Java 8 auf >=17 Upgrade - Lessons Learned und Best Practices

© 2024, Amazon Web Services, Inc. or its affiliates. All
rights reserved. Java 8 auf >=17 Upgrade Lessons Learned und Best Practices Dennis Kieselhorst Principal Solutions Architect Amazon Web Services

rights reserved. Agenda Java @ Amazon 1 Lessons learned from upgrades The good, the bad, the ugly. 2 Best practices 3 Automation? 4

rights reserved. Java @ Amazon

rights reserved. The JDK team @ Amazon …

rights reserved. What is Amazon Corretto? • Downstream distribution of OpenJDK • Quarterly security releases • No-cost long-term releases – JDK 8, JDK 11, JDK 17, JDK 21 • Feature release train (JDK 15, JDK 16, JDK 18, JDK 19, JDK 20, JDK22 …) • Drop-in OpenJDK replacement • certified using the Java Technical Compatibility Kit (TCK) to ensure it meets the Java SE standard • is available on Linux, Windows, and macOS

rights reserved. Custom AWS silicon with 64-bit Arm cores Available in e.g. Amazon EC2, AWS Lambda, AWS Fargate, Amazon Relational Database Service Up to 40% better price performance over comparable current generation x86-based instances Up to 60% less energy for the same performance than comparable EC2 instances AWS Graviton2, Graviton3 & Graviton4 Graviton Corretto runs great on ARM & AWS Graviton processors

rights reserved.

rights reserved. N A M E R I C A Available Region Announced # Availability Zone A S I A P A C I F I C A U S T R A L I A & N E W Z E A L A N D S A M E R I C A São Paulo 3 E U R O P E Frankfurt Ireland London Milan Paris Spain 3 3 3 3 3 3 Stockholm Zurich Germany 3 3 A F R I C A Cape Town 3 M I D D L E E A S T Bahrain Tel Aviv UAE Kingdom of Saudi Arabia 3 3 3 Canada Central Canada West GovCloud US-East GovCloud US-West Northern California Northern Virginia 3 3 3 3 3 6 Ohio Oregon Mexico 3 4 *Beijing *Ningxia Hong Kong Hyderabad Jakarta Mumbai 3 3 3 3 3 3 Osaka Seoul Singapore Tokyo Malaysia Taipei 3 4 3 4 Thailand Melbourne Sydney Auckland 3 3 AWS Global Infrastructure Regions & Availability Zones

rights reserved. 12

rights reserved. AWS Shared Responsibility Model SOFTWARE COMPUTE STORAGE DATABASE NETWORKING HARDWARE/AWS GLOBAL INFRASTRUCTURE REGIONS AVAILABILITY ZONES EDGE LOCATIONS AWS RESPONSIBILITY FOR SECURITY ‘OF’ THE CLOUD OPERATING SYSTEM, NETWORK & FIREWALL CONFIGURATION PLATFORM, APPLICATIONS, IDENTITY & ACCESS MANAGEMENT CUSTOMER DATA NETWORKING TRAFFIC PROTECTION (ENCRYPTION, INTEGRITY, IDENTITY) SERVER-SIDE ENCRYPTION (FILE SYSTEM AND/OR DATA) CLIENT-SIDE DATA ENCRYPTION & DATA INTEGRITY AUTHENTICATION CUSTOMER RESPONSIBILITY FOR SECURITY ‘IN’ THE CLOUD

rights reserved. Application Performance Shared Responsibility Model Application (You!) Runtime (Community!) DATA STRUCTURES Framework JVM/JDK Language (Java, Kotlin, …) ALGORITHMS SYSTEM DESIGN Libraries

rights reserved. Lessons learned from upgrades

rights reserved. The good, the bad, the ugly.

rights reserved. J D K 8 T O 1 7 Example: Monitoring service 1/5 50%!!

rights reserved. • 7% fleet utilization improvement • Millions in savings • 98% cold start fault reduction • 19% p99 PUT latency reduction J D K 8 T O 1 7 Another Monitoring Service 2/5

rights reserved. • 75% lower end to end latency • 30-40% capacity improvement J D K 8 T O 1 7 Proxy Service Improvement 3/5

rights reserved. Always compare under high load 20 J D K 1 1 T O 1 7 Analytics 4/5

rights reserved. Always compare under high load 21 J D K 1 1 T O 1 7 Analytics 4/5

rights reserved. Is GC the limit for a low latency service? J D K 1 1 T O 1 7 Proxy Service – No Improvement 5/5

rights reserved. The good, the bad (not really that bad), the ugly.

rights reserved. JDK 17 upgrade regression case study 1 Previously accessible methods became unreferenceable in JDK 17. • Test your application, fix flakey tests • Scan logs for exceptions • Gradual rollout java.lang.reflect.InaccessibleObjectException: Unable to make field private final {type} accessible: module java.base does not "opens {module}" to unnamed module {module}

rights reserved. • ParallelGC parallelized the reference processing using more CPU during full pause • Triggered CPU spikes because failed to take into account other JVMs on host. • Had to explicitly set –XX:ParallelGCThreads when sharing a host. JDK 17 upgrade regression case study 2

rights reserved. The good, the bad, the ugly (not really that ugly).

rights reserved. Java 17 still has bugs! JDK-8305994: Guarantee eventual async monitor deflation Moving monitor cleanup out of safepoints (Java 12/15) JDK-8313678: SymbolTable can leak Symbols during cleanup Triggered by Groovy/LambdaForms (introduced in Java 12) We still find a couple of these every month! This is why Update releases are so important to us and you. Both fixed upstream - backport to 17.

rights reserved. Java 21? How many bugs were fixed in Java 21.0.1?

rights reserved. Java 21? How many bugs were fixed in Java 21.0.1? 23/104/271 – 21.0.1

rights reserved. Java 21? 271 – 21.0.1 300 – 21.0.2 274 – 21.0.3 334 – 21.0.4 Report bugs upstream!

rights reserved. Best practices

rights reserved. • Upgrade your dependencies! § Especially test frameworks: e.g. at least Mockito 5.x. § Libraries, e.g., need at least Lombok 1.18.22, Guice 5.1.0. • Strong encapsulation. § No access to what were ”public” JDK implementation classes. • JDK 17/21 GC behavior is different (better!). § Default collector is G1 (not Parallel) starting in JDK 11. § Concurrent Mark-Sweep (CMS) collector is gone. § New collectors: Shenandoah and ZGC. JDK 17/21 Simplified Migration Guide

rights reserved. • Developers • Services and Applications • Dependencies § Open Source / 3rd party § Internal / 1st Party § Custom tooling (build/ deploy/ test) It gets complex when you have a lot of “stuff”

rights reserved. • Use less dependencies, a lot less • Remove unsupported dependencies • Use libraries that only use public supported APIs • If you can avoid § Mocks § Aspect oriented programming • Relentlessly keep your code and dependencies up to date T H I S C O U L D B E C O N T R O V E R S I A L How do you get future proof?

rights reserved. • Unit tests (non mocks) • Integration tests that cover all mainline, and critical edge case scenarios • Load tests – Observe latency, error rates, anomalies • Fix Flakey tests T E S T How do you get future proof?

rights reserved. • Metrics § Measure success rates, Latency, Memory, Memory/action, CPU § Observe and fix anomalies • Log analytics, eliminate anomalies • Pipelines, Beta, Fractional Deployments, Auto-Rollbacks, Canaries. How do you get future proof? Metrics Traces Logs

rights reserved. • Don’t leave broken windows behind. • Use the opportunity to modernize your application. • Upgrades become a lot less scary. How do you get future proof?

rights reserved. Automation?

rights reserved. < one hour coding time The median developer spends less than one hour a day writing code1 © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved 1 Software.com, “Global Code Time Report,” January 2022.

rights reserved. Where are developers spending time in the SDLC? Test and secure Operate Plan Create Maintain and modernize Plan • Find accurate and specific technical guidance from relevant documentation, code examples, resources, and so on • Design changes based on business and technical requirements Create • Generate code • Manage infrastructure Test and secure • Apply proper test cases for code changes • Scan for security vulnerabilities in code Operate • Identify and mitigate code issues • Monitor performance and efficiency Maintain and modernize • Modernize and update old code languages and dependencies

rights reserved. • Tools do static & dynamic code analysis • They have a knowledge base of known upgrade issues. • They can use LLMs to detect patterns not in the database. • Some well-known tools: § OpenRewrite § Eclipse Migration Toolkit for Java § Windup/ Migration Toolkit for Runtimes § Amazon Q Developer Agent for Code Transformation Automatic Upgrade & Migration Tools

rights reserved. Amazon Q Developer Reimagines the experience across the entire software development lifecycle (SDLC) Helps developers and IT professionals build and manage secure, scalable, and highly available applications Helps you write, debug, test, optimize, and upgrade your code faster Converses with you to explore new AWS capabilities, learn unfamiliar technologies, and architect solutions Amazon Q is built with security and privacy in mind from the start, making it easier for organizations to use generative AI safely.

rights reserved. Amazon Q Developer supports developers across the SDLC Plan • Amazon Q Developer in the AWS Management Console (best practices, AWS WAF, Amazon EC2 instance optimization) • Business-specific application • Explain code with conversational coding Create • Inline coding companion in IDE and CLI • Software development • Conversational coding Test and secure • Unit test generation • Security scanning and remediation Operate • Troubleshoot errors (Amazon S3, AWS Lambda, Amazon EC2, Amazon Elastic Container Service) • VPC Reachability Analyzer • Debug and optimize code with conversational coding • Helps you optimize your AWS resources and costs [NEW] Maintain and modernize • Update code with Amazon Q Developer agent for code transformation Test and secure Operate Plan Create Maintain and modernize

rights reserved. Explore and plan Ask questions and get guidance from 17 years of AWS knowledge, best practices, and well- architected advice Create a business- expert application using your data, systems, and more.

rights reserved. Create Generate code Explain code Help understand your code base Customizable to your code

rights reserved. Create: Customize code recommendations Use Amazon Q Developer chat in the IDE to ask questions about your internal code base Help understand your internal code base Generate code based on your private repositories

rights reserved. Create: Advanced capability: Amazon Q Developer agent for software development Write and implement entire application features in minutes right from a simple natural language prompt in your IDE Interactive step-by-step instructions, code, tests, and best practices

rights reserved. Test and secure Generate unit tests Scan entire project for security vulnerabilities Generate remediations to improve security and code quality

rights reserved. Operate Diagnose and troubleshoot errors in the console Analyze network connectivity and VPC reachability

rights reserved. Amazon Q Developer knows your AWS account resources and billing List, describe, and get guidance based on resources in your AWS account Retrieve and analyze cost data from AWS Cost Explorer (preview)

rights reserved. Build and test (Java 8) Apply knowledge base Build and test (Java 17) Gen AI fixes errors Upgraded code Source code M O D E R N I Z E L A N G U A G E V E R S I O N S I N A F R A C T I O N O F T H E T I M E Maintain and modernize: Amazon Q Developer agent for code transformation Knowledge database

rights reserved. Amazon Q Developer agent for code transformation Automates the complete process of upgrading and transforming code

rights reserved. Java applications Minutes each, on average Days Amazon Q Developer agent for code transformation

rights reserved. Retire tech debt at scale Modernize projects and upgrade language version and dependencies with Amazon Q Developer Agent for code transformation Summary of core use cases Drive developer productivity Get inline coding recommendations, summarize and document code, scan for security issues, diagnose and troubleshoot bugs, and write unit tests Improve security and code quality Ship more secure code with less effort with code scanning and automated code remediation

rights reserved. Thank you! Dennis Kieselhorst [email protected] linkedin.com/in/kieselhorst 67

Java 8 auf >=17 Upgrade - Lessons Learned und B...

Java 8 auf >=17 Upgrade - Lessons Learned und Best Practices

More Decks by Dennis Kieselhorst

Other Decks in Programming

Featured

Transcript