On Fri, 26 Jan 2024 10:17:16 GMT, Alexander Kriegisch <d...@openjdk.org> wrote:
>>> @AlanBateman, the AspectJ weaving agent creates an auxiliary class to >>> implement an "around" advice for a method, i.e. a method execution is >>> intercepted and the user has options to do something before optionally >>> calling the target method and then do something afterwards too. In doing >>> so, she can modify method arguments before calling the target method, then >>> also modify the result. Instead of calling the target method, she may also >>> return a result of the expected type instead. Before, after or instead of >>> calling the target method, she can also throw an exception. >>> >>> The target class is transformed in such a way to call the auxiliary class, >>> which necessitates the the aux-class to be in the same classloader as the >>> target class. But because the aux-class is defined while the target class >>> is still being transformed during class-loading, we cannot have any look-up >>> instance pointinmg to it yet. >> >> Right, this is what JDK-8200559 was originally about. Mandy and I discussed >> it several times and load-time instrumentation that defines auxiliary >> classes in the same run-time package is a reasonable addition. >> >> The more general request for an "unrestricted defineClass" conflicts with >> several ongoing efforts so we've had to kick that to touch. > >> load-time instrumentation that defines auxiliary classes in the same >> run-time package is a reasonable addition > > Thanks for finding some common ground. I appreciate it. > >> The more general request for an "unrestricted defineClass" conflicts with >> several ongoing efforts so we've had to kick that to touch. > > I better do not start to share my general opinion about JMS _(edit: sorry, > couldn't resist in the end)_ - I mean the ongoing effort that started with > Jigsaw - in detail, because that would end up in a flame war. > > Let me just say, that "well-meant" is not the necessarily same as > "constructive", "helpful" or "necessary". Back when Jigsaw was designed, it > seemed to be a good idea. But it has been introduced a long time ago, and all > my enterprise customers since then are trying to ignore its existence as much > as they can, mostly seeing it as an impediment or at least a major annoyance. > I think, one of the reasons why Python gained so much traction for > enterprise-level big data and machine learning stuff is that you have a > dynamic language environment in which you can pretty much do whatever you > want and just get things done. > > Those same enterprise customers want to use the tools of their choosing with > as many and as easy to use features as possible. They do not trade those > features for security, but implement security in a different way, such as > devising a micro service architecture and isolating containers from each > other in OpenShift or what have you, defining service mesh rules on top of > that, if necessary. > > Deprecating security managers was a laudable idea, but adding those > unnecessary restrictions in the JVM in exchange was kind of one step forward, > two steps back. They just get in the way of getting useful things done. This > is what a language and a VM are for: getting things done in a productive way > with as few barriers as possible. Instead, with every new Java release, users > and tool providers alike are forced to jump through more hoops. There is so > much great, innovative stuff in the JVM and Java SE API. E.g., virtual > threads are the greatest thing since bread came sliced. We want more of that > and fewer barriers. Streams, NIO, the whole lambda and functional bunch of > stuff, structured concurrency, better GC, records and neat ways to > deconstruct them etc. - wow, great stuff. But new "security features" (a.k.a. > restrictions) like modules and sealed classes - not so great from a > productivity perspective. Since JDK 9, I have seen generations of developer... @kriegaex Luckily, you and your customers are not obliged to use the JPMS, nor find it useful for whatever libraries or apps you write or deploy. However, the fact that you or many other programmers do not use it does not mean it has not been a success. Anyone deeply involved with JDK and/or JVM development in recent years knows that it has been and continues to be critical to maintaining and extending the Java platform. Regarding my previous comment about Byteman using its own dedicated, dynamic module to provide secure access to MethodLookup instance you might want to look at the relevant code. It relies on a sanctioned API of Instrumentation that was introduced as part of the negotiation of JPMS integration precisely to allow agents to interact with and reconfigurethe module system at runtime. The resulting Byteman code provides a simple API that allows methods to be executed indirectly, either via reflection in jdk8- or via method handles in jdk9+. You can see the details of how I achieved this in the Byteman [layer](https://github.com/bytemanproject/byteman/tree/main/layer) and [jigsaw](https://github.com/bytemanproject/byteman/tree/main/jigsaw) subdirectories. ------------- PR Comment: https://git.openjdk.org/jdk/pull/3546#issuecomment-1911993356
