dd-trace-java
dd-trace-java copied to clipboard
Published
20 hours ago •
DataDog
DataDog
Add lib-injection multiple JVM agents guardrails
What Does This Do
This PR prevents the JVM agent to be installed when using automatic lib-injection setup if some other JVM agents are found to be setup.
Motivation
The goal is to introduce safe guardrails for lib-injection (aka Single Step Instrumentation).
Additional Notes
This behavior can be disabled by forcing the injection using the DD_INJECT_FORCE environment variable to TRUE.
Jira ticket: [PROJ-IDENT]
Benchmarks
Startup
Parameters
| Baseline | Candidate | |
|---|---|---|
| baseline_or_candidate | baseline | candidate |
| git_branch | master | bbujon/ssi-guardrails |
| git_commit_date | 1719816243 | 1719241774 |
| git_commit_sha | 833a988c75 | c2482293cc |
| release_version | 1.37.0-SNAPSHOT~833a988c75 | 1.36.0-SNAPSHOT~c2482293cc |
See matching parameters
| Baseline | Candidate | |
|---|---|---|
| application | insecure-bank | insecure-bank |
| ci_job_date | 1719823540 | 1719823540 |
| ci_job_id | 551763313 | 551763313 |
| ci_pipeline_id | 37421514 | 37421514 |
| cpu_model | Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz | Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz |
| module | Agent | Agent |
| parent | None | None |
| variant | iast | iast |
Summary
Found 1 performance improvements and 1 performance regressions! Performance is the same for 46 metrics, 15 unstable metrics.
| scenario | Δ mean execution_time | candidate mean execution_time | baseline mean execution_time |
|---|---|---|---|
| scenario:startup:petclinic:profiling:AppSec | better [-3.125ms; -1.383ms] or [-5.962%; -2.639%] |
50.166ms | 52.420ms |
| scenario:startup:petclinic:profiling:Remote Config | worse [+69.329µs; +109.533µs] or [+10.436%; +16.488%] |
753.760µs | 664.329µs |
Startup time reports for petclinic
gantt
title petclinic - global startup overhead: candidate=1.36.0-SNAPSHOT~c2482293cc, baseline=1.37.0-SNAPSHOT~833a988c75
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.066 s) : 0, 1065571
Total [baseline] (10.345 s) : 0, 10344779
Agent [candidate] (1.068 s) : 0, 1067741
Total [candidate] (10.305 s) : 0, 10304526
section appsec
Agent [baseline] (1.188 s) : 0, 1187530
Total [baseline] (10.501 s) : 0, 10500602
Agent [candidate] (1.184 s) : 0, 1184113
Total [candidate] (10.481 s) : 0, 10481393
section iast
Agent [baseline] (1.171 s) : 0, 1171426
Total [baseline] (10.724 s) : 0, 10723641
Agent [candidate] (1.168 s) : 0, 1168109
Total [candidate] (10.654 s) : 0, 10653929
section profiling
Agent [baseline] (1.275 s) : 0, 1275460
Total [baseline] (10.664 s) : 0, 10664091
Agent [candidate] (1.264 s) : 0, 1263836
Total [candidate] (10.754 s) : 0, 10754220
- baseline results
| Module | Variant | Duration | Δ tracing |
|---|---|---|---|
| Agent | tracing | 1.066 s | - |
| Agent | appsec | 1.188 s | 121.959 ms (11.4%) |
| Agent | iast | 1.171 s | 105.855 ms (9.9%) |
| Agent | profiling | 1.275 s | 209.889 ms (19.7%) |
| Total | tracing | 10.345 s | - |
| Total | appsec | 10.501 s | 155.823 ms (1.5%) |
| Total | iast | 10.724 s | 378.862 ms (3.7%) |
| Total | profiling | 10.664 s | 319.313 ms (3.1%) |
- candidate results
| Module | Variant | Duration | Δ tracing |
|---|---|---|---|
| Agent | tracing | 1.068 s | - |
| Agent | appsec | 1.184 s | 116.372 ms (10.9%) |
| Agent | iast | 1.168 s | 100.368 ms (9.4%) |
| Agent | profiling | 1.264 s | 196.095 ms (18.4%) |
| Total | tracing | 10.305 s | - |
| Total | appsec | 10.481 s | 176.867 ms (1.7%) |
| Total | iast | 10.654 s | 349.403 ms (3.4%) |
| Total | profiling | 10.754 s | 449.694 ms (4.4%) |
gantt
title petclinic - break down per module: candidate=1.36.0-SNAPSHOT~c2482293cc, baseline=1.37.0-SNAPSHOT~833a988c75
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (667.145 ms) : 0, 667145
BytebuddyAgent [candidate] (668.92 ms) : 0, 668920
GlobalTracer [baseline] (305.323 ms) : 0, 305323
GlobalTracer [candidate] (305.643 ms) : 0, 305643
AppSec [baseline] (50.339 ms) : 0, 50339
AppSec [candidate] (49.665 ms) : 0, 49665
Logs Intake [candidate] (390.891 µs) : 0, 391
Remote Config [baseline] (754.907 µs) : 0, 755
Remote Config [candidate] (677.371 µs) : 0, 677
Telemetry [baseline] (7.596 ms) : 0, 7596
Telemetry [candidate] (7.659 ms) : 0, 7659
section appsec
BytebuddyAgent [baseline] (678.993 ms) : 0, 678993
BytebuddyAgent [candidate] (677.388 ms) : 0, 677388
GlobalTracer [baseline] (299.84 ms) : 0, 299840
GlobalTracer [candidate] (298.302 ms) : 0, 298302
AppSec [baseline] (154.09 ms) : 0, 154090
AppSec [candidate] (153.36 ms) : 0, 153360
IAST [baseline] (21.772 ms) : 0, 21772
IAST [candidate] (21.752 ms) : 0, 21752
Logs Intake [candidate] (324.852 µs) : 0, 325
Remote Config [baseline] (634.155 µs) : 0, 634
Remote Config [candidate] (646.778 µs) : 0, 647
Telemetry [baseline] (8.363 ms) : 0, 8363
Telemetry [candidate] (8.568 ms) : 0, 8568
section iast
BytebuddyAgent [baseline] (780.237 ms) : 0, 780237
BytebuddyAgent [candidate] (778.679 ms) : 0, 778679
GlobalTracer [baseline] (294.921 ms) : 0, 294921
GlobalTracer [candidate] (293.081 ms) : 0, 293081
AppSec [baseline] (47.314 ms) : 0, 47314
AppSec [candidate] (46.637 ms) : 0, 46637
IAST [baseline] (28.03 ms) : 0, 28030
IAST [candidate] (28.616 ms) : 0, 28616
Logs Intake [candidate] (305.107 µs) : 0, 305
Remote Config [baseline] (574.649 µs) : 0, 575
Remote Config [candidate] (568.704 µs) : 0, 569
Telemetry [baseline] (6.955 ms) : 0, 6955
Telemetry [candidate] (6.892 ms) : 0, 6892
section profiling
BytebuddyAgent [baseline] (668.367 ms) : 0, 668367
BytebuddyAgent [candidate] (666.203 ms) : 0, 666203
GlobalTracer [baseline] (391.155 ms) : 0, 391155
GlobalTracer [candidate] (386.387 ms) : 0, 386387
AppSec [baseline] (52.42 ms) : 0, 52420
AppSec [candidate] (50.166 ms) : 0, 50166
Logs Intake [candidate] (341.597 µs) : 0, 342
Remote Config [baseline] (664.329 µs) : 0, 664
Remote Config [candidate] (753.76 µs) : 0, 754
Telemetry [baseline] (7.481 ms) : 0, 7481
Telemetry [candidate] (7.309 ms) : 0, 7309
ProfilingAgent [baseline] (97.688 ms) : 0, 97688
ProfilingAgent [candidate] (95.586 ms) : 0, 95586
Profiling [baseline] (97.713 ms) : 0, 97713
Profiling [candidate] (95.612 ms) : 0, 95612
Startup time reports for insecure-bank
gantt
title insecure-bank - global startup overhead: candidate=1.36.0-SNAPSHOT~c2482293cc, baseline=1.37.0-SNAPSHOT~833a988c75
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.066 s) : 0, 1066155
Total [baseline] (8.536 s) : 0, 8536009
Agent [candidate] (1.066 s) : 0, 1065662
Total [candidate] (8.54 s) : 0, 8539713
section iast
Agent [baseline] (1.169 s) : 0, 1169257
Total [baseline] (9.016 s) : 0, 9016487
Agent [candidate] (1.176 s) : 0, 1176070
Total [candidate] (9.054 s) : 0, 9053546
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.182 s) : 0, 1181958
Total [baseline] (8.981 s) : 0, 8981435
Agent [candidate] (1.176 s) : 0, 1176228
Total [candidate] (9.011 s) : 0, 9010811
section iast_TELEMETRY_OFF
Agent [baseline] (1.167 s) : 0, 1166691
Total [baseline] (9.012 s) : 0, 9011700
Agent [candidate] (1.162 s) : 0, 1161668
Total [candidate] (8.983 s) : 0, 8982770
- baseline results
| Module | Variant | Duration | Δ tracing |
|---|---|---|---|
| Agent | tracing | 1.066 s | - |
| Agent | iast | 1.169 s | 103.102 ms (9.7%) |
| Agent | iast_HARDCODED_SECRET_DISABLED | 1.182 s | 115.803 ms (10.9%) |
| Agent | iast_TELEMETRY_OFF | 1.167 s | 100.536 ms (9.4%) |
| Total | tracing | 8.536 s | - |
| Total | iast | 9.016 s | 480.478 ms (5.6%) |
| Total | iast_HARDCODED_SECRET_DISABLED | 8.981 s | 445.426 ms (5.2%) |
| Total | iast_TELEMETRY_OFF | 9.012 s | 475.691 ms (5.6%) |
- candidate results
| Module | Variant | Duration | Δ tracing |
|---|---|---|---|
| Agent | tracing | 1.066 s | - |
| Agent | iast | 1.176 s | 110.408 ms (10.4%) |
| Agent | iast_HARDCODED_SECRET_DISABLED | 1.176 s | 110.566 ms (10.4%) |
| Agent | iast_TELEMETRY_OFF | 1.162 s | 96.007 ms (9.0%) |
| Total | tracing | 8.54 s | - |
| Total | iast | 9.054 s | 513.834 ms (6.0%) |
| Total | iast_HARDCODED_SECRET_DISABLED | 9.011 s | 471.099 ms (5.5%) |
| Total | iast_TELEMETRY_OFF | 8.983 s | 443.058 ms (5.2%) |
gantt
title insecure-bank - break down per module: candidate=1.36.0-SNAPSHOT~c2482293cc, baseline=1.37.0-SNAPSHOT~833a988c75
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (667.79 ms) : 0, 667790
BytebuddyAgent [candidate] (668.616 ms) : 0, 668616
GlobalTracer [baseline] (305.37 ms) : 0, 305370
GlobalTracer [candidate] (303.724 ms) : 0, 303724
AppSec [baseline] (50.164 ms) : 0, 50164
AppSec [candidate] (49.908 ms) : 0, 49908
Logs Intake [candidate] (425.433 µs) : 0, 425
Remote Config [baseline] (707.361 µs) : 0, 707
Remote Config [candidate] (676.918 µs) : 0, 677
Telemetry [baseline] (7.598 ms) : 0, 7598
Telemetry [candidate] (7.5 ms) : 0, 7500
section iast
BytebuddyAgent [baseline] (779.796 ms) : 0, 779796
BytebuddyAgent [candidate] (784.001 ms) : 0, 784001
GlobalTracer [baseline] (294.61 ms) : 0, 294610
GlobalTracer [candidate] (295.618 ms) : 0, 295618
AppSec [baseline] (47.377 ms) : 0, 47377
AppSec [candidate] (46.671 ms) : 0, 46671
IAST [baseline] (25.761 ms) : 0, 25761
IAST [candidate] (26.301 ms) : 0, 26301
Logs Intake [candidate] (306.29 µs) : 0, 306
Remote Config [baseline] (594.433 µs) : 0, 594
Remote Config [candidate] (572.104 µs) : 0, 572
Telemetry [baseline] (7.739 ms) : 0, 7739
Telemetry [candidate] (9.154 ms) : 0, 9154
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (787.556 ms) : 0, 787556
BytebuddyAgent [candidate] (784.407 ms) : 0, 784407
GlobalTracer [baseline] (297.336 ms) : 0, 297336
GlobalTracer [candidate] (295.726 ms) : 0, 295726
AppSec [baseline] (47.754 ms) : 0, 47754
AppSec [candidate] (46.49 ms) : 0, 46490
IAST [baseline] (28.162 ms) : 0, 28162
IAST [candidate] (26.686 ms) : 0, 26686
Logs Intake [candidate] (305.108 µs) : 0, 305
Remote Config [baseline] (610.332 µs) : 0, 610
Remote Config [candidate] (609.604 µs) : 0, 610
Telemetry [baseline] (7.041 ms) : 0, 7041
Telemetry [candidate] (8.563 ms) : 0, 8563
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (775.984 ms) : 0, 775984
BytebuddyAgent [candidate] (775.327 ms) : 0, 775327
GlobalTracer [baseline] (294.771 ms) : 0, 294771
GlobalTracer [candidate] (293.445 ms) : 0, 293445
AppSec [baseline] (46.787 ms) : 0, 46787
AppSec [candidate] (47.511 ms) : 0, 47511
IAST [baseline] (24.528 ms) : 0, 24528
IAST [candidate] (22.729 ms) : 0, 22729
Logs Intake [candidate] (308.613 µs) : 0, 309
Remote Config [baseline] (4.237 ms) : 0, 4237
Remote Config [candidate] (570.143 µs) : 0, 570
Telemetry [baseline] (6.97 ms) : 0, 6970
Telemetry [candidate] (8.394 ms) : 0, 8394
Load
Parameters
| Baseline | Candidate | |
|---|---|---|
| baseline_or_candidate | baseline | candidate |
| end_time | 2024-07-01T08:16:20 | 2024-07-01T08:23:08 |
| git_branch | master | bbujon/ssi-guardrails |
| git_commit_date | 1719816243 | 1719241774 |
| git_commit_sha | 833a988c75 | c2482293cc |
| release_version | 1.37.0-SNAPSHOT~833a988c75 | 1.36.0-SNAPSHOT~c2482293cc |
| start_time | 2024-07-01T08:16:07 | 2024-07-01T08:22:55 |
See matching parameters
| Baseline | Candidate | |
|---|---|---|
| application | insecure-bank | insecure-bank |
| ci_job_date | 1719822533 | 1719822533 |
| ci_job_id | 551763314 | 551763314 |
| ci_pipeline_id | 37421514 | 37421514 |
| cpu_model | Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz | Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz |
| variant | iast | iast |
Summary
Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 18 unstable metrics.
Request duration reports for insecure-bank
gantt
title insecure-bank - request duration [CI 0.99] : candidate=1.36.0-SNAPSHOT~c2482293cc, baseline=1.37.0-SNAPSHOT~833a988c75
dateFormat X
axisFormat %s
section baseline
no_agent (364.101 µs) : 345, 384
. : milestone, 364,
iast (477.473 µs) : 456, 499
. : milestone, 477,
iast_FULL (542.879 µs) : 521, 564
. : milestone, 543,
iast_GLOBAL (511.384 µs) : 489, 534
. : milestone, 511,
iast_HARDCODED_SECRET_DISABLED (477.334 µs) : 456, 498
. : milestone, 477,
iast_INACTIVE (449.256 µs) : 428, 470
. : milestone, 449,
iast_TELEMETRY_OFF (467.272 µs) : 446, 489
. : milestone, 467,
tracing (432.151 µs) : 412, 452
. : milestone, 432,
section candidate
no_agent (373.606 µs) : 351, 396
. : milestone, 374,
iast (470.803 µs) : 450, 492
. : milestone, 471,
iast_FULL (548.947 µs) : 528, 570
. : milestone, 549,
iast_GLOBAL (507.916 µs) : 486, 530
. : milestone, 508,
iast_HARDCODED_SECRET_DISABLED (478.843 µs) : 458, 500
. : milestone, 479,
iast_INACTIVE (441.426 µs) : 421, 462
. : milestone, 441,
iast_TELEMETRY_OFF (470.442 µs) : 448, 493
. : milestone, 470,
tracing (439.742 µs) : 419, 460
. : milestone, 440,
- baseline results
| Variant | Request duration [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 364.101 µs [344.6 µs, 383.602 µs] | - |
| iast | 477.473 µs [456.229 µs, 498.717 µs] | 113.372 µs (31.1%) |
| iast_FULL | 542.879 µs [521.485 µs, 564.273 µs] | 178.778 µs (49.1%) |
| iast_GLOBAL | 511.384 µs [488.656 µs, 534.112 µs] | 147.283 µs (40.5%) |
| iast_HARDCODED_SECRET_DISABLED | 477.334 µs [456.357 µs, 498.311 µs] | 113.233 µs (31.1%) |
| iast_INACTIVE | 449.256 µs [428.061 µs, 470.451 µs] | 85.155 µs (23.4%) |
| iast_TELEMETRY_OFF | 467.272 µs [445.937 µs, 488.608 µs] | 103.171 µs (28.3%) |
| tracing | 432.151 µs [411.833 µs, 452.47 µs] | 68.05 µs (18.7%) |
- candidate results
| Variant | Request duration [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 373.606 µs [351.47 µs, 395.743 µs] | - |
| iast | 470.803 µs [449.694 µs, 491.913 µs] | 97.197 µs (26.0%) |
| iast_FULL | 548.947 µs [527.694 µs, 570.199 µs] | 175.34 µs (46.9%) |
| iast_GLOBAL | 507.916 µs [486.3 µs, 529.531 µs] | 134.309 µs (35.9%) |
| iast_HARDCODED_SECRET_DISABLED | 478.843 µs [457.543 µs, 500.142 µs] | 105.236 µs (28.2%) |
| iast_INACTIVE | 441.426 µs [420.591 µs, 462.261 µs] | 67.819 µs (18.2%) |
| iast_TELEMETRY_OFF | 470.442 µs [448.222 µs, 492.661 µs] | 96.835 µs (25.9%) |
| tracing | 439.742 µs [418.996 µs, 460.489 µs] | 66.136 µs (17.7%) |
Request duration reports for petclinic
gantt
title petclinic - request duration [CI 0.99] : candidate=1.36.0-SNAPSHOT~c2482293cc, baseline=1.37.0-SNAPSHOT~833a988c75
dateFormat X
axisFormat %s
section baseline
no_agent (1.355 ms) : 1335, 1374
. : milestone, 1355,
appsec (1.719 ms) : 1695, 1743
. : milestone, 1719,
appsec_no_iast (1.702 ms) : 1677, 1727
. : milestone, 1702,
iast (1.471 ms) : 1448, 1494
. : milestone, 1471,
profiling (1.491 ms) : 1466, 1517
. : milestone, 1491,
tracing (1.456 ms) : 1432, 1481
. : milestone, 1456,
section candidate
no_agent (1.34 ms) : 1320, 1359
. : milestone, 1340,
appsec (1.719 ms) : 1695, 1744
. : milestone, 1719,
appsec_no_iast (1.714 ms) : 1690, 1739
. : milestone, 1714,
iast (1.476 ms) : 1453, 1499
. : milestone, 1476,
profiling (1.544 ms) : 1518, 1570
. : milestone, 1544,
tracing (1.451 ms) : 1427, 1475
. : milestone, 1451,
- baseline results
| Variant | Request duration [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 1.355 ms [1.335 ms, 1.374 ms] | - |
| appsec | 1.719 ms [1.695 ms, 1.743 ms] | 364.331 µs (26.9%) |
| appsec_no_iast | 1.702 ms [1.677 ms, 1.727 ms] | 347.186 µs (25.6%) |
| iast | 1.471 ms [1.448 ms, 1.494 ms] | 116.363 µs (8.6%) |
| profiling | 1.491 ms [1.466 ms, 1.517 ms] | 136.547 µs (10.1%) |
| tracing | 1.456 ms [1.432 ms, 1.481 ms] | 101.375 µs (7.5%) |
- candidate results
| Variant | Request duration [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 1.34 ms [1.32 ms, 1.359 ms] | - |
| appsec | 1.719 ms [1.695 ms, 1.744 ms] | 379.453 µs (28.3%) |
| appsec_no_iast | 1.714 ms [1.69 ms, 1.739 ms] | 374.583 µs (28.0%) |
| iast | 1.476 ms [1.453 ms, 1.499 ms] | 136.432 µs (10.2%) |
| profiling | 1.544 ms [1.518 ms, 1.57 ms] | 203.798 µs (15.2%) |
| tracing | 1.451 ms [1.427 ms, 1.475 ms] | 110.936 µs (8.3%) |
Dacapo
Parameters
| Baseline | Candidate | |
|---|---|---|
| baseline_or_candidate | baseline | candidate |
| git_branch | master | bbujon/ssi-guardrails |
| git_commit_date | 1719816243 | 1719241774 |
| git_commit_sha | 833a988c75 | c2482293cc |
| release_version | 1.37.0-SNAPSHOT~833a988c75 | 1.36.0-SNAPSHOT~c2482293cc |
See matching parameters
| Baseline | Candidate | |
|---|---|---|
| application | biojava | biojava |
| ci_job_date | 1719823071 | 1719823071 |
| ci_job_id | 551763317 | 551763317 |
| ci_pipeline_id | 37421514 | 37421514 |
| cpu_model | Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz | Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz |
| variant | appsec | appsec |
Summary
Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.
Execution time for biojava
gantt
title biojava - execution time [CI 0.99] : candidate=1.36.0-SNAPSHOT~c2482293cc, baseline=1.37.0-SNAPSHOT~833a988c75
dateFormat X
axisFormat %s
section baseline
no_agent (14.943 s) : 14943000, 14943000
. : milestone, 14943000,
appsec (15.266 s) : 15266000, 15266000
. : milestone, 15266000,
iast (18.752 s) : 18752000, 18752000
. : milestone, 18752000,
iast_GLOBAL (17.956 s) : 17956000, 17956000
. : milestone, 17956000,
profiling (15.943 s) : 15943000, 15943000
. : milestone, 15943000,
tracing (15.059 s) : 15059000, 15059000
. : milestone, 15059000,
section candidate
no_agent (14.953 s) : 14953000, 14953000
. : milestone, 14953000,
appsec (15.236 s) : 15236000, 15236000
. : milestone, 15236000,
iast (19.008 s) : 19008000, 19008000
. : milestone, 19008000,
iast_GLOBAL (17.85 s) : 17850000, 17850000
. : milestone, 17850000,
profiling (15.252 s) : 15252000, 15252000
. : milestone, 15252000,
tracing (14.994 s) : 14994000, 14994000
. : milestone, 14994000,
- baseline results
| Variant | Execution Time [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 14.943 s [14.943 s, 14.943 s] | - |
| appsec | 15.266 s [15.266 s, 15.266 s] | 323.0 ms (2.2%) |
| iast | 18.752 s [18.752 s, 18.752 s] | 3.809 s (25.5%) |
| iast_GLOBAL | 17.956 s [17.956 s, 17.956 s] | 3.013 s (20.2%) |
| profiling | 15.943 s [15.943 s, 15.943 s] | 1.0 s (6.7%) |
| tracing | 15.059 s [15.059 s, 15.059 s] | 116.0 ms (0.8%) |
- candidate results
| Variant | Execution Time [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 14.953 s [14.953 s, 14.953 s] | - |
| appsec | 15.236 s [15.236 s, 15.236 s] | 283.0 ms (1.9%) |
| iast | 19.008 s [19.008 s, 19.008 s] | 4.055 s (27.1%) |
| iast_GLOBAL | 17.85 s [17.85 s, 17.85 s] | 2.897 s (19.4%) |
| profiling | 15.252 s [15.252 s, 15.252 s] | 299.0 ms (2.0%) |
| tracing | 14.994 s [14.994 s, 14.994 s] | 41.0 ms (0.3%) |
Execution time for tomcat
gantt
title tomcat - execution time [CI 0.99] : candidate=1.36.0-SNAPSHOT~c2482293cc, baseline=1.37.0-SNAPSHOT~833a988c75
dateFormat X
axisFormat %s
section baseline
no_agent (1.455 ms) : 1444, 1466
. : milestone, 1455,
appsec (2.242 ms) : 2206, 2278
. : milestone, 2242,
iast (1.986 ms) : 1943, 2030
. : milestone, 1986,
iast_GLOBAL (2.025 ms) : 1982, 2069
. : milestone, 2025,
profiling (1.862 ms) : 1826, 1897
. : milestone, 1862,
tracing (1.851 ms) : 1818, 1885
. : milestone, 1851,
section candidate
no_agent (1.466 ms) : 1455, 1478
. : milestone, 1466,
appsec (2.209 ms) : 2175, 2243
. : milestone, 2209,
iast (1.961 ms) : 1920, 2001
. : milestone, 1961,
iast_GLOBAL (2.017 ms) : 1975, 2058
. : milestone, 2017,
profiling (1.843 ms) : 1809, 1877
. : milestone, 1843,
tracing (1.826 ms) : 1794, 1857
. : milestone, 1826,
- baseline results
| Variant | Execution Time [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 1.455 ms [1.444 ms, 1.466 ms] | - |
| appsec | 2.242 ms [2.206 ms, 2.278 ms] | 786.873 µs (54.1%) |
| iast | 1.986 ms [1.943 ms, 2.03 ms] | 531.486 µs (36.5%) |
| iast_GLOBAL | 2.025 ms [1.982 ms, 2.069 ms] | 570.561 µs (39.2%) |
| profiling | 1.862 ms [1.826 ms, 1.897 ms] | 406.778 µs (28.0%) |
| tracing | 1.851 ms [1.818 ms, 1.885 ms] | 396.164 µs (27.2%) |
- candidate results
| Variant | Execution Time [CI 0.99] | Δ no_agent |
|---|---|---|
| no_agent | 1.466 ms [1.455 ms, 1.478 ms] | - |
| appsec | 2.209 ms [2.175 ms, 2.243 ms] | 742.924 µs (50.7%) |
| iast | 1.961 ms [1.92 ms, 2.001 ms] | 494.844 µs (33.8%) |
| iast_GLOBAL | 2.017 ms [1.975 ms, 2.058 ms] | 550.601 µs (37.6%) |
| profiling | 1.843 ms [1.809 ms, 1.877 ms] | 377.017 µs (25.7%) |
| tracing | 1.826 ms [1.794 ms, 1.857 ms] | 359.573 µs (24.5%) |
![pr-commenter[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}
I would be happier if we could keep the simpler path of just checking the code source to find our javaagent file when not using lib-injection. In other words only eagerly use reflection to peek into the management classes when we know we want that information early, for the additional lib-injection checks. A flag to disable these extra checks in the field would also be appreciated, just in case someone wants to use lib-injection and these reflective checks are having an unexpected side-effect - such as we see in CI with the Java 9 module smoke tests.
Also just a heads-up that there are applications out there that rely on a javaagent as part of their deployment (so it cannot be removed) and a lot of the time that agent can co-exist with our javaagent- for those situations it's ok to have an info message about there being multiple javaagents, but making it always a warning might be too strong.
I would be happier if we could keep the simpler path of just checking the code source to find our javaagent file when not using lib-injection.
So customers won’t be always be notified of multiple agent setup. I’m okay with both and agree it make the installation lighter.
A flag to disable these extra checks in the field would also be appreciated, just in case someone wants to use lib-injection and these reflective checks are having an unexpected side-effect
There is a flag to force injection despite of the check result but you mean something different, isn’t it? You would prefer having a way to not run the check at alls, I am right? It is not part of the RFC but I can propose it and check if other languages want to adopt it too.
for those situations it's ok to have an info message about there being multiple javaagents, but making it always a warning might be too strong.
Agreed. Is changing message prefix from WARNING to INFO enough?
You would prefer having a way to not run the check at alls, I am right?
Yes, mainly because there are side-effects to attempting to access the VM arguments during premain which is why we've typically avoided doing that in the past. We are going to encounter a situation where a user wants to use lib-injection but is blocked by those side-effects, so we need a way to completely disable them. (Unfortunately this kind of check in premain can have as much impact as what we're trying to avoid...)
We don't necessarily need a new flag, we could assume that DD_INJECT_FORCE=true means don't run the checks at all.
Is changing message prefix from WARNING to INFO enough?
We should check the message with interested parties - especially the wording around supported configurations.
Ideally we want to inform/empower the user so they know the situation and can decide which approach to take.
We should check the message with interested parties
I take the message and wording from the public documentation website.
I should have taken the comments into account. I also added dedicated smoke tests in order to test lib-injection safeguards more easily (currently only multiple agents check, but more to come later).
We should make sure to call this new feature out in the release notes
I labeled the PR using the breaking change label and put the comment to include in the release notes in the description.