Byte code field report

Byte code field report
or
Why we still heavily rely on
Unsafe as of Java 13

What background do I base this talk/opinion based on?

behaviour changing behavior enhancing
dynamic subclass
mocking
e.g. Mockito
persistence proxy
e.g. Hibernate
retransformation
security
e.g. Sqreen
APM/tracing
e.g. Instana
In what areas are instrumentation and dynamic subclassing mainly used?

interface Instrumentation { // since Java 5
void addClassFileTransformer(ClassFileTransformer cft);
}
How to define and change byte code at runtime?
class Unsafe {
Class<?> defineClass(String name, byte[] bytes, ...) { ... }
}
class MethodHandle { // since Java 9
Class<?> defineClass(byte[] bytes) { ... }
}
// since Java 11
package jdk.internal;
class Unsafe { // since Java 9
Class<?> defineClass(String name, byte[] bytes, ...) { ... }
}

Defining classes from Java agents
Transforming classes from Java agents
Defining classes from libraries
Transforming classes from libraries
Miscellaneous

class Sample {
void method() {
Api.invoke(new Callback() {
@Override
void callback() {
System.out.println("called back");
}
}
}
}
Java agents also need to define classes.
class Sample {
void method() {
// do something
}
}
abstract class Callback {
abstract void callback();
}
class Api {
static void invoke(Callback c) { ... }
}

API enhancement proposal: JDK-8200559
interface ClassFileTransformer {
interface ClassDefiner {
Class<?> defineClass(byte[] bytes);
}
byte[] transform(
ClassDefiner classDefiner,
Module module,
ClassLoader loader,
String className,
Class<?> classBeingRedefined,
ProtectionDomain protectionDomain,
byte[] classfileBuffer
) throws IllegalClassFormatException;
}
// restricted to package of transformed class

class Sender {
void send(Receiver receiver) {
Framework.sendAsync(receiver, new TaggedEvent());
}
}
Injected classes with multiple use sites.
class Sender {
void send(Receiver receiver) {
Framework.sendAsync(receiver, new Event());
}
}
class Receiver {
void receive(Event event) {
if (event instanceof TaggedEvent) {
TrackingAgent.record(((TaggedEvent) event).timestamp);
}
System.out.println(event);
}
}
class Receiver {
void receive(Event event) {
System.out.println(event);
}
}
class TaggedEvent extends Event {
long time = currentTimeMillis();
}

Why JDK-8200559 does not cover all use cases.
• A Java agent cannot rely on a given class loading order.
• The TaggedEvent class must be defined in the package of the first class being loaded.
class sender.Sender
class sender.TaggedEvent
class receiver.Receiver
class receiver.Receiver
class receiver.TaggedEvent
class sender.Sender
package event;
class Event {
/* package-private */ void overridable() {
// default behavior
}
}
• The mediator class might need to be defined in a different package to begin with.

Emulating Unsafe.defineClass via JDK-8200559.
static void defineClass(Instrumentation inst, Class<?> pgkWitness, byte[] bytes) {
ClassFileTransformer t =
(definer, module, loader, name, c, pd, buffer) -> {
if (c == pgkWitness) {
definer.defineClass(bytes);
}
return null;
};
instrumentation.addClassFileTransformer(t, true);
try {
instrumentation.retransformClasses(pgkWitness);
} finally {
instrumentation.removeClassFileTransformer(t);
}
}

0
100
200
300
400
500
600
700
800
milliseconds
sun.misc.Unsafe java.lang.invoke.MethodHandle using package witness

inst.retransformClasses(MethodHandles.class);
class MethodHandles {
public static Lookup publicLookup() {
if (Thread.currentThread().getId() == MY_PRIVILEGED_THREAD) {
return Lookup.IMPL_LOOKUP;
} else {
return Lookup.PUBLIC_LOOKUP;
}
}
}
Bonus: Hijacking the internal method handle to define classes in foreign packages.
class Lookup {
static final Lookup IMPL_LOOKUP = new Lookup(Object.class, TRUSTED);
static final Lookup PUBLIC_LOOKUP = new Lookup(Object.class, PUBLIC | UNCOND);
}

Using unsafe class definition in testing context.
UserClass userClass = Mockito.mock(UserClass.class);
user.jar mockito.jar
(unnamed) module
byte[] userClassMock = ...
methodHandle.defineClass(userClassMock);
user module
No standardized support for "test dependencies". It is impossible to open modules to Mockito which only exists in tests.

How to use Unsafe with the jdk.unsupported module being unrolled?
Field f = sun.misc.Unsafe.class.getDeclaredField("theUnsafe");
f.setAccessible(true);
Unsafe u = (Unsafe) f.get(null);
u.defineClass( ... );
Field f = jdk.internal.misc.Unsafe.class.getDeclaredField("theUnsafe");
f.setAccessible(true); // only possible from agent (redefineModules) or cmd
Unsafe u = (Unsafe) f.get(null);
f.defineClass( ... );
static void makeAccessible(Unsafe unsafe, Field target) {
Field f = AccessibleObject.class.getDeclaredField("override");
long offset = unsafe.getObjectFieldOffset(f);
u.putBoolean(target, offset, true);
}
// since Java 12
static void makeAccessible(Unsafe unsafe, Field target) {
Field f = classFileCopy(AccessibleObject.class).getDeclaredField("override");
long offset = unsafe.getObjectFieldOffset(f);
u.putBoolean(target, offset, true);
}

0
5
10
15
20
25
30
35
40
45
milliseconds
direct class file copy

(unnamed) moduleuser module
class UserClass$MockitoMock
extends UserClass
implements MockitoMock
export/read
class UserClass interface MockitoMock
Handling proxies in a modularized application
UnsafeHelper.defineClass(...);
class ModuleProbe {
static { UserClass.class.getModule()
.addReads(MockitoMock.class
.getModule()); }
}
Class.forName(
ModuleProbe.class.getName(),
true, cl);

(unnamed) moduleuser module
class UserClass interface MockitoMock
Handling proxies in a modularized application
mock class loader
class MockitoBridge {
static Module module;
}
class ModuleProbe {
static { UserClass.class.getModule()
.addReads(MockitoBridge.class
.getModule());
UserClass.class.getModule()
.addExports(MockitoBridge.module);
}
}
class loader Bclass loader A
Class.forName(
ModuleProbe.class.getName(),
true, cl);
MockitoBridge.module = mcl
.getUnnamedModule();

0
20
40
60
80
100
120
140
milliseconds
regular direct probe bridged probe

static Instrumentation inst() {
long processId = ProcessHandle.current().pid();
String location = InstrumentationHolder.class.getProtectionDomain()
.getCodeSource()
.getURL()
.toString();
AttachUtil.startVmAndRun(() -> {
VirtualMachine vm = VirtualMachine.attach(String.valueOf(processId));
vm.loadAgent(location, "");
}
return InstrumentationHolder.inst;
}
class InstrumentationHolder {
static Instrumentation inst;
public static void agentmain(String arg, Instrumentation inst) {
InstrumentationHolder.inst = inst;
}
}
static Instrumentation inst() {
long processId = ProcessHandle.current().pid();
VirtualMachine vm = VirtualMachine.attach(String.valueOf(processId));
vm.loadAgent(InstrumentationHolder.class.getProtectionDomain(),
.getCodeSource()
.getURL()
.toString(), "");
return InstrumentationHolder.inst;
}
Instrumenting code without attaching a Java agent.
FinalUserClass finalUserClass = Mockito.mock(FinalUserClass.class);
Controlled by the jdk.attach.allowAttachSelf option which is false by default.

0
500
1000
1500
2000
2500
3000
milliseconds
command line self-attachment indirect self-attachment

Using self-attach for emulating Unsafe.allocateInstance in Mockito.
UserClass userClass = Mockito.mock(UserClass.class);
class UserClass {
UserClass() { // some side effect }
}
class UserClass {
UserClass() {
if (!MockitoThreadLocalControl.isMockInstantiation()) {
// some side effect
}
}
}

Dealing with the security manager in unit tests and agents.
class AccessControlContext {
void checkPermission(Permission perm) throws AccessControlException {
// check access against security manager
}
}
Not all security managers respect a policy file what makes instrumentation even more attractive.
class AccessControlContext {
void checkPermission(Permission perm) throws AccessControlException {
SecurityManagerInterceptor.check(this, perm);
}
}

interface Instrumentation {
Class<?> defineClass(byte[] bytes, ClassLoader cl);
// ...
}
class TestSupport { // module jdk.test
static Instrumentation getInstrumentation() { ... }
static <T> T allocateInstance(Class<T> type) { ... }
static void setSecurityManagerUnsafe(SecurityManager sm) { ... }
}
What is missing for a full migration away from Unsafe?
The jdk.test module would:
• not be bundled with a non-JDK VM distribution
• it would print a console warning when being loaded
• allow to mark test-scope libraries not to load in production environments
• be resolved automatically by test runners like Maven Surefire

Callback callback = ...;
ClassFileTransformer t = (definer, module, loader, name, c, pd, buffer) -> {
// how to make the callback instance accessible to an instrumented method?
}
class Dispatcher { // inject into a well-known class loader
ConcurrentMap<String, Object> vals = new ConcurrentHashMap<>();
}
How do agents inject state into classes without changing their shape?
void foo() {
Callback c = (Callback) Dispatcher.vals.get("unique-name");
c.invoked("foo");
}
void foo() {
}
Callback callback = ...;
Dispatcher.vals.put("unique-name", callback);

State state = ...;
ClassFileTransformer t = (definer, module, loader, name, c, pd, buffer) -> {
// how to inject non-serializable state into an instrumented class?
}
How do agents inject state into classes without changing their shape?
class Init { // inject into a well-know class loader
static ConcurrentMap<String, Object> vals = new ConcurrentHashMap<>();
}
Init.vals.put("unique-name", state);
class UserClass {
static final State state;
static {
state = (State) Init.vals.get("unique-name");
}
}
class UserClass {
static final State state;
}

Working with "well-known" class loaders.
Well-known (across all Java versions): system class loader, boot loader
void appendToBootstrapClassLoaderSearch(JarFile jar);
void appendToSystemClassLoaderSearch(JarFile jar);
}
Change in behavior:
• Java 8 and before: URLClassLoader checks appended search path for any package.
• Java 9 and later: BuiltInClassLoader checks appended search path for unknown packages.

Working with "well-known" modules.
void redefineModule(
Module module,
Set<Module> extraReads,
Map<String,Set<Module>> extraExports,
Map<String,Set<Module>> extraOpens,
Set<Class<?>> extraUses,
Map<Class<?>,List<Class<?>>> extraProvides
);
}
Not respected by other module systems (OSGi/JBoss modules) which are harder to adjust.
Solutions:
• Adjust module graph via instrumentation + instrument all class loaders to whitelist agent dispatcher package.
• Put dispatcher code into a known package that all class loaders and the VM accept: java.lang@java.base.
The latter is only possible via Unsafe API since Java 9 and later.

Most dynamic code generation is not really dynamic.
Dynamic code generation is
• mainly used because types are not known at library-compile-time despite being known at application compile-time.
• should be avoided for production apllications (reduce start-up time) but is very useful for testing.
@SupportedSourceVersion(SourceVersion.latestSupported())
@SupportedAnnotationTypes("my.SampleAnnotation")
public class MyProcessor extends AbstractProcessor {
void init(ProcessingEnvironment env) { }
boolean process(Set<? extends TypeElement> annoations, RoundEnvironment env) { }
}
Downside of using annotation processors:
• Bound to the Java programming language.
• Cannot change bytecode. (Only via internal API as for example in Lombock.)
• No general code-interception mechanism as for Java agents.

<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-maven-plugin</artifactId>
<version>LATEST</version>
</dependency>
How to write a "hybrid agent" using build tools.
interface Transformer {
DynamicType.Builder<?> transform(
DynamicType.Builder<?> builder,
TypeDescription typeDescription,
ClassLoader classLoader,
JavaModule module);
}
interface Plugin {
DynamicType.Builder<?> apply(
DynamicType.Builder<?> builder,
TypeDescription typeDescription,
ClassFileLocator classFileLocator);
}
Unified concept in Byte Buddy: agents, plugins and subclass proxies:
Remaining downside of build plugins:
Difficult to instrument code in the JVM and third-party jar files.
An agent-like compile-time transformation API would be a great edition to AOT-based Java, e.g. Graal.

Memory-leaks caused by hybrid agents: lack of ephomerons
public class BootDispatcher {
public static WeakMap<Object, Dispatcher>
dispatchers;
}
class UserClass {
void m() {
BootDispatcher.dispatchers
.get(this)
.handle("m", this);
}
}
class UserClass {
void m() { /* do something */ }
}
class UserClass {
AgentDispatcher dispatcher;
void m() {
dispatcher.handle("m", this);
}
}
static dynamic
hard reference

http://rafael.codes
@rafaelcodes
http://documents4j.com
https://github.com/documents4j/documents4j
http://bytebuddy.net
https://github.com/raphw/byte-buddy

Byte code field report

More Related Content

What's hot (19)

Similar to Byte code field report (20)

Recently uploaded (20)

Byte code field report