RFR: 8337517: Redacted Heap Dumps [v2]
Kevin Walls
kevinw at openjdk.org
Fri Aug 2 08:30:33 UTC 2024
On Thu, 1 Aug 2024 21:46:04 GMT, Henry Lin <duke at openjdk.org> wrote:
>> Adds a command line option `-redact` to `jcmd` and `-XX:+HeapDumpRedacted` enabling redacted heap dumps. When enabled, the output binary heap dump has zeroes written out in place of the original primitive values in the object fields. There is a new jtreg test `heapDumpRedactedTest.java` that tests that the fields are properly redacted.
>
> Henry Lin has updated the pull request incrementally with three additional commits since the last revision:
>
> - refactored redact conditional
> - format HeapDumpRedactedTest.java
> - Revert "add jmap redact"
>
> This reverts commit e87b74e7d9d58867f7d64bb0ae331cba665e05d4.
Notes on built-in redaction vs. external tool:
As a system owner, I would want both kinds of dump?
The pure dump for myself, and the redacted dump to share with a 3rd party for analysis.
They may come back with information about relationships (a particular HttpRequest object #ID is involved, or observations on threads and locks etc...), and I can confirm in more detail in the original dump with the actual Strings.
That suggests a tool outside the JVM, a post-processor for HPROF dumps that performs redaction.
If I can use jcmd to switch redaction on and off, to get both kinds of dump: do I really want to perform the dump twice (if some people don't like suspending their app once), and getting slightly different (or maybe significantly different) state in the two dumps.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/20409#issuecomment-2264850555
More information about the hotspot-runtime-dev
mailing list