Call Site Instrumentation plugin #3729

manuel-alvarez-alvarez · 2022-08-19T15:11:30Z

What Does This Do

This PR defines a new gradle plugin to auto generate call site instrumentation advices, the code is separated in two commits:

The gradle plugin call-site-instrumentation that reads classes in a format close to ByteBuddy with AspectJ notation to automatically build datadog.trace.agent.tooling.csi.CallSiteAdvice classes. The next piece of code is an example of a class defining advices:

@CallSite
public class SampleCallSite {

  @CallSite.Before(
      "java.security.MessageDigest java.security.MessageDigest.getInstance(java.lang.String)")
  public static void beforeMessageDigestGetInstance(@CallSite.Argument final String algorithm) {
    // do something with the algorithm
  }
}

A sample project csi-mock-to-remove that showcases the use of the plugin and the call site instrumentation API. This module should be removed before the final merge.

Motivation

Instrumentations related to IAST often affect core parts of the JDK (String, StringBuilder...) where using callee instrumentation (by default in ByteBuddy) is not good enough for performance. Call site instrumentation focuses on the calls to the instrumented methods enabling the use of inclusion/exclusion lists to fine tune where to instrument.

Additional Notes

Real usage of this plugin is located at String builder taint tracking #3904

Performance remarks

Preliminary startup performance results from the benchmark with petclinic:

Agent	Startup (ms)	Request mean duration (ms)
none	4764	6.99
datadog	8477	12.99
datadog-csi	8610	13.79

buildSrc/src/main/java/datadog/trace/plugin/csi/impl/CallSiteSpecification.java

buildSrc/src/main/java/datadog/trace/plugin/csi/impl/FreemarkerAdviceGenerator.java

buildSrc/src/test/groovy/CallSiteInstrumentationPluginTest.groovy

manuel-alvarez-alvarez · 2022-09-19T14:46:07Z

This might be useful to troubleshoot the build issue: #3855

@smola not really, I've checked via SSH and there are no artifacts, looks like the process is killed from the outside, I'm troubleshooting the issue.

bantonsson

Another huge PR done 😅

Really nice with the example and benchmark.

buildSrc/call-site-instrumentation-plugin/build.gradle.kts

buildSrc/src/main/groovy/CallSiteInstrumentationPlugin.groovy

manuel-alvarez-alvarez · 2022-10-10T07:11:30Z

Another huge PR done sweat_smile

Really nice with the example and benchmark.

Thank you very much for the review, I promise that this is the last PR behemoth 😄

manuel-alvarez-alvarez mentioned this pull request Aug 19, 2022

[IAST] Call Site Instrumentation support #3706

Merged

manuel-alvarez-alvarez force-pushed the malvarez/call-site-instrumentation-plugin branch 3 times, most recently from 1164303 to 52dd96a Compare August 24, 2022 08:21

smola added the comp: asm iast Application Security Management (IAST) label Aug 24, 2022

manuel-alvarez-alvarez force-pushed the malvarez/call-site-instrumentation-plugin branch 2 times, most recently from 04f4e5a to 94c6fce Compare September 6, 2022 11:51

manuel-alvarez-alvarez marked this pull request as ready for review September 6, 2022 11:51

manuel-alvarez-alvarez requested a review from a team September 6, 2022 11:51

manuel-alvarez-alvarez requested a review from a team as a code owner September 6, 2022 11:51