解决问题 #250 增加SandboxProtector机制，让Sandbox核心类在工作时候所产生的事件尽可能不被自己所感知。这样可以解决在增强来自BootstrapClassLoader的类时不必要的性能开销。

Author: dongchenxu

sandbox-core/src/main/java/com/alibaba/jvm/sandbox/core/JvmSandbox.java

@@ -2,9 +2,10 @@
 
 import com.alibaba.jvm.sandbox.core.enhance.weaver.EventListenerHandler;
 import com.alibaba.jvm.sandbox.core.manager.CoreModuleManager;
+import com.alibaba.jvm.sandbox.core.manager.impl.DefaultCoreLoadedClassDataSource;
 import com.alibaba.jvm.sandbox.core.manager.impl.DefaultCoreModuleManager;
-import com.alibaba.jvm.sandbox.core.manager.impl.DefaultLoadedClassDataSource;
 import com.alibaba.jvm.sandbox.core.manager.impl.DefaultProviderManager;
+import com.alibaba.jvm.sandbox.core.util.SandboxProtector;
 import com.alibaba.jvm.sandbox.core.util.SpyUtils;
 
 import java.lang.instrument.Instrumentation;
@@ -21,12 +22,12 @@ public JvmSandbox(final CoreConfigure cfg,
                       final Instrumentation inst) {
         EventListenerHandler.getSingleton();
         this.cfg = cfg;
-        this.coreModuleManager = new DefaultCoreModuleManager(
+        this.coreModuleManager = SandboxProtector.instance.protectProxy(CoreModuleManager.class, new DefaultCoreModuleManager(
                 cfg,
                 inst,
-                new DefaultLoadedClassDataSource(inst, cfg.isEnableUnsafe()),
+                new DefaultCoreLoadedClassDataSource(inst, cfg.isEnableUnsafe()),
                 new DefaultProviderManager(cfg)
-        );
+        ));
 
         init();
     }

sandbox-core/src/main/java/com/alibaba/jvm/sandbox/core/enhance/weaver/EventListenerHandler.java

@@ -6,6 +6,7 @@
 import com.alibaba.jvm.sandbox.api.event.InvokeEvent;
 import com.alibaba.jvm.sandbox.api.listener.EventListener;
 import com.alibaba.jvm.sandbox.core.util.ObjectIDs;
+import com.alibaba.jvm.sandbox.core.util.SandboxProtector;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -303,6 +304,12 @@ private boolean checkProcessStack(final int processId,
     @Override
     public Spy.Ret handleOnBefore(int listenerId, int targetClassLoaderObjectID, Object[] argumentArray, String javaClassName, String javaMethodName, String javaMethodDesc, Object target) throws Throwable {
 
+        // 在守护区内产生的事件不需要响应
+        if (SandboxProtector.instance.isInProtecting()) {
+            logger.debug("listener={} is in protecting, ignore processing before-event", listenerId);
+            return newInstanceForNone();
+        }
+
         // 获取事件处理器
         final EventProcessor processor = mappingOfEventProcessor.get(listenerId);
 
@@ -361,6 +368,12 @@ private Spy.Ret handleOnEnd(final int listenerId,
                                 final Object object,
                                 final boolean isReturn) throws Throwable {
 
+        // 在守护区内产生的事件不需要响应
+        if (SandboxProtector.instance.isInProtecting()) {
+            logger.debug("listener={} is in protecting, ignore processing {}-event", listenerId, isReturn ? "return" : "throws");
+            return newInstanceForNone();
+        }
+
         final EventProcessor wrap = mappingOfEventProcessor.get(listenerId);
 
         // 如果尚未注册,则直接返回,不做任何处理
@@ -420,6 +433,12 @@ private Spy.Ret handleOnEnd(final int listenerId,
 
     @Override
     public void handleOnCallBefore(int listenerId, int lineNumber, String owner, String name, String desc) throws Throwable {
+
+        // 在守护区内产生的事件不需要响应
+        if (SandboxProtector.instance.isInProtecting()) {
+            logger.debug("listener={} is in protecting, ignore processing call-before-event", listenerId);
+        }
+
         final EventProcessor wrap = mappingOfEventProcessor.get(listenerId);
         if (null == wrap) {
             logger.debug("listener={} is not activated, ignore processing call-before-event.", listenerId);
@@ -457,6 +476,12 @@ public void handleOnCallBefore(int listenerId, int lineNumber, String owner, Str
 
     @Override
     public void handleOnCallReturn(int listenerId) throws Throwable {
+
+        // 在守护区内产生的事件不需要响应
+        if (SandboxProtector.instance.isInProtecting()) {
+            logger.debug("listener={} is in protecting, ignore processing call-return-event", listenerId);
+        }
+
         final EventProcessor wrap = mappingOfEventProcessor.get(listenerId);
         if (null == wrap) {
             logger.debug("listener={} is not activated, ignore processing call-return-event.", listenerId);
@@ -488,6 +513,12 @@ public void handleOnCallReturn(int listenerId) throws Throwable {
 
     @Override
     public void handleOnCallThrows(int listenerId, String throwException) throws Throwable {
+
+        // 在守护区内产生的事件不需要响应
+        if (SandboxProtector.instance.isInProtecting()) {
+            logger.debug("listener={} is in protecting, ignore processing call-throws-event", listenerId);
+        }
+
         final EventProcessor wrap = mappingOfEventProcessor.get(listenerId);
         if (null == wrap) {
             logger.debug("listener={} is not activated, ignore processing call-throws-event.", listenerId);
@@ -519,6 +550,12 @@ public void handleOnCallThrows(int listenerId, String throwException) throws Thr
 
     @Override
     public void handleOnLine(int listenerId, int lineNumber) throws Throwable {
+
+        // 在守护区内产生的事件不需要响应
+        if (SandboxProtector.instance.isInProtecting()) {
+            logger.debug("listener={} is in protecting, ignore processing call-line-event", listenerId);
+        }
+
         final EventProcessor wrap = mappingOfEventProcessor.get(listenerId);
         if (null == wrap) {
             logger.debug("listener={} is not activated, ignore processing line-event.", listenerId);

sandbox-core/src/main/java/com/alibaba/jvm/sandbox/core/enhance/weaver/EventProcessor.java

@@ -30,7 +30,7 @@ class Process {
         private final GaStack<Integer> stack
                 = new ThreadUnsafeGaStack<Integer>();
 
-        // 需要忽略整个调用过程
+        // 是否需要忽略整个调用过程
         private boolean isIgnoreProcess = false;
 
         // 是否来自ImmediatelyThrowsException所抛出的异常
@@ -143,7 +143,6 @@ void markExceptionFromImmediately() {
             isExceptionFromImmediately = true;
         }
 
-
         /**
          * 获取事件工厂
          *

sandbox-core/src/main/java/com/alibaba/jvm/sandbox/core/manager/LoadedClassLoaderListener.java

@@ -0,0 +1,145 @@
+package com.alibaba.jvm.sandbox.core.manager.impl;
+
+import com.alibaba.jvm.sandbox.api.filter.Filter;
+import com.alibaba.jvm.sandbox.core.manager.CoreLoadedClassDataSource;
+import com.alibaba.jvm.sandbox.core.util.SandboxProtector;
+import com.alibaba.jvm.sandbox.core.util.matcher.ExtFilterMatcher;
+import com.alibaba.jvm.sandbox.core.util.matcher.Matcher;
+import com.alibaba.jvm.sandbox.core.util.matcher.UnsupportedMatcher;
+import com.alibaba.jvm.sandbox.core.util.matcher.structure.ClassStructureFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.lang.instrument.Instrumentation;
+import java.util.*;
+
+import static com.alibaba.jvm.sandbox.api.filter.ExtFilter.ExtFilterFactory.make;
+import static com.alibaba.jvm.sandbox.core.util.SandboxClassUtils.isComeFromSandboxFamily;
+import static com.alibaba.jvm.sandbox.core.util.SandboxStringUtils.toInternalClassName;
+
+/**
+ * 已加载类数据源默认实现
+ *
+ * @author [email protected]
+ */
+public class DefaultCoreLoadedClassDataSource implements CoreLoadedClassDataSource {
+
+    private final Logger logger = LoggerFactory.getLogger(getClass());
+    private final Instrumentation inst;
+    private final boolean isEnableUnsafe;
+
+    public DefaultCoreLoadedClassDataSource(final Instrumentation inst,
+                                            final boolean isEnableUnsafe) {
+        this.inst = inst;
+        this.isEnableUnsafe = isEnableUnsafe;
+    }
+
+    @Override
+    public Set<Class<?>> list() {
+        final Set<Class<?>> classes = new LinkedHashSet<Class<?>>();
+        for (Class<?> clazz : inst.getAllLoadedClasses()) {
+            classes.add(clazz);
+        }
+        return classes;
+    }
+
+    @Override
+    public Iterator<Class<?>> iteratorForLoadedClasses() {
+        return new Iterator<Class<?>>() {
+
+            final Class<?>[] loaded = inst.getAllLoadedClasses();
+            int pos = 0;
+
+            @Override
+            public boolean hasNext() {
+                return pos < loaded.length;
+            }
+
+            @Override
+            public Class<?> next() {
+                return loaded[pos++];
+            }
+
+            @Override
+            public void remove() {
+                throw new UnsupportedOperationException();
+            }
+
+        };
+    }
+
+    @Override
+    public List<Class<?>> findForReTransform(final Matcher matcher) {
+        return find(matcher, true);
+    }
+
+    private List<Class<?>> find(final Matcher matcher,
+                                final boolean isRemoveUnsupported) {
+
+        SandboxProtector.instance.enterProtecting();
+        try {
+
+            final List<Class<?>> classes = new ArrayList<Class<?>>();
+            if (null == matcher) {
+                return classes;
+            }
+
+            final Iterator<Class<?>> itForLoaded = iteratorForLoadedClasses();
+            while (itForLoaded.hasNext()) {
+                final Class<?> clazz = itForLoaded.next();
+
+                // #242 的建议，过滤掉sandbox家族的类
+                if (isComeFromSandboxFamily(toInternalClassName(clazz.getName()), clazz.getClassLoader())) {
+                    continue;
+                }
+
+                // 过滤掉对于JVM认为不可修改的类
+                if (isRemoveUnsupported
+                        && !inst.isModifiableClass(clazz)) {
+                    // logger.debug("remove from findForReTransform, because class:{} is unModifiable", clazz.getName());
+                    continue;
+                }
+                try {
+                    if (isRemoveUnsupported) {
+                        if (new UnsupportedMatcher(clazz.getClassLoader(), isEnableUnsafe)
+                                .and(matcher)
+                                .matching(ClassStructureFactory.createClassStructure(clazz))
+                                .isMatched()) {
+                            classes.add(clazz);
+                        }
+                    } else {
+                        if (matcher.matching(ClassStructureFactory.createClassStructure(clazz)).isMatched()) {
+                            classes.add(clazz);
+                        }
+                    }
+
+                } catch (Throwable cause) {
+                    // 在这里可能会遇到非常坑爹的模块卸载错误
+                    // 当一个URLClassLoader被动态关闭之后，但JVM已经加载的类并不知情（因为没有GC）
+                    // 所以当尝试获取这个类更多详细信息的时候会引起关联类的ClassNotFoundException等未知的错误（取决于底层ClassLoader的实现）
+                    // 这里没有办法穷举出所有的异常情况，所以catch Throwable来完成异常容灾处理
+                    // 当解析类出现异常的时候，直接简单粗暴的认为根本没有这个类就好了
+                    logger.debug("remove from findForReTransform, because loading class:{} occur an exception", clazz.getName(), cause);
+                }
+            }
+            return classes;
+
+        } finally {
+            SandboxProtector.instance.exitProtecting();
+        }
+
+    }
+
+
+    /**
+     * 根据过滤器搜索出匹配的类集合
+     *
+     * @param filter 扩展过滤器
+     * @return 匹配的类集合
+     */
+    @Override
+    public Set<Class<?>> find(Filter filter) {
+        return new LinkedHashSet<Class<?>>(find(new ExtFilterMatcher(make(filter)), false));
+    }
+
+}

sandbox-core/src/main/java/com/alibaba/jvm/sandbox/core/manager/impl/DefaultCoreLoadedClassDataSource.java

@@ -12,6 +12,7 @@
 import com.alibaba.jvm.sandbox.core.manager.CoreModuleManager;
 import com.alibaba.jvm.sandbox.core.manager.ProviderManager;
 import com.alibaba.jvm.sandbox.core.manager.impl.ModuleLibLoader.ModuleJarLoadCallback;
+import com.alibaba.jvm.sandbox.core.util.SandboxProtector;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.reflect.FieldUtils;
@@ -211,25 +212,25 @@ private void injectResourceOnLoadIfNecessary(final CoreModule coreModule) throws
 
                 // ModuleEventWatcher对象注入
                 else if (ModuleEventWatcher.class.isAssignableFrom(fieldType)) {
-                    final ModuleEventWatcher moduleEventWatcher = coreModule.append(new ReleaseResource<ModuleEventWatcher>(new DefaultModuleEventWatcher(
-                            inst,
-                            classDataSource,
-                            coreModule,
-                            cfg.isEnableUnsafe(),
-                            cfg.getNamespace()
-                    )) {
-                        @Override
-                        public void release() {
-                            logger.info("release all SandboxClassFileTransformer for module={}", coreModule.getUniqueId());
-                            final ModuleEventWatcher moduleEventWatcher = get();
-                            if (null != moduleEventWatcher) {
-                                for (final SandboxClassFileTransformer sandboxClassFileTransformer
-                                        : new ArrayList<SandboxClassFileTransformer>(coreModule.getSandboxClassFileTransformers())) {
-                                    moduleEventWatcher.delete(sandboxClassFileTransformer.getWatchId());
+                    final ModuleEventWatcher moduleEventWatcher = coreModule.append(
+                            new ReleaseResource<ModuleEventWatcher>(
+                                    SandboxProtector.instance.protectProxy(
+                                            ModuleEventWatcher.class,
+                                            new DefaultModuleEventWatcher(inst, classDataSource, coreModule, cfg.isEnableUnsafe(), cfg.getNamespace())
+                                    )
+                            ) {
+                                @Override
+                                public void release() {
+                                    logger.info("release all SandboxClassFileTransformer for module={}", coreModule.getUniqueId());
+                                    final ModuleEventWatcher moduleEventWatcher = get();
+                                    if (null != moduleEventWatcher) {
+                                        for (final SandboxClassFileTransformer sandboxClassFileTransformer
+                                                : new ArrayList<SandboxClassFileTransformer>(coreModule.getSandboxClassFileTransformers())) {
+                                            moduleEventWatcher.delete(sandboxClassFileTransformer.getWatchId());
+                                        }
+                                    }
                                 }
-                            }
-                        }
-                    });
+                            });
 
                     writeField(
                             resourceField,