Making Java more dynamic

Just another WordPress site

Making Java more dynamic

hi so alright perfect I got signal it’s time to start and first of all thank you all for coming to this talk my name is Rafael I’m a software consultant in Oslo in Norway I’m a German though so I’m not a fellow of Scandinavian but I’m really glad to be here and I’m talking to pay about runtime code generation or in the end I want to convince you all that Java at its heart is a dynamic programming language to some extent and I’m using this principle a lot so I’m writing a library called bite buddy which I’m going to talk a bit about today and I’m also maintaining a library called CG lip if you have worked with that and I’m also helping out on a Makita project and all of these libraries built on the assumption that that Java is a fairly dynamic and that’s what I’m gonna try to show you today but so do you understand what I mean by that I want to look at an example with you first before we dive into runtime code generation I want to show you how it is used and I’m trying to build a small library with you now and don’t be scared it’s it’s not much code it’s more about principle when we’re trying to implement a security library such as spring security and then I’m mentioning spring security because obviously if you know spring security the api’s are quite similar so we’re trying to do is we want to have an annotation in this example it’s called secured with an attribute which is called user and we want to use this annotation on methods and we want to tell the java virtual machine that whenever a method is secured the method should only be invoke about if the user holds in this case has a user locked in that equals the attribute so in this case we start with anonymous which is the default user in our framework and we want to have like a service like this one and we have this very sensitive method right and we want to make sure that only administrators can ever call this method right so that’s basically the set up that’s what we want to implement and here we have a problem because the java virtual machine doesn’t process annotations annotations are the class files they’re metadata but they don’t trigger any execution path so the JVM going to anything just because as a notation but something we have to do that’s where we’re runtime code generation will come in and we see that in a second right because because if we want to implement this library what would you do how could we solve this problem right the first problem we have is that we implement the framework right so the framework doesn’t know about the service necessarily so the framework promises to secure any type we give it but the framework doesn’t necessarily know about this type at compilation time at least because we have two jars right we have spring security and we have your framework and and string security doesn’t know about your framework you can’t call pivotal and saying look guys have this new service please update you library to support it and because that’s not not the idea right so library doesn’t know about your service but your service knows about about the the framework and it’s it should be the other way around but obviously at runtime both libraries end up at the same class path right we have these two jars and they come together for the first time only at runtime that’s why it’s not only about code generation it’s it’s about runtime code generation experts make it so important right so given or let’s just assume for a moment we can change implementations and we can as we will see how can we implement security in this case well the easiest way to do it would be just redefining the method right how can we implement security we have Tarun tation saying admin so we have to just add a small if right we say if admin doesn’t equal the current user then we throw an exception and as a consequence of that exception being thrown we will never touch the code to thus the deletion logic right so that’s how easy it is to do a security framework that’s all we need to do there the only thing we have to find out is how to do it and that’s ways for that’s like build time instrumentations or you can have a maven plugin for example puts the SIF into your source code before you compile it or it as there’s Java agents you’re gonna look into Java agents for for a minute in the end of the talk right the more typical way of doing things and that’s how spring security does it more or less is however not redefinition but it’s Liskov substitution Liskov substitution in a way is we create a subclass where we override the method and the overridden method is just the same check that we just shown where we checked the current user against the admin string and if that’s not the user we expected we throw an exception and we never call the super method as a consequence because we exit the method it’s a consequence the method is secure and this is really the first step of why Java is very dynamic programming language every call site almost is wilfully dispatched right so at runtime

the class has come together and they bound spring if you define a spring spring bean right do you get an instance of the class that you have defined no you don’t you get a proxy class that spring creates for you where spring injects all the logic for you like transactional for example you will have something like that where transaction is opened the super method is called and after returning from the method the transaction is closed same goes for for the secured annotation or goes for metrics annotations all of this is done by runtime code generation and that’s why it’s worth knowing about this you all do use runtime code generation every enterprise project does use code generation and it shows in the download numbers right these libraries that I work with they’re not very low and they’re not not famous in anybody but they’re very heavily used because it’s it’s a it’s a neat little tool by themselves they do little but they can enable very powerful implementations okay so let’s do some job of 101 and then that’s where the dynamic part I think comes out the best so let’s how does Java work how does the Java program work you write a program you use Java or use Scala Ruby JRuby closure Kotlin there’s an endless list of languages on the JVM and and how do they all work on the JVM it’s by compiling two so-called Java bytecode so Java bytecode is an abstraction layer between the java virtual machine and the hardware that’s that’s basically run running the code but bytecode and in favor of a machine code is standardized and that’s the reason how all these languages can interact as well Java can call a Scala method in theory at least or the other way around because bytecode is the only common language that is spoken on the JVM even if you write a Java program and you bind your code to another library at compile time you are basically looking at the bytecode of this library but you don’t even need the source code and this bytecode is a small lesson universal language and it has very little information already about how it is actually executed Java class is a very loose concept right it’s not even blinked the linking happens at runtime that enables you to basically if you if you happen to intercept this linking process that you can just inject any code anywhere in your program where you want to and that that’s basically opening up for for spring for hibernate all these libraries to do what they doing so bytecode itself is sort of a machine code abstraction it’s very high-level still and but it’s it’s machine code for a java virtual machine right and the Java the machine is not an actual machine it’s a virtual machine so that the machine code which is byte code is also rather virtual but it had runtime it’s loaded by a class loader and it’s standing first in the president hotspot at least and then it’s optimized and that’s not an important factor and compiled Java programs are not yet optimized that’s happening at runtime so we can actually do runtime code generation without having a performance trade-off so so doing conservation isn’t changing anything for you because your code that you generate will be optimized in programs like C they’ll see compiled programs you have to take care of that if you manipulate a program because you change the performance behavior as well that’s not true for Java right so what we can do for that is that at runtime like bite body which is my own libraries or from putting a picture here you can basically think of any library ASM CG lib that these libraries can create new new Java code from a Java program and that at first might not make sense to you but if you think about it and then you can put a library in the class pot and that interacts with codes that you did not even know at compile time which is in this case the server Slayer from the perspective of spring security and you cannot only create bytecode since this format is standardized compared to machine code you can also read byte code and then you can know what a program is doing and you can also look into annotations for example that’s what these libraries basically have buildable so you can read and you can create classes and you’re executed by the JVM and if you look yes and get a circle basically you’re writing a Java program that at runtime reads itself and then manipulates the program that’s executed at runtime so you know that at compile time you don’t have necessary information so you could lie the process until execution time and then you just run the program in the way you intended it when you have the necessary information that’s basically the idea of runtime code generation and in dynamic languages this is applied a lot but then you have often naming conventions or whatever like react for example how does react work it discovers methods that just have a particular name that’s a contract in the way in Java you you can do the same thing more or less but you use annotations right to interact okay so and then this is the point where

people sometimes have objections right why do you need to go that far Java already has a means of interacting with code that it doesn’t know right and that’s the reef reflection API the reflection API can do the exact same thing and then runtime code generation can do you can get to declare method by its name and its parameter types and again invoke it with an object it is this reference and arguments right the problem with the reflection API is that it is completely untyped safe and that’s where Java gets very verbose there’s a lot of tract exceptions and the worst case a lot of typecasting you lose information that you actually have and think of a second about how this would work for a full spring security if spring security didn’t do runtime code generation it would mean that you had some sort of abstraction like a secure method called object drive and you would give it in this instance you would give an argument and all that and then you could still do the thing you could do the security track you can read the annotation out but as a result you cannot behave you cannot program towards your service but you have to talk a program towards the the framework object and that’s something you want to avoid right you want POJO centric applications want to keep this abstraction layer out of the business logic and with reflection you cannot do that to the the great thing about cogeneration is that you can hijack a type of a user you can inject your own logic but the user program remains fully typesafe so you basically just opt out of type safety for the minimum amount of time that you need and that’s how you write a dynamic program this using reflection in a way you can emulate a dynamic program but you lose all type safety with cogeneration you can have short segments of coated on type safe in theory at least and they are still type safe since the JVM at runtime does check types right you cannot call a method it doesn’t exist an object even if you cast it but you can for the user at least project this world where all types are still safe and that compile time right another point about reflections also that it doesn’t fail fast and fail fast is important because you don’t want to have this one routine that only runs once a month if there’s a bug in that routine the reflection API would only trigger the error once the routine is run with code generation most of the time at least you get an arrow at start time of a program which is often the preferred way of finding out that something’s wrong and that’s why this talk is also called making draw more dynamic right or you know the slide first right and you can also argue that do it yourself would be an alternative right you can just copy paste this this check inside of every method that you want to secure but then at least you have testing as an issue and it’s not a very clean abstraction because this might just be the start right you can have a security handler you might have metrics interceptor you might have transactional interceptors by doing this form of declarative programming and keeping the method clean to the business logic you can separate your program program much better right so this slide I thought would come in JavaScript for example in applications like react we have this sort of program model all of the time so this is nothing new it’s just a bit more complex to implement in Java because we have type safety even mat runtime in Java scripts however we might have the same the same problems that right we have a delete everything method and some service object and we call this delete everything method somewhere in our program and if a framework is in between our code and the call site here then we cannot be sure that this object actually is the object that we expect it’s all right this is subtyping there’s only the convention of the method name and how the frameworks like react how do they know that they have to rerender a page for example they know because when you call and a method on one of our function of one of your state objects in the framework the framework doesn’t actually give you back you object your state object in react for example it gives you back a proxy where it set some flak turret where it knows that if you call that method you have changed the state of the page and it needs to rerender so the framework always injects its own hooks into the code that you are supposed to be running because it needs to know something about your program that you don’t want to put explicitly in there right so duck typing and code generation in a way are very similar concepts and the dynamic languages this is a lot happening and it’s also happening a lot on the JVM really every framework of a certain size uses Confirmation like the spring framework I talked about that hibernate how does hibernate know that it has to load something from the database well if you call a getter on one of your objects it knows that now you are requesting and information and if it doesn’t have it it doesn’t just return an object it has

rewritten the method to go to the database fetched information map it to an object and return that object instead the same goes when you call a setter it knows that you have changed the state of the object that there is something to flush back to the database once you’re done with something right that’s how hibernate works is actually pretty simple the same goes for mojito this is something I mean Walston how can we key to mock your your classes well the override every method to just return now right and if you change something let me just something else and we also record all the method calls so that we can verify it in the end so this is all the magic and everybody just doing it juice is doing it the Eclipse link is obviously doing it played as a clover for for how does clover know the test coverage well it it rewrites your code to just have a call back into clover I bring every line of code right I’ve been here I’ve been here I’ve been here that’s basically it perhaps you make it zero the openjdk even uses cogeneration for lambda expressions lambda expressions in the end are just just classes that are generated on demand you don’t put it into the compiled code because then at runtime you might do a Java update and the Java might have new constructs available for lambda taking numbers more man performant most likely so then they can just exchange it and the next time you start up your program the new logic generates a better class for your lambda expression right okay awesome so now we can use this for everything right so and I’m putting this in because unfortunately I’m active on Stack Overflow a lot and I’m answering a lot of questions too regarding code generation and this is the worst part of it it’s abused a lot as well and it’s it’s abused in the context of performance and performance on the Java 2 machine is a tricky Beast in the first place right it’s it’s difficult to tell what things are doing so a lot of performance work unfortunately is guesswork and then I’ve given a talk about how the JVM compiles code that job 1 this year now last year so if you want to do this I I can obviously just refer you to that talk I’m not going to go into details but in general what the JVM does is it takes your code it reads it just like a second generation favor can reach you by go to JVM obviously also reach your bytecode and then it tries to figure things out at runtime and the JVM is something called a profile based I has a so called profile based and just-in-time compilation where it looks at actual behavior of your code so the general rule or the general derivative of this is that you cannot outsmart a JVM and it sounds obvious and it is obvious but but people still try to do it so an example is this right we have that that multiplies some value I with a constant value and as a C programmer you might say okay this constant value I want to inline that so so because it’s out there so what do I do I go into the method and I just rewrite it to put the constant value right into the compute method right so so the program is fast a one level of indirection less that’s a that’s a pointer referral in the compiled format right but it’s not the bytecode is just a metaphor my code is more or less the programming language of the java virtual machine the java virtual machine ironically doesn’t know Java JVM does know what Java is it only knows bytecode so a source code program to the job travel machine is fully meaningless but it will take the byte code until wrangle it and it will wrangle it a lot so never do these things did if you google code generation and performance you have like CG lip for backwards compatibility reasons we still have it these fast class fast method abstractions right the JVM has all that already it does that better than C chillip forms advice it was true for Java one two one three isn’t valid any more than any age of Java 8 so this old code just older wise just ignore it half of the stuff on the internet about CG lip about code generation is false as of Java form or less so it’s been false for years since people still apply this rule so that’s why I’m making it explicit one one important part is reflection reflection is supposed to be slow right and and reflection isn’t fast but what slow and reflection is looking up a method and it’s mostly linked to the security model of the JVM and it’s about the state of the method instances you know Methodist is accessible or not accessible so whenever you call get declared method the JVM can only order the Flex Navy I can only return your copy of the object not the actual method it it has linked already to some some something right because you can change the state and that might change the program somewhere else because you changed it to be accessible so and people like to say reflection is slower than the generated code is slower than native code that’s not true what makes reflection slower what people that makes reflection slow is that reflection and original form is implemented SS Java native interface

right in the JVM what it does it reads your code and it looks through it and sees okay I can put this together I don’t need to do this this is not necessary so I’m not even running this code but if you use J and I the trust and time compiler I can only say Oh C code I don’t know C so I I have to run it right and then that might block a lot of up the optimizations and if reflection really was implemented with chain I only this would be a problem because every reflective call if you call a method reflectively that doesn’t do anything the JVM would normally do nothing because that’s the same thing for profile based cheat so the JVM has cogeneration as well it will generate bytecode at some point for you so you don’t need to do it yourself there’s something that’s concepts called inflation you can actually set inflation threshold by default it’s 15 if you have called a method 15 times by reflection the 16th call will be as if you had called it with the normal method called that you hard-coded there’s nothing to worry about yeah so the JIT compiler knows its job you cannot outsmart oh and trader kthuman you can try but you most likely will not succeed so what’s bytecode now this was the theory part now I’m diving into how you can do cogeneration and that’s the more the more fun part I hope so I hope you can you can actually apply this for your project I’m pretty sure you have use cases but let’s just look at two into PI code because in the end that’s what we will be messing with right so we in this method we just want to add one and two and we want to return it so how does it look a bytecode program is is just a list of instructions and it’s executed from top to bottom and what the JVM is over to JVM abstractionists and I’m stressing abstraction here because this is not what’s gonna happen in hardware this is just a metaphor you used to communicate your program to the JVM in this metaphor the hardware you’re running on is a stack machine and the stack machine now you remember back two days you’ve been at niversity is nothing that actually happens in hardware lot anymore like my machine is not a stack machine is a register machine but in the JVM we have a stack and then we push values on that stack when we can pop values off the stack again so this case I Const one is just an instruction to push the number one on to the operand stack and then two pushes the number two on top of that right and in the I add construction you might guess it pops the topmost values and pushes back the sum right now we have three on the stack then there’s another instruction in this case I return which is popping the top value just now three and returns it to the call of the method and it’s called bytecode because every number every instruction has a byte assigned to it so if you read up the driver to a machine specification you can find a listing of I thinking now a hundred and ninety opcodes that’s how they called and where every opcode has a byte assigned to it and basically describes the the expected behavior as long as you coding to it you can implement Scala just to do this right you can do this in Scala you can add one or two in scala obviously so if you compile is called a program to do that you will get their behavior at runtime that you expect and yeah what did I want to say yeah and in the end this is all we need to do and it is tedious but it’s not hard bytecode isn’t difficult right and if you if you compile a class with this method inside of it you can open the class file with an hex editor and you will find these four bytes you will find oh four oh five six DAC in a row somewhere because that’s the method body that’s somewhere in there and then you can use this hex editor you can for example change the oh four by to become a five and if you run the class file you will have two plus two instead of one plus 2nu just did code manipulation because in the end code manipulations is mapping a byte array to another byte array right so that’s just as libraries to do this more elegantly written from Java instead of having to parse the class file yourself you use basically what the Stax parser is to XML ASM is the bytecode format and it’s also visitor API so you will be able to basically have a visitor being called for every instruction you discover in the class file but you can also just write methods so in order to implement this method we can just use ASM and to have our so-called method visitor and call them visit ins I cost one icons to I add I return you just created a method dynamically and there’s a tree API as well so you can also do it a bit more yeah less efficiently but more comfortably doing basically manipulating nodes and you can you have state but you have to have it a memory and with with

wizard RBI this is what most people use you have the full performance benefit and but you have to do it in one pass right and that’s great bytecode level API so if you full freedom you can do everything and and sometimes it’s the right thing I argue in 99% of the cases it’s not the right thing and it’s I’ll show you bite buddy next and it’s much easier than that so even though I just told you what bytecode is you don’t really need to know it and because it’s the biggest problem with ASM everybody in the team cellino’s needs to know about the JVM about the stack metaphor and des that the Jamie M’s type system is different to Java stipes in a JVM for example it doesn’t know boolean it doesn’t know Schwartz chars JVM just treats all that as int right and so and none of the forms advice you don’t need to use shorts to make things fast it’s not happening it’s already erased at a compilation stage you might save some memory at some point but certainly not in inside of method bodies so but this is stuff you have to communicate to your team and you don’t want to do this also it’s very error-prone yes you have to actually tell the JVM how big the stack is going to be right you have to tell it I want to push two values so please allocate two stack frames for me I mean with Java 6 the micro optimization from hell also known as stack map frames was introduced where you have to explain JVM all jump sites inside of your your method because the JVM doesn’t have if else it has go to good old go-to so this is also thing you obviously don’t want to deal with and that’s another irony by could level ApS are themselves not type size if you just switch the order of a method at a visitor call you have things confused and you get the wrong results and it’s difficult to trace down and it’s very little expressive of course one plus two is better readable and the bytecode version of it but you have to know overhead and it’s a very popular library ASM so it’s very proven PCL is an alternative it’s something bit better in some extent but not significantly and since the open JDK started using ace and everybody is basically referring to it as people on the only framework you have to watch out though between Version three and four is the most most a space and related question on Stack Overflow is to version clash because they changed api’s a bit all right but I promised that you don’t have to know any of that and I’m just telling you because I want you to see the picture right this is where we go to a conference talk for otherwise I could have sent your link to some some code example and this is the code example I would send you by body I have started by body three years ago I’m trying to replace eg lip on the long run because originally I try to extend CG lip but the problem with see Chula Vista it was written back in in the days of Java 1.1 and the code isn’t pretty to say it gently and it there’s a lot of things that should have been done differently which is true for every project that has been around for 16 years and it’s definitely true for an open-source project where people hacked in their nights and free time where the thing that was right is that the forest resources time or such times and and CG live shows that now unfortunately so so the original plan to transform CG limit to a modern version CG lip – oh that’s for bite body in the end became so bite body is a domain-specific language and I try to take known concepts from the Java language into an API such that you can relate something that people already know and fight body starts out with the configuration instance with its bite buddy in this class if you understand this code I hope you do I did my job right we say we want to subclass object right and then we want to take any method called to string in this case there’s only one method that’s called to string which is object to string we want to intercept it for returning the value hello world right this is the code generation hello world example now we make that class and below that class into the context class load of the code we’ll be running and then we already in the reflection API that you might know now we can run assertion here where we say dynamic type new instance to string that’s gonna be hella world right and that’s what we wanted now you might guess how we can implement the security framework in the beginning that I mentioned right we will intercept methods that have certain annotation and we want to do something different when they are invoked and then we can just subclass some user object and then do something with them right and we can we can override the methods that are and I’m titedent and intercept in order to do it however we have to do some more complex logic than just returning a fixed value on just in this case hello world and this is where a method delegation comes in and that’s basically does the Swiss Army knife interception of most cost code generation frameworks so what we do here is that instead of calling the method that we originally intended to call we

want to call another method in this case we just say delegate so this is a static import the class is called method delegation so we say method delegation to my interceptor class and my interceptor is obviously a class that you have defined in this case it just goes to this class and finds any static method that matches the intercepted method best so in this case there’s only one static method so the resolution is trivial in most cases you only want one way to intercept the method so so you should for you all say keep the resolution trivial if you have more than one static method but buddy figures out the best match what happens similarly to overloading basically checks all methods that exist and it checks which method can take the most parameters arguments and then delegates that so about arguments this is still a hello world example right now we can set a breakpoint so if we call to string in this this case we will trigger the breakpoint in the hello world line here but we still can’t do much we can of course now we can return the random value or we can do a thread sleep or whatever but in the general case you want to do something with the method we’re intercepting so we need some context right and this is where best white body does a big distinction true what’s eg lived us and it’s basically you I decide not to involve cedsci live further but to do something new and bite but it works with with annotations right and patients don’t have the best reputation among everybody but they have a very neat tool for this case at least because there’s something special about annotations if an annotation is not present on the clasp on this annotation is simply disappearing the JVM will say ok this annotation type I don’t know it so with an interface what secret abuses with an interface you will get a no class death error with an annotation that JVM just swallows away that the annotation altogether and ignores it so it won’t well it won’t be there in this case you annotate the method parameter here with origin and that tells the JVM okay I want not to Jerian tells by body I want to have a method instance injected into this method and not just any method but the method I’m intercepting so here this example will suddenly print hello world from to string right so if you and intercept several methods then you will always get the method back that that you have just intercepted and prevented from being called all right so there’s of course a bunch of annotations I’m not going in to you you probably want to learn about this when you’re actually using it otherwise I’ll tell you and you’ll forget so just here short overview you can of course call the original method with super call for examples of super call that just trigger the original method and now you already can implement the framework right we have origin method so we can read the annotation then we can check the annotation and throw an exception if it’s improbable to call the delete every method that we showed in the beginning and otherwise you have to call a bill super call in Shenzhen if you call call you will trigger the original code so bam you’ve done your own security framework it’s probably gonna be ten lines of code the rest the frameworks doing for you so so far about so much about sub classing I’m gonna try to look into something more at once now which is however much more fun to work with and it’s redefinition of classes there’s two ways of doing that and the first one is using hot swap and hot swap you probably know as a debugging feature of the JVM debugging feature this almost nobody uses because it’s very limited but you can actually do quite cool things with it at runtime and my body doesn’t only allow you to subclass things but it also allows it to redefine things right and in this case we already have to find a classroom and B already so this code is running disorder you already have created an instance of foo and if we called the bar method we would get the string bar out so what we can do it by body however is we can say redefine foo and now we want to intercept the method bond return hello world and then down here be using a class reloading strategy instead of the previous class loading strategy and that’s basically using a Java agent and I’m showing you what that is in a second but as a result of just running this code the the foo bar method call will return hello right and this will assert validly right and obviously you might wonder like what is good for I mean it’s good for annoying everybody on your team because this is not very debatable right it’s not very intuitive either and you can’t abuse this really really well and but you shouldn’t what it is however good good for and it’s the major use case is that you are for example running an integration test and the integration test is using some library that you cannot change right so this library has some web service call at some point then

you can either walk out the entire web server thing or you just redefine the method that’s calling the web service to just return a value and then you using this code you you really find this this call that you don’t have control of and you’re done right that’s all it needs saves you hours and saves you a lot of so and you can of course the clouds returning straight she also allows you to reset a class so it’s in this context it’s super neat right this one downside though and the downside is that you cannot define new methods you can change anything you can for example remove a modifier if a method is synchronized and you want to remove the synchronized modifier the JVM won’t let you that’s however jep so-called enhanced class redefinition so at one one wonderful day in the future we hopefully can use hot swap to just do anything remove methods add methods change interfaces so to work in progress but it’s a work in progress right so that’s hope however even today you can use much more advanced features and this is writing so-called Java agents and Java agents are a standard API that the JVM implements every JVM implements that and I want to stress it out because it’s not like a magic feature that is basically hacking into the internals calling unsafe it’s nothing like that it’s a standard API and we can do the same thing that we did before instead of bar we want to return HelloWorld again here so how would a job agent doing that look like well it fits on the slide so it’s not so complex the Java agent basically is it’s like a Java program but instead of a main method it has a pre main method and the pre main method it’s called like that obviously because it’s called before main right so this is just a Java program that you append or prepend rada to your java program that’s however not the only thing the other thing is that it takes different parameters and you still get an argument not an error just a single one but then you also get an instrumentation instance and the instrumentation instance offers you hooks into the JVM that are standardized and one hook is a so-called class file transformer you can change any class that you want to anything you want and this head works for all classes and also if you change the class that you’re manipulating so in this case we can say you want to create a new agent bill that is a byte buddy and then we want to repay any type named through this clay in this case this is the type above there now we want to transform it to basically take a builder if you have a builder then and then we end up in the same API that I showed you before if you say method name bar intercept hello world and then we install this Java agent on the instrumentation instance that we got from the Java agent that’s all you need now if you run the program this assertion will run true because the Java agent is active it will see once the foo class is loaded oops that’s something I want to change so I apply this transformer so I take the method bar and I return HelloWorld for this method and by party does everything for you you don’t have to worry about and it works really well so I think by I’m reaching soon a half a million downloads so this is proven to work in practice there’s a lot of companies that use fight buddy it’s it’s Google start using it it’s this is something you can use I’m gonna say it won’t break your code it it sounds scary right there’s so much magic going on but the JVM isn’t magic it’s just bits and bytes in the end but buddy just changes some of the bits and bytes for you yeah so and this is a two different charge that’s the important part the only thing with the trauma agent is that you in the end you have to put in its own jar file it has its own manifest but instead of having – classpath jar file you write – agent class file that’s all all you have to change your program really then this is triggered the agent is still available on the class path you can have the very same jar being a normal Java program and Java h at the same time then just has two methods and they will be triggered in the order three main first and the main method often oh yeah I have color here right so where do I want to go with this I have five minutes left so I’m almost done and right now we have this Java space where have you built a lot of software around infrastructure right we have java ee or we have spring in the middle and then we behave tobits api of these frameworks and in the end we have to because in order to to use our security framework we have to use spring beans and in order to have a spring bean we have to register the class and the instance in the spring container so every code that we write has the container into action at some extent if you did a good job you you reduce it to some minimums such as the business logic still stands for itself so this is how most programs are written with Java agents if you have libraries if people like you for example took their time and wrote a good security library based on Java agents you could invert this their

dependency you could come and say okay you know what I’m just trying that program I still can use these annotations I can even run my program without having the security profile active so you can have a test container and none of the security is used right because you’re just not having to Java agent there the annotations are ignored right then so and now you have this matrix library that collects statistics only if the Java agent is present if it’s not present your program behaves that if there was no statistics behavior behavior at all right and then we could write what I like to call plain old Java applications again if he uses a TI amo’ and I hope but enables you to do so all right before I’m almost done just a quick overview on Java this all works great because Java is very standardized it’s very yeah it’s very well specified and and things are tested and behaves pretty well so yes JVM which is a stack-based JIT compiled machine and I’ve explained before why this is important for code generation and then we have Android right and then and right it’s different in many ways I’m not saying it’s a bad machine at all it’s it’s it’s amazing piece of engineering but it behaves very differently simply yeah for for practical reasons right Java was born in this world of applets and everything needs to be compact and that’s why I respect metaphor was and went in the first place right great thing about stack language is that every instruction is implicitly referring to the top of the stack that’s very practical because then the bytecode is small and your applet loads very fast right today nobody would do this anymore because applets are deprecated more I think it’s gonna get removed in the long run so this doesn’t make sense anymore from today’s perspective but for compatibility reasons we still have to bytecode in the way we do by code on a mobile phone for it however you you want to start up quickly so size of the program isn’t so big as such a problem but the problem is rather startup time of the app and if you have to do all the translation of a stack machine language to a register based language because all phones are registered based more or less and not more or less all phones a register based on period right so so you have this indirection so if you start up a Java program on Android then all this work has to be done and it takes longer time to load so Android said okay if this doesn’t work for us we have to translate into text form where everything’s register based but it’s still just in time compile so you could in theory still do things that you do but if you look into dalvik and if you look into dalvik bytecode which is very different to Java bytecode first of all things were done very let’s hope you can tell from from the spec and everything how things done they want to get their platform out they won’t shoot quick they took drama they ripped it apart and repackage it done right it’s difficult to work with dalvik so it’s even more difficult rather impossible to work with art which is the new Android draw time because the new Android run run time takes a Java program compiles it completely to machine code and then you don’t have to buy code anymore so after installation the bytecode is already gone so you cannot do the same thing with machines codes for the reasons I explained before also even if you did something like it you can’t just invent a new machine code all the time new machine machines are built new machine code is implemented you couldn’t keep up so an android none of this is possible and none of this will ever be possible to the same extent as it is on Java platform I do however support sub-classing for byte but at least 42 doesn’t work by simply runtime compiling into text using androids compiler right so so I’m just hitchhiking the compiler I packaged it with white body that the Android version of white body and then I just write a new program that contains the additional class fuzz but you cannot manipulate simply because the bytecode is missing right okay now I’m really this is really last like some benchmarks I’m not gonna go deep into this you can find them yourself if you if you performance dependent then this is interesting because of course again CG lip is 16 years old Java sisters 15 years old they couldn’t do the same things I could do so I streamlined bite buddy a lot of its performance 3b this is the most interesting one I think which is you have a trade of cogeneration like every code generator any compiler between how much time do I want to spend trading code and how fast is the created code gonna be and bye buddy clearly it goes in favor of I want to spend more time creating efficient code because cogeneration is most likely something you only do once but you run the generated code for a long time so so by putty is very inlinable such as a JIT compiler it has a very it’s very easy for the JIT compiler to remove the generation layer altogether so you code will behave exactly as fast as if you

didn’t use confirmation by putting so but of course benchmarks are tricky this is all JM aged harness so if you want to look into it please please do and tell me if something’s wrong and that’s it right I’m Rafael as I said I’m a consultant and also also so you’re not that far away so if you ever wanna hire me just ping me you can find me on Twitter that’s also fair enough if you want to do that otherwise check out pipe buddy please tell your friends your family about the framework because I’m just one person and not having an evangelism team around me that goes all over the world so I’m depend not of people telling people right other than that I have not a framework that I don’t promote as much but it’s still worth checking out if you work a lot with business applications it’s a document converter everything’s Apache to all license source or help yourself thanks so far if you have questions I have four minutes left yes and the microphone otherwise shout out and all the repeaters yeah yeah absolutely and I did a prototype if you if you go on my web pages link to my blog where I show something similar just for logging framework so basically yeah right but it just adds to cold rice and then then it works if that’s all you need then that’s great right and you are completely separate so yeah there’s nothing in a way you can just change any code you want so the question was for those wondering if you could do basically the redefinition for the security framework I showed before and yes you can yeah any other questions yes back there if you do subclass instrumentation and obviously if you used a Makita for example you cannot mock final classes because I’m Aikido doesn’t use an agent and use subclass instrumentation like most frameworks for convenience so with sub classing you cannot do that the same goes for spraying goes for hive and I’d need a default constructor in some some cases at least you need a non final classes non final methods but with redefinition of these none of these restrictions hold because you you add the code to the method that you you change right and then there’s there’s no overriding so there’s no interaction with the signature so that you have no restrictions whatsoever that the one potential restriction you have is when you interact with lambda expressions and because lambda expressions in Java aren’t real classes they loaded by a so-called VM anonymous class loaders and they have different access restrictions with by body or ever I found a workaround it instead of instrumenting lambda expressions I instrument the JVM classes that generate the code and I basically I just replace it with my own stuff and then do it again so it works but not as it’s your question old sub class instrumentation has its limits redefinition has no limits Deden off any other questions yes yes yeah you can I mean you can always use annotation processes if you if you need that and then you have to hook into the abstract syntax trees generated by Java C and you can of course write the main plugin for example and do stuff there since in the end you’re just deploying in different artifact right and however the cost of runtime code generation are so minimal you can generate 10,000 classes in a second approximately so if that’s your if you have a really close benchmark restriction that you have to start up and so on so many milliseconds that might be a problem but if you just make one database call you can with the the empty cycles you can just use them for that and then you’re good yeah yes yeah the major differences that people don’t like aspect programming so I don’t try to brand it that way but in the end that’s what you’re doing right but it’s it’s more general it’s I don’t like the aspectj abstraction this joint points point cuts yeah I don’t find it intuitive so there’s this aspect or in this program or groups and yeah so I I considered it but I didn’t like it so I did something else and I mean I’m not a

big fan of standards because you cannot derivate there can’t do something different right and sometimes the original idea is not as good as that the lessons I have learned from looking at at aspectj so so you you don’t need to integration for example if I need to integration I would not only maintain the library I would maintain IntelliJ plug-in I would intend main plug-in or whichever Eclipse plug-in and then suddenly 90% of your time goes to plugins and not the framework so by I opted it out in a way but in the end yes it’s expected or in programming but I won’t call it a step yes I mean yes and no so so disclaimer I’m not doing anything using my library to do it right and obviously we can abuse by body tremendously and the ideal use case is that you just changed behavior in a way that doesn’t affect the outcome like the security library you just thrown unrecovered exception you shouldn’t have koltes method in the first place but there was some some leak in your program and at some effect that some attacker for example found a path an execution path to come to this method and from the outside but it wasn’t supposed to be happening so you have this tied security abstraction on where you instead of having the error of deleting everything have the error of the attacker getting a screen saying this is not happening right obviously if you instead of deleting everything you fill the database with with anything right this could also be something you can instrument into to the code but then you’re doing it wrong side so so so it’s always you can always break things hmm oh yeah sorry I mean yeah security and and library or module encapsulation and Java is the difficult topics at such because of course can you security managers also to to shield against intrusive code you can for example forbid reflection to a library because then you can manipulate state that you shouldn’t manipulate can for example hook out something that that was supposed to protect something but the reality of Java is that I don’t know if you if you were lucky to work with the WebSphere application we have like this big security overlord manager in in the end nothing runs with the security manager almost if you forbid a library to the reflection there’s like 99% of libraries that won’t work as expected anymore so trusting code is something we need to do almost and then if you wanna if you want to find an attack vector to a program and that’s something I also work with sometimes that’s easier path list and abusing a cogeneration library I mean there’s like hibernate for example uses Java cysts and Java cysts works by compiling strings and and that leads to obvious attacks that are similar to code injection and SQL injection right so instead of injecting drop table you inject system exit and that’s possible because jobs this just compiles the string calls the method done but in order to to prevent such attacks you have to shield the generation layer that that’s where you want to work with and in order to shield the generation layer you obviously have to know what the libraries are doing but if spring was corrupted right if you had a corrupt spring jar you’re already you know girl that like it’s too late you can’t you can’t encapsulate spring out of your database for example because basically spring is the abstraction layer to access your database in the first place so so you’re not secure once your libraries are corrupted that’s simply the reality security manager in fact it doesn’t really work it was a good idea well intended but it doesn’t really work in my eyes so so you free to disagree or all right any other questions great then my time is up anyways I brought stickers of pied body if you want to take any they here on the table otherwise I’ll be here until this evening just find me if you have anything you want to talk about thank you