Video: Nikita Lipsky Talks About Unity And Conflict of JIT And AOT Compilers @ Riga Dev Days 2017

Watch our Nikita Lipsky speaking about JIT and AOT compilers at Riga Dev Days 2017.


Categories: Java, News

Tags: , , , ,

Video: Nikita Lipsky Talks About Java AOT Compilation @JavaZone 2016

Our very own Nikita Lipsky, one of the “fathers” of the Excelsior JET project, was at the JavaZone conference in Oslo last week to give a talk about Java AOT compilation. Here are the video and slides of his talk:

Categories: Java, News

Tags: , , , , ,

An Unorthodox “Solution” to an NPE Puzzle

I’ve been subscribed to Java Performance Tuning by Jack Shirazi and Kirk Pepperdine forever (compared to other e-newsletters), not least because of the introductory pieces. Jack opened the Feb 2014 issue with a small puzzle stemming from a real problem his colleague encountered. I forwarded it to our developers immediately:

This month I’ve got a little puzzle for you. How can you get a null pointer exception from the following piece of code?

    //map is an instance of HashMap
    x = map.get("hello");

To be clear, “map” is not null, it is an instance of the standard HashMap class from the JDK, the get() method and all the other HashMap methods are the normal ones you have in the JDK, and there has been no bytecode injection. Oh, and the process is not out of memory, hasn’t been out of memory, and the HashMap instance has not been used in more than one thread.

If you cannot figure out the answer, take a peek at issue #159 of the newsletter. One of my colleagues, however, have come up with a deliberately coded “solution” to the problem:

import java.util.HashMap;

public class ShootMyselfInTheFoot {
    private static class Damn {
        // Load
        public int hashCode() {
            return "hello".hashCode();

        // Aim
        public boolean equals(Object obj) {
            obj = obj != null ? null : "";
            return obj.equals(obj);

    public static void main(String[] args) {
        // Fire!
        HashMap map = new HashMap();
        map.put("hello", null);
        map.put(new Damn(), null);

        Object x = map.get("hello");

Left me wondering if might make sense for an advanced obfuscator or copy protection tool inject pieces of such meaningful-looking yet unexpectedly failing code into the application, of course making sure that it never receives control (except if license check has failed a few million CPU cycles before.)

Categories: Java

Tags: ,

Breaking: It seems that Excelsior JET already supports JavaFX 2

Update 20-Sep-2015: We are about to release Excelsior JET 11 that will fully support Java SE 8 and JavaFX 8. A public beta is already available. This post is only kept for historical reasons.

Thanks to the persistence of an evaluation user, we have discovered that JavaFX 2 apps can be run without the custom classloader and hence can be fully precompiled with the current version of Excelsior JET! There are a few quirks in the build process, as you will see, and we have not extensively tested it, but the four standard demos seem to be working, at least on Windows.

Read the rest of this entry »

Categories: Excelsior JET

Tags: , ,

The Fastest JVM on Greenland (Perhaps)

The Institute for Arctic Technology at the Technical University of Denmark (DTU) recently worked on a renewable energy project in Greenland. The goal of the project was to determine the impact of combining renewable wind energy with existing diesel generators in small villages. There was just one problem: DTU researchers back in Denmark needed a reliable, affordable way to analyze the data both historically and in real-time. For that solution they turned to Lagoni Engineering Ltd. — and Lagoni turned to Excelsior JET Embedded.

Arctic conditions ruled out upgrading hardware, causing Lagoni to find performance improvements within the existing platform.

“We were looking for a way to reduce the hardware requirements and cost associated with conventional Java, which powers Monatar, our in-house datalogger with a built-in Web server that provides the user interface for the researchers. We found what we needed in Excelsior JET Embedded.”

Thomas Olsen, director of Lagoni Engineering Ltd.

Monatar is a high-performance embedded energy-monitoring device for wind turbine analysis, and it is critical to the DTU researchers’ mission. Excelsior JET Embedded powered — and boosted the performance of — Monatar in the bitter cold of a Greenland winter.

In fact, our product has delivered a 45% improvement on Oracle’s JVM start-up, between 15% and 30% improvement on JVM response, and a full 60% improvement on JVM’s disk footprint size.

Footprint Chart

You can find the remaining charts and further details in the case study.

Categories: Customer Showcase, Excelsior JET, News

Tags: , , , ,

Excelsior JET Secures Intellectual Property for the Mobile Sales Force

This case study shows how Avisod LLC uses Excelsior JET to protect their Tomcat Web applications from potential security risks of reverse engineering.

Excelsior JET for Apache Tomcat case study

By: Karl Self, CIO
Avisod LLC

Avisod LLC, a software company that creates a private communications channel for its customers, has a geographically diverse sales force constantly on the move.

In our Quick Serve Restaurant (QSR) vertical, the sales force needed to demonstrate the power of their unique hardware and software solution that included a Java Web application running on Apache Tomcat.

The advancements of decompilers, the increasing reliance on external configuration within Java Web applications, and the increasing cost and complexity of obfuscator software can make for sleepless nights on product teams. Excelsior JET eliminates those concerns through an easy to use interface capable of providing protection for Java Web applications running on Tomcat 5 and above.

Using Excelsior JET 7.2, we were able to secure our Java Web application running on Apache Tomcat 5.5 in less than hour.

Administration Dashboard of Avisod’s L3, an innovative messaging system that delivers targeted text and video messages to individuals on demand.

With JET’s AOT feature, the web container, application code, and JRE were compiled into native binary code. Now our sales force can move freely through airports, train station, hotels, and customer sites knowing Avisod’s intellectual property is safe from potential security risks of traditional decompilers.

Given the alternative’s cost, both in product cost and training, Excelsior JET was an easy choice. Beyond securing Avisod’s intellectual property, Excelsior’s JET 7.2 Enterprise Edition also provides the additional benefits of improved performance and reduced cold startup time. Salesmen typically have only a few minutes of face to face time with potential customers. Every second counts and the Excelsior’s solution helped Avisod’s sales force to make the most of every second.

Excelsior JET provided us with best in class security for our Java Web application giving us more time to focus on our clients and improving our product line.

Categories: Excelsior JET, Java, Tomcat

Tags: , ,

CERT Secure Coding Standard for Java: Theory and Practice

The CERT Secure Coding Standard for Java is a comprehensive set of rules and recommendations for writing secure Java applications. If you care about the security of Java code that you write, make sure to check it out (the C Secure Coding Standard has already made it into a book, and its C++ sibling is in progress, just in case.)

In practice, however, developers that read secure coding guidelines or best practices documents mostly apply the new knowledge to their future work. In the best case, they may have the time to review the code they have written recently. And even then, their now-more-secure code may be just a tiny portion of a large enterprise application combining lots of legacy stuff with code written in other departments, commercial components, etc., running on top of an open-source framework inside a proprietary container.

Even with the help of static code analysis tools, the costs of discovering and eliminating all the security vulnerabilities in such an application may be prohibitive. However, the costs of reducing their exposure may be acceptable. But why is the level of such exposure so high for Java apps in the first place?

For further discussion, continue to my article “Protect Your Java Code – Through Obfuscation And Beyond“.

Excelsior provides practical solutions for the protection of desktop applications based on Eclipse RCP, Tomcat Web applications, and plain Java SE applications.

Categories: Java

Tags: , ,

Nicolas Fränkel: Safely give away your demo applications

Nicolas Fränkel in his blog recommends using Excelsior JET to protect your demo Web applications.

Categories: Excelsior JET, Java, Tomcat

Tags: , , ,

Export RCP Apps As Native Executables Right From Your Eclipse IDE

Excelsior JET Eclipse plug-in for RCP developers enables you to export your Eclipse RCP application in native code form and deploy it in the wild without the easy-to-hack jar files.

Just compare the structure of exported RCP applications to see the difference:

How Excelsior JET works

With the Eclipse plug-in for Excelsior JET , the exporting of RCP applications to native code can be done in three simple steps.

STEP 1: Invoke the Export wizard

Click the Excelsior JET button in the Eclipse toolbar.

Eclipse toolbar

The export wizard window will appear.

STEP 2: Select destination

You may export your RCP application into a directory as if you were using
the standard Eclipse Product export wizard, or wrap the application
into Excelsior Installer to enhance the end-user experience.

Specify the desired Product Configuration file and enter the path to the destination directory or to the installer executable you wish to create.

STEP 3: Export!

Click Finish. The exporting process will start.

Upon successful completion, a dialog will appear, displaying
the location of the exported application.

From this dialog, you may also get instructions for the headless build of your RCP application with Excelsior JET and test drive the application installer, if you opted for its creation on STEP 2.

Note: Eclipse RCP applications exported with Excelsior JET no longer need
the JRE to run.

Plug-in installation

You may find detailed instructions and Update Site URL to install this plug-in into your Eclipse IDE on this page.


Whitepaper: Two Ways of Securing Eclipse RCP Applications (obfuscation vs. native pre-compilation.)

Case studies: RCP developers share their experience with Excelsior JET.

Video tutorial: standalone tools providing the advanced features of Excelsior JET, such as startup time optimization, Java Runtime Slim-Down, installer branding, and others.

Excelsior JET for Eclipse RCP page: product information, sample applications, etc.

Categories: Eclipse RCP, Excelsior JET, Product Updates

Tags: , , , , ,

Excelsior JET 7.0 Ships

As promised, Excelsior JET 7.0 enables you to protect your Java Web applications running on Apache Tomcat by compiling them together with the Tomcat server itself into an optimized native executable.

Multi-app executables enable you to compile several applications into one executable, thus maximizing code and data sharing at run time. Another benefit is the ability to specify JVM options and Java system properties on the command-line in the conventional manner:

MyApp -Xmx512m -Dmonitor.port=7000 com.XYZ.server.Main
MyApp -Dport=7000 com.XYZ.monitor.Main

On Windows, the same binary may now be run as a conventional executable and installed as a service.

Speaking about Windows and sevens, Excelsior JET 7.0 has passed the Java SE 6 compatibility testsuite (JCK) on Windows 7 and is supported on that platform.

An important usability enhancement, performance and stability improvements, and reduced memory usage are also waiting for you to enjoy them!

Full list of new features and improvements in Excelsior JET 7.0

Download Excelsior JET 7.0 Evaluation Package

Categories: Excelsior JET, News, Product Updates, Tomcat

Tags: , ,