javabytecode-manipulation

What are the dangers of bytecode manipulation (if any)?


Bytecode enhancement seems like a very interesting Java technique, but it has the feel of a bit of "black magic" about it. Are there any disadvantages to using it (other than the fact that functionality is added to classes that is not apparent from the source code)?

Does it cause problems with security, serialization, etc.?


Solution

  • Are there any disadvantages to using it (other than the fact that functionality is added to classes that is not apparent from the source code)?

    One thing is that bugs created by bytecode manipulation are likely to be more difficult to diagnose. Examination of the source code, and source level debugging will be harder.

    Does it cause problems with security,

    The verifier should (in theory) prevent the modified bytecode from breaking the core type system and corrupting the JVM. (And it goes without saying that untrusted code shouldn't be allowed to do bytecode modification, so we can discount that scenario.) However, in the past, some Java byte code verifiers have been less than thorough.

    Furthermore, bytecode modification :

    serialization, etc.?

    Bytecode modification can do things that will make existing serialized objects unreadable by the modified class; e.g. by adding and removing fields, or by changing a classes superclass and interfaces. However, you can do the same thing by changing the sourcecode.