Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Instrument to Remove: Using Java agents for fun...

Johannes Bechberger
October 17, 2023
Programming
0
28

Instrument to Remove: Using Java agents for fun and profit

Have you ever written a Java agent? This talk will give you an introduction into writing small custom Java agents to create profilers or help with dead code removal, and how to write basic byte-code instrumentations.

I'll present you with all the techniques to write a Java agent and javassist based instrumentation code to find unused classes and dependencies in your project. Knowing which classes and dependencies are not used in your application can save you from considering the bugs and problems in these dependencies and classes if you remove them, helping to guard against supply chain attacks.

Java agents and instrumentation of a few lines of code can save you a lot of effort and implementing them is great fun :)

Johannes Bechberger

October 17, 2023
Tweet

More Decks by Johannes Bechberger

See All by Johannes Bechberger
Writing a Linux scheduler in Java with eBPF
parttimenerd
0
16
Instrument to remove (JavaForum Stuttgart 2024)
parttimenerd
0
20
Building a Lightning Fast Firewall with Java & eBPF (JavaZone 2024)
parttimenerd
0
28
Python 3.12's new monitoring and debugging API (PyConDE 2024)
parttimenerd
0
36
Instrument to remove (VoxxedDays Zürich 2024)
parttimenerd
0
21
Let’s create a Python Debugger together (PyConLt 2024)
parttimenerd
0
31
Python 3.12's new monitoring and debugging API
parttimenerd
0
88
Inner Workings of Safepoints
parttimenerd
0
61
Do you trust profilers? I once did too
parttimenerd
0
53

Other Decks in Programming

See All in Programming
Flutterを言い訳にしない!アプリの使い心地改善テクニック5選🔥
kno3a87
1
170
タクシーアプリ『GO』のリアルタイムデータ分析基盤における機械学習サービスの活用
mot_techtalk
4
1.4k
macOS でできる リアルタイム動画像処理
biacco42
9
2.4k
LLM生成文章の精度評価自動化とプロンプトチューニングの効率化について
layerx
PRO
2
190
みんなでプロポーザルを書いてみた
yuriko1211
0
260
どうして僕の作ったクラスが手続き型と言われなきゃいけないんですか
akikogoto
1
120
AWS IaCの注目アップデート 2024年10月版
konokenj
3
3.3k
ActiveSupport::Notifications supporting instrumentation of Rails apps with OpenTelemetry
ymtdzzz
1
230
subpath importsで始めるモック生活
10tera
0
300
Jakarta Concurrencyによる並行処理プログラミングの始め方 (JJUG CCC 2024 Fall)
tnagao7
1
290
聞き手から登壇者へ: RubyKaigi2024 LTでの初挑戦が 教えてくれた、可能性の星
mikik0
1
130
광고 소재 심사 과정에 AI를 도입하여 광고 서비스 생산성 향상시키기
kakao
PRO
0
170

Featured

See All Featured
Statistics for Hackers
jakevdp
796
220k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
Writing Fast Ruby
sferik
627
61k
Bash Introduction
62gerente
608
210k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
RailsConf 2023
tenderlove
29
900
What's in a price? How to price your products and services
michaelherold
243
12k
Facilitating Awesome Meetings
lara
50
6.1k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Documentation Writing (for coders)
carmenintech
65
4.4k

Transcript

  1. Instrument to Remove Using Java agents for fun and profit

    Johannes Bechberger

  2. <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-validation</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId>

    <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <!-- Databases - Uses H2 by default --> <dependency> <groupId>com.h2database</groupId> <artifactId>h2</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>com.mysql</groupId> <artifactId>mysql-connector-j</artifactId> <scope>runtime</scope> </dependency>

  3. Do you need all?

  4. Probably not

  5. None

  6. Software systems have a natural tendency to grow in size

    and complexity over time. A part of this growth comes with new features or bug fixes, while another part is due to useless code that accumulates over time. The problem of safely debloating real-world applications remains a long- standing software engineering endeavor today. — Soto-Valero et. al “ Source: https://arxiv.org/pdf/2008.08401.pdf

  7. How do we debloat?

  8. Debloating tools Dynamic Static Coverage Profiling Code Analysis Dependency Analysis

    ./gradlew lintGradle
  9. None
  10. None
  11. None
  12. None

  13. You know the JVM? Could you help us debloat programs

    using agents or profilers?

  14. Existing tools have problems...

  15. So let’s write our own * as a proof of

    concept for a blog post *

  16. Reduce the Problem

  17. Find unused classes Source: https://arxiv.org/pdf/2008.08401.pdf

  18. Find unused classes class A { static { Store.getInstance().processClassUsage("A"); }

    private int field; public void method() {...} }

  19. When are static initializers called “ • T is a

    class and an instance of A is created. • A static method declared by A is invoked. • A static field declared by A is assigned. • A static field declared by A is used and the field is not a constant variable – JLS SE17 §12.4.2. Detailed Initialization Procedure

  20. Static initializers in interfaces interface I { static { Store.getInstance().processClassUsage("I");

    } public void method(); } Forbidden in Java Allowed in Byte code

  21. Classes found in byte code Recorded classes Bloat classes Dynamically

    generated classes (e.g. for lambdas)

  22. What to do with this information?

  23. Classes found in byte code Recorded classes Bloat classes Dynamically

    generated classes (e.g. for lambdas) Remove

  24. class UnusedClass { static { LOG.error("Class UnusedClass is used "

    + "which is not allowed"); } private int field; public void method() {...} }

  25. And now for something complete different Source: Monty Python

  26. Implementation

  27. Structure JVM with Agent Instrumenter Used Classes Instrumenter JVM Instr.

    JAR Used Classes Reduced JAR JAR with Error Messages JAR Due to Spring classloader magic

  28. Agent Structure Main premain(args) ClassTF transform Store Class State start

    store

  29. package my.app; class A { static { Store.getInstance().processClassUsage("my.app.A"); } private

    int field; public void method() {...} } Only one problem...

  30. package java.lang; public final class String implements ... { static

    { Store.getInstance().processClassUsage("java.lang.String"); } @Stable private final byte[] value; ... public String() {...} ... }

  31. Class Loader Hierarchies platform app bootstrap X Y class reference

    delegates to

  32. Agent Structure Main premain(args) ClassTF transform Store Class State start

    store Runtime JAR

  33. Class Loader Hierarchies platform app bootstrap X Y class reference

    delegates to searches in runtime.jar https://mostlynerdless.de/blog/2023/06/02/class-loader-hierarchies/

  34. Implemented via inst.appendToBootstrapClassLoaderSearch(new JarFile( getExtractedJARPath().toFile())); instrumentation Instrumentation { void appendToBootstrapClassLoaderSearch(JarFile

    jarfile); }

  35. Normally public static void main(String[] args) { ... } public

    static void main(String args[]) { ... } void main() { ... }

  36. Main Class public static void agentmain(String agentArgs) { ... }

    JVM start later attach attach public static void premain(String agentArgs) { ... }

  37. Main Class public static void agentmain(String agentArgs, Instrumentation inst) {

    ... } public static void premain(String agentArgs, Instrumentation inst) { ... }

  38. Main Class public class Main { public static void premain(String

    agentArgs, Instrumentation inst) { AgentOptions options = new AgentOptions(agentArgs); ... inst.appendToBootstrapClassLoaderSearch( new JarFile(getExtractedJARPath().toFile())); ... inst.addTransformer(new ClassTransformer(options), true); } ... } Instrumentation.retransformClasses

  39. ClassTransformer extends ClassFileTransformer “ An agent registers an implementation of

    this interface using the addTransformer method so that the transformer’s transform method is invoked when classes are loaded, redefined, or retransformed – ClassFileTransformer Documentation

  40. ClassTransformer#transform byte[] transform( ClassLoader loader, String className, Class<?> klass, ProtectionDomain

    domain, byte[] classfileBuffer) throws IllegalClassFormatException { ... }

  41. ClassTransformer#transform if (className.startsWith("me/bechberger/runtime/Store") || className.startsWith("me/bechberger/ClassTransformer") || className.startsWith("java/") || className.startsWith("jdk/internal") ||

    className.startsWith("sun/")) { return classfileBuffer; } How to actually transform the bytecode?

  42. https://www.javassist.org/

  43. ClassTransformer#transform private void transform(String className, CtClass cc) { String cn

    = formatClassName(className); Store.getInstance() .processClassLoad(cn,cc.getClassFile().getInterfaces()); cc.makeClassInitializer() .insertBefore( String.format("me.bechberger.runtime.Store.getInstance()" + ".processClassUsage(\"%s\");", cn)); } ?

  44. With Spring-PetClinic Class org.apache.tomcat.util.net.SocketBufferHandler is used which is not allowed

    Class org.apache.tomcat.util.net.SocketBufferHandler$1 is used which is not allowed Class org.apache.tomcat.util.net.NioChannel is used which is not allowed Class org.apache.tomcat.util.net.NioChannel$1 is used which is not allowed ... java -javaagent:./target/dead-code.jar=output=classes.txt \ -jar petclinic.jar u ch.qos.logback.classic.encoder.PatternLayoutEncoder l ch.qos.logback.classic.joran.JoranConfigurator u ch.qos.logback.classic.jul.JULHelper u ch.qos.logback.classic.jul.LevelChangePropagator ...

  45. Other applications of agents

  46. Main agentmain(args) premain(args) Profiler sample sleep Store start store Write

    your own profiler See https://mostlynerdless.de

  47. @parttimen3rd on Twitter parttimenerd on GitHub mostlynerdless.de @SweetSapMachine sapmachine.io