Tomcat sucks… Is Apache flawed?

High on my list of Java blogs is Hani Suleiman’s The BileBlog, in which he gives unapologetically abrasive reviews of popular Java projects and the people behind them. In the past, he has had been less than complimentary of the Apache Project‘s various open source (“opensores”) Java offerings like Maven and Struts. Today, he took Tomcat to task.

Tomcat, of course, provides the reference implementations for the Servlet and JSP specifications, but by virtue of the fact that it is free, it’s also the server of choice for many small-to-medium businesses. I took a critical look at Tomcat myself awhile back, while looking for a beginner-friendly Java web application server (I’m still looking).

Suleiman’s critique of Tomcat is based, somewhat refreshingly (he often resorts to unpersuasive, if entertaining, personal attacks on the developers), on the quality of the project’s code–or rather its lack thereof. Choosing a pivotal but relatively uncomplicated class (DefaultServlet, which is responsible for serving static resources like HTML/CSS/JavaScript files and images), he points out many examples of terrible coding practice, of which these are only a sampling:

Initialization code that lazily catches Throwable
        // Set our properties from the initialization parameters
        String value = null;
        try {
            value = getServletConfig().getInitParameter("debug");
            debug = Integer.parseInt(value);
        } catch (Throwable t) {
            ;
        }
        try {
            value = getServletConfig().getInitParameter("input");
            input = Integer.parseInt(value);
        } catch (Throwable t) {
            ;
        }
Throwable is the base interface for all Java exceptions an errors, many of which have no business being caught by this sort of code, let alone being ignored as this code will do. If the server happens to run out of memory while initializing a DefaultServlet, for example, this code will ignore the resulting error and attempt to continue running.

Attempts to identify particular exceptions by portions of their message strings
        try {
            serveResource(request, response, true);
        } catch( IOException ex ) {
            // we probably have this check somewhere else too.
            if( ex.getMessage() != null
                && ex.getMessage().indexOf("Broken pipe") >= 0 ) {
                // ignore it.
            }
            throw ex;
        }

Fortunately, the if statement in question (which, from the comment, it seems the developer was rather uncertain about) doesn't actually cause the exceptions it identifies to be ignored (as the second comment says it should do), so this confusing twist of poor programming is actually useless anyway.

A method that returns an exception instead of throwing it
    protected IOException copyRange(InputStream istream,
                                  ServletOutputStream ostream) {

        // Copy the input stream to the output stream
        IOException exception = null;
        ...
            try {
                ...
            } catch (IOException e) {
                exception = e;
                ...
            }
        ...
        return exception;

    }

As a believer in open source development, I looked at every issue he pointed out to give it the benefit of the doubt. "Okay, it looks silly, but there must be a good reason that they did that." There wasn't, of course, unless you consider laziness or ignorance a good reason.

For a project produced under the public scrutiny of the open source development, these are disturbingly fundamental issues indeed. For me, the most important question becomes not whether or not Tomcat sucks, but whether this level of code quality is the exception or the norm in the Apache camp.

I know for a fact that there is plenty of good quality open source Java code in the wild. I've probed into the code of Jetty a number of times, for instance, and have been pleasantly surprised by what I found there. I also know that poor open source code isn't just a problem that faced by Java. But Apache is supposed to be a leader in the field.

If the repeated condemnations of The BileBlog are any indication, the majority of the web could be running software like this--code that looks like it was written in a desperate push to meet a deadline with something that works... most of the time... just barely.

Win an Annual Membership to Learnable,

SitePoint's Learning Platform

  • http://www.sudokumadness.com/ coffee_ninja

    Yikes… that’s some bad, bad code right there. Properly handling exceptions in Java isn’t rocket science. Looks like somebody on the Tomcat project is just a massive goofball :)

  • Anonymous

    is stupide

  • Gator99

    Apache is only as flawed as the person writing the module. Java never was and will never become what it’s proponents claim it is. That was evident years ago (pre Sun), yet there are still some out there beating a dead horse.

  • emk

    Hmmm… Has either Craig or Remy Maucherat replied to that this anywhere?

    I’d like to see what response (I wouldn’t go so far as to say defence) they give to this critique.

  • scott_R

    I’m not sure, but there might be a problem with Sitepoint’s servers today, as only part of the article downloaded. I hope it’s corrected soon, because I’m interested to read the solutions and alternatives the author discovered to resolve these issues. Apache/Tomcat are great, but if there is a better solution, I’m all for checking it out.

    Hmmm. Yes, I just reloaded the page, and the server’s still only downloading the first part ofthe article… :)

  • Anonymous

    The author commented on the quality of Jetty, which is another open source servlet engine.

    Something to check out at least.

  • JanSch

    Interesting piece!
    Though I’m missing the most interesting part: “The comment from either R. Maucherat or the poor fella(s) who wrote this code”.

  • Anonymous

    This is great feedback. That’s why open source will prevail forever. The author of this article should take part in the TomCat project.

    Silly mistakes will be fixed asap when the project owner gets informed in open source projects. However, closed source projects have similar mistakes, but nobody can easily dig in to like in this case.

    I thank the author of this article, and encourage him to take part in the development of TomCat project.

  • Jim

    The first code extract is not bad code at all.

    Take a step back and consider what is being accomplished.

    (I’ll assume that “debug” has some default value before entering the segment.)

    All that this segment “says” is “get a new value for “debug” and set it; if this activity fails for any reason, ignore and continue with prior, default value.

    “Good coding” does not require that each and every thrown exception needs to be handled, especially in blocks that are not dealing with user interaction.

    Jim

  • PcG

    Tomcat is, as you said, a “reference implementation” not a polished project like WebSphere, et al. My company uses Tomcat and has done so for years with no problems. If you are looking for a DUH! Click-n-Run servlet container then look elsewhere and be ready to pony up the loot for your lack of knowledge and patience to get a perfectly good (free) container running properly.

    Granted that some of the lines of code you mentioned aren’t the best but lets someday take a peak at Microsoft’s IIS … what do you think you’ll find there? OSS is as much about learning as it is about being free. If you’re not looking to spend a little time to excersise that lonely brain cell or contribute and fix the things you are whining about then go spend the loot and buy a commercial project but don’t bash people that are doing the rest of us a favor.

    Signed: Ticked at meathead bloggers.

  • Jonathan Allen

    I think comments like “take a peak at Microsoft’s IIS” are entirely counter productive. We should be asking ourselves, “How did we let it get so bad?”. Using Microsoft or any other company as a scapegoat for our own failings may very well be our downfall.

    I for one was aghast and outraged at seeing that code. I seriously considered dropping my other projects to concentrate on getting tomcat to at least the quality I would expect from a junior programmer. Then I read this posting…

    http://mail-archives.apache.org/mod_mbox/tomcat-dev/200511.mbox/%3c436B326D.3080108@apache.org%3e

    Who does this Rémy think he is? There is no reason to treat someone who is obviously upset and frustrated in such an unkind and arrogant manner. I for one don’t want to work with someone like this. People like that give all of open source a bad name.

    Tomcat has been measured and found wanting. Do we fix it or concede defeat?

    Jonathan Allen

  • Anonymous

    If Jonathan Allen had read the thread, you would have discovered that Remy was responding to a user that had found a bug in Xerces and refused to file it as a Xerces bug, but insisted on flaming the tomcat devs. The half dozen Tomcat dev’s that had to put up with the abuse from a user that was insulting toward the people that had tried to help him. (He called asking for him to post a stack trace being lazy and unwilling to help.)

    Remy’s responce was not good, but it was not out of line for how he was being treated.

  • Anonymous

    The reviewer obviously feels he could correct these minor errors in coding practice but instead would rather insult the devs who are doing the work.

    Open Source gives you the ability to do what you are doing. Usually though if you are going to go through the trouble to bug hunt the source, it is customary to squash a few. Detractor or Contributor?

  • Willy

    Most of the time it takes longer to find a problem than to fix it. You cannot simply blame the person who have spent the time to find the problem and documented his findings for not fixing it. Open Source is not only meant for developers, but for all people to do what they can to contribute. Finding errors and doing quality check are all valid contributions.

  • Jonathan Allen

    I did read the thread, I just don’t agree with the “blame Xerces” attitude. One of the differences between a professional quality application and some hack done for fun is that the former has to deal with issues such as faulty dependencies.

    If the tomcat developers were aware with a problem with Xerces, then they should have either chosen a different component or altered tomcat to deal with it. At the very least, a warning message saying “You are using Xerces version X. We recommend you upgrade to version Y.” is in order. If no version Y exists, then its time to drop Xerces for something that does works.

    If I call up IOMega and say that their DVD Drive doesn’t work with Windows Vista, they wouldn’t tell me to file a bug with Microsoft. They would either fix their driver to work around Vista’s failings or call Microsoft themselves.

    Lets say the user did call on the Xerces team. What would he say? “The tomcat people say you have a bug. I don’t know your code or their code so I cannot tell you what’s wrong, but could you please fix it anyways because they won’t help me.”

    I know exactly how they should respond, “Please have the tomcat people contact us directly so that we can work with them to correct this issue.” (Of course if they are anything like the tomcat developers, they will most likely just blame tomcat.)

    Jonathan Allen

  • PcG

    “If I call up IOMega and say that their DVD Drive doesn’t work with Windows Vista, they wouldn’t tell me to file a bug with Microsoft.”

    And how much did you *PAY* for that Omega drive? Apache isn’t a for-profit organization so don’t expect them to behave as one. We buy a piece of hardware we expect it to work because …. we paid for it. We don’t pay a dime for Apache’s stuff (unless you contribute cash, but then you wouldn’t flame ‘em if you did that now would you?)

    In management we like to say “don’t come to us with a problem unless you have at least two solutions otherwise you are just whining and haven’t thought the problem through.”

    If you aren’t part of the solution then you are part of the problem. Instead of wasting time (like I am) posting to this message fire up Netbeans and get to coding and help the Tomcat team out.

  • Jonathan Allen

    You are missing the point. It isn’t the code; it is the attitude of the people behind the code that really troubles me. I simply don’t want to associate with people like that.

    Besides, do you really think that they would accept my code? Who am I to come in and tell the architects of tomcat that they are doing it all wrong?

    Open source is coding by committee. If the committee believes that they are doing the right thing, nothing will change their mind. Certainly an arrogant know-it-all like me doesn’t stand a chance.

    Jonathan

  • ajking

    Here’s an idea: let’s start paying for the software. That way the developers can close off the source and the only important thing will be whether it does the job or not, not how it looks. If it does the job, your money is well spent; if it doesn’t you are always free to buy someone else’s product. Isn’t that how the computing industry got its start? Weren’t those the good old days?

    So let’s start paying the market value for the Apache web server and all those other open source products that code critics like to gang up on. That shouldn’t suck more than $3 or $4 billion out of the world’s wallets, now should it.

  • bonefry

    > You are missing the point. It isn’t the code; it is the attitude of the people
    > behind the code that really troubles me. I simply don’t want to associate with
    > people like that.

    What the hell are you talking about ?
    Don’t want to use it … then don’t, and stop spreading nonsense.

    As David says … Kindness is the currency of open source support.
    Don’t like it ? Again … stop using it.

    > Besides, do you really think that they would accept my code?
    > Who am I to come in and tell the architects of tomcat that they are
    > doing it all wrong?

    If you are worthy enough, you can become a tomcat architect yourself.
    You’ll have to have many succesfull code submissions in order to do that.

    But then again, you are some weirdo that bashes open-source projects … nice way of spending time.

  • bonefry

    Jonathan Allen Says:
    > If the committee believes that they are doing the right thing, nothing will
    > change their mind. Certainly an arrogant know-it-all like me doesn’t stand a
    > chance.

    O, ho, ho … missed this part … sorry.

    So, you think you can do better than the Tomcat developers ?
    Proove it !

    The first step is to show us your portfolio ;-)
    Or better yet … build a better Tomcat.

    That should show us :)

  • Anonymous

    Jonathan Allen Says:
    > Who does this Rémy think he is? There is no reason to treat someone who is
    > obviously upset and frustrated in such an unkind and arrogant manner. I for one
    > don’t want to work with someone like this. People like that give all of open
    > source a bad name.

    I think it is about time you grow up.

    Open-source products are ussualy made by sellfish programmers that want to use those products for their own sellfish purposes.

    Developing an open-source project is very expensive, and if you want to use such a project you have to be prepared to:

    a) ask for help with politeness

    b) give back and help the project grow

    You don’t pay Rémy to be polite now … do you ?
    That Bob Bronson fellow got pretty offensive, and Rémy’s reaction is justified.

  • http://www.igeek.info asp_funda

    You don’t pay Rémy to be polite now … do you ?
    That Bob Bronson fellow got pretty offensive, and Rémy’s reaction is justified.

    On the contrary, I think I found Rémy’s response quite amusing!! ;) :)

    Now, I don’t fully agree with the sentiment that “since you don’t pay for an open-source project, you got no right to complain”. Ofcourse we’ve got right to complain. But what I really hate is people’s attitude with which they complain. If you are unhappy with something or there’s something wrong with the project, the same can be conveyed to the people in charge in a polite & easy going way instead of just throwing up a tantrum. Even if you pay for a product/service & it runs into a problem, then that doesn’t mean you’ve got the right to get all mad at the developers. They too are human & are liable to mistakes. IMHO, being polite is the way to go irrespective of whether you pay for the product/service or not. Getting mad at anyone like this doesn’t help get things moving better or fast!!