Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Instrument to Remove: Using Java agents for fun and profit

Johannes Bechberger
October 17, 2023
Programming
0
19

Instrument to Remove: Using Java agents for fun and profit

Have you ever written a Java agent? This talk will give you an introduction into writing small custom Java agents to create profilers or help with dead code removal, and how to write basic byte-code instrumentations.

I'll present you with all the techniques to write a Java agent and javassist based instrumentation code to find unused classes and dependencies in your project. Knowing which classes and dependencies are not used in your application can save you from considering the bugs and problems in these dependencies and classes if you remove them, helping to guard against supply chain attacks.

Java agents and instrumentation of a few lines of code can save you a lot of effort and implementing them is great fun :)

Johannes Bechberger

October 17, 2023
Tweet

More Decks by Johannes Bechberger

See All by Johannes Bechberger
Python 3.12's new monitoring and debugging API (PyConDE 2024)
parttimenerd
0
10
Instrument to remove (VoxxedDays Zürich 2024)
parttimenerd
0
8
Let’s create a Python Debugger together (PyConLt 2024)
parttimenerd
0
8
Python 3.12's new monitoring and debugging API
parttimenerd
0
45
Inner Workings of Safepoints
parttimenerd
0
41
Do you trust profilers? I once did too
parttimenerd
0
34
DIY Python Debugger
parttimenerd
0
4.6k
Debugging Unveiled
parttimenerd
0
2.9k
Debugging Unveiled: Exploring Debugger Internals to Make You a Better Developer
parttimenerd
0
63

Other Decks in Programming

See All in Programming
Documentation testsの恩恵 / Documentation testing benefits
ssssota
1
540
Open AI APIを使う前に知っておきたいアカウントTier の話
akki_megane
0
120
Deep Dive into React Stream/Serialize
mugi_uno
4
850
Node.js v22 で変わること
yosuke_furukawa
PRO
12
4.2k
dbtのドメイン分割による データ基盤の改善とDigdagとの連携
sakama
0
500
Good first issues of TypeProf
mame
1
300
TypeScriptでもLLMアプリケーション開発 / LLM Application In Typescript
rkaga
5
1.3k
Scalable Customer Journey Orchestration (CJO)
lewuathe
0
480
slow types ってなんだろう?
karad
0
210
Embedding it into Ruby code
soutaro
0
120
The Cutting Edge Of Versioning (LambdaConf 2024)
chriskrycho
0
250
Productivity is Messing Around and Having Fun
hollycummins
1
170

Featured

See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
GraphQLとの向き合い方2022年版
quramy
33
12k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
660
120k
Imperfection Machines: The Place of Print at Facebook
scottboms
261
12k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Documentation Writing (for coders)
carmenintech
60
4k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
KATA
mclloyd
16
12k
Into the Great Unknown - MozCon
thekraken
15
1.1k
Web Components: a chance to create the future
zenorocha
306
41k
Ruby is Unlike a Banana
tanoku
96
10k
The Mythical Team-Month
searls
217
42k

Transcript

  1. Instrument to Remove Using Java agents for fun and profit

    Johannes Bechberger

  2. <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-validation</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId>

    <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <!-- Databases - Uses H2 by default --> <dependency> <groupId>com.h2database</groupId> <artifactId>h2</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>com.mysql</groupId> <artifactId>mysql-connector-j</artifactId> <scope>runtime</scope> </dependency>

  3. Do you need all?

  4. Probably not

  5. None

  6. Software systems have a natural tendency to grow in size

    and complexity over time. A part of this growth comes with new features or bug fixes, while another part is due to useless code that accumulates over time. The problem of safely debloating real-world applications remains a long- standing software engineering endeavor today. — Soto-Valero et. al “ Source: https://arxiv.org/pdf/2008.08401.pdf

  7. How do we debloat?

  8. Debloating tools Dynamic Static Coverage Profiling Code Analysis Dependency Analysis

    ./gradlew lintGradle
  9. None
  10. None
  11. None
  12. None

  13. You know the JVM? Could you help us debloat programs

    using agents or profilers?

  14. Existing tools have problems...

  15. So let’s write our own * as a proof of

    concept for a blog post *

  16. Reduce the Problem

  17. Find unused classes Source: https://arxiv.org/pdf/2008.08401.pdf

  18. Find unused classes class A { static { Store.getInstance().processClassUsage("A"); }

    private int field; public void method() {...} }

  19. When are static initializers called “ • T is a

    class and an instance of A is created. • A static method declared by A is invoked. • A static field declared by A is assigned. • A static field declared by A is used and the field is not a constant variable – JLS SE17 §12.4.2. Detailed Initialization Procedure

  20. Static initializers in interfaces interface I { static { Store.getInstance().processClassUsage("I");

    } public void method(); } Forbidden in Java Allowed in Byte code

  21. Classes found in byte code Recorded classes Bloat classes Dynamically

    generated classes (e.g. for lambdas)

  22. What to do with this information?

  23. Classes found in byte code Recorded classes Bloat classes Dynamically

    generated classes (e.g. for lambdas) Remove

  24. class UnusedClass { static { LOG.error("Class UnusedClass is used "

    + "which is not allowed"); } private int field; public void method() {...} }

  25. And now for something complete different Source: Monty Python

  26. Implementation

  27. Structure JVM with Agent Instrumenter Used Classes Instrumenter JVM Instr.

    JAR Used Classes Reduced JAR JAR with Error Messages JAR Due to Spring classloader magic

  28. Agent Structure Main premain(args) ClassTF transform Store Class State start

    store

  29. package my.app; class A { static { Store.getInstance().processClassUsage("my.app.A"); } private

    int field; public void method() {...} } Only one problem...

  30. package java.lang; public final class String implements ... { static

    { Store.getInstance().processClassUsage("java.lang.String"); } @Stable private final byte[] value; ... public String() {...} ... }

  31. Class Loader Hierarchies platform app bootstrap X Y class reference

    delegates to

  32. Agent Structure Main premain(args) ClassTF transform Store Class State start

    store Runtime JAR

  33. Class Loader Hierarchies platform app bootstrap X Y class reference

    delegates to searches in runtime.jar https://mostlynerdless.de/blog/2023/06/02/class-loader-hierarchies/

  34. Implemented via inst.appendToBootstrapClassLoaderSearch(new JarFile( getExtractedJARPath().toFile())); instrumentation Instrumentation { void appendToBootstrapClassLoaderSearch(JarFile

    jarfile); }

  35. Normally public static void main(String[] args) { ... } public

    static void main(String args[]) { ... } void main() { ... }

  36. Main Class public static void agentmain(String agentArgs) { ... }

    JVM start later attach attach public static void premain(String agentArgs) { ... }

  37. Main Class public static void agentmain(String agentArgs, Instrumentation inst) {

    ... } public static void premain(String agentArgs, Instrumentation inst) { ... }

  38. Main Class public class Main { public static void premain(String

    agentArgs, Instrumentation inst) { AgentOptions options = new AgentOptions(agentArgs); ... inst.appendToBootstrapClassLoaderSearch( new JarFile(getExtractedJARPath().toFile())); ... inst.addTransformer(new ClassTransformer(options), true); } ... } Instrumentation.retransformClasses

  39. ClassTransformer extends ClassFileTransformer “ An agent registers an implementation of

    this interface using the addTransformer method so that the transformer’s transform method is invoked when classes are loaded, redefined, or retransformed – ClassFileTransformer Documentation

  40. ClassTransformer#transform byte[] transform( ClassLoader loader, String className, Class<?> klass, ProtectionDomain

    domain, byte[] classfileBuffer) throws IllegalClassFormatException { ... }

  41. ClassTransformer#transform if (className.startsWith("me/bechberger/runtime/Store") || className.startsWith("me/bechberger/ClassTransformer") || className.startsWith("java/") || className.startsWith("jdk/internal") ||

    className.startsWith("sun/")) { return classfileBuffer; } How to actually transform the bytecode?

  42. https://www.javassist.org/

  43. ClassTransformer#transform private void transform(String className, CtClass cc) { String cn

    = formatClassName(className); Store.getInstance() .processClassLoad(cn,cc.getClassFile().getInterfaces()); cc.makeClassInitializer() .insertBefore( String.format("me.bechberger.runtime.Store.getInstance()" + ".processClassUsage(\"%s\");", cn)); } ?

  44. With Spring-PetClinic Class org.apache.tomcat.util.net.SocketBufferHandler is used which is not allowed

    Class org.apache.tomcat.util.net.SocketBufferHandler$1 is used which is not allowed Class org.apache.tomcat.util.net.NioChannel is used which is not allowed Class org.apache.tomcat.util.net.NioChannel$1 is used which is not allowed ... java -javaagent:./target/dead-code.jar=output=classes.txt \ -jar petclinic.jar u ch.qos.logback.classic.encoder.PatternLayoutEncoder l ch.qos.logback.classic.joran.JoranConfigurator u ch.qos.logback.classic.jul.JULHelper u ch.qos.logback.classic.jul.LevelChangePropagator ...

  45. Other applications of agents

  46. Main agentmain(args) premain(args) Profiler sample sleep Store start store Write

    your own profiler See https://mostlynerdless.de

  47. @parttimen3rd on Twitter parttimenerd on GitHub mostlynerdless.de @SweetSapMachine sapmachine.io