Java Singleton

A traditional way of creating Singleton is like this:

public class Singleton{
    private static Singleton instance = null;

    private Singleton(){}

    public static Singleton get(){
        if(instance == null){
            instance = new Singleton();
        }
        return instance;
    }
}

To ensure thread safety, we can add synchronized to the get method:

public static synchronized Singleton get(){
    if(instance == null){
        instance = new Singleton();
    }
    return instance;
}

However, this method is very inefficient as it requires us to acquire a lock every time we want to access the object.

The solution is to use double checking, which allows us to acquire the lock only when we initialize the object at the first time.

public static Singleton get(){
    if (instance == null) {
        synchronized (Singleton.class) {
            if (instance == null) {
                instance = new Singleton();
            }
        }
    }
    return instance;
}

Fuzzing in C and Java

A classic fuzzing setup in C++ with libFuzzer:

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
  DoSomethingInterestingWithMyAPI(Data, Size);
  return 0;  // Values other than 0 and -1 are reserved for future use.
}

To use it, use the -fsanitize=fuzzer flag during the compilation and linking. Typically, we use fuzzing together with ASAN and UBSAN.

If your function doesn’t take uint8_t * directly, you may find it useful to use Jason Turner’s template for fuzzing. A more detailed guide of libFuzzer can be found at libFuzzer – a library for coverage-guided fuzz testing.

In Java, I have only used Jazzer in one of my recent projects. The advantages of Jazzer is that you can use it with jUnit (with maven).

The repository has a detailed guideline about how to use it. I will present how to use it with jUnit (with limited capability but enough for us).

  1. Go to their jUnit Example

  2. Make sure add all the dependencies to your pom.xml

  3. Create your tests that use the following templates:

    // If you only want to use byte[]
import com.code_intelligence.jazzer.junit.FuzzTest;

class ByteFuzzTest {
    @FuzzTest
    void byteFuzz(byte[] data) {
    }
}

// If you want to deal with some complicated data types
// you can generate int/boolean/String... from FuzzedDataProvider
import com.code_intelligence.jazzer.api.FuzzedDataProvider;

class CustomFuzzTest {
    @FuzzTest
    void customFuzz(FuzzDataProvider data) {
    }
}

  4. As fuzzing takes time to run, you can also specify how long to run these fuzzing with @FuzzTest(maxDuration = "5m"). (The default value is 5 minutes)

  5. Somethings about the test

    1. You need to set environment variable JAZZER_FUZZ to any non-empty value; otherwise, only empty input will be given to your function.
    2. “When an assertion in the test fails, an exception is thrown but not caught, or Jazzer’s instrumentation detects a security issue (e.g. SQL injection or insecure deserialization), the fuzz test is reported as failed and the input is collected in the inputs directory for the test class.”
    3. Only a single fuzz test per test run will be executed in fuzzing mode. All other fuzz tests will be skipped.
      1. This means if you want to run all the fuzzing tests inside some packages, you need to run them one by one.

10 core guidelines for C++

CppCon 2017: Kate Gregory “10 Core Guidelines You Need to Start Using Now”

  1. Prefer default argument rather than overloading

  2. Initialization order is the order the var is defined

    1. So, to avoid confusion, we need to use the same order in constructor
    2. Even if we declare them in different order, they are actually evaluated in the order in which the member variables are defined

  3. std::tie and std::ignore

    1. std::tie creates a tuple of references
    2. we can use this to bind a returned tuple to some of the existing variable
    3. std::ignore can be used with std::tie to let us ignore some variables

Trivia

  1. std::nextafter

    1. Useful if we want to get the next value of float/double/long double
    2. C++ Weekly - Ep 223 - Know Your Standard Library: std::nextafter

  2. std::recursive_mutex

    1. Useful when we need to 1) acquire a lock and 2) do some recursions in that function
    2. Solutions without recursive_mutex is to create a entry function and do locking in it. Check this answer.

  3. Inefficient placement new before C++17 1

    1. For any version of gcc without -std=c++17 or -std=c++1z, any version of clang below 3.4 (January 2014)
    2. Placement new will perform a null pointer check on the memory passed in. If null is passed in: the returned object is also null
    3. Marc Glisse/Jonathan Wakely (wg21.link/cwg1748) clarified this in 2013: Passing null to placement new is now Undefined Behaviour [5.3.4.15]

  4. Profilers 1

    1. I have talked about profilers before. This is an example of sampling profiler. The main drawbacks they have is that “they miss the key events”
    2. There are some other profilers like: Instrumentation profilers (e.g. callgrind)
      1. They are too intrusive
      2. They don’t catch I/O slowness/jitter

  1. https://www.youtube.com/watch?v=NH1Tta7purM “CppCon 2017: Carl Cook “When a Microsecond Is an Eternity: High Performance Trading Systems in C++” ↩︎ ↩︎