SlideShare ist ein Scribd-Unternehmen logo

Audit your reactive applications

Als PPTX, PDF herunterladen
OCTO Technology
OCTO Technology

This document discusses auditing reactive applications to detect blocking API calls. It describes how blocking calls can negatively impact performance in reactive systems by consuming thread pools. Various techniques for detecting blocking calls are examined, including modifying the JDK, generating warnings during compilation, and instrumenting code at runtime using a JVM agent. Aspect programming is highlighted as a way to audit applications at load time by weaving in checks for over 500 blocking methods across many Java APIs. The reactive-audit tool is introduced as an open source project for helping developers test for blocking calls in frameworks like Play, Jetty, and Akka.

Internet
1 von 25
Audit your reactive applications +PhilippePrados @pprados +François-Xavier Bonnet @fxbonnet
What is reactive? ● Responsive ● Resilient ● Elastic ● Message driven “Non-blocking communication allows recipients to only consume resources while active, leading to less system overhead.” http://www.reactivemanifesto.org/
The problem: blocking APIs ● Blocking APIs consume the thread pool because of too much waiting time  ● We should have no more threads than cores on the machine
How do I track blocking API calls? ● Modifying the JVM? ● Generating warnings during compilation? ● Instrumenting the code at runtime using a JVM agent? Code Compiler JRE
Modifying the JDK ● This strategy has been used by Google in Android SDK in order to avoid the use of blocking API in a UI thread ● Not too hard for pure java methods but what about native methods (OS specific)?
Generating warnings during compilation? ● Annotate JDK methods inside an IDE? Used by IntelliJ for @Nullable and @NotNull annotations but not standard ● JSR 269 allows to do things at compile time https://jcp.org/en/jsr/detail?id=269 ● Compilation occurs in several phases, we can access the syntax tree only after the first phase o The pure syntax, not the called method name
Generating warnings during compilation? ● JSR308 allows to do things after the second phase http://types.cs.washington.edu/jsr308/ o The augmented syntax tree ● But not included in JDK 8
Generating warnings during compilation? ● Many things can be seen only at runtime ● Ex: java.io.Reader.read() is blocking for a file or network connection but not for memory
Instrumenting the code at runtime using a JVM agent? ● Patch the code at application startup ● Solution:
Auditing using Aspect programing ● Load time weaving ● Java agent at JVM startup ● List all blocking methods ● But, can not be weaving the SDK itself Some tweaks: ● Some methods might be blocking depending on the arguments or internal use!
Aspect programming: example
Checking an application - Play
Log output with Play DEMO
Log output with Play HIGH : Call method void java.io.PrintWriter.print(String) with /tmp/sbt1269029892078438540.log com.octo.reactive.audit.lib.FileReactiveAuditException: Call method void java.io.PrintWriter.print(String) with /tmp/sbt1269029892078438540.log at thread "play-internal-execution-context-1" at sbt.ConsoleOut$$anon$3.print(ConsoleOut.scala:52) at sbt.ConsoleLogger.setColor(ConsoleLogger.scala:158) at sbt.ConsoleLogger.reset(ConsoleLogger.scala:153) at sbt.ConsoleLogger.sbt$ConsoleLogger$$printLabeledLine(ConsoleLogger.scala:168) at sbt.ConsoleLogger$$anonfun$log$1.apply(ConsoleLogger.scala:164) at sbt.ConsoleLogger$$anonfun$log$1.apply(ConsoleLogger.scala:163) at scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:33) at scala.collection.mutable.ArrayOps$ofRef.foreach(ArrayOps.scala:108) at sbt.ConsoleLogger.log(ConsoleLogger.scala:163) at sbt.ConsoleLogger.log(ConsoleLogger.scala:151) at sbt.AbstractLogger.log(Logger.scala:31) ...
Use it with in testing scope ● Because the analysis is performed on effective method calls at runtime ● The audit should be used while running o Integration tests o Functional tests ● Not relevant in unit tests
Configuration ● Alert for all calls to blocking methods? ● We need some filters o Startup shift o Thread name (pattern matching) o Kind and level of blocking call (CPU, File, Network) o Annotations
Configuration at runtime
Log output with Play DEMO
Checked SDK APIs +500 java.io java.lang java.net java.nio.channel java.nio.file java.rmi.registry java.rmi.server java.sql java.util java.util.concurrent java.util.concurrent.locks java.util.logger java.util.zip javax.activation javax.imageio javax.net javax.net.ssl javax.rmi javax.rmi.ssl javax.sql.rowset.spi javax.sql.rowset javax.sql javax.tools javax.transaction.xa javax.xml.bind javax.xml.parsers javax.xml.soap javax.xml.ws.spi javax.xml.ws org.xml.sax
Supported frameworks/languages/servers Framework Windows Mac/linux unknown > reactive-audit > java %AUDIT_OPTS% ... $ source reactive-audit $ java %AUDIT_OPTS% ... jetty > reactive-audit jetty > java %AUDIT_OPTS% -jar start.jar $ source reactive-audit jetty $ java %AUDIT_OPTS% -jar start.jar catalina > reactive-audit catalina -run catalina run $ reactive-audit catalina -run catalina run play > reactive-audit play -run activator run $ reactive-audit play -run activator run vert.x > reactive-audit vertx -run vertx run ... $ reactive-audit vertx -run vertx run ... maven > reactive-audit maven -run mvn ... $ reactive-audit maven -run mvn ... gradle > reactive-audit gradle -run gradle ... $ reactive-audit gradle -run gradle ... sbt > reactive-audit sbt -run sbt ... $ reactive-audit sbt -run sbt ...
Build integration and continuous testing ● Sample script for o Maven o Gradle o Sbt ● You’re welcome to propose others
Use it with your reactive project ● Play ● Akka ● VertX ● AsyncHttpClient ● RxJava ● …
We need you ! ● Check it with your project ● Improve the rules ● Submit some extensions ● Submit plugins for others tools ● Submit XSTL to format XML log file https://github.com/octo-online/reactive-audit
Questions? https://github.com/octo-online/reactive-audit
Questions? LES CONTACTS Philippe PRADOS Manager Tribu Reactive +33 (0)6 20 66 71 00 pprados@octo.com François-Xavier Bonnet Consultant +33 (0)6 13 26 82 99 efortin@octo.com

Empfohlen

Testing with Codeception (Webelement #30)
Testing with Codeception (Webelement #30)Testing with Codeception (Webelement #30)
Testing with Codeception (Webelement #30)
Adam Štipák
 
Efficient JavaScript Unit Testing, May 2012
Efficient JavaScript Unit Testing, May 2012Efficient JavaScript Unit Testing, May 2012
Efficient JavaScript Unit Testing, May 2012
Hazem Saleh
 
Continuous Quality Assurance using Selenium WebDriver
Continuous Quality Assurance using Selenium WebDriverContinuous Quality Assurance using Selenium WebDriver
Continuous Quality Assurance using Selenium WebDriver
AOE
 
Automation testing with Drupal 8
Automation testing with Drupal 8Automation testing with Drupal 8
Automation testing with Drupal 8
nagpalprachi
 
Introducing Playwright's New Test Runner
Introducing Playwright's New Test RunnerIntroducing Playwright's New Test Runner
Introducing Playwright's New Test Runner
Applitools
 
Unit Testing your React / Redux app (@BucharestJS)
Unit Testing your React / Redux app (@BucharestJS)Unit Testing your React / Redux app (@BucharestJS)
Unit Testing your React / Redux app (@BucharestJS)
Alin Pandichi
 
JavaScript Unit Testing
JavaScript Unit TestingJavaScript Unit Testing
JavaScript Unit Testing
Christian Johansen
 
Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12
Franz Allan See
 

Empfohlen

Testing with Codeception (Webelement #30)
Testing with Codeception (Webelement #30)Testing with Codeception (Webelement #30)
Testing with Codeception (Webelement #30)
Adam Štipák
 
Efficient JavaScript Unit Testing, May 2012
Efficient JavaScript Unit Testing, May 2012Efficient JavaScript Unit Testing, May 2012
Efficient JavaScript Unit Testing, May 2012
Hazem Saleh
 
Continuous Quality Assurance using Selenium WebDriver
Continuous Quality Assurance using Selenium WebDriverContinuous Quality Assurance using Selenium WebDriver
Continuous Quality Assurance using Selenium WebDriver
AOE
 
Automation testing with Drupal 8
Automation testing with Drupal 8Automation testing with Drupal 8
Automation testing with Drupal 8
nagpalprachi
 
Introducing Playwright's New Test Runner
Introducing Playwright's New Test RunnerIntroducing Playwright's New Test Runner
Introducing Playwright's New Test Runner
Applitools
 
Unit Testing your React / Redux app (@BucharestJS)
Unit Testing your React / Redux app (@BucharestJS)Unit Testing your React / Redux app (@BucharestJS)
Unit Testing your React / Redux app (@BucharestJS)
Alin Pandichi
 
JavaScript Unit Testing
JavaScript Unit TestingJavaScript Unit Testing
JavaScript Unit Testing
Christian Johansen
 
Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12
Franz Allan See
 
CI / CD w/ Codeception
CI / CD w/ CodeceptionCI / CD w/ Codeception
CI / CD w/ Codeception
Tudor Barbu
 
JavaScript Unit Testing
JavaScript Unit TestingJavaScript Unit Testing
JavaScript Unit Testing
Christian Johansen
 
Automated Frontend Testing
Automated Frontend TestingAutomated Frontend Testing
Automated Frontend Testing
Neil Crosby
 
Night Watch with QA
Night Watch with QANight Watch with QA
Night Watch with QA
Carsten Sandtner
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive tests
SkillPracticalEdTech
 
Testing PHP with Codeception
Testing PHP with CodeceptionTesting PHP with Codeception
Testing PHP with Codeception
John Paul Ada
 
JavaFX JumpStart @JavaOne 2016
JavaFX JumpStart @JavaOne 2016JavaFX JumpStart @JavaOne 2016
JavaFX JumpStart @JavaOne 2016
Hendrik Ebbers
 
Test-Driven JavaScript Development (JavaZone 2010)
Test-Driven JavaScript Development (JavaZone 2010)Test-Driven JavaScript Development (JavaZone 2010)
Test-Driven JavaScript Development (JavaZone 2010)
Christian Johansen
 
Jasmine with JS-Test-Driver
Jasmine with JS-Test-DriverJasmine with JS-Test-Driver
Jasmine with JS-Test-Driver
Devesh Chanchlani
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript Debugging
Rami Sayar
 
Spring competitive tests
Spring competitive testsSpring competitive tests
Spring competitive tests
SkillPracticalEdTech
 
Cypress first impressions
Cypress first impressionsCypress first impressions
Cypress first impressions
Hans Emmel
 
Java fx smart code econ
Java fx smart code econJava fx smart code econ
Java fx smart code econ
Tom Schindl
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive tests
SkillPracticalEdTech
 
Plugins 2.0: The Overview
Plugins 2.0: The OverviewPlugins 2.0: The Overview
Plugins 2.0: The Overview
Atlassian
 
Preparing your code for Java 9
Preparing your code for Java 9Preparing your code for Java 9
Preparing your code for Java 9
Deepu Xavier
 
Test all the things! Automated testing with Drupal 8
Test all the things! Automated testing with Drupal 8Test all the things! Automated testing with Drupal 8
Test all the things! Automated testing with Drupal 8
Sam Becker
 
Selenium & PHPUnit made easy with Steward (Berlin, April 2017)
Selenium & PHPUnit made easy with Steward (Berlin, April 2017)Selenium & PHPUnit made easy with Steward (Berlin, April 2017)
Selenium & PHPUnit made easy with Steward (Berlin, April 2017)
Ondřej Machulda
 
Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...
Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...
Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...
Ondřej Machulda
 
Cache is King
Cache is KingCache is King
Cache is King
Steve Souders
 
SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13
SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13
SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13
Fred Sauer
 
Jdk Tools For Performance Diagnostics
Jdk Tools For Performance DiagnosticsJdk Tools For Performance Diagnostics
Jdk Tools For Performance Diagnostics
Dror Bereznitsky
 

Weitere ähnliche Inhalte

Was ist angesagt?

JavaFX JumpStart @JavaOne 2016
JavaFX JumpStart @JavaOne 2016JavaFX JumpStart @JavaOne 2016
JavaFX JumpStart @JavaOne 2016
Hendrik Ebbers
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript Debugging
Rami Sayar
 

Was ist angesagt? (20)

CI / CD w/ Codeception
CI / CD w/ CodeceptionCI / CD w/ Codeception
CI / CD w/ Codeception
 
JavaScript Unit Testing
JavaScript Unit TestingJavaScript Unit Testing
JavaScript Unit Testing
 
Automated Frontend Testing
Automated Frontend TestingAutomated Frontend Testing
Automated Frontend Testing
 
Night Watch with QA
Night Watch with QANight Watch with QA
Night Watch with QA
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive tests
 
Testing PHP with Codeception
Testing PHP with CodeceptionTesting PHP with Codeception
Testing PHP with Codeception
 
JavaFX JumpStart @JavaOne 2016
JavaFX JumpStart @JavaOne 2016JavaFX JumpStart @JavaOne 2016
JavaFX JumpStart @JavaOne 2016
 
Test-Driven JavaScript Development (JavaZone 2010)
Test-Driven JavaScript Development (JavaZone 2010)Test-Driven JavaScript Development (JavaZone 2010)
Test-Driven JavaScript Development (JavaZone 2010)
 
Jasmine with JS-Test-Driver
Jasmine with JS-Test-DriverJasmine with JS-Test-Driver
Jasmine with JS-Test-Driver
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript Debugging
 
Spring competitive tests
Spring competitive testsSpring competitive tests
Spring competitive tests
 
Cypress first impressions
Cypress first impressionsCypress first impressions
Cypress first impressions
 
Java fx smart code econ
Java fx smart code econJava fx smart code econ
Java fx smart code econ
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive tests
 
Plugins 2.0: The Overview
Plugins 2.0: The OverviewPlugins 2.0: The Overview
Plugins 2.0: The Overview
 
Preparing your code for Java 9
Preparing your code for Java 9Preparing your code for Java 9
Preparing your code for Java 9
 
Test all the things! Automated testing with Drupal 8
Test all the things! Automated testing with Drupal 8Test all the things! Automated testing with Drupal 8
Test all the things! Automated testing with Drupal 8
 
Selenium & PHPUnit made easy with Steward (Berlin, April 2017)
Selenium & PHPUnit made easy with Steward (Berlin, April 2017)Selenium & PHPUnit made easy with Steward (Berlin, April 2017)
Selenium & PHPUnit made easy with Steward (Berlin, April 2017)
 
Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...
Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...
Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...
 
Cache is King
Cache is KingCache is King
Cache is King
 

Ähnlich wie Audit your reactive applications

SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13
SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13
SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13
Fred Sauer
 
eXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework IntroductioneXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework Introduction
vstorm83
 
Automated Performance Testing With J Meter And Maven
Automated Performance Testing With J Meter And MavenAutomated Performance Testing With J Meter And Maven
Automated Performance Testing With J Meter And Maven
PerconaPerformance
 
Jruby synergy-of-ruby-and-java
Jruby synergy-of-ruby-and-javaJruby synergy-of-ruby-and-java
Jruby synergy-of-ruby-and-java
Keith Bennett
 

Ähnlich wie Audit your reactive applications (20)

SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13
SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13
SF JUG - GWT Can Help You Create Amazing Apps - 2009-10-13
 
Jdk Tools For Performance Diagnostics
Jdk Tools For Performance DiagnosticsJdk Tools For Performance Diagnostics
Jdk Tools For Performance Diagnostics
 
eXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework IntroductioneXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework Introduction
 
Google App Engine for Java v0.0.2
Google App Engine for Java v0.0.2Google App Engine for Java v0.0.2
Google App Engine for Java v0.0.2
 
CollabSphere 2021 - DEV114 - The Nuts and Bolts of CI/CD With a Large XPages ...
CollabSphere 2021 - DEV114 - The Nuts and Bolts of CI/CD With a Large XPages ...CollabSphere 2021 - DEV114 - The Nuts and Bolts of CI/CD With a Large XPages ...
CollabSphere 2021 - DEV114 - The Nuts and Bolts of CI/CD With a Large XPages ...
 
Dusan Lukic Magento 2 Integration Tests Meet Magento Serbia 2016
Dusan Lukic Magento 2 Integration Tests Meet Magento Serbia 2016Dusan Lukic Magento 2 Integration Tests Meet Magento Serbia 2016
Dusan Lukic Magento 2 Integration Tests Meet Magento Serbia 2016
 
手把手教你如何串接 Log 到各種網路服務
手把手教你如何串接 Log 到各種網路服務手把手教你如何串接 Log 到各種網路服務
手把手教你如何串接 Log 到各種網路服務
 
Batch Applications for the Java Platform
Batch Applications for the Java PlatformBatch Applications for the Java Platform
Batch Applications for the Java Platform
 
1.introduction to java
1.introduction to java1.introduction to java
1.introduction to java
 
Java introduction
Java introductionJava introduction
Java introduction
 
Java Performance & Profiling
Java Performance & ProfilingJava Performance & Profiling
Java Performance & Profiling
 
Automated Performance Testing With J Meter And Maven
Automated Performance Testing With J Meter And MavenAutomated Performance Testing With J Meter And Maven
Automated Performance Testing With J Meter And Maven
 
Good practices for debugging Selenium and Appium tests
Good practices for debugging Selenium and Appium testsGood practices for debugging Selenium and Appium tests
Good practices for debugging Selenium and Appium tests
 
Java Performance and Using Java Flight Recorder
Java Performance and Using Java Flight RecorderJava Performance and Using Java Flight Recorder
Java Performance and Using Java Flight Recorder
 
Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.
 
Jruby synergy-of-ruby-and-java
Jruby synergy-of-ruby-and-javaJruby synergy-of-ruby-and-java
Jruby synergy-of-ruby-and-java
 
PyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsPyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web Applications
 
01 java intro
01 java intro01 java intro
01 java intro
 
AMIS Oracle OpenWorld 2013 Review Part 3 - Fusion Middleware
AMIS Oracle OpenWorld 2013 Review Part 3 - Fusion MiddlewareAMIS Oracle OpenWorld 2013 Review Part 3 - Fusion Middleware
AMIS Oracle OpenWorld 2013 Review Part 3 - Fusion Middleware
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
 

Kürzlich hochgeladen

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 

Kürzlich hochgeladen (20)

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 

Audit your reactive applications

  • 1. Audit your reactive applications +PhilippePrados @pprados +François-Xavier Bonnet @fxbonnet
  • 2. What is reactive? ● Responsive ● Resilient ● Elastic ● Message driven “Non-blocking communication allows recipients to only consume resources while active, leading to less system overhead.” http://www.reactivemanifesto.org/
  • 3. The problem: blocking APIs ● Blocking APIs consume the thread pool because of too much waiting time  ● We should have no more threads than cores on the machine
  • 4. How do I track blocking API calls? ● Modifying the JVM? ● Generating warnings during compilation? ● Instrumenting the code at runtime using a JVM agent? Code Compiler JRE
  • 5. Modifying the JDK ● This strategy has been used by Google in Android SDK in order to avoid the use of blocking API in a UI thread ● Not too hard for pure java methods but what about native methods (OS specific)?
  • 6. Generating warnings during compilation? ● Annotate JDK methods inside an IDE? Used by IntelliJ for @Nullable and @NotNull annotations but not standard ● JSR 269 allows to do things at compile time https://jcp.org/en/jsr/detail?id=269 ● Compilation occurs in several phases, we can access the syntax tree only after the first phase o The pure syntax, not the called method name
  • 7. Generating warnings during compilation? ● JSR308 allows to do things after the second phase http://types.cs.washington.edu/jsr308/ o The augmented syntax tree ● But not included in JDK 8
  • 8. Generating warnings during compilation? ● Many things can be seen only at runtime ● Ex: java.io.Reader.read() is blocking for a file or network connection but not for memory
  • 9. Instrumenting the code at runtime using a JVM agent? ● Patch the code at application startup ● Solution:
  • 10. Auditing using Aspect programing ● Load time weaving ● Java agent at JVM startup ● List all blocking methods ● But, can not be weaving the SDK itself Some tweaks: ● Some methods might be blocking depending on the arguments or internal use!
  • 13. Log output with Play DEMO
  • 14. Log output with Play HIGH : Call method void java.io.PrintWriter.print(String) with /tmp/sbt1269029892078438540.log com.octo.reactive.audit.lib.FileReactiveAuditException: Call method void java.io.PrintWriter.print(String) with /tmp/sbt1269029892078438540.log at thread "play-internal-execution-context-1" at sbt.ConsoleOut$$anon$3.print(ConsoleOut.scala:52) at sbt.ConsoleLogger.setColor(ConsoleLogger.scala:158) at sbt.ConsoleLogger.reset(ConsoleLogger.scala:153) at sbt.ConsoleLogger.sbt$ConsoleLogger$$printLabeledLine(ConsoleLogger.scala:168) at sbt.ConsoleLogger$$anonfun$log$1.apply(ConsoleLogger.scala:164) at sbt.ConsoleLogger$$anonfun$log$1.apply(ConsoleLogger.scala:163) at scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:33) at scala.collection.mutable.ArrayOps$ofRef.foreach(ArrayOps.scala:108) at sbt.ConsoleLogger.log(ConsoleLogger.scala:163) at sbt.ConsoleLogger.log(ConsoleLogger.scala:151) at sbt.AbstractLogger.log(Logger.scala:31) ...
  • 15. Use it with in testing scope ● Because the analysis is performed on effective method calls at runtime ● The audit should be used while running o Integration tests o Functional tests ● Not relevant in unit tests
  • 16. Configuration ● Alert for all calls to blocking methods? ● We need some filters o Startup shift o Thread name (pattern matching) o Kind and level of blocking call (CPU, File, Network) o Annotations
  • 18. Log output with Play DEMO
  • 19. Checked SDK APIs +500 java.io java.lang java.net java.nio.channel java.nio.file java.rmi.registry java.rmi.server java.sql java.util java.util.concurrent java.util.concurrent.locks java.util.logger java.util.zip javax.activation javax.imageio javax.net javax.net.ssl javax.rmi javax.rmi.ssl javax.sql.rowset.spi javax.sql.rowset javax.sql javax.tools javax.transaction.xa javax.xml.bind javax.xml.parsers javax.xml.soap javax.xml.ws.spi javax.xml.ws org.xml.sax
  • 20. Supported frameworks/languages/servers Framework Windows Mac/linux unknown > reactive-audit > java %AUDIT_OPTS% ... $ source reactive-audit $ java %AUDIT_OPTS% ... jetty > reactive-audit jetty > java %AUDIT_OPTS% -jar start.jar $ source reactive-audit jetty $ java %AUDIT_OPTS% -jar start.jar catalina > reactive-audit catalina -run catalina run $ reactive-audit catalina -run catalina run play > reactive-audit play -run activator run $ reactive-audit play -run activator run vert.x > reactive-audit vertx -run vertx run ... $ reactive-audit vertx -run vertx run ... maven > reactive-audit maven -run mvn ... $ reactive-audit maven -run mvn ... gradle > reactive-audit gradle -run gradle ... $ reactive-audit gradle -run gradle ... sbt > reactive-audit sbt -run sbt ... $ reactive-audit sbt -run sbt ...
  • 21. Build integration and continuous testing ● Sample script for o Maven o Gradle o Sbt ● You’re welcome to propose others
  • 22. Use it with your reactive project ● Play ● Akka ● VertX ● AsyncHttpClient ● RxJava ● …
  • 23. We need you ! ● Check it with your project ● Improve the rules ● Submit some extensions ● Submit plugins for others tools ● Submit XSTL to format XML log file https://github.com/octo-online/reactive-audit
  • 25. Questions? LES CONTACTS Philippe PRADOS Manager Tribu Reactive +33 (0)6 20 66 71 00 pprados@octo.com François-Xavier Bonnet Consultant +33 (0)6 13 26 82 99 efortin@octo.com

Hinweis der Redaktion

  1. PPR FXB
  2. FXB
  3. PPR
  4. PPR
  5. FXB
  6. FXB
  7. PPR
  8. PPR
  9. PPR
  10. FXB
  11. PPR
  12. PPR
  13. PPR
  14. PPR
  15. FXB
  16. FXB
  17. PPR
  18. FXB
  19. PPR
  20. PPR
  21. FXB
  22. PPR / FXB
  23. FXB / PPR
  24. FXB / PPR