[IAST] Call Site Instrumentation support

[manuel-alvarez-alvarez]

What Does This Do

This PR contains the basics to do Call Site Instrumentation in the tracer. It defines a new type of instrumenter datadog.trace.agent.tooling.bytebuddy.csi.CallSiteInstrumenter that is able to register instances of datadog.trace.agent.tooling.csi.CallSiteAdvice to perform the instrumentation via ASM.

Motivation

Instrumentations related to IAST often affect core parts of the JDK (String, StringBuilder...) where using callee instrumentation (by default in ByteBuddy) is not good enough for performance. Call site instrumentation focuses on the calls to the instrumented methods enabling the use of inclusion/exclusion lists to fine tune where to instrument.

Additional Notes

Following this PR comes [IAST] Call Site Instrumentation plugin #3729 where advices can be autogenerated by a gradle plugin. It also showcases an example on how to use CSI in the tracer.

Benchmark results

The main goal of this results are to validate that call site instrumentation is feasible in terms of startup time of an application:

Benchmark	Mode	Cnt	Score	Error	Units
CallSiteBenchmark.callSite	ss	10	1572.961	± 36.189	ms/op
CallSiteBenchmark.callee	ss	10	1551.316	± 31.888	ms/op
CallSiteBenchmark.none	ss	10	1337.549	± 52.882	ms/op

[bantonsson]

Great PR!

There is only one thing that I think needs fixing in some way before merging.

I was a bit confused by the benchmarks, and it feels very counter intuitive that there should be any performance difference between callSite and callee in this case, so I had to poke at them a bit, and the response differs. The callSite one gets back Hello! [Transformed] and the callee one gets back Hello! [Transformed] [Transformed]. So we're not comparing the same things.

[manuel-alvarez-alvarez]

Great PR!

There is only one thing that I think needs fixing in some way before merging.

I was a bit confused by the benchmarks, and it feels very counter intuitive that there should be any performance difference between callSite and callee in this case, so I had to poke at them a bit, and the response differs. The callSite one gets back Hello! [Transformed] and the callee one gets back Hello! [Transformed] [Transformed]. So we're not comparing the same things.

@bantonsson, first of all thanks for the feedback 😃, much appreciated!

My idea with the benchmark is to validate that doing call site instrumentation is feasible in terms of startup time as long as there's a proper exclusion list.

In this particular case I wanted to showcase the instrumentation of javax.servlet.http.HttpServlet#getParameter as it's something we need for IAST. It's true that when using callee, due to wrappers/facades/... you end up being executed a few times in the stack of a request (that's why we got the double [Transformed] response). I've changed to instrument only the real implementation of the interface (in this particular case it's the apache connector).

Let me know if I should do something else about it.