Critical Mac OS X Java Vulnerabilities
Introduction
Five months ago, CVE-2008-5353 and other vulnerabilities were publicly disclosed, and fixed by Sun.
CVE-2008-5353 allows malicious code to escape the Java sandbox and run arbitrary commands with the permissions of the executing user. This may result in untrusted Java applets executing arbitrary code merely by visiting a web page hosting the applet. The issue is trivially exploitable.
Unfortunately, these vulnerabilities remain in Apple's shipping JVMs, as well as Soylatte 1.0.3. As Soylatte does not provide browser plugins, the impact of the vulnerability is reduced. The recent release of OpenJDK6/Mac OS X is not affected by CVE-2008-5353.
Work-Arounds
- Mac OS X users should disable Java applets in their browsers and disable 'Open "safe" files after downloading' in Safari.
- Soylatte users running untrusted code should upgrade to an OpenJDK6-based release, where possible. No future releases of the JRL-based Soylatte branch are planned at this time. If this is an issue for you, please feel free to contact me.
Patch
Update 06-15-2009: Apple has released Java for Mac OS X 10.5 Update 4, which contains a fix for this issue.
To update your system, run "Software Update" from the Apple menu.
Note: Safari users should leave 'Open "safe" files after download' permanently disabled. Similarly critical vulnerabilities unrelated to Java remain in Safari's handling of "Safe" files.
Proof of Concept
Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated. Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue.
If you visit the following page, "/usr/bin/say" will be executed on your system by a Java applet, with your current user permissions. This link will execute code on your system with your current user permissions. The proof of concept runs on fully-patched PowerPC and Intel Mac OS X systems.
Credit
Thanks to Jeffrey Czerniak for bringing this issue to my attention.
Update: Julien Tinnes e-mailed with a link to his in-depth discussion regarding the vulnerability available here.
11:29 Sun, 17 Feb 2008 PST -0800Fixing ptrace(pt_deny_attach, ...) on Mac OS X 10.5 Leopard
Introduction
PT_DENY_ATTACH is a non-standard ptrace() request type that prevents a debugger from attaching to the calling process. Adam Leventhal recently discovered that Leopard extends PT_DENY_ATTACH to prevent introspection into processes using dtrace. I hope Adam will forgive me for quoting him here, but he put it best:
This is antithetical to the notion of systemic tracing, antithetical to the goals of DTrace, and antithetical to the spirit of open source. I'm sure this was inserted under pressure from ISVs, but that makes the pill no easier to swallow.
This article will cover disabling PT_DENY_ATTACH for all processes on Mac OS X 10.5. Over the previous few years, I've provided similar hacks for both Mac OS X 10.4, and 10.3.
To be clear: this work-around is a hack, and I hold that the correct fix is the removal of PT_DENY_ATTACH from Mac OS X.
How it Works
In xnu the sysent array includes function pointers to all system calls. By saving the old function pointer and inserting my own, it's relatively straight-forward to insert code in the ptrace(2) path.
However, with Mac OS X 10.4, Apple introduced official KEXT Programming Interfaces, with the intention of providing kernel binary compatibility between major operating system releases. As a part of this effort, the sysent array's symbol can not be directly resolved from a kernel extension, thus removing the ability to easily override system call. In 10.4, I was able to work-around this with the amusing temp_patch_ptrace() API. This API has disappeared in 10.5.
For Leopard, I decided to find a public symbol that is placed in the data segment, nearby the sysent array. In the kernel's data segment, nsysent is placed (almost) directly before the sysent array. By examining mach_kernel I can determine the offset to the actual sysent array, and then use this in my kext to patch the actual function. To keep things safe, I added sanity checks to verify that I'd found the real sysent array.
Each sysent structure has the following fields:
struct sysent {
int16_t sy_narg; /* number of arguments */
int8_t reserved; /* unused value */
int8_t sy_flags; /* call flags */
sy_call_t *sy_call; /* implementing function */
sy_munge_t *sy_arg_munge32; /* munge system call arguments for 32-bit processes */
sy_munge_t *sy_arg_munge64; /* munge system call arguments for 64-bit processes */
int32_t sy_return_type; /* return type */
uint16_t sy_arg_bytes; /* The size of all arguments for 32-bit system calls, in bytes */
};
The "sy_call" field contains a function pointer to the actual implementing function for a given syscall. If we look at the actual sysent table, we'll see that the first entry is "SYS_nosys":
__private_extern__ struct sysent sysent[] = {
{0, 0, 0, (sy_call_t *)nosys, NULL, NULL, _SYSCALL_RET_INT_T, 0},
To narrow down the haystack, we'll find the address of the nsysent variable, and then search for the nosys function pointer -- as shown above, nosys should be the first entry in the sysent array.
nm /mach_kernel| grep _nsysent 00502780 D _nsysent
nm /mach_kernel| grep T\ _nosys 00388604 T _nosys
Here is a dump of the mach_kernel, starting at 0x502780. You can see the value is 0x01AB, or 427 -- by looking at the kernel headers, we can determine that this is the correct number of syscall entries. 33 bytes after nsysent, we see 0x388604 (in little-endian byte order) -- this is our nosys function pointer. After counting the size of the sysent structure fields, we can determine that the the sysent array is located 32 bytes after the nsysent variable address. (On PPC, it's directly after).
otool -d /mach_kernel 00502780 ab 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00502790 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 005027a0 00 00 00 00 04 86 38 00 00 00 00 00 00 00 00 00
Once we have the address of the array, we can find the SYS_ptrace entry and substitute our own ptrace wrapper:
static int our_ptrace (struct proc *p, struct ptrace_args *uap, int *retval)
{
if (uap->req == PT_DENY_ATTACH) {
printf("[ptrace] Blocking PT_DENY_ATTACH for pid %d.\n", uap->pid);
return (0);
} else {
return real_ptrace(p, uap, retval);
}
}
kern_return_t pt_deny_attach_start (kmod_info_t *ki, void *d) {
...
real_ptrace = (ptrace_func_t *) _sysent[SYS_ptrace].sy_call;
_sysent[SYS_ptrace].sy_call = (sy_call_t *) our_ptrace;
...
}
Download
You can download the kext source here (sig).
Buyer beware: This code has only seen limited testing, and your mileage may vary. If something goes wrong, sanity checks should prevent a panic, and the module will fail to load.
If the module loads correctly, you should see the following in your dmesg output:
[ptrace] Found nsysent at 0x502780 (count 427), calculated sysent location 0x5027a0. [ptrace] Sanity check 0 1 0 3 4 4: sysent sanity check succeeded. [ptrace] Patching ptrace(PT_DENY_ATTACH, ...). [ptrace] Blocking PT_DENY_ATTACH for pid 82248.
Note: To access the nsysent symbol, the kext is required to declare a dependency on a specific version of Mac OS X. When updating to a new minor release, it should be sufficient to change the 'com.apple.kernel' version in the kext's Info.plist. I've uploaded a new version of the kext with this change, but I won't provide future updates unless a code change is required.
<key>OSBundleLibraries</key>
<dict>
<key>com.apple.kernel</key>
<string>9.2.0</string>
</dict>
Much thanks to Ryan Chapman for noting this issue, and testing the kext with 10.5.2.
12:23 Sat, 26 Jan 2008 PST -0800FreeBSD's 1.6 JDK on Mac OS X: Status Update
Puzzle Pirates - A More Entertaining Hello World
Status Update
I've spent some more time working on porting JDK 1.6 -- adding support for Tiger (10.4), fixing stack alignment issues for both amd64 and i386, fixing build system issues, and more. On Leopard, the 32-bit JDK now builds to completion. As evidenced by the above "Hello, World", X11 Swing is working on the 32-bit JVM.
Work is still progressing on the 16-byte stack alignment issue. In the meantime, I've enabled the gcc -mstackrealign option to force stack alignment in compiled JVM code. This ensures that calls back into the JVM are properly aligned:
On the Intel x86, the -mstackrealign option will generate an alternate prologue and epilogue that realigns the runtime stack. This supports mixing legacy codes that keep a 4-byte aligned stack with modern codes that keep a 16-byte stack for SSE compatibility. The alternate prologue and epilogue are slower and bigger than the regular ones, and the alternate prologue requires an extra scratch register
To replace this temporary work-around, I'm currently working on fixing the call stack alignment in the HotSpot Interpreter. Currently most calls are properly aligned, with the JVM running until it hits a JNI call. The JNI code generation assumes that arguments can be pushed directly to the stack prior to calling the stub generator, making alignment more difficult. I have not started work on alignment in the c1 or c2 compilers. Due to -mstackrealign compiler bugs in Tiger, the JVM must be built on Leopard -- however, it should be possible to build a JDK to run on Tiger.
For 64-bit Leopard systems, I've fixed up some latent alignment issues in HotSpot (Leopard is very picky about checking alignment in dyld), and the code appears to work fine with a few caveats. I've only spent a few hours on this today, but 64-bit Java should be the most stable and easiest to port. There is a known issue in the AMD64 JVM that I have not had time to track down, occaisionally triggering the following assert:
javasrc_1_6_jrl/hotspot/src/cpu/amd64/vm/frame_amd64.cpp:118
assert((intptr_t) sp() <= (intptr_t) result,
"result must >= than stack pointer");
As a temporary work-around, the x86_64 JVM appears to run fine (if slowly) in interpreter mode (-Xint).
Future Direction
As a FreeBSD-Java committer, I will be merging low-risk changes upstream to the FreeBSD Java Project (Code). Potentially destabilizing changes to Hotspot interpreter / compiler will not be merged until they've seen adequate review by the FreeBSD and OpenJDK teams.
There are tentative plans to merge the BSD Java changes into the OpenJDK project. This isn't something I'm directly involved with, but I have signed the Sun Contributor Agreement in preparation.
I am also very interested in external contribution -- this is a part time, after-work project for me! See below for code access.
In progress work:
- i386 JIT 16-byte intepreter and c1/c2 compiler stack alignment
- Outstanding AMD64 bug(s)
- Audio support (HAE implementation needs to be written using CoreAudio)
- Support for setting java thread priority (should be simple, just requires a implementation using the mach thread API).
Code Access
I am making the JRL-licensed source code available via a Mercurial repository. Since the OpenJDK project is moving to Mercurial, I thought I'd get on the bandwagon -- it is working out well. The repository is available at:
To download the source code, you must be a licensee in good standing under the Java Research License. To ensure compliance, the repository requires authentication -- the username is "jrl", and the password is 'I am a Licensee in good standing'. By downloading this source code, you certify that you are a Licensee in good standing under the Java Research License of the Java 2 SDK, and that your access, use, and distribution of code and information you may obtain at this site is subject to the License. Please review the license at http://java.net/jrl.csp, and submit your license acceptance to Sun.
Currently, all FreeBSD JDK16 work is under the JRL. In the future, the work may be relicensed, with a copyright grant, for OpenJDK under the GPLv2.
This not something I like to do, but I request that all submissions assign copyright to myself, such that I have the ability to relicense/grant copyright for submission to the upstream projects. If anyone has a better idea of how to handle this, I'm very interested.
To build the x86_32 JDK:
cd control/make env DYLD_LIBRARY_PATH=`pwd`/../build/bsd-i586-debug/lib/i386/client \ make ALT_BOOTDIR=/System/Library/Frameworks/JavaVM.framework/Home \ ALT_MOTIF_DIR=/opt/local SYS_CFLAGS="" LANG="C" JAVA_HOME="" CLASSPATH="" \ LD_LIBRARY_PATH="" MAKEFLAGS="" SKIP_COMPARE_IMAGES="YES" \ BUILD_DEPLOY="false" ALT_DEVTOOLS_PATH=/usr ALT_CUPS_HEADERS_PATH=/usr/include \ HOTSPOT_BUILD_JOBS=1 PARALLEL_BUILD_JOBS=1 debug_build
To build the x86_64 (amd64) JDK:
cd control/make env DYLD_LIBRARY_PATH=`pwd`/../build/bsd-amd64-debug/lib/amd64/server \ make ALT_BOOTDIR=/System/Library/Frameworks/JavaVM.framework/Home \ ALT_MOTIF_DIR=/opt/local SYS_CFLAGS="" LANG="C" JAVA_HOME="" CLASSPATH="" \ LD_LIBRARY_PATH="" MAKEFLAGS="" SKIP_COMPARE_IMAGES="YES" \ BUILD_DEPLOY="false" ALT_DEVTOOLS_PATH=/usr ALT_CUPS_HEADERS_PATH=/usr/include \ HOTSPOT_BUILD_JOBS=4 PARALLEL_BUILD_JOBS=4 BSD_OVERRIDE_ARCH=amd64 JAVA_JVM_FLAGS=-Xint JAVAC_FLAGS=-Xint debug_build
Remove the "-Xint" flags to disable interpreter mode (and trigger the known issue in frame_amd64.cpp).
Note that the debug build is considerably slower than a production build, and interpreted mode is even slower!
If you're interested in assisting with IA32 stack alignment issues, the current patch is available here: patch-stack-align-darwin-v2.
Looking for a Job?
Lastly, a plug for my group at Three Rings. We're looking to hire Java Engineers (not just billing!) and FreeBSD Developer/Admins. The group rocks (I run it!), so feel free to drop me a line if you're interested.
12:22 Sat, 26 Jan 2008 PST -0800FreeBSD's 1.6 JDK on Mac OS X
NOTE: You probably want to check out the latest updates
Introduction
I've long wondered what it would take to get the FreeBSD Java Port running on OS X, so this weekend I spent a couple days getting Java 1.6 running on my x86 Leopard machine.
Weekend is over, and I can report partial success -- hotspot compiles, the jre mostly bootstraps, and Hello World runs. Anything complex appears to trigger stack alignment issues (Apple's i386 API requires a 16-byte aligned stack)
landonf@max:javasrc_1_6_jrl/control/build/bsd-i586> ./bin/java -version java version "1.6.0_03-p3" Java(TM) SE Runtime Environment (build 1.6.0_03-p3-landonf_04_nov_2007_00_06-b00) Java HotSpot(TM) Server VM (build 1.6.0_03-p3-landonf_04_nov_2007_01_30-b00, mixed mode)
landonf@max:javasrc_1_6_jrl/control/build/bsd-i586> ./bin/java Hello Hello World!
What's missing?
Missing pieces:
- i386 JIT 16-byte stack alignment issues
- Audio support (HAE implementation needs to be written using CoreAudio)
- Support for setting java thread priority (should be simple, just requires a implementation using the mach thread API).
- Browser plugin
- PowerPC or AMD64 support (PowerPC would require a considerable amount of work)
Additionally, there's no Aqua support -- Swing would require X11.
Source? Compiling?
The patch is based on the BSD 1.6 JDK patchset, which means you need to download Sun's JDK source, the FreeBSD patchset, AND the Darwin patches. Instructions on downloading the Sun source, and the FreeBSD patchset, are available from the FreeBSD JDK site
The Darwin patchset should be applied on top of the BSD patchset. By downloading this source code, you certify that you are a Licensee in good standing under the Java Research License ("License") of the Java(tm) 2 SDK, and that your access, use and distribution of code and information you may obtain at this site is subject to the License. Download patch-jdk16-apple-alpha1.
Compilation requires OpenMotif, Nawk, and possiblity additional software -- I installed all the dependencies using MacPorts. To build, cd to control/make and run the following (tweaked appropriately):
env DYLD_BIND_AT_LAUNCH=1 \ DYLD_LIBRARY_PATH=<javasrcpath>/control/build/bsd-i586/lib/i386/client \ make ALT_BOOTDIR=/System/Library/Frameworks/JavaVM.framework/Home \ ALT_MOTIF_DIR=/opt/local SYS_CFLAGS="" LANG="C" JAVA_HOME="" CLASSPATH="" \ LD_LIBRARY_PATH="" MAKEFLAGS="" SKIP_COMPARE_IMAGES="YES" \ DONT_BUILD_DEPLOY="YES" ALT_DEVTOOLS_PATH=/usr ALT_CUPS_HEADERS_PATH=/usr/include \ HOTSPOT_BUILD_JOBS=4 PARALLEL_BUILD_JOBS=4
The build does not complete (yet), but a bootstrap JVM is built (and can be run from) ./control/build/bsd-i586/bin/java
12:21 Sat, 26 Jan 2008 PST -0800Java 6 Port: Developer Preview Release 2 for Leopard and Tiger
Community Process
I'd like to thank everyone who has downloaded, tested, and reported bugs. The result is "Developer Preview Release 2" -- Thanks!
If you haven't already, consider downloading a copy and running your software. Let me know how it works out for you!
Changes since Release 1
Features
- Support for 32-bit Mac OS X 10.4 Tiger.
- SoyLatte binary release.
Bug fixes
- Fix handling of setrlimit(RLIMIT_NOFILE, ...RLIM_INFINITY) on Leopard. Ensures that Java is able to raise the process file limit to the maximum allowed. (Reported by Tore Halset).
- Added official cacerts store from the BSD port, fixing SSL's x509 certificate validation (Reported by Tore Halset)
- Corrected the dylib path for loading the debugger library. Fixes java debugger (Fix suggested by Curtis Stanford, issue reported by Alexander Babaev)
- Add a missing LDFLAGS setting to the Darwin build configuration. Now correctly links JDK binaries, removing the requirement for setting DYLD_LIBRARY_PATH (Reported by Fred Jean and Nick Shanny)
- Key Leopard-specific uc_mcontext defines to MAC_OS_X_VERSION_MAX_ALLOWED >= 10.5. Fixes 64-bit builds on Tiger. (Reported by Ed Carrel).
- Added support for building against the 10.4 (and other) SDK using the DARWIN_SDK build setting
- Use DYLD_FALLBACK_LIBRARY_PATH for Java library loading. Avoids conflicts between Java libraries, and libraries enclosed in system frameworks. Fixes java2d binding against libGL.dylib
Fetching and Building from Source
Building
The build has been simplified. To build the 32-bit JVM:
cd control/make make ALT_BOOTDIR=/System/Library/Frameworks/JavaVM.framework/Home \ ALT_MOTIF_DIR=/opt/local SYS_CFLAGS="" LANG="C" JAVA_HOME="" CLASSPATH="" \ LD_LIBRARY_PATH="" MAKEFLAGS="" SKIP_COMPARE_IMAGES="YES" \ BUILD_DEPLOY="false" ALT_DEVTOOLS_PATH=/usr ALT_CUPS_HEADERS_PATH=/usr/include \ HOTSPOT_BUILD_JOBS=1 PARALLEL_BUILD_JOBS=1
The following additional make options are available:
- BSD_OVERRIDE_ARCH: Set to amd64 to build the 64-bit JVM
- DARWIN_SDK: Set to target a specific Mac OS X SDK.
To build with extra debugging code and symbols, use the "debug_build" target.
To target Tiger, set the MACOSX_DEPLOYMENT_TARGET environmental variable to "10.4", and pass DARWIN_SDK=/Developer/SDKs/MacOSX10.4u.sdk as a make flag. The Tiger SDK currently must be build on Leopard, due to bugs in the 10.4 compiler's -mstackrealign code generation. This is on the long-term to-be-fixed list.
Fetching the source
Sources are available as a downloadable archive, or from a mercurial repository. To download the source code, you must be a licensee in good standing under the Java Research License. To ensure compliance, downloading the source requires authentication:
Username: 'jrl' and Password: 'I am a Licensee in good standing'
Download: jdk6_devpreview_r2.tar.gz (sig)
The development repository is also available via mercurial: http://hg.bikemonkey.org/javasrc_1_6_jrl_darwin/. The release tag is jdk6_devpreview_r2.
By downloading this source code, you certify that you are a Licensee in good standing under the Java Research License of the Java 2 SDK, and that your access, use, and distribution of code and information you may obtain at this site is subject to the License. Please review the license at http://java.net/jrl.csp, and submit your license acceptance to Sun.
Binary Access
I am making available the SoyLatte binary release. (Red Hat already claimed IcedTea, and I drank a lot of double soy lattes while working on this. Plus, I think it's funny).
SoyLatte is based on the BSD Port of Sun's Java 6 JDK, and is made available under the Java Research License. JDK and Java are trademarks of Sun. Like RedHat, I want to make it exceptionally clear that while SoyLatte is a port of Java, it is not Sun's Java, JDK, or OpenJDK. Unlike IcedTea, SoyLatte is made available under the JRL. Please see below for a licensing discussion.
By downloading these binaries, you certify that you are a Licensee in good standing under the Java Research License of the Java 2 SDK, and that your access, use, and distribution of code and information you may obtain at this site is subject to the License. Please review the license at http://java.net/jrl.csp, and submit your license acceptance to Sun.
Downloads
Binaries are available for Mac OS X 10.4 and 10.5 (32-bit), and Mac OS X 10.5-only (64-bit). The soylatte directory can be placed anywhere on your system -- I chose /usr/local/soylatte16-amd64. Like other Java platforms, setting the JAVA_HOME and PATH environmental variables to point at these locations will work as expected.
32-bit JDK for Mac OS X 10.4 and 10.5: soylatte16-i386-r2.tar.gz (sig)
64-bit JDK for Mac OS X 10.5: soylatte16-amd64-r2.tar.gz (sig)
To ensure compliance, downloading the source requires authentication:
Username: 'jrl' and Password: 'I am a Licensee in good standing'
Feature TODO List
I'll start looking at all of these eventually, but feel free to jump in:
- Sound support. If you know CoreAudio, your help is much appreciated!
- Integration with the Mac OS X certificate store (x509)
- Support for setting mach thread priority
- Native aqua Swing (as opposed to X11). This is a big one, and not likely to be done anytime soon. The effort needs to be led by someone familiar with Cocoa, JNI, and Swing
JSR 223 JavaScript Support
Sun has pulled Rhino from the JRL and OpenJDK (GPLv2) sources, due to concerns regarding licensing. As a work-around, there is a BSD-licensed javascript JSR223 engine implementation, using Rhino, available via https://scripting.dev.java.net/:
We have built and tested with Rhino version 1.6 release 5. There is a Rhino based JavaScript engine bundled in JDK 6 (http://jdk6.dev.java.net). The JDK 6 bundled version is based on Rhino 1.6 release 2. Unlike JDK 6 bundled engine, all Rhino features (optimizer, E4X) are enabled in this version.
This seems to work as a drop-in replacement for Sun's sun.org.mozilla code. Here's JavaScript Hello World using Rhino 1.6r5 and the Scripting package:
java -cp ~/Downloads/jsr223/javascript/build/js-engine.jar:/tmp/rhino1_6R7/js.jar:. EvalScript Found engine factory: com.sun.phobos.script.javascript.RhinoScriptEngineFactory Found engine factory: com.sun.phobos.script.javascript.EmbeddedRhinoScriptEngineFactory Hello, World
I am looking into the feasibility of integrating this solution.
Licensing
The Mac OS X work is based heavily on the BSD Java port, which is licensed under the JRL. The BSDs develop Java under the JRL; FreeBSD has negotiated a license with Sun to distribute FreeBSD Java binaries based on the JRL sources.
As the Mac port stabilizes, I am merging my work upstream into the BSD port, and in turn, it is a goal of the FreeBSD Java project to merge their work into OpenJDK. I've signed a Sun Contributor Agreement in preparation for this, and an OpenJDK Porters group has been proposed: http://thread.gmane.org/gmane.comp.java.openjdk.general/630
While the JRL makes this initial port possible, OpenJDK's GPLv2+CE licensing makes development and distribution far simpler. I hope to contribute this work to OpenJDK as soon as is feasible.
Submitting Bug Reports
There are bugs, and you're likely to find one. The most useful bug report is one that includes a simple, compilable reproduction case -- that gives me what I need to track down the really tricky bugs.
In submitting a bug, please include the following information:
- An e-mail address I can use to contact you if I have any further questions
- If at all possible, a simple, compilable test case that reproduces the issue
- The java hotspot error log (hs_err_pid.log), if the JVM crashed.
Bug reports may be submitted to landonf (at) macports (dot) org.
12:18 Sat, 26 Jan 2008 PST -0800SoyLatte: Release 1.0.1
Minor Bugfix
This release fixes a name resolution bug reported by Leif Nelson of LLNL.
- If java.net.preferIPv4Stack is set to true, getaddrinfo() makes (time consuming) MDNS SRV requests
I tracked this down to this copy/paste bug in resolver code:
error = getaddrinfo(hostname, "domain", &hints, &res);
The service argument should have been NULL.
Download
Binaries, source, build, and contribution instructions are all available from SoyLatte Project Page
21:32 Sun, 09 Dec 2007 PST -0800SoyLatte -- Java Status Report
This was originally sent to the OpenJDK Porters Development List, and reproduced here so I can shamelessly call for volunteers. If you've a desire to work on Mac OS X Java Integration, your help is always appreciated. Send me an e-mail, or join the OpenJDK porters group!
AWT Native Toolkit
I've spent a bit of time working on a native AWT toolkit. My initial tasks have been:
- Running the Cocoa event loop on the 'main' (first) thread
- Getting a window on the screen
- Drawing to the window
The first two items are done -- It's possible to display a basic AWT window (CPanelPeer, CWindowPeer), but not draw to it.
In pursuit of drawing, I've begun work on implementing a MacGraphicsDevice and a MacGraphicsEnvironment -- my current plan is to leverage the existing java2d OpenGL pipeline, if possible. I'm still getting my head around the best approach to this, especially in relation to resolution independence on Leopard.
If you'd like to check out the work, it's available via the development mercurial repository:
The code is currently located in:
j2se/src/solaris/classes/sun/awt/mac/ j2se/src/solaris/native/sun/awt/mac/
I will probably need to move the Mac-specific code out of the j2se/src/solaris directory. One of my goals is to retain support for both the X11 and the CG/Cocoa AWT toolkits.
The build only AWT, you can cd to j2se/make/sun/awt and run:
make ALT_BOOTDIR=/System/Library/Frameworks/JavaVM.framework/Home \ ALT_MOTIF_DIR=/opt/local SYS_CFLAGS="" LANG="C" JAVA_HOME="" CLASSPATH="" \ LD_LIBRARY_PATH="" MAKEFLAGS="" SKIP_COMPARE_IMAGES="YES" \ BUILD_DEPLOY="false" ALT_DEVTOOLS_PATH=/usr ALT_CUPS_HEADERS_PATH=/usr/include \ HOTSPOT_BUILD_JOBS=5 PARALLEL_BUILD_JOBS=5 \ ALT_HOTSPOT_CLIENT_PATH=/usr/local/soylatte16-i386-1.0/jre/lib/i386/client/ \ ALT_HOTSPOT_SERVER_PATH=/usr/local/soylatte16-i386-1.0/jre/lib/i386/server/
This will output a working JVM in j2se/build/bsd-i586. For the initial build, you make need to run make from top-level j2se/make directory.
Merge to BSD Repository
I've completed the merge of the Mac OS X port to the BSD Java project. With this work done, I've split Mac OS X development into two branches:
- Development - Integration with Mac OS X-specific technology (native AWT, etc.)
- Stable - A baseline Mac OS X port without additional native integration. Synchronized with the BSD repository.
If you'd like information on accessing the Mercurial repositories, check out the SoyLatte Project Page
00:00 Thu, 06 Dec 2007 PST -0800SoyLatte: Release 1.0
General Release
After several weeks of using SoyLatte for my own development, and the testing of an exceptional group of early adopters, it's time to issue a 1.0 release. This release provides:
- A stable JVM, usable for real-world development
- The benefits of Java 6 performance enhancements
- X11 Swing (Nothing is perfect!)
Download Information
To download SoyLatte 1.0, please see the SoyLatte Project Page. If you are interested in contributing, please consider joining the OpenJDK Porter's Mailing List to say hello!
Changes since DP3
The only change in the 1.0 release is the acceptance of the -XstartOnFirstThread option. Nearly all outstanding changes have been merged upstream into the BSD Java project, and I have split development into two branches -- a stable branch, and an unstable branch. It's my intention (and I have begun work on) integrating Mac OS X-specific functionality within the unstable development branch.
20:18 Thu, 29 Nov 2007 PST -0800Interview with The Java Posse, OpenJDK Porters Group
Java Posse
The exceptionally nice guys from the Java Posse podcast called me up for an interview about Java 6 on Mac OS X. You can hear me sounding like a goof here.
I've also been awarded the first-ever Java Posse award. Free beer! Cheers to that!
The BSD Java Project deserves considerable credit as well. The Mac OS X Java port is dependent on the work of amazing people like Greg Lewis (FreeBSD) and Kurt Miller (OpenBSD), and I'll happily buy *them* a beer.
As the podcast states, if you're interested in working on native graphics for Mac OS X, sound, or anything else you think needs doing, check out the project page and join in!
OpenJDK Porters Group
I'm very happy to report that the OpenJDK Project's Porters Group has been established!
While the OpenJDK code base covers some mainstream CPU architectures and operating systems, there are many more platforms that are attractive targets for porting efforts for Java. This group exists to bundle and aid such efforts under the OpenJDK umbrella, and integrate them in the OpenJDK community through porting projects.
The BSD porting projects, led by Kurt Miller and Greg Lewis, have expressed interest in joining OpenJDK, as well as the Mac OS X porting project led by Landon Fuller.
This is fantastic -- many thanks to the OpenJDK developers for putting this together. I hope to move development work over to OpenJDK in the near(ish?) future.
03:42 Wed, 28 Nov 2007 PST -0800SoyLatte: Developer Preview Release 3
Now with more Soy
Thanks to all for testing Release 2! I'm pleased to announce Developer Preview Release 3, which includes compatibility and feature improvements based on the latest round of community suggestions. I hope you don't mind the rapid release cycle -- I figured that it's important to iterate quickly with the initial testing releases.
New Features & Compatibility Fixes
- Support for Thread.setPriority() (maps to Mach thread priorities)
- Implemented support for gathering thread CPU time statistics via ThreadMXBean (Reported by Ralph Martin)
- JVM now ignores (and prints a warning) any Apple-specific -Xdock: JVM options (Reported by Fabrizio Giudici)
- Added fall-back support for the .jnilib library extension, if a .dylib can not be found -- Apple JVM compatability (Reported by Werner Randelshofer and Fabrizio Giudici)
Binaries, source, build, and contribution instructions are all available from the new SoyLatte Project Page -- my blog posts were starting to get a little long!