耗子叔ARTS：第十二周

耗子叔ARTS：第十二周

Algorithm:

 

/**

 * 397. Integer Replacement

 Medium



 214



 243



 Favorite



 Share

 Given a positive integer n and you can do operations as follow:



 If n is even, replace n with n/2.

 If n is odd, you can replace n with either n + 1 or n - 1.

 What is the minimum number of replacements needed for n to become 1?



 Example 1:



 Input:

 8



 Output:

 3



 Explanation:

 8 -> 4 -> 2 -> 1

 Example 2:



 Input:

 7



 Output:

 4



 Explanation:

 7 -> 8 -> 4 -> 2 -> 1

 or

 7 -> 6 -> 3 -> 2 -> 1

 */

 

JAVA：

public static int integerReplacement(int n) {

    int i = 0;

    while (n != 1) {

        if ((n & 1) == 0) {

            n >>= 1;

        } else if (n == 3 || Integer.bitCount(n + 1) > Integer.bitCount(n - 1)) {

            --n;

        } else {

            ++n;

        }

        ++i;

    }

    return i;

}

GO：

func integerReplacement(n int) int {

   c:=0

   return intReplace(n,c)



}



func intReplace(n,c int) int{

   if n==1{

      return c

   }

   c++

   if n%2==0{

      return intReplace(n/2,c)

   } else {

      return min (intReplace(n-1,c),intReplace(n+1,c))

   }

}

func min(a,b int) int{

   if a<b{

      return a

   }

   return b

 

Review：

https://onezero.medium.com/amazon-is-watching-d51b20f1668a

Amazon Is Watching

The Internet giant is wiring homes, neighborhoods, and cities with cameras and microphones, and powering the nation’s intelligence services. Are we sure we can trust it?

 

 

Will OremusFollow

Jun 27

When you think of Amazon, you might think of comparison shopping from your couch, buying exactly what you want, for less than you’d pay at the store. You might think of a delivery person dropping a package at your door, right on time, and how if there’s anything amiss you can send it back for a full refund. You might think of asking Alexa to play a song or a TV show or turn on the lights, and the marvel of how it all just works (usually). You might think of a Prime members’ discount on avocados at Whole Foods, which Amazon acquired in 2017.

Amazon’s reputation for serving its customers with low prices and ruthless efficiency might help to explain why, in survey after survey, the Seattle-based company ranks as America’s most valuable — nay, most loved — brand. One recent study found that Amazon is the second most-trusted institution of any kind in the United States, ahead of Google, the police, and the higher-education system, and trailing only the U.S. military. At a time when an endless string of privacy and election scandals has left Facebook’s reputation in smoldering ruins, and Google’s has been dented by YouTube’s radicalization and content moderation woes, Amazon’s is stronger than ever.

But Amazon’s public image as a cheerfully dependable “everything store” belies the vast and secretive behemoth that it has become — and how the products it’s building today could erode our privacy not just online but also in the physical world. Even as rival tech companies reassess their data practices, rethink their responsibilities, and call for new regulations, Amazon is doubling down on surveillance devices, disclaiming responsibility for how its technology is used, and dismissing concerns raised by academics, the media, politicians, and its own employees.

“We’re all hoping they’re not making a panopticon,” says Lindsey Barrett, staff attorney at Georgetown Law’s Institute for Public Representation. Last month, the institute, serving as counsel to a group of 19 watchdog groups, called on the Federal Trade Commission to investigate Amazon for alleged violations of the federal law protecting children’s online privacy. Among other concerns, they found that Amazon’s Echo Dot Kids Edition smart speaker retained children’s voice recordings and personal data even after parents tried to delete them. Amazon blamed at least part of the problem on a software bug, which it says it has since fixed.

While the outcome of that case remains to be seen, the complaint represents just the tip of the iceberg. The Amazon of today runs enormous swaths of the public internet; uses artificial intelligence to crunch data for many of the world’s largest companies and institutions, including the CIA; tracks user shopping habits to build detailed profiles for targeted advertising; and sells cloud-connected, A.I.-powered speakers and screens for our homes. It acquired a company that makes mesh Wi-Fi routers that have access to our private Internet traffic. Through Amazon’s subsidiary Ring, it is putting surveillance cameras on millions of people’s doorbells and inviting them to share the footage with their neighbors and the police on a crime-focused social network. It is selling face recognition systems to police and private companies.

“Amazon is essentially selling fear.”

The Amazon of tomorrow, as sketched out in patents, contract bids, and marketing materials, could be more omnipresent still. Imagine Ring doorbell cameras so ubiquitous that you can’t walk down a street without triggering alerts to your neighbors and police. Imagine that these cameras have face recognition systems built in, and can work together as a network to identify people deemed suspicious. Imagine Ring surveillance cameras on cars and delivery drones, Ring baby monitors in nurseries, and Amazon Echo devices everywhere from schools to hotels to hospitals. Now imagine that all these Alexa-powered speakers and displays can recognize your voice and analyze your speech patterns to tell when you’re angry, sick, or considering a purchase. A 2015 patent filing reported last week by the Telegraph described a system that Amazon called “surveillance as a service,” which seems like an apt term for many of the products it’s already selling.

 

Behind it all is a company whose leaders too often see privacy concerns as overblown, internal dissent as insignificant, and the potential for abuse of Amazon’s technologies as someone else’s problem.

“Just because tech could be misused doesn’t mean we should ban it and condemn it,” said Andy Jassy, the head of Amazon’s cloud business, at the Code Conference earlier this month. He suggested that banning face recognition systems, which can be potent surveillance tools but tend to discriminate against people of color, would be akin to banning email or knives — two pieces of technology, one new and one very old, that could also be employed for good or ill. “You could use a knife in a surreptitious way,” he said.

Everything Amazon is building, it should be said, has the potential to be used for good. Its doorbell cams can catch porch pirates; its face recognition software can help authorities track down suspects; Alexa can be useful around the house in myriad ways (usually). But when you put together the pieces, the company’s cloud-connected eyes and ears can take on an Orwellian dimension that makes Facebook and Google — the two tech companies that tend to loom largest in the privacy fears of consumers — look modest by comparison.

Ears in the living room

Let’s start with the company’s Alexa-powered devices, such as the Amazon Echo, Echo Dot, and Echo Show, which have become a staple of smart homes. They put Internet-connected, always-on microphones, and in some cases cameras, inside your kitchen, living room, or bedroom. For the paranoid, that alone might be reason to shun them: Why risk opening a permanent portal between the Internet and your family’s most intimate spaces? But more than 100 million buyers have embraced them, trusting Amazon to guard their recordings in the process.

Amazon says that Echo devices only start recording when they hear a pre-set wake word, such as “Alexa.” Unfortunately, the system is far from foolproof — just about every Alexa user has been taken by surprise when the devices mishears the wake word and suddenly activates. Alexa often picks up and stores snippets of conversation by mistake, and on at least one occasion, Amazon accidentally sent those recordings to a random stranger. It doesn’t help that Amazon has neglected data privacy features that rival smart speakers include. It’s harder to delete your recordings from an Echo than a Google Home or Apple HomePod, and Amazon was slow to put a physical shutter on the camera of devices like the Echo Show to guard against accidental recording. (Even Facebook’s has one.)

For a company that’s leading a revolution in the relationship between humans and machines, Amazon’s attitude toward privacy fears has at times seemed dismissive. In an interview last year on Slate’s podcast If Then, I asked Amazon’s vice president of Alexa Engine Software, Al Lindsay, to name one Amazon-related data privacy concern he thought was valid, or one privacy-related challenge his team was working on. He said he couldn’t think of a single one.

 

But watchdogs outside Amazon have found a few. In April, Bloomberg reported that Amazon employs thousands of human contractors in offices around the world to listen to the recordings of unsuspecting Alexa users. The aim isn’t surveillance, but rather an effort to improve the device’s software. That’s a common practice among companies training A.I. — human users of intelligent digital assistants like Alexa and Siri are part of the training process whether they know it or not — but Amazon wasn’t explicitly disclosing the mechanics of the system to users. Apple’s Siri and Google’s Assistant also use human reviewers, but they take steps to anonymize users’ recordings, whereas Alexa’s recordings are tied to each user’s account number, device serial number, and first name.

Then there’s the allegation that Amazon’s Echo Dot Kids Edition has been violating the federal Children’s Online Privacy Protection Act, or COPPA. In addition to retaining kids’ personal information even after parents tried to delete it, the device allegedly stored that information indefinitely, and used a flawed method of parental consent. Barrett of the Institute for Public Representation said she found it hard to believe a company so large could be committing such straightforward privacy violations on a device explicitly intended for and marketed to kids.

For this story, the company sent a statement indicating that it has strict protocols to protect customers’ privacy and security, and noted that customers can review and delete their recordings anytime in the Alexa app or by visiting the online Alexa Privacy Hub.

When you consider that Amazon is putting Alexa devices in cars, hotel rooms, classrooms, and even children’s hospitals, it’s curious that the company isn’t making more of a public-relations push around privacy and security. It seemed like that might finally be changing last month, when Amazon touted a suite of new Alexa privacy features, including the ability to say, “Alexa, delete everything I said today.” But the feature turned out to be rather byzantine: Instead of just deleting your recordings the first time you asked, Alexa would direct you to open the Alexa app on your smartphone and navigate a long series of menu options. After all that, you could only delete your recordings by voice from a single day, not a longer period of time. Deleting everything is an eight-step process that requires the Alexa app. And Amazon still doesn’t offer the option to auto-delete your recordings, as Google does.

Amazon has so far held off on putting voice ads in Alexa, which may help to reinforce its image as a company that sells products to you, rather than making you the product. But that doesn’t mean your Echo isn’t collecting and monetizing data on you. It already tracks your purchases and music choices to use in product recommendations. And while it hasn’t attracted the same scrutiny as Google or Facebook, Amazon’s digital advertising business is quietly booming: It’s now the third-largest behind the duopoly. Amazon is expected to capture nearly 10 percent of the $130 billion U.S. market in 2019, according to one recent estimate.

Eyes on the street

Then there’s Ring, the “smart doorbell” startup that Amazon acquired for $1 billion in early 2018. Whereas other Internet giants mostly confine their snooping to users’ online behavior, Ring lets Amazon — and you — monitor other people’s actions in the real world. Its Wi-Fi-connected devices, mounted outside the doors of homes and businesses, continuously survey a 30-foot radius, capturing video whenever they detect motion. Users can watch the footage in real time, and can pay a fee to store and watch recordings.

Those surveillance capabilities aren’t novel: Businesses and mansions have long had expensive security camera systems. But in the same way that online commerce existed before Amazon brought it to the masses, Ring has mainstreamed that service by putting doorbell cams into a simple, $200 package and by marketing them aggressively to ordinary homeowners — as well as police departments. Amazon is now the dominant player in the doorbell camera market, part of home surveillance-camera market that one analyst predicts will be worth $10 billion by 2023.

Not content to let users surveil their own front yards, Ring has turned its cameras into semi-public dragnets via an app called Neighbors. Neighbors lets Ring owners upload, share, and comment on each other’s surveillance footage, and gives them the option to make it available to the police. “Ring’s Community Alerts help keep neighborhoods safe by encouraging the community to work directly with local police on active cases,” Amazon said in a statement.

That feature has some law enforcement agencies giddy. A report by CNET found that police departments from Houston to Hammond, Indiana are partnering with Amazon and offering citizens discounted Rings, while encouraging them to share footage on Neighbors. Thanks to Ring, “our township is now entirely covered by cameras,” a police commander in Bloomfield, New Jersey, told CNET. The police chief of Mountain Brook, Alabama, told the site that access to residents’ Ring footage via Neighbors gave his department the equivalent of citywide security camera coverage, for virtually nothing. Amazon does not require users to share footage with police, but its portal for law enforcement makes it easy for officers to request footage from any given user — a request that many people would likely find awkward to refuse. Users technically remain anonymous in the app, though their general location is evident. Ring told OneZero that it is committed to protecting users’ privacy, and noted that it does not support programs that require customers to share footage with the police in return for discounts on the device.

You might think a giant tech company moving into literal, physical surveillance at a time of heightened online privacy concerns would tread lightly. In Amazon’s case, you’d be wrong. Under Ring founder Jamie Siminoff — who originally pitched the idea for his startup on Shark Tank — the company’s internal messaging has been militant. In 2016, Siminoff handed out camouflage-print t-shirts to employees, and declared war on “dirtbag criminals.”

But the company’s own security, at least prior to the Amazon acquisition, has at times appeared lax: In separate incidents, Ring was found to be storing customers’ home WiFi passwords in plain text, and sending tiny, 20-millisecond packets of audio data to servers in China, where the government aggressively monitors Internet traffic. Ring moved quickly to address those two problems, and there’s no evidence they led to any harm. Beginning in 2016, Ring also gave research and development employees in Ukraine access to users’ personal video recordings for analysis, according to a 2018 report by The Information. Amazon later told The Intercept that the practice was limited to videos publicly shared on the Neighbors app, but declined to say when that policy had taken effect. “As a security company on a mission to reduce crime in neighborhoods, security is at Ring’s core and drives everything we do,” Ring told OneZero in a statement. “Nobody can view a user’s video recordings unless the user allows it or shares them.”

Amazon has embraced Ring’s crime-fighting ethos. “I can think of no nobler mission,” said Amazon’s vice president of devices, Dave Limp, at an event in September 2018. Earlier this year, Ring placed targeted Facebook ads that showed residents of Mountain View, California, actual surveillance footage of a woman who appeared to be trying to break into a car.

“Amazon is essentially selling fear,” says Chris Gilliard, an English professor at Macomb Community College who researches discriminatory uses of technology. “They’re selling the idea that a more surveilled society is a safer one.” But that depends on whether you’re the person being surveilled. Gilliard believes Ring and Neighbors could actually make society less safe for people of color, who are disproportionately identified as “suspicious” on social networks with a neighborhood-watch component. In the past, a resident might tell a neighbor or call the police if they saw a person they thought looked out of place, “but they probably weren’t going to broadcast it to the whole neighborhood,” he says. “Now they are.”

Brains in the cloud

Though most people still think of Amazon primarily as an online retailer, the bulk of its profits now come from Amazon Web Services, whose cloud servers power nearly half the internet, by some estimates. For smaller websites, AWS serves mostly as an infrastructure provider. But for some of the world’s largest institutions and corporations, AWS also mines and analyzes data, decoding text and images, making predictions and recommendations.

Those clients include major law enforcement and intelligence agencies, such as the Department of Homeland Security, Department of Defense, and the CIA. Amazon set up a special division of AWS in 2017 to handle classified government intelligence. AWS’s clients also include Palantir, the Silicon Valley big-data firm co-founded by Peter Thiel, which provides software for U.S. Immigrations and Customs Enforcement, or ICE. (Amazon is also reported to have made a pitch directly to ICE.) Now AWS is vying with Microsoft Azure for a mammoth $10 billion contract to bring the Pentagon onto its cloud, after Google dropped out under pressure from its own employees.

 

AWS’ most controversial service is Rekognition, a platform that uses machine learning to analyze images and video footage. Among other features, Rekognition offers the ability to match faces found in video recordings to a collection of faces in a database, as well as facial analysis technology that can pick out facial features and expressions. A 2018 report from the American Civil Liberties Union (ACLU) highlighted how Amazon has been marketing its face recognition capabilities to law enforcement agencies, and has partnerships under way with police in Orlando, Florida, and Washington County, Oregon.

At a developer conference in Seoul, according to NPR, Amazon’s Ranju Das explained that police in Orlando have “cameras all over the city” which stream footage for Amazon to analyze in real time. It can then compare the faces in the surveillance video to a collection of mugshots in a database to reconstruct the whereabouts of a “person of interest.” A CNET report in March detailed how the Washington County Sheriff’s Office used Rekognition to identify and apprehend a shoplifting suspect.

One well-documented problem with face recognition software is inaccuracy, particularly when it comes to identifying people of color. In a 2018 test by the ACLU, Rekognition incorrectly found matches for 28 members of Congress to mugshots of crime suspects. Congress members of color were overrepresented among the false matches. Amazon argues the study is misleading in several ways, because it used a confidence threshold for matches that is lower than AWS recommends, and used an outdated version of the Rekognition software.

The idea of building A.I. tools and face recognition for the likes of Palantir and ICE doesn’t sit well with some of Amazon’s own employees and shareholders — especially at a time when immigrants are being separated from their families and children coming across the border are being denied basic human rights. An anonymous Amazon employee wrote in Medium last fall that some 450 workers had signed a letter to CEO Jeff Bezos calling on the company to drop Palantir and stop supplying Rekognition to police departments. “Companies like ours should not be in the business of facilitating authoritarian surveillance,” the employee wrote. In an accompanying interview, the employee said the letter had been met by Amazon’s leaders with “radio silence.”

That’s not surprising, given that AWS vice president Teresa Carlson had touted the company’s “unwavering commitment” to police and military uses of face recognition at a security conference in July 2018. Gizmodo reported in November 2018 that AWS CEO Andy Jassy reaffirmed the company’s marketing of Rekognition to law enforcement in an internal meeting. He portrayed the technology as largely positive, highlighting the work of an organization that is using the software to help find and rescue victims of human trafficking. Jassy added that if Amazon discovered customers violating its terms of service, or people’s constitutional rights, it would stop working with them. But when Carlson was asked previously whether Amazon had drawn any red lines or guidelines as to the type of defense work it would do, her answer was clear: “We have not drawn any lines there.”

In a February 2019 blog post, Amazon suggested that it would be open to some form of national legislation on face recognition to promote transparency and respect for civil rights, among other goals. That followed Microsoft’s far more direct calls for regulation of the technology in 2018. But where Microsoft made a stark moral argument for reining it in, conjuring images of a 1984-esque dystopia, Amazon has consistently defended its use. “In the two-plus years we’ve been offering Amazon Rekognition, we have not received a single report of misuse by law enforcement,” the company said in the blog post.

Surveillance as a service

Patent filings can’t tell you what a company is actually going to build. Often, a firm’s lawyers are just trying to cover as many bases as possible, in case some facet of their intellectual property might one day become relevant to business. But patents can still reveal what a given company thinks its competitive environment might look like in the years to come. And if Amazon’s patent filings tell us anything, it’s that the company sees the expansion of surveillance capacities as a major part of its future.

Some of these revolve around Alexa and voice recognition. One 2017 application describes a “voice sniffer” algorithm that could pick out keywords for targeted advertising from a conversation between friends. Another proposes to infer people’s health or emotional state from coughs, sniffles, or their tone of voice — again, with targeted advertising as a potential use case.

Amazon also has some big ideas for the future of Ring. Earlier this month, Quartz reported that Amazon received trademarks for devices that could cover cameras mounted on cars or on baby monitors, or “home and business surveillance systems.” A separate patent filed back in 2015 makes clear that Amazon has been thinking along these lines since long before it bought Ring: It described a system by which package delivery drones could be hired by customers to fly over a specified target and shoot spy footage. Amazon referred to the idea as “surveillance as a service.”

It’s doubtful even Amazon would ever roll out a product with a name or function quite that blatantly dystopian. But there’s one other set of patents, unsealed in November 2018, that sounds like something the company might actually be working on. They describe how a network of cameras sharing data could be used in tandem with software to automatically identify people whose faces appear in a database of suspicious persons. As CNN first reported, it sounds a lot like a roadmap to incorporating face recognition with Ring and the Neighbors app. An ACLU attorney described it as a “disturbing vision of the future” in which people can’t even walk down a street without being tracked by their neighbors.

In a statement to OneZero, Ring reiterated that a patent application doesn’t necessarily imply a product in development. “We are always innovating on behalf of neighbors to make our neighborhoods better, safer places to live, and this patent is one of many ideas to enhance the services we offer,” the company said.

Smart speakers, A.I. voice assistants, doorbell cameras, and face recognition in public spaces all have their upsides. They offer convenience, peace of mind, and the potential to solve crimes that might otherwise go unsolved. But put them all together — with one very large company controlling all the data and partnering closely with police and intelligence agencies — and you have the potential for a surveillance apparatus on a scale the world has never seen.

Assuming no one’s going to stop Amazon from building this network, the question becomes whether we can trust the company to be responsible, thoughtful, and careful in designing its products and guarding the copious amounts of data they collect — and whether we can trust all the entities that use Amazon’s technology to do so responsibly.

The cloud over us all

In contrast to Facebook, which has spent recent years apologizing for privacy lapses and pledging to fix itself — however ineffectively — or Apple, which has made privacy an explicit selling point, Amazon has so far shown little concern for the ethical implications of its sprawling surveillance capabilities. While Microsoft is declining to sell face recognition technology to police, and Google isn’t selling its face recognition technology at all, Amazon is hawking it to police departments around the country.

In case there remained any doubt about Amazon’s stance — or lack of one — on the societal responsibilities involved in developing its surveillance technologies, CTO Werner Vogels put it to rest at a company event in May. In an interview with the BBC, Vogels explained that it isn’t Amazon’s role to ensure that its face recognition systems are used responsibly. “That’s not my decision to make,” he said. “This technology is being used for good in many places. It’s in society’s direction to actually decide which technology is applicable under which conditions.”

That tone is set at the very top. At a tech conference in San Francisco in October 2018, Bezos framed the company’s military contracts as part of a patriotic duty. And he compared his company’s development of high-tech surveillance tools to the invention of books, which he said have been used for both good and evil. “The last thing we’d ever want to do is stop the progress of new technologies,” Bezos said, according to a CNN report. One might hope that the last thing Amazon would want to do is develop new technologies that cause harm, but apparently that’s of lesser concern to its executives than standing in the way of innovation.

Bezos did sound one brief note of concern, only to dismiss it in the same breath: “I worry that some of these technologies will be very useful for autocratic regimes to enforce their role… But that’s not new, that’s always been the case. And we will figure it out.”

The idea that innovation’s march is inevitable, and that it’s not up to companies to guide how new technologies they create are used, has been embodied in the strategies of tech companies for decades. It’s implicit in the ethos of “move fast and break things,” in the belief that it’s better for innovators to ask for forgiveness than for permission. But as the social costs of these innovations have grown heavier, once-transgressive platforms such as Facebook, Google, and Twitter — urged on by their own employees — have come to accept the view that they are indeed responsible, at least to some extent, for their products’ impact on society, and that they have some power to shape it proactively.

Amazon, it seems, has not joined them in this view.

Gilliard, the researcher who has been studying how Ring and Neighbors could affect minorities, says he suspects Amazon will not be able to maintain such a blasé attitude toward the impacts of its products — intended or unintended — much longer. “Amazon has not had their Cambridge Analytica moment yet,” he told me.

What might that moment look like for Amazon? Gilliard hesitated for a moment, and then sketched out a hypothetical scenario. He noted that Amazon’s Key in-home delivery service allows delivery people to drop off packages inside customers’ garages, using a smart lock. (It had initially tried dropping them off inside people’s front doors.) Gilliard imagines an Amazon delivery person of color entering a customer’s garage, and the customer getting an alert of a suspicious person from one of Amazon’s own products, such as Ring or the Neighbors app. The situation could turn ugly. “I really, really hope this doesn’t happen: I think someone’s going to get hurt,” Gilliard said. “An Amazon employee is going to get hurt, arrested, assaulted.”

In the absence of a massive, headline-dominating fiasco, or a sudden crisis of conscience on the part of Amazon employees and executives, the best defense against the company’s surveillance overreach might be regulation. In May, San Francisco became the first major U.S. city to ban face recognition. Defenders of the technology found the action premature and drastic. But Amazon’s own anonymous employee, whose identity was verified by Medium, warned that if we don’t act soon, “the harm will be difficult to undo.” It’s equally hard to imagine police departments giving up access to the Neighbors app once they’ve come to rely on it, unless they’re compelled to do so. And while one might hope that Amazon would stop short of putting face recognition in doorbells — or on cars, or on drones — its leaders have given us no indication that they see a problem with it.

Amazon has overcome societal trust barriers before. It launched as an online bookstore in 1995, just one year after the very first online purchase in Internet history. Amazon, along with eBay, helped to persuade the public that using their credit card online wasn’t as crazy as the skeptics thought.

Even as the company has expanded in seemingly incongruous directions, it has maintained a rigorous focus on streamlining processes that used to be cumbersome, from rapid and cheap delivery to controlling smart gadgets by voice. You can see the same impulse at work in the way Rekognition automates the onerous task of comparing a single criminal suspect’s face to hundreds of thousands of mugshots in a database, or how Ring makes it seamless to alert neighbors and the police when something suspicious happens on your street. But it’s worth asking, before we’ve made surveillance as easy and ubiquitous as a one-click Amazon purchase, whether society might be better off keeping certain tasks a bit cumbersome after all.

Update: An earlier version of this story misidentified the market category in which Amazon, via Ring, is the dominant player. It is the dominant player in the market for doorbell cameras. An earlier version misidentified a free feature of Ring as a paid feature. Users can watch live footage for free, or store and watch recordings for a fee. An earlier version did not make clear the precise nature of police access to the Ring system. They have access to Ring footage shared via the Neighbors app.

 

Tip：

单元测试：

生产分支只要更新了，立刻将生产分支合并到个性化分支。

多分支不同版本进行开发，时间长了版本不一致，会产生更多的冲突。

 

Share：

https://mp.weixin.qq.com/s/dlVXW6aW4wLcLpey9NxPig

钻钻 “单例模式” 的牛角尖！你写的安全吗？

秉心说 Java后端技术 4天前

点击上方“Java后端技术”，选择“置顶或者星标”

你关注的就是我关心的！

 

作者：秉心说

微信公众号：秉心说

上一篇：奇葩面试经历分享：喊价25K，HR 却给了30K！

枚举很适合用来实现单例模式。实际上，在 Effective Java 中也提到过（果然英雄所见略同）：

单元素的枚举类型经常成为实现 Singleton 的最佳方法 。

首先什么是单例？就一条基本原则，单例对象的类只会被初始化一次。在 Java 中，我们可以说在 JVM 中只存在该类的唯一一个对象实例。在 Android 中，我们可以说在程序运行期间，该类有且仅有一个对象实例。说到单例模式的实现，你们肯定信手拈来，什么懒汉，饿汉，DCL，静态内部类，门清。在说单例之前，考虑下面几个问题：

• 你的单例线程安全吗?
• 你的单例反射安全吗？
• 你的单例序列化安全吗？

今天，我就来钻钻牛角尖，看看你们的单例是否真的 “单例”。

一、单例的一般实现

1、饿汉式

public class HungrySingleton {



    private static final HungrySingleton mInstance = new HungrySingleton();



    private HungrySingleton() {

    }



    public static HungrySingleton getInstance() {

        return mInstance;

    }

}

私有构造器是单例的一般套路，保证不能在外部新建对象。饿汉式在类加载时期就已经初始化实例，由于类加载过程是线程安全的，所以饿汉式默认也是线程安全的。它的缺点也很明显，我真正需要单例对象的时机是我调用 getInstance() 的时候，而不是类加载时期。如果单例对象是很耗资源的，如数据库，socket 等等，无疑是不合适的。于是就有了懒汉式。

2、懒汉式

public class LazySingleton {



    private static LazySingleton mInstance;



    private LazySingleton() {

    }



    public static synchronized LazySingleton getInstance() {

        if (mInstance == null)

            mInstance = new LazySingleton();

        return mInstance;

    }

}

实例化的时机挪到了 getInstance() 方法中，做到了 lazy init ，但也失去了类加载时期初始化的线程安全保障。因此使用了 synchronized 关键字来保障线程安全。但这显然是一个无差别攻击，管你要不要同步，管你是不是多线程，一律给我加锁。这也带来了额外的性能消耗。这点问题肯定难不倒程序员们，于是，双重检查锁定(DCL, Double Check Lock) 应运而生。

3、DCL

public class DCLSingleton {



    private static DCLSingleton mInstance;



    private DCLSingleton() {

    }



    public static DCLSingleton getInstance() {

        if (mInstance == null) {                    // 1

            synchronized (DCLSingleton.class) {     // 2

                if (mInstance == null)              // 3

                    mInstance = new DCLSingleton(); // 4

            }

        }

        return mInstance;

    }

}

1 处做第一次判断，如果已经实例化了，直接返回对象，避免无用的同步消耗。2 处仅对实例化过程做同步操作，保证单例。3 处做第二次判断，只有 mInstance 为空时再初始化。看起来时多么的完美，保证线程安全的同时又兼顾性能。但是 DCL 存在一个致命缺陷，就是重排序导致的多线程访问可能获得一个未初始化的对象。

首先记住上面标记的 4 行代码。其中第 4 行代码 mInstance = new DCLSingleton(); 在 JVM 看来有这么几步：

1. 为对象分配内存空间
2. 初始化对象
3. 将 mInstance 引用指向第 1 步中分配的内存地址

在单线程内，在不影响执行结果的前提下，可能存在指令重排序。例如下列代码：

int a = 1;

int b = 2;

在 JVM 中你是无法确保这两行代码谁先执行的，因为谁先执行都不影响程序运行结果。同理，创建实例对象的三部中，第 2 步 初始化对象 和 第 3 步 将 mInstance 引用指向对象的内存地址 之间也是可能存在重排序的。

1. 为对象分配内存空间
2. 将 mInstance 引用指向第 1 步中分配的内存地址
3. 初始化对象

这样的话，就存在这样一种可能。线程 A 按上面重排序之后的指令执行，当执行到第 2 行 将 mInstance 引用指向对象的内存地址 时，线程 B 开始执行了，此时线程 A 已为 mInstance 赋值，线程 B 进行 DCL 的第一次判断 if (mInstance == null) ,结果为 false，直接返回 mInstance 指向的对象，但是由于重排序的缘故，对象其实尚未初始化，这样就出问题了。还挺绕口的，借用 《Java 并发编程艺术》 中的一张表格，会对执行流程更加清晰。

时间	线程 A	线程 B
t1	A1: 分配对象的内存空间
t2	A3: 设置 mInstance 指向内存空间
t3		B1: 判断 mInstance 是否为空
t4		B2: 由于 mInstance 不为空，线程 B 将访问 mInstance 指向的对象
t5	A2: 初始化对象
t6	A3: 访问 mInstance 引用的对象

A3 和 A2 发生重排序导致线程 B 获取了一个尚未初始化的对象。

说了半天，该怎么改？其实很简单，禁止多线程下的重排序就可以了，只需要用volatile 关键字修饰 mInstance 。在 JDK 1.5 中，增强了 volatile 的内存语义，对一个volatile 域的写，happens-before 于任意后续对这个 volatile 域的读。volatile 会禁止一些处理器重排序，此时 DCL 就做到了真正的线程安全。

4、静态内部类模式

public class StaticInnerSingleton {



    private StaticInnerSingleton(){}



    private static class SingletonHolder{

        private static final StaticInnerSingleton mInstance=new StaticInnerSingleton();

    }



    public static StaticInnerSingleton getInstance(){

        return SingletonHolder.mInstance;

    }

}

鉴于 DCL 繁琐的代码，程序员又发明了静态内部类模式，它和饿汉式一样基于类加载时器的线程安全，但是又做到了延迟加载。SingletonHolder 是一个静态内部类，当外部类被加载的时候并不会初始化。当调用 getInstance() 方法时，才会被加载。

枚举单例暂且不提，放在最后再说。先对上面的单例模式做个检测。

二、真的是单例？

还记得开头的提问吗？

• 你的单例线程安全吗?
• 你的单例反射安全吗？
• 你的单例序列化安全吗？

上面大篇幅的论述都在说明线程安全。下面看看反射安全和序列化安全。

1、反射安全

直接上代码，我用 DCL 来做测试：

public static void main(String[] args) {



    DCLSingleton singleton1 = DCLSingleton.getInstance();

    DCLSingleton singleton2 = null;



    try {

        Class<DCLSingleton> clazz = DCLSingleton.class;

        Constructor<DCLSingleton> constructor = clazz.getDeclaredConstructor();

        constructor.setAccessible(true);

        singleton2 = constructor.newInstance();

    } catch (Exception e) {

        e.printStackTrace();

    }



    System.out.println(singleton1.hashCode());

    System.out.println(singleton2.hashCode());



}

执行结果：

1627674070

1360875712

很无情，通过反射破坏了单例。如何保证反射安全呢？只能以暴制暴，当已经存在实例的时候再去调用构造函数直接抛出异常，对构造函数做如下修改：

private DCLSingleton() {

    if (mInstance!=null)

        throw new RuntimeException("想反射我，没门！");

}

上面的测试代码会直接抛出异常。

2、序列化安全

将你的单例类实现 Serializable 持久化保存起来，日后再恢复出来，他还是单例吗？

public static void main(String[] args) {



    DCLSingleton singleton1 = DCLSingleton.getInstance();

    DCLSingleton singleton2 = null;



    try {

        ObjectOutput output=new ObjectOutputStream(new FileOutputStream("singleton.ser"));

        output.writeObject(singleton1);

        output.close();



        ObjectInput input=new ObjectInputStream(new FileInputStream("singleton.ser"));

        singleton2= (DCLSingleton) input.readObject();

    } catch (Exception e) {

        e.printStackTrace();

    }

    System.out.println(singleton1.hashCode());

    System.out.println(singleton2.hashCode());



}

执行结果：

644117698

793589513

不堪一击。反序列化时生成了新的实例对象。要修复也很简单，只需要修改反序列化的逻辑就可以了，即重写 readResolve() 方法，使其返回统一实例。

protected Object readResolve() {

    return getInstance();

}

脆弱不堪的单例模式经过重重考验，进化成了完全体，延迟加载，线程安全，反射安全，序列化安全。全部代码如下：

public class DCLSingleton implements Serializable {



    private static DCLSingleton mInstance;



    private DCLSingleton() {

        if (mInstance!=null)

            throw new RuntimeException("想反射我，没门！");

    }



    public static DCLSingleton getInstance() {

        if (mInstance == null) {

            synchronized (DCLSingleton.class) {

                if (mInstance == null)

                    mInstance = new DCLSingleton();

            }

        }

        return mInstance;

    }



    protected Object readResolve() {

        return getInstance();

    }

}

三、枚举单例

枚举看到 DCL 就开始嘲笑他了，“你瞅瞅你那是啥，写个单例费那大劲呢？” 于是撸起袖子自己写了一个枚举单例：

public enum EnumSingleton {

    INSTANCE;

}

DCL 反问，“你这啥玩意，你这就是单例了？我来扒了你的皮看看 ！” 于是 DCL 掏出 jad ，扒了 Enum 的衣服，拉出来示众：

public final class EnumSingleton extends Enum {



    public static EnumSingleton[] values() {

        return (EnumSingleton[])$VALUES.clone();

    }



    public static EnumSingleton valueOf(String s) {

        return (EnumSingleton)Enum.valueOf(test/singleton/EnumSingleton, s);

    }



    private EnumSingleton(String s, int i) {

        super(s, i);

    }



    public static final EnumSingleton INSTANCE;

    private static final EnumSingleton $VALUES[];



    static {

        INSTANCE = new EnumSingleton("INSTANCE", 0);

        $VALUES = (new EnumSingleton[] {

            INSTANCE

        });

    }

}

我们依次来检查枚举单例的线程安全，反射安全，序列化安全。

首先枚举单例无疑是线程安全的，类似饿汉式，INSTANCE 的初始化放在了 static 静态代码段中，在类加载阶段执行。由此可见，枚举单例并不是延时加载的。

对于反射安全，又要掏出上面的检测代码了，根据 EnumSingleton 的构造器，需要稍微做些改动：

public static void main(String[] args) {



    EnumSingleton singleton1 = EnumSingleton.INSTANCE;

    EnumSingleton singleton2 = null;



    try {

        Class<EnumSingleton> clazz = EnumSingleton.class;

        Constructor<EnumSingleton> constructor = clazz.getDeclaredConstructor(String.class,int.class);

        constructor.setAccessible(true);

        singleton2 = constructor.newInstance("test",1);

    } catch (Exception e) {

        e.printStackTrace();

    }



    System.out.println(singleton1.hashCode());

    System.out.println(singleton2.hashCode());



}

结果直接报错，错误日志如下：

java.lang.IllegalArgumentException: Cannot reflectively create enum objects

    at java.lang.reflect.Constructor.newInstance(Constructor.java:417)

    at singleton.SingleTest.main(SingleTest.java:16)

错误发生在 Constructor.newInstance() 方法，又要从源码中找答案了，在 newInstance() 源码中，有这么一句：

if ((clazz.getModifiers() & Modifier.ENUM) != 0)

            throw new IllegalArgumentException("Cannot reflectively create enum objects");

如果是枚举修饰的，直接抛出异常。和之前的对抗反射的手段一致，压根就不给你反射。所以，枚举单例也是天生反射安全的。

最后枚举单例也是序列化安全的，上篇文章中已经说明过，你可以运行测试代码试试。

看起来枚举单例的确是个不错的选择，代码简单，又能保证绝大多数情况下的单例实例唯一。但是真正在开发中大家好像用的并不多，更多的可能应该是枚举在 Java 1.5 中才添加，大家默认已经习惯了其他的单例实现方式。

四、代码最少的单例？

说到枚举单例代码简单，Kotlin 第一个站出来不服了。我敢说第一，谁敢说第二，给你们献丑了：

object KotlinSingleton { }

jad 反编译一下：

public final class KotlinSingleton {



    private KotlinSingleton(){

    }



    public static final KotlinSingleton INSTANCE;



    static {

        KotlinSingleton kotlinsingleton = new KotlinSingleton();

        INSTANCE = kotlinsingleton;

    }

}

可以看到，Kotlin 的单例其实也是饿汉式的一种，不钻牛角尖的话，基本可以满足大部分需求。

吹毛求疵的谈了谈单例模式，可以看见要完全的保证单例还是有很多坑点的。在开发中并没有必要钻牛角尖，例如 Kotlin 默认提供的单例实现就是饿汉式而已，其实已经可以满足绝大多数的情况了。

由枚举引申出了这么一篇文章，大家姑且可以当做娱乐看一看，交个朋友。