Date: Tue, 14 Jan 1997 12:57:51 -0800
From: mrm@doppio (Marianne Mueller)
Message-Id: <199701142057.MAA07934@puffin.eng.sun.com>
To: rreshef@math.tau.ac.il
Subject: Re: Audit Trail Logging - how?
>
> The straight-forward way to implement it requires access to the source
> code of classes such as Class, SecurityManager and other classes which are
> part of the Java language, and maybe also access to the code of the Java
> Virtual Machine (becuase: i) I assume that an operator like "new" is
> implemented by the JVM source; ii) The whole idea is to enforce the Audit
> Trail policy on all applications and applets, not to depend on their good
> will to comply with it ...)
>
> Unfortunately, I do not have access to this code (I understand that the
> non-commercial licence for the JDK source applies only for the
> platform-dependent part of it).
You certainly can get access to the full source code, for noncommercial
purposes. I understood your project to be a university project?
If so, you can get the source. Refer to http://java.sun.com/products/
JDK/1.0.2 for information on how to get the source for 1.0.2. We are
still in the process of the JDK 1.1 release so we don't have the source
code download set up for that yet, but it's in the planning stage.
>
> My question is: is it possible to have the capability of monitoring events
> such as new class instances, file access, exceptions and so on without
> having access to the source code of the JVM and the language internal
> classes (Object, Class, SecurityManager, File, Throwable etc.)?
> If it is possible - how can I do it? If it is not - is there some way to
> be granted with access to the above mentioned code (internal classes & JVM
> source code)?
>
Are you familiar with code instrumentation in general? It is not
that easy to trace execution -- in general, you do need some
trace mechanism. For example, you might consider compiler-inserted
trace points, or you might consider taking advantage of Solaris runtime
tracing mechanism. This isn't Java-specific, but you could use
the Solaris tracing to get a feel for what is happening on the Solaris
VM.
gprof is an example of compiler-inserted tracepoints.
For more info on Solaris trace points, see
man prex
man tnfdump
man TNF_PROBE
The best lightweight Java solution would be to design and implement
a good class package that would implement a runtime tracing mechanism.
Then, you could add calls to the tracing mechanism at the right places
in the system source. There are tradeoffs between compile-time
instrumentation and runtime instrumentation. Compile time is less
flexible but more efficient. Runtime is harder to design and implement,
but much more flexible in the long run.
Tracing is more general technique, than auditing. It all depends on
what your eventual goal is. If you want to trace events at the level
of monitors etc, you might consider looking at how tnf is implemented
and thinking if you want to design something similar in the Java space.
Marianne