Language and JVM Design

In 1996, the JVM represented a significant departure from traditional thinking. Overwhelmingly, organizations exclusively used high-performance compiled languages on the server side. Developers patched on security instead of baking it in from the beginning. And vendors attempted to achieve portability by building extensive libraries at a very high level. Instead of driving on this well-traveled road, they reached for the steering wheel with both hands and threw all of their momentum to the side, swerving aggressively into unpaved, uncharted territory.


In the early and mid-1990s, many in the industry were just starting to think about portability. In particular, I vividly remember working on object-oriented technologies at IBM. The project, called System Object Model (SOM) , emerged from a research project that formed the foundation for OS/2's groundbreaking object-oriented desktop, and some experimental technologies that never made it out of the lab. The goals of SOM were ambitious: we wanted to build a common object model underneath as many object-oriented languages as possible. Then, we could develop a common suite of libraries that developers could use across languages and operating systems. Over time, we discovered the difficulties of porting a technology across many operating systems and programming languages. Of course, the technical challenges were daunting, but the political challenges turned out to be insurmountable. We immediately discarded the Smalltalk-like integrated development machine and the virtual machine, concepts introduced by Smalltalk and Lisp, because a VM couldn't possibly be fast enough. We weren't alone in our approach. Many C++-driven companies tried to build programming libraries across many languages. Few succeeded.

The Java approach, shown in Figure 3-1, is fundamentally different. Java's virtual machine simply redefines the machine, providing a lower-level, firmer foundation for portability. Java designers bet that they could overcome performance concerns. It was not a new idea; nor was it a popular one. Over time, they proved to be rightjust-in-time compilers improved performance so that the overhead of the JVM became acceptable, and even rivaled compiled languages. The virtual machine, built into Netscape Navigator, proved to be a fantastic launching pad for the Java platform. It's enabled Java to extend into the realm of mobile devices, application servers, and countless software products. When all is said and done, popularizing the idea of the VM may be the most important technical contribution of Java.

Figure 3-1. The JVM took a different approach to performance, security, and portability; most programming languages use compilers to bind them to individual machines, but Java simply redefined the machine

Java offers a rich set of interfaces that often delve into operating system territory. Under the covers, Java either implements this type of functionality from scratch, or just calls the native features underneath. Either way, Java developers can count on a rich, consistent library wherever they are. In almost 10 years of software development, though I've seen minor annoyances, I've rarely encountered major problems in porting from one operating system to another. In the end, Sun didn't invent the VM, but Sun did make the VM popular.

Java portability is not without its problems. Graphical user interfaces pose a particularly sticky problem: is it important to maintain portability even at the expense of consistency with the operating system underneath? For example, Swing components, not operating system components, implement the menus in a Java GUI. This arrangement causes problems on the Apple platforms, where the menu for an application traditionally is implemented as a single bar on top of the desktop, instead of the separate menu per application that you commonly see on Unix and Windows. Other notable differences, like security and threading, show up differently on different operating systems. Even filenames can present problems, where having two classes called Account.txt and account.txt would be legal on Unix but not on Windows. But for the most part, Java handles portability very well.


In the age of the Internet, security takes on an entirely new level of importance. Any ubiquitous technology must deal with it, and deal with it well. Sun's engineers recognized this and dealt with the threat from the very beginning. They were fortunate to have the virtual machine to simplify the problem. Unfortunately, other vendors were not so lucky.

Changing threats

Microsoft Windows has been besieged with security problems. The Internet and email make a perfect medium for viruses to spread with frightening speed. Dominant market share, combined with huge holes in Windows and its browsers, make them the target of most Internet viruses.

In fact, blatant security holes in Windows have led to a whole new type of security threat, called adware . Five years ago, it didn't exist. Today, I found 6 million Google hits on the term! As you probably know, adware seeks to exploit vulnerabilities in Internet Explorer to drive up traffic to certain sites and learn about the activities of a user. Most analysts believe that adware has usurped the virus as the top security threat, because these often malicious applications spread so broadly and so quickly. They often lower security settings to enable other types of more serious attacks.

C and C++ also present enormous security concerns. C++ applications have full access to operating system APIs and unrestricted access to every byte in their dedicated memory space. Many versions of the Windows operating system cannot protect one application from another. Given the Internet as the ultimate delivery vehicle through components like ActiveX you can quickly develop unacceptable levels of risk. Given the sensitivity of the data that many of us keep on our machines, these threats take on a more serious dimension.

Remedies in Java

The virtual machine gave Java designers a chance to have a secure foundation on an insecure platform. The advantages deal primarily with the restricted sandbox:

  • Since Sun designed Java from the ground up, it did not need to worry about patching legacy security problems, like those you might find in Unix and Windows. (These are operating systems, but they also are application platforms.)

  • Java, the language and the JVM, grew up after the Internet, so the inventors had the benefit of knowing what types of attacks might occur.

  • Java has a security manager built in at the lowest level, to enforce security policy and to control access to low-level system priorities.

  • The JVM provides a limited sandbox for a group of Java applications, so a malicious or buggy application can't do as much damage as, say, a C++ application might.

  • Because there's no pointer arithmetic, and because Java has strong runtime typing, the JVM knows precisely where a reference is pointing. The JVM can better restrict an application's access to its own memory. Most Java security attacks try to defeat type safety first.

The relative dearth of Java security breaches represents perhaps the biggest compliment to Java's founders. It's just a tough environment for viruses, or adware, or security attacks. The base operating system makes a much riper target.

Moving Forward

The idea of the virtual machine is here to stay. The intermediate virtual machine transforms the basic problems of portability, security, and deployment from nearly unsolvable to routine. If the virtual machine adapts to accept dynamic languages, the JVM will probably be the deployment platform of choice for the foreseeable future. If not, a new virtual machine will need to emerge.

But the problem of portability has proven to be a difficult one. Jython , a dynamic language based on Python but running in the JVM, never quite reached the expected level of prominence in the Python community, particularly because it wasn't fast enough, and partly because the Python community never embraced it. A project to implement Ruby on the JVM, called JRuby , has similar difficulties so far. Still, many analysts predict that the JVM will live long beyond the time that the last Java developer writes the last, lonely line of code.

I'm convinced that the next major programming language will be much more dynamic. It's pretty clear that newer dynamic languages will also have the benefit of a virtual machine. Still, alternatives may have the benefit of Java's virtual machine. If not, cross your fingers. The next major alternative may not be as secure as Java, because most language designers don't start by building in security first. Until we fix fundamental holes in our processes, our thinking, and our operating systems, security in the languages built on top won't matter much.