Hi Chris,
Thank you for the comments.
Yes, we have no good way to restrict the user registration commands to only
include diagnosis-related operations, but in my opinion, this does not seem to
be a problem that must be solved perfectly.
The following are my thoughts.
This extension is an entry that triggers the operation that the user wants to
perform (similar to the Signal Handler mechanism but with a name and
parameters). Even without this extension, the user can have other ways to
achieve the same goal.
On the one hand, we could standardize the usage scenarios of the API on the
document(Indeed, users can still write programs not in accordance with the
specifications, for example, users can implement multiple calls to the same
object's hachCode method to return different values or make an object alive
again during finalize method executing).
On the other hand, we can add some restrictions to help users make better use
of this extension.
e.g we can add a new VM option, such as EnableUserLevelDCmd, the application
can only register customer commands when this option is enabled.
Or from another perspective, can we allow users to do some
non-diagnostic-related operations in custom commands?
Best,
Denghui
------------------------------------------------------------------
From:Chris Plummer <chris.plum...@oracle.com>
Send Time:2021年11月2日(星期二) 03:35
To:董登辉(卓昂) <denghui....@alibaba-inc.com>; serviceability-dev
<serviceability-dev@openjdk.java.net>; hotspot-dev
<hotspot-...@openjdk.java.net>
Subject:Re: RFC: Extend DCmd(Diagnostic-Command) framework to support Java
level DCmd
I have similar concerns to those others have expressed, so I'll try to add
something new to the discussion and not just repeat.
DCMDs have historically been very VM centric. That's not to say they aren't
useful for debugging applications, but they do so by providing VM related info
like stack traces, heap dumps, and class histograms. Also hotspot has been the
gatekeeper for new DCMDs, meaning that new ones do not get added without going
through the hotspot review process.
Allowing any application or framework to add a DCMD changes this VM centric
view in a way that concerns me. This approach allows a DCMD to pretty much do
anything (java security not withstanding). App writers could even use them to
provide a user facing interface. For example, if an app has some sort internal
database, it could allow users to query it via a DCMD, and maybe even suggest
that users write simple shell scripts that use jcmd to do these queries.
Allowing this type of non-diagnostic usage seems like a path we don't want to
go down, yet I don't see how it can be prevented once you allow applications to
add DCMDs.
Chris
On 10/25/21 1:37 AM, Denghui Dong wrote:
Hi there!
We'd like to discuss a proposal for extending the current DCmd framework to
support Java level DCmd.
At present, DCmd only allows the VM to register commands, which can be called
through jcmd or JMX. It would be beneficial if the user could create their own
commands.
The idea of this extension originally came from our internal Java agent that
detects the misusage of Unsafe API.
This agent can collect the call sites that allocate or free direct memory in
the application(NMT could not do it IMO) to detect direct memory leaks.
In the beginning, it just prints all call sites, without any statistical
function, it's hard to use.
So we plan to use a way similar to jeprof (from jemalloc) to generate a report
file that aggregates all useful information.
During the implementation process, we found that we need a mechanism to notify
the agent to generate reports.
The common practice is:
a) Register a service port, triggered by an HTTP request
b) Triggered by signal
c) Generate reports periodically, or when the process exits
But these three ways have certain problems.
For a) we need to introduce a network component, will increase the complexity
of implementation
For b) we cannot pass parameters
For c) some files that may never be used will be generated
Essentially, this question is how to notify the application to do a certain
task, or in other words, how do we issue a command to the application. We
believe that other Java developers will also encounter similar problems.
(And sometimes there may be multiple unrelated dependent components in a Java
application that require such a mechanism.)
Naturally, we think that jcmd can already issue some commands registered in VM
to the application, why can't we extend to the java level?
This feature will be very useful for some lightweight tools, just like the
scenario we encountered, to notify the tools to perform certain operations.
In addition, this feature will also bring benefits to Java beginners.
For example, in the beginning, beginners may not use advanced log components,
but they will also encounter the need to output debug logs. They may write code
like this:
```
if (debug) {
System.out.println("...");
}
```
If developers can easily control the value of debug, it's attractive.
Like this:
```
Factory.register("MyApp.flipDebug", out -> debug = !debug);
jcmd <pid> MyApp.flipDebug
```
For mainstream framework, we can apply this feature to trigger some common
activities, such as health checks, graceful shutdown, and dynamic configuration
updates, But to be honest, these frameworks are very mature and stable, and for
compatibility purposes, it's hard to let them use this extension.
Comments welcome!
Thanks,
Denghui
