RFR: 8200559: Java agents doing instrumentation need a means to define auxiliary classes [v2]

[Andrew Dinn]

On Sun, 28 Jan 2024 22:33:01 GMT, Rafael Winterhalter <winterhalter at openjdk.org> wrote:

> What stops people from supplying a fake instance? Wouldn't you need to "test run" the instance first?

Not necessarily. When the generated API implementation relies on the capabilities of class `Instrumentation` -- such as opening modules -- to implement the invoked operation the obvious answer is that a fake instance just won't work.

However, if you want the implementation to validate an incoming call you can easily arrange for that. For example, provide a method on the agent class that says yes to its own instance and no for any other instances e.g.

    class AgentClass {
      private static Instrumentation myInst = null;
      
      void premain(Instrumentation inst) {
        myInst = inst;
        . . .
      }
      static boolean validate(Instrumentation inst) {
        return myInst != null && inst == myInst;
      }
      . . .
    }

Method validate can be used to ensure API calls only proceed when invoked by the agent or code that the agent trusts.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/3546#issuecomment-1914771074