Byte code field report
Download as PPTX, PDF2 likes371 views
This document discusses Java bytecode manipulation techniques using unsafe, instrumentation, and Java agents. It covers areas where bytecode manipulation is commonly used like mocking, persistence, and security. It analyzes techniques for defining and transforming classes at runtime and discusses challenges like injecting state and working with modules. The document also proposes ideas to standardize testing support and provide a unified dynamic code generation concept in Java.
![interface Instrumentation { // since Java 5
void addClassFileTransformer(ClassFileTransformer cft);
}
How to define and change byte code at runtime?
class Unsafe {
Class<?> defineClass(String name, byte[] bytes, ...) { ... }
}
class MethodHandle { // since Java 9
Class<?> defineClass(byte[] bytes) { ... }
}
// since Java 11
package jdk.internal;
class Unsafe { // since Java 9
Class<?> defineClass(String name, byte[] bytes, ...) { ... }
}](https://image.slidesharecdn.com/bytecodefieldreport-190204074528/85/Byte-code-field-report-4-320.jpg)
![API enhancement proposal: JDK-8200559
interface ClassFileTransformer {
interface ClassDefiner {
Class<?> defineClass(byte[] bytes);
}
byte[] transform(
ClassDefiner classDefiner,
Module module,
ClassLoader loader,
String className,
Class<?> classBeingRedefined,
ProtectionDomain protectionDomain,
byte[] classfileBuffer
) throws IllegalClassFormatException;
}
// restricted to package of transformed class](https://image.slidesharecdn.com/bytecodefieldreport-190204074528/85/Byte-code-field-report-7-320.jpg)
![Emulating Unsafe.defineClass via JDK-8200559.
static void defineClass(Instrumentation inst, Class<?> pgkWitness, byte[] bytes) {
ClassFileTransformer t =
(definer, module, loader, name, c, pd, buffer) -> {
if (c == pgkWitness) {
definer.defineClass(bytes);
}
return null;
};
instrumentation.addClassFileTransformer(t, true);
try {
instrumentation.retransformClasses(pgkWitness);
} finally {
instrumentation.removeClassFileTransformer(t);
}
}](https://image.slidesharecdn.com/bytecodefieldreport-190204074528/85/Byte-code-field-report-10-320.jpg)
![Using unsafe class definition in testing context.
UserClass userClass = Mockito.mock(UserClass.class);
user.jar mockito.jar
(unnamed) module
byte[] userClassMock = ...
methodHandle.defineClass(userClassMock);
user module
No standardized support for "test dependencies". It is impossible to open modules to Mockito which only exists in tests.](https://image.slidesharecdn.com/bytecodefieldreport-190204074528/85/Byte-code-field-report-14-320.jpg)
![interface Instrumentation {
Class<?> defineClass(byte[] bytes, ClassLoader cl);
// ...
}
class TestSupport { // module jdk.test
static Instrumentation getInstrumentation() { ... }
static <T> T allocateInstance(Class<T> type) { ... }
static void setSecurityManagerUnsafe(SecurityManager sm) { ... }
}
What is missing for a full migration away from Unsafe?
The jdk.test module would:
• not be bundled with a non-JDK VM distribution
• it would print a console warning when being loaded
• allow to mark test-scope libraries not to load in production environments
• be resolved automatically by test runners like Maven Surefire](https://image.slidesharecdn.com/bytecodefieldreport-190204074528/85/Byte-code-field-report-25-320.jpg)
Byte code field report
- 1. Byte code field report or Why we still heavily rely on Unsafe as of Java 13
- 2. What background do I base this talk/opinion based on?
- 3. behaviour changing behavior enhancing dynamic subclass mocking e.g. Mockito persistence proxy e.g. Hibernate retransformation security e.g. Sqreen APM/tracing e.g. Instana In what areas are instrumentation and dynamic subclassing mainly used?
- 4. interface Instrumentation { // since Java 5 void addClassFileTransformer(ClassFileTransformer cft); } How to define and change byte code at runtime? class Unsafe { Class<?> defineClass(String name, byte[] bytes, ...) { ... } } class MethodHandle { // since Java 9 Class<?> defineClass(byte[] bytes) { ... } } // since Java 11 package jdk.internal; class Unsafe { // since Java 9 Class<?> defineClass(String name, byte[] bytes, ...) { ... } }
- 5. Defining classes from Java agents Transforming classes from Java agents Defining classes from libraries Transforming classes from libraries Miscellaneous
- 6. class Sample { void method() { Api.invoke(new Callback() { @Override void callback() { System.out.println("called back"); } } } } Java agents also need to define classes. class Sample { void method() { // do something } } abstract class Callback { abstract void callback(); } class Api { static void invoke(Callback c) { ... } }
- 7. API enhancement proposal: JDK-8200559 interface ClassFileTransformer { interface ClassDefiner { Class<?> defineClass(byte[] bytes); } byte[] transform( ClassDefiner classDefiner, Module module, ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer ) throws IllegalClassFormatException; } // restricted to package of transformed class
- 8. class Sender { void send(Receiver receiver) { Framework.sendAsync(receiver, new TaggedEvent()); } } Injected classes with multiple use sites. class Sender { void send(Receiver receiver) { Framework.sendAsync(receiver, new Event()); } } class Receiver { void receive(Event event) { if (event instanceof TaggedEvent) { TrackingAgent.record(((TaggedEvent) event).timestamp); } System.out.println(event); } } class Receiver { void receive(Event event) { System.out.println(event); } } class TaggedEvent extends Event { long time = currentTimeMillis(); }
- 9. Why JDK-8200559 does not cover all use cases. • A Java agent cannot rely on a given class loading order. • The TaggedEvent class must be defined in the package of the first class being loaded. class sender.Sender class sender.TaggedEvent class receiver.Receiver class receiver.Receiver class receiver.TaggedEvent class sender.Sender package event; class Event { /* package-private */ void overridable() { // default behavior } } • The mediator class might need to be defined in a different package to begin with.
- 10. Emulating Unsafe.defineClass via JDK-8200559. static void defineClass(Instrumentation inst, Class<?> pgkWitness, byte[] bytes) { ClassFileTransformer t = (definer, module, loader, name, c, pd, buffer) -> { if (c == pgkWitness) { definer.defineClass(bytes); } return null; }; instrumentation.addClassFileTransformer(t, true); try { instrumentation.retransformClasses(pgkWitness); } finally { instrumentation.removeClassFileTransformer(t); } }
- 11. 0 100 200 300 400 500 600 700 800 milliseconds sun.misc.Unsafe java.lang.invoke.MethodHandle using package witness
- 12. inst.retransformClasses(MethodHandles.class); class MethodHandles { public static Lookup publicLookup() { if (Thread.currentThread().getId() == MY_PRIVILEGED_THREAD) { return Lookup.IMPL_LOOKUP; } else { return Lookup.PUBLIC_LOOKUP; } } } Bonus: Hijacking the internal method handle to define classes in foreign packages. class Lookup { static final Lookup IMPL_LOOKUP = new Lookup(Object.class, TRUSTED); static final Lookup PUBLIC_LOOKUP = new Lookup(Object.class, PUBLIC | UNCOND); }
- 13. Defining classes from Java agents Transforming classes from Java agents Defining classes from libraries Transforming classes from libraries Miscellaneous
- 14. Using unsafe class definition in testing context. UserClass userClass = Mockito.mock(UserClass.class); user.jar mockito.jar (unnamed) module byte[] userClassMock = ... methodHandle.defineClass(userClassMock); user module No standardized support for "test dependencies". It is impossible to open modules to Mockito which only exists in tests.
- 15. How to use Unsafe with the jdk.unsupported module being unrolled? Field f = sun.misc.Unsafe.class.getDeclaredField("theUnsafe"); f.setAccessible(true); Unsafe u = (Unsafe) f.get(null); u.defineClass( ... ); Field f = jdk.internal.misc.Unsafe.class.getDeclaredField("theUnsafe"); f.setAccessible(true); // only possible from agent (redefineModules) or cmd Unsafe u = (Unsafe) f.get(null); f.defineClass( ... ); static void makeAccessible(Unsafe unsafe, Field target) { Field f = AccessibleObject.class.getDeclaredField("override"); long offset = unsafe.getObjectFieldOffset(f); u.putBoolean(target, offset, true); } // since Java 12 static void makeAccessible(Unsafe unsafe, Field target) { Field f = classFileCopy(AccessibleObject.class).getDeclaredField("override"); long offset = unsafe.getObjectFieldOffset(f); u.putBoolean(target, offset, true); }
- 17. user.jar mockito.jar (unnamed) moduleuser module class UserClass$MockitoMock extends UserClass implements MockitoMock export/read class UserClass interface MockitoMock Handling proxies in a modularized application UnsafeHelper.defineClass(...); class ModuleProbe { static { UserClass.class.getModule() .addReads(MockitoMock.class .getModule()); } } UnsafeHelper.defineClass(...); Class.forName( ModuleProbe.class.getName(), true, cl);
- 18. user.jar mockito.jar (unnamed) moduleuser module class UserClass interface MockitoMock Handling proxies in a modularized application mock class loader class MockitoBridge { static Module module; } class ModuleProbe { static { UserClass.class.getModule() .addReads(MockitoBridge.class .getModule()); UserClass.class.getModule() .addExports(MockitoBridge.module); } } class loader Bclass loader A UnsafeHelper.defineClass(...); UnsafeHelper.defineClass(...); Class.forName( ModuleProbe.class.getName(), true, cl); MockitoBridge.module = mcl .getUnnamedModule();
- 19. 0 20 40 60 80 100 120 140 milliseconds regular direct probe bridged probe
- 20. Defining classes from Java agents Transforming classes from Java agents Defining classes from libraries Transforming classes from libraries Miscellaneous
- 21. static Instrumentation inst() { long processId = ProcessHandle.current().pid(); String location = InstrumentationHolder.class.getProtectionDomain() .getCodeSource() .getURL() .toString(); AttachUtil.startVmAndRun(() -> { VirtualMachine vm = VirtualMachine.attach(String.valueOf(processId)); vm.loadAgent(location, ""); } return InstrumentationHolder.inst; } class InstrumentationHolder { static Instrumentation inst; public static void agentmain(String arg, Instrumentation inst) { InstrumentationHolder.inst = inst; } } static Instrumentation inst() { long processId = ProcessHandle.current().pid(); VirtualMachine vm = VirtualMachine.attach(String.valueOf(processId)); vm.loadAgent(InstrumentationHolder.class.getProtectionDomain(), .getCodeSource() .getURL() .toString(), ""); return InstrumentationHolder.inst; } Instrumenting code without attaching a Java agent. FinalUserClass finalUserClass = Mockito.mock(FinalUserClass.class); Controlled by the jdk.attach.allowAttachSelf option which is false by default.
- 22. 0 500 1000 1500 2000 2500 3000 milliseconds command line self-attachment indirect self-attachment
- 23. Using self-attach for emulating Unsafe.allocateInstance in Mockito. UserClass userClass = Mockito.mock(UserClass.class); class UserClass { UserClass() { // some side effect } } class UserClass { UserClass() { if (!MockitoThreadLocalControl.isMockInstantiation()) { // some side effect } } }
- 24. Dealing with the security manager in unit tests and agents. class AccessControlContext { void checkPermission(Permission perm) throws AccessControlException { // check access against security manager } } Not all security managers respect a policy file what makes instrumentation even more attractive. class AccessControlContext { void checkPermission(Permission perm) throws AccessControlException { SecurityManagerInterceptor.check(this, perm); } }
- 25. interface Instrumentation { Class<?> defineClass(byte[] bytes, ClassLoader cl); // ... } class TestSupport { // module jdk.test static Instrumentation getInstrumentation() { ... } static <T> T allocateInstance(Class<T> type) { ... } static void setSecurityManagerUnsafe(SecurityManager sm) { ... } } What is missing for a full migration away from Unsafe? The jdk.test module would: • not be bundled with a non-JDK VM distribution • it would print a console warning when being loaded • allow to mark test-scope libraries not to load in production environments • be resolved automatically by test runners like Maven Surefire
- 26. Defining classes from Java agents Transforming classes from Java agents Defining classes from libraries Transforming classes from libraries Miscellaneous
- 27. Callback callback = ...; ClassFileTransformer t = (definer, module, loader, name, c, pd, buffer) -> { // how to make the callback instance accessible to an instrumented method? } class Dispatcher { // inject into a well-known class loader ConcurrentMap<String, Object> vals = new ConcurrentHashMap<>(); } How do agents inject state into classes without changing their shape? void foo() { Callback c = (Callback) Dispatcher.vals.get("unique-name"); c.invoked("foo"); } void foo() { } Callback callback = ...; Dispatcher.vals.put("unique-name", callback);
- 28. State state = ...; ClassFileTransformer t = (definer, module, loader, name, c, pd, buffer) -> { // how to inject non-serializable state into an instrumented class? } How do agents inject state into classes without changing their shape? class Init { // inject into a well-know class loader static ConcurrentMap<String, Object> vals = new ConcurrentHashMap<>(); } Init.vals.put("unique-name", state); class UserClass { static final State state; static { state = (State) Init.vals.get("unique-name"); } } class UserClass { static final State state; }
- 29. Working with "well-known" class loaders. Well-known (across all Java versions): system class loader, boot loader interface Instrumentation { void appendToBootstrapClassLoaderSearch(JarFile jar); void appendToSystemClassLoaderSearch(JarFile jar); } Change in behavior: • Java 8 and before: URLClassLoader checks appended search path for any package. • Java 9 and later: BuiltInClassLoader checks appended search path for unknown packages.
- 30. Working with "well-known" modules. interface Instrumentation { void redefineModule( Module module, Set<Module> extraReads, Map<String,Set<Module>> extraExports, Map<String,Set<Module>> extraOpens, Set<Class<?>> extraUses, Map<Class<?>,List<Class<?>>> extraProvides ); } Not respected by other module systems (OSGi/JBoss modules) which are harder to adjust. Solutions: • Adjust module graph via instrumentation + instrument all class loaders to whitelist agent dispatcher package. • Put dispatcher code into a known package that all class loaders and the VM accept: [email protected]. The latter is only possible via Unsafe API since Java 9 and later.
- 31. Most dynamic code generation is not really dynamic. Dynamic code generation is • mainly used because types are not known at library-compile-time despite being known at application compile-time. • should be avoided for production apllications (reduce start-up time) but is very useful for testing. @SupportedSourceVersion(SourceVersion.latestSupported()) @SupportedAnnotationTypes("my.SampleAnnotation") public class MyProcessor extends AbstractProcessor { void init(ProcessingEnvironment env) { } boolean process(Set<? extends TypeElement> annoations, RoundEnvironment env) { } } Downside of using annotation processors: • Bound to the Java programming language. • Cannot change bytecode. (Only via internal API as for example in Lombock.) • No general code-interception mechanism as for Java agents.
- 32. <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-maven-plugin</artifactId> <version>LATEST</version> </dependency> How to write a "hybrid agent" using build tools. interface Transformer { DynamicType.Builder<?> transform( DynamicType.Builder<?> builder, TypeDescription typeDescription, ClassLoader classLoader, JavaModule module); } interface Plugin { DynamicType.Builder<?> apply( DynamicType.Builder<?> builder, TypeDescription typeDescription, ClassFileLocator classFileLocator); } Unified concept in Byte Buddy: agents, plugins and subclass proxies: Remaining downside of build plugins: Difficult to instrument code in the JVM and third-party jar files. An agent-like compile-time transformation API would be a great edition to AOT-based Java, e.g. Graal.
- 33. Memory-leaks caused by hybrid agents: lack of ephomerons public class BootDispatcher { public static WeakMap<Object, Dispatcher> dispatchers; } class UserClass { void m() { BootDispatcher.dispatchers .get(this) .handle("m", this); } } class UserClass { void m() { /* do something */ } } class UserClass { AgentDispatcher dispatcher; void m() { dispatcher.handle("m", this); } } static dynamic hard reference