RFR: 8200559: Java agents doing instrumentation need a means to define auxilary classes
alanb at openjdk.java.net
Fri Apr 16 14:32:39 UTC 2021
On Fri, 16 Apr 2021 13:44:16 GMT, Rafael Winterhalter <winterhalter at openjdk.org> wrote:
> To allow agents the definition of auxiliary classes, an API is needed to allow this. Currently, this is often achieved by using `sun.misc.Unsafe` or `jdk.internal.misc.Unsafe` ever since the `defineClass` method was removed from `sun.misc.Unsafe`.
JDK-8200559 is about defining auxiliary classes in the same runtime package at load-time whereas I think the proposal in this PR is adding an unrestricted defineClass to the Instrumentation class. I think this will require a lot of discussion as there are significant issues and concerns here. An unrestricted defineClass might be okay for tool/java agents when started from the command line with -javaagent but only if the Instrumentation object is never ever leaked to library or application code. It could potentially be part of a large effort to reduce the capabilities of agents loaded via the attach mechanism. More generally I think we need clearer separation of the requirements of tool agents from the requirement of framework/libraries that want to inject proxy and other classes at runtime.
Separately, the proposal in JEP 410 is to terminally deprecate ProtectionDomain.
More information about the core-libs-dev