Byte code instrumentation fix

[dhaval24]

Fix #428, #418, #286, #277, #276 , #365

This pull request fixes the java.lang.Verify error which was being caused in JDK version 1.7 onwards because of improper instrumentation. Changes here facilitate the creation of StackMap frame (a datastructure introduced in JDK 1.7 and mandated in 1.8), fixes constructor instrumentation issue along with improper constructor signature for SQLServer.

#276 mentions issues with HTTPCLIENT 42, however on current testing things work fine for HTTPCLIENT 43 and since its more secure it is advisable to upgrade to this client.

This pull request also upgrades the ASM version to ASM 5.2

For significant contributions please make sure you have completed the following items:

• Design discussion issue #
• Changes in public surface reviewed
• CHANGELOG.md updated

[Dmitry-Matveev]

Is it always in this notation across the platforms or sometimes can be '\'?

[dhaval24]

@Dmitry-Matveev It's a good question. I have an idea for 2 platforms I have tested so far. Java 8 has by default class loader of URLClassLoader type so it won't hit this part of the class .Java 9 has default classloader called "app" which is not of the type URLClassLoader and hence hits this part and only works for this change. I am not sure about other JVM's though.

[Dmitry-Matveev]

Any possible issue with endless cycle or exception here if class1 has no more superClass and class2 happens to be not assignable (e.g. null or something...)?

[dhaval24]

@Dmitry-Matveev to be specific about this, this is the exact implementation as how ASM does by default. Only reason to override this method was because ASM uses Class.getClassLoader() method to load the current class and therefore it gets the ClassLoader which doesn't have all the required classes loaded in it. In this override I pass the ClassLoader from the Callee in order to avoid the lookup and have the classloader which has all the required classes loaded. Therefore I believe that since there is minimal change done from ASM implementation this possibility is very narrow. Is there a way we can test this? How can we know if there is a null being passed or something like that?

[littleaj]

@dhaval24 To test this method, you could refactor it into a public static utility method which takes the ClassLoader along with the other parameters and write tests against that.

[Dmitry-Matveev]

Is it the same parameter across all SQL calls we'd need to monitor or specific to some version? The previous signature looked more generic.

[dhaval24]

So the default signature of the constructor for JDBC driver version 6.2 is the one I changed. With the previous signature we were missing the constructor instrumentation. Now with the older drivers it might well be possible that signature was one mentioned before but nonetheless I believe enterprise can upgrade to latest JDBC drivers.

[littleaj]

@dhaval24 Does this limit the supported driver versions?

[Dmitry-Matveev]

Should we delete the test if no longer relevant or uncomment and fix if it still is?

[dhaval24]

@Dmitry-Matveev I have fixed the test for DefaultByteCodeTransformerTest and commented the tests which do not have any asserts. They just add to build time as they are not verifying anything for now.

[SergeyKanzhelev]

Use https://docs.oracle.com/javase/8/docs/api/java/nio/file/Paths.html instead of string?

[SergeyKanzhelev]

check that index is not -1. Just in case so code will not throw. Also see above - using Path instead of string will help

[SergeyKanzhelev]

Please add comment. And make sure you need it to be public

[SergeyKanzhelev]

Add comment for this method.

[SergeyKanzhelev]

remove instead of commenting. BTW, why commenting?

[dhaval24]

Commenting because this signature was used in tests which were relying on getDecisionMethod() however it turns out that there is no such method in ClassInstrumentationData class.

[dhaval24]

May be if there is an idea to get this tests running in future, that was the reason.

[littleaj]

What happens if you uncomment these tests?

[littleaj]

Please address these tests. If they are failing, they should be updated to reflect the new functionality. If they are no longer valid, they should be removed (and explain why this is the case).

[dhaval24]

@littleaj all the asserts within this tests are commented because there is a method which they intended to write is missing. Therefore there is no use to create unnecessary objects during test run time. It will add overhead only.

[littleaj]

@dhaval24 as discussed, let's just revert this to the master copy and we'll come back to it later. Then, we'll figure out if it needs to be removed or modified so it works.

[SergeyKanzhelev]

So you dropped 1.7 support?

[dhaval24]

I made it so because sometimes in some situations it the 1.7 target code would not produce the desired exceptions because these changes were mandated from JDK 1.8. Also, we need to decide till what point do we need to support backward compatibility in the SDK. We might not be able to use all the new features of JDK 8 like automatic inference of types in <> operator, passing of functions using lambda expressions etc which is modern java.

[dhaval24]

If required no harm in reverting it back if things work fine. However at one point we need to make this decision.

[SergeyKanzhelev]

what changed in this file?

[dhaval24]

@grlima to comment more on this. At-least my intuition here was that while sending telemetry for SqlServer there are only two arguments that come in the methoddata object whereas previously there was a strict condition which checked arguments should be more than or equal to 3

[littleaj]

@dhaval24 can you fix the diff here? It will be better for the history to have only the changes in the diff. Glancing at the first 100 lines, I couldn't see any changes.

[dhaval24]

@littleaj this file was edited by @grlima when prepared statements for sqlserver where not working (i.e not capturing the query data) we can no revert this changes back because we no longer need to loose if condition in the sendSQLTelemetry() method.

[littleaj]

you can see the difference here: git diff master -- CoreAgentNotificationsHandler.java > CoreAgentNotificationsHandler.java.diff (assuming PWD is the file's location). It's the line endings. Your IDE should be set to preserve the existing line ending characters. There may be a way to fix this in IntelliJ, but you may have to load it in Notepad++ an do a find/replace.

If you want to just checkout a clean copy and make the changes again, add use this command to see the "actual" changes: git diff master -w -- CoreAgentNotificationsHandler.java > CoreAgentNotificationsHandler.java.diff to ignore all whitespace changes

[dhaval24]

@SergeyKanzhelev I have addressed most of the concerns including using the Paths class for locating the agent jar, adding comments and also making CustomClassWriter package private instead of public.

[littleaj]

The java.nio.* classes were introduced in 1.7. It's my understanding we still want compatibility with 1.6. If that's still the case, this needs to be reworked. @grlima, can you confirm?

[littleaj]

I'd like to see tests which validate your changes.

[littleaj]

@dhaval24 can you fix the diff here? It will be better for the history to have only the changes in the diff. Glancing at the first 100 lines, I couldn't see any changes.

[littleaj]

This could be a breaking change for some users. I think we should wait until we have a more comprehensive plan before changing compatibility.

[littleaj]

this.

[littleaj]

It doesn't look like you need throws here. transform doesn't throw anything. Test methods only need throws declarations to satisfy the compiler.

[dhaval24]

sure this is by mistake. I think there is any need of throws too.

[littleaj]

@dhaval24 To test this method, you could refactor it into a public static utility method which takes the ClassLoader along with the other parameters and write tests against that.

[littleaj]

What happens if you uncomment these tests?

[littleaj]

@dhaval24 Does this limit the supported driver versions?

[dhaval24]

@SergeyKanzhelev @littleaj @Dmitry-Matveev @grlima I have pushed changes in this PR which are now addressing all the possible bytecode concerns we have seen till the date. As far as unit tests are concerned I still do not have a way to perform tests and our agent code does not have ones till the date, however this is a blocking issue and we need to get it fixed. I have done end to end testing in several test application and changes work fine. The CustomClass Loader now performs the commonSuperClass lookup without actually loading the class. The PR also introduces changes in the Application-Insights web gradle file to include shadow jar plugin hence eliminating class path hell issues and also introduces a public constructor in the WebRequestTracking filter to address SpringBoot solutions as discussed.

[littleaj]

I haven't seen anything addressed from my last review. Let me know if you have any questions about my comments.

[littleaj]

Remove this extra log message. It's going to the same logger, same level and there's no new information here. Feel free to update the wording in the log message on the next line.

[dhaval24]

okay thanks will do this.

[littleaj]

At the very least this method should have a unit test, if not the whole class.

[dhaval24]

Sure I will get couple of them.

[littleaj]

I'm not a fan of SomeClassV2 naming schemes. If the modifications can't be described in one or two words, the go with "branding" it; e.g. AppInsightsCustomClassWriter.

[dhaval24]

I think this can be just refactored as CustomClassWriter I will do that.

[littleaj]

The next line checks for null, which will now always be false. Either that part of the condition is no longer valid and should be removed, or it should be relocated.

[dhaval24]

well yes I think can be moved one step above may be.

[littleaj]

Please address these tests. If they are failing, they should be updated to reflect the new functionality. If they are no longer valid, they should be removed (and explain why this is the case).

[littleaj]

this.

[dhaval24]

@littleaj I have addressed your concerns in the previous review except the diff in CoreAgentNotification Handler. In my IDE git diff shows no difference so will have to figure it out. @grlima had pushed those changes so if you can have a look @grlima would be great.

LGTM

[dhaval24]

Thanks Sergey for your comment. @littleaj and @grlima I am waiting for your approval to merge this into master. Please have a look.

[dhaval24]

Folks I have updated the last missing piece on my end which was updating changelog file. If there is anything else which is left let me know so we that we can then merge this.