On Fri, 16 Apr 2021 13:44:16 GMT, Rafael Winterhalter <winterhal...@openjdk.org> wrote:
> To allow agents the definition of auxiliary classes, an API is needed to > allow this. Currently, this is often achieved by using `sun.misc.Unsafe` or > `jdk.internal.misc.Unsafe` ever since the `defineClass` method was removed > from `sun.misc.Unsafe`. JDK-8200559 is about defining auxiliary classes in the same runtime package at load-time whereas I think the proposal in this PR is adding an unrestricted defineClass to the Instrumentation class. I think this will require a lot of discussion as there are significant issues and concerns here. An unrestricted defineClass might be okay for tool/java agents when started from the command line with -javaagent but only if the Instrumentation object is never ever leaked to library or application code. It could potentially be part of a large effort to reduce the capabilities of agents loaded via the attach mechanism. More generally I think we need clearer separation of the requirements of tool agents from the requirement of framework/libraries that want to inject proxy and other classes at runtime. Separately, the proposal in JEP 410 is to terminally deprecate ProtectionDomain. ------------- PR: https://git.openjdk.java.net/jdk/pull/3546
