[External] : Re: Verification in agent transformers

coleen.phillimore at oracle.com coleen.phillimore at oracle.com
Mon Mar 10 20:44:42 UTC 2025



On 3/10/25 4:14 PM, Alan Bateman wrote:
> On 10/03/2025 18:25, Ryan Ernst wrote:
>> I created a reproduction:
>>
>> verify-error-repro.png
>> rjernst/verify-error-repro 
>> <https://urldefense.com/v3/__https://github.com/rjernst/verify-error-repro__;!!ACWV5N9M2RV99hQ!KIEIqqu475SaI3subOAn49baG1td4FYwqRarkv_3BgCYLhaTpVFwf-MKTovjGLmIr4KUnbhvWgfw4Q$>
>> github.com 
>> <https://urldefense.com/v3/__https://github.com/rjernst/verify-error-repro__;!!ACWV5N9M2RV99hQ!KIEIqqu475SaI3subOAn49baG1td4FYwqRarkv_3BgCYLhaTpVFwf-MKTovjGLmIr4KUnbhvWgfw4Q$>
>>
>> <https://urldefense.com/v3/__https://github.com/rjernst/verify-error-repro__;!!ACWV5N9M2RV99hQ!KIEIqqu475SaI3subOAn49baG1td4FYwqRarkv_3BgCYLhaTpVFwf-MKTovjGLmIr4KUnbhvWgfw4Q$>
>>
>> Again, the VerifyError is correct, it’s what we expect (we created 
>> bad bytecode in a transform), but it doesn’t always occur.
>>
> Classes loaded from modules mapped to the boot loader, or classes on 
> the boot loader's class path, are not verified if modified at class 
> load time. They are verified if redefined at runtime. Developers of 
> agents are not infallible so there may be an argument to enable 
> BytecodeVerificationLocal when an agent enables one of the 
> can_generate_XXX_class_hook_events capabilities.

Yes, I just checked the code and we don't verify classes loaded via CFLH 
and we should fix that.
Coleen

>
> -Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/hotspot-dev/attachments/20250310/2e4664c1/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: verify-error-repro.png
Type: image/png
Size: 120561 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/hotspot-dev/attachments/20250310/2e4664c1/verify-error-repro-0001.png>


More information about the hotspot-dev mailing list