RFR: 8365400: enhance JFR to emit file and module metadata for class loading
Erik Gahlin
egahlin at openjdk.org
Mon Oct 6 22:38:45 UTC 2025
On Mon, 6 Oct 2025 18:15:51 GMT, Larry Cable <duke at openjdk.org> wrote:
> while existing class loading JFR events exist, none of these provide the path (if available) from which a class is loaded/defined, nor are they easily modified to do so from a compatibility standpoint.
>
> therefore this ER/PR adds a simple JFR event that encapsulates a tuple of class and path that can be enabled in order to provide an audit/debug trail of locations (path, if available) from which a particular class is loaded/defined.
>
> this association can be used for various "applications" such as basic auditing etc
I have not reviewed SecureClassLoader, as this is better done by people who are more knowledgeable in the area. That said, toExternalForm() appears to be a somewhat expensive function, so you may want to add a guard. Also check for null.
ClassFileDefineEvent event = new ClassFileDefineEvent();
if (event.isEnabled()) {
event.definedClass = cls;
if (cs != null) {
URL location = cs.getLocation();
if (location != null) {
event.path = location.toExternalForm();
}
}
event.commit();
}
Could you also add the event to profile.jfc? Please remove "Name" from the label "Defined Class Name," as the whole class is serialized, and add a test to test/jdk/jdk/jfr/event/runtime.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/27656#issuecomment-3374488908
More information about the security-dev
mailing list