top | item 46974371

(no title)

xmcqdpt2 | 19 days ago

In Java you have instrumentation agents that can do arbitrary code rewrite at runtime, including for code that has already been JITted (causing a deoptimization of it). It's first-class supported, unlike in Go.

It's used extensively to (for example) add debugging or tracing to functions in libraries or to sanitize certain code path. At work, we were able to kill off jndi from Log4J to prevent Log4Shell within hours of the announcement this way while waiting for updates of thousands of dependencies.

discuss

No comments yet.