPermission “java.vendor.url”, “read”;
permission java.util.PropertyPermission “java.class.version”, “read”;
permission java.util.PropertyPermission “os.name”, “read”;
permission java.util.PropertyPermission “os.version”, “read”;
permission java.util.PropertyPermission “os.arch”, “read”;
permission java.util.PropertyPermission “file.separator”, “read”;
permission java.util.PropertyPermission “path.separator”, “read”;
permission java.util.PropertyPermission “line.separator”, “read”;

permission java.util.PropertyPermission “java.specification.version”, “read”;
permission java.util.PropertyPermission “java.specification.vendor”, “read”;
permission java.util.PropertyPermission “java.specification.name”, “read”;

permission java.util.PropertyPermission “java.vm.specification.version”, “read”;
permission java.util.PropertyPermission “java.vm.specification.vendor”, “read”;
permission java.util.PropertyPermission “java.vm.specification.name”, “read”;
permission java.util.PropertyPermission “java.vm.version”, “read”;
permission java.util.PropertyPermission “java.vm.vendor”, “read”;
permission java.util.PropertyPermission “java.vm.name”, “read”;
};

The replacement to remove all restrictions…

grant {
permission java.security.AllPermission;
};

Just be sure to restore your settings back to ‘normal’ before visiting any untrusted websites or java applications.

MVC from a Java perspective.

I’ve been asked to explain this concept on a pretty regular basis by non-programmers… to a visual ‘presentation’ developer, this is essentially the same reason a person would chose to use CSS with HTML (to seperate data from presentation), only it goes a bit further…

  • Controller – extends HttpServlet, acts as the point of entry into the application, and delegates to various worker classes to fulfill a request. In particular, the Controller is a user of Model and View objects
  • Model – data-centric classes encapsulating problem domain objects. Each class corresponds roughly to the rows of a database table. Model objects can be constructed from a ResultSet of a database query, from user input, or from user request parameters.
  • View – implemented as Java Server Pages (or a similar tool), primarily concerned with presentation and formatting of Model objects which have been placed in scope by the Controller (or its delegate)

Whoami

I’m skotfred, aka ‘Giant Geek’, developer of (predominantly web-based) applications. Primary development done with JSP/Java, PHP, XHTML/CSS/JavaScript. Previous applications in VisualBASIC, C/C++, Perl, COBOL/CICS, BASIC (various), Assember (PC & MVS), and Pascal.

Standards ARE everything, particularly when building for multiple platforms… look for more ramblings soon!