Skip to content

Disable process advice until after agent tracer is registered #10088

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Disable process advice until after agent tracer is registered #10088

wants to merge 1 commit into from
+13 −12

Conversation

@mcculls
Copy link
Contributor

@mcculls mcculls commented Dec 5, 2025
edited
Loading

Motivation

This avoids a potential reentrant situation when tracer debug is enabled:

  1. The full Config is logged during startup in its constructor
  2. This includes any lazy config fields, such as the hostname
  3. If the host is not available in the environment/host-files then Config calls the hostname command using Runtime.exec(...)
  4. The Runtime.exec(...) call is intercepted by the process advice
  5. The process advice calls Config.get() to see if RASP is enabled
  6. Config.get() returns null as the config is still being built

The resulting NPE is caught before it escapes to the application, but it still results in log-spam that could confuse investigations.

The APPSEC feature will only be marked as ready (and active) after Config has been initialized, at which point it is safe to enable the RASP process advice.

Additional Notes

Example stack trace:

[dd.trace 2025-12-05 11:47:22:698 +0000] [main] DEBUG datadog.telemetry.dependency.LocationsCollectingTransformer - New pro[dd.trace 2025-12-05 11:47:22:475 +0000] [main] DEBUG datadog.trace.bootstrap.ExceptionLogger - Failed to handle exception in instrumentation for java.lang.Runtime
java.lang.NullPointerException: Cannot invoke "datadog.trace.api.Config.isAppSecRaspEnabled()" because the return value of "datadog.trace.api.Config.get()" is null
        at datadog.trace.bootstrap.instrumentation.api.java.lang.ProcessImplInstrumentationHelpers.shiRaspCheck(ProcessImplInstrumentationHelpers.java:271)
        at java.base/java.lang.Runtime.exec(Runtime.java:411)
        at java.base/java.lang.Runtime.exec(Runtime.java:315)
        at datadog.trace.api.Config.initHostName(Config.java:5619)
        at datadog.trace.api.Config$HostNameHolder.<clinit>(Config.java:788)
        at datadog.trace.api.Config.getHostName(Config.java:3066)
        at datadog.trace.api.Config.toString(Config.java:5727)
        at datadog.slf4j.helpers.MessageFormatter.safeObjectAppend(MessageFormatter.java:277)
        at datadog.slf4j.helpers.MessageFormatter.deeplyAppendParameter(MessageFormatter.java:249)
        at datadog.slf4j.helpers.MessageFormatter.arrayFormat(MessageFormatter.java:211)
        at datadog.slf4j.helpers.MessageFormatter.arrayFormat(MessageFormatter.java:161)
        at datadog.slf4j.helpers.MessageFormatter.format(MessageFormatter.java:124)
        at datadog.trace.logging.ddlogger.DDLogger.formatLog(DDLogger.java:331)
        at datadog.trace.logging.ddlogger.DDTelemetryLogger.formatLog(DDTelemetryLogger.java:18)
        at datadog.trace.logging.ddlogger.DDLogger.debug(DDLogger.java:98)
        at datadog.trace.api.Config.<init>(Config.java:2980)
        at datadog.trace.api.Config.<clinit>(Config.java:5683)
        at datadog.trace.bootstrap.Agent.createProfilingContextIntegration(Agent.java:1312)
        at datadog.trace.bootstrap.Agent.installDatadogTracer(Agent.java:811)
        at datadog.trace.bootstrap.Agent.access$300(Agent.java:86)
        at datadog.trace.bootstrap.Agent$InstallDatadogTracerCallback.<init>(Agent.java:662)
        at datadog.trace.bootstrap.Agent.start(Agent.java:387)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:569)
        at datadog.trace.bootstrap.AgentBootstrap.agentmainImpl(AgentBootstrap.java:159)
        at datadog.trace.bootstrap.AgentBootstrap.agentmain(AgentBootstrap.java:73)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:569)
        at datadog.trace.bootstrap.AgentPreCheck.continueBootstrap(AgentPreCheck.java:169)
        at datadog.trace.bootstrap.AgentPreCheck.agentmain(AgentPreCheck.java:24)
        at datadog.trace.bootstrap.AgentPreCheck.premain(AgentPreCheck.java:17)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:569)
        at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:491)
        at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:503)

Contributor Checklist

Jira ticket: [PROJ-IDENT]

@mcculls mcculls added type: bug Bug report and fix inst: java Core Java language instrumentation labels Dec 5, 2025
@mcculls mcculls force-pushed the mcculls/avoid-config-loopback-via-process-instrumentation branch from 83a9432 to bb69b39 Compare December 5, 2025 11:41
@mcculls mcculls added the tag: no release notes Changes to exclude from release notes label Dec 5, 2025
@mcculls mcculls marked this pull request as ready for review December 5, 2025 12:22
@mcculls mcculls requested a review from a team as a code owner December 5, 2025 12:22
@pr-commenter
Copy link

pr-commenter bot commented Dec 5, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mcculls/avoid-config-loopback-via-process-instrumentation
git_commit_date 1764888648 1764939746
git_commit_sha 4e48384 eb98d04
release_version 1.57.0-SNAPSHOT~4e48384724 1.57.0-SNAPSHOT~eb98d0407a
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1764941541 1764941541
ci_job_id 1272304399 1272304399
ci_pipeline_id 85006173 85006173
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-ds0ny40t 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-ds0ny40t 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 58 metrics, 7 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.57.0-SNAPSHOT~eb98d0407a, baseline=1.57.0-SNAPSHOT~4e48384724

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.08 s) : 0, 1080083
Total [baseline] (10.841 s) : 0, 10840709
Agent [candidate] (1.084 s) : 0, 1083558
Total [candidate] (10.836 s) : 0, 10835679
section appsec
Agent [baseline] (1.269 s) : 0, 1269148
Total [baseline] (11.149 s) : 0, 11148553
Agent [candidate] (1.274 s) : 0, 1274017
Total [candidate] (11.159 s) : 0, 11158696
section iast
Agent [baseline] (1.233 s) : 0, 1232590
Total [baseline] (11.337 s) : 0, 11336517
Agent [candidate] (1.233 s) : 0, 1233058
Total [candidate] (11.207 s) : 0, 11206710
section profiling
Agent [baseline] (1.205 s) : 0, 1205307
Total [baseline] (11.084 s) : 0, 11084141
Agent [candidate] (1.206 s) : 0, 1206161
Total [candidate] (11.019 s) : 0, 11019438
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.08 s -
Agent appsec 1.269 s 189.065 ms (17.5%)
Agent iast 1.233 s 152.507 ms (14.1%)
Agent profiling 1.205 s 125.224 ms (11.6%)
Total tracing 10.841 s -
Total appsec 11.149 s 307.844 ms (2.8%)
Total iast 11.337 s 495.808 ms (4.6%)
Total profiling 11.084 s 243.432 ms (2.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.084 s -
Agent appsec 1.274 s 190.459 ms (17.6%)
Agent iast 1.233 s 149.499 ms (13.8%)
Agent profiling 1.206 s 122.602 ms (11.3%)
Total tracing 10.836 s -
Total appsec 11.159 s 323.017 ms (3.0%)
Total iast 11.207 s 371.031 ms (3.4%)
Total profiling 11.019 s 183.759 ms (1.7%) 
gantt
    title petclinic - break down per module: candidate=1.57.0-SNAPSHOT~eb98d0407a, baseline=1.57.0-SNAPSHOT~4e48384724

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.191 ms) : 0, 1191
crashtracking [candidate] (1.195 ms) : 0, 1195
BytebuddyAgent [baseline] (646.905 ms) : 0, 646905
BytebuddyAgent [candidate] (649.584 ms) : 0, 649584
GlobalTracer [baseline] (282.46 ms) : 0, 282460
GlobalTracer [candidate] (283.086 ms) : 0, 283086
AppSec [baseline] (32.256 ms) : 0, 32256
AppSec [candidate] (32.476 ms) : 0, 32476
Debugger [baseline] (68.302 ms) : 0, 68302
Debugger [candidate] (68.155 ms) : 0, 68155
Remote Config [baseline] (626.119 µs) : 0, 626
Remote Config [candidate] (645.862 µs) : 0, 646
Telemetry [baseline] (9.058 ms) : 0, 9058
Telemetry [candidate] (9.067 ms) : 0, 9067
Flare Poller [baseline] (3.671 ms) : 0, 3671
Flare Poller [candidate] (3.725 ms) : 0, 3725
section appsec
crashtracking [baseline] (1.195 ms) : 0, 1195
crashtracking [candidate] (1.21 ms) : 0, 1210
BytebuddyAgent [baseline] (690.497 ms) : 0, 690497
BytebuddyAgent [candidate] (695.169 ms) : 0, 695169
GlobalTracer [baseline] (260.714 ms) : 0, 260714
GlobalTracer [candidate] (261.113 ms) : 0, 261113
AppSec [baseline] (175.321 ms) : 0, 175321
AppSec [candidate] (174.561 ms) : 0, 174561
Debugger [baseline] (67.597 ms) : 0, 67597
Debugger [candidate] (67.862 ms) : 0, 67862
Remote Config [baseline] (748.591 µs) : 0, 749
Remote Config [candidate] (717.671 µs) : 0, 718
Telemetry [baseline] (8.908 ms) : 0, 8908
Telemetry [candidate] (9.014 ms) : 0, 9014
Flare Poller [baseline] (3.886 ms) : 0, 3886
Flare Poller [candidate] (3.888 ms) : 0, 3888
IAST [baseline] (24.627 ms) : 0, 24627
IAST [candidate] (24.682 ms) : 0, 24682
section iast
crashtracking [baseline] (1.211 ms) : 0, 1211
crashtracking [candidate] (1.21 ms) : 0, 1210
BytebuddyAgent [baseline] (796.449 ms) : 0, 796449
BytebuddyAgent [candidate] (797.004 ms) : 0, 797004
GlobalTracer [baseline] (257.88 ms) : 0, 257880
GlobalTracer [candidate] (257.42 ms) : 0, 257420
AppSec [baseline] (34.587 ms) : 0, 34587
AppSec [candidate] (35.851 ms) : 0, 35851
Debugger [baseline] (67.031 ms) : 0, 67031
Debugger [candidate] (66.198 ms) : 0, 66198
Remote Config [baseline] (561.64 µs) : 0, 562
Remote Config [candidate] (548.338 µs) : 0, 548
Telemetry [baseline] (8.475 ms) : 0, 8475
Telemetry [candidate] (8.47 ms) : 0, 8470
Flare Poller [baseline] (3.483 ms) : 0, 3483
Flare Poller [candidate] (3.421 ms) : 0, 3421
IAST [baseline] (27.257 ms) : 0, 27257
IAST [candidate] (27.169 ms) : 0, 27169
section profiling
ProfilingAgent [baseline] (98.436 ms) : 0, 98436
ProfilingAgent [candidate] (98.071 ms) : 0, 98071
crashtracking [baseline] (1.198 ms) : 0, 1198
crashtracking [candidate] (1.2 ms) : 0, 1200
BytebuddyAgent [baseline] (700.97 ms) : 0, 700970
BytebuddyAgent [candidate] (702.566 ms) : 0, 702566
GlobalTracer [baseline] (221.117 ms) : 0, 221117
GlobalTracer [candidate] (220.682 ms) : 0, 220682
AppSec [baseline] (32.272 ms) : 0, 32272
AppSec [candidate] (32.264 ms) : 0, 32264
Debugger [baseline] (68.154 ms) : 0, 68154
Debugger [candidate] (68.296 ms) : 0, 68296
Remote Config [baseline] (632.536 µs) : 0, 633
Remote Config [candidate] (660.996 µs) : 0, 661
Telemetry [baseline] (9.025 ms) : 0, 9025
Telemetry [candidate] (8.976 ms) : 0, 8976
Flare Poller [baseline] (3.766 ms) : 0, 3766
Flare Poller [candidate] (3.795 ms) : 0, 3795
Profiling [baseline] (99.031 ms) : 0, 99031
Profiling [candidate] (98.642 ms) : 0, 98642
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.57.0-SNAPSHOT~eb98d0407a, baseline=1.57.0-SNAPSHOT~4e48384724

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.08 s) : 0, 1080109
Total [baseline] (8.758 s) : 0, 8758428
Agent [candidate] (1.083 s) : 0, 1083053
Total [candidate] (8.783 s) : 0, 8783314
section iast
Agent [baseline] (1.222 s) : 0, 1221920
Total [baseline] (9.523 s) : 0, 9523408
Agent [candidate] (1.223 s) : 0, 1223216
Total [candidate] (9.501 s) : 0, 9500921
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.08 s -
Agent iast 1.222 s 141.811 ms (13.1%)
Total tracing 8.758 s -
Total iast 9.523 s 764.98 ms (8.7%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.083 s -
Agent iast 1.223 s 140.163 ms (12.9%)
Total tracing 8.783 s -
Total iast 9.501 s 717.607 ms (8.2%) 
gantt
    title insecure-bank - break down per module: candidate=1.57.0-SNAPSHOT~eb98d0407a, baseline=1.57.0-SNAPSHOT~4e48384724

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.196 ms) : 0, 1196
crashtracking [candidate] (1.195 ms) : 0, 1195
BytebuddyAgent [baseline] (647.442 ms) : 0, 647442
BytebuddyAgent [candidate] (650.246 ms) : 0, 650246
GlobalTracer [baseline] (282.734 ms) : 0, 282734
GlobalTracer [candidate] (282.645 ms) : 0, 282645
AppSec [baseline] (32.37 ms) : 0, 32370
AppSec [candidate] (32.391 ms) : 0, 32391
Debugger [baseline] (67.411 ms) : 0, 67411
Debugger [candidate] (67.506 ms) : 0, 67506
Remote Config [baseline] (627.848 µs) : 0, 628
Remote Config [candidate] (630.507 µs) : 0, 631
Telemetry [baseline] (9.003 ms) : 0, 9003
Telemetry [candidate] (9.061 ms) : 0, 9061
Flare Poller [baseline] (3.693 ms) : 0, 3693
Flare Poller [candidate] (3.729 ms) : 0, 3729
section iast
crashtracking [baseline] (1.186 ms) : 0, 1186
crashtracking [candidate] (1.2 ms) : 0, 1200
BytebuddyAgent [baseline] (788.497 ms) : 0, 788497
BytebuddyAgent [candidate] (790.894 ms) : 0, 790894
GlobalTracer [baseline] (255.807 ms) : 0, 255807
GlobalTracer [candidate] (255.556 ms) : 0, 255556
IAST [baseline] (26.976 ms) : 0, 26976
IAST [candidate] (27.004 ms) : 0, 27004
AppSec [baseline] (35.806 ms) : 0, 35806
AppSec [candidate] (34.809 ms) : 0, 34809
Debugger [baseline] (65.363 ms) : 0, 65363
Debugger [candidate] (65.663 ms) : 0, 65663
Remote Config [baseline] (557.196 µs) : 0, 557
Remote Config [candidate] (565.563 µs) : 0, 566
Telemetry [baseline] (8.603 ms) : 0, 8603
Telemetry [candidate] (8.513 ms) : 0, 8513
Flare Poller [baseline] (3.539 ms) : 0, 3539
Flare Poller [candidate] (3.516 ms) : 0, 3516
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mcculls/avoid-config-loopback-via-process-instrumentation
git_commit_date 1764888648 1764939746
git_commit_sha 4e48384 eb98d04
release_version 1.57.0-SNAPSHOT~4e48384724 1.57.0-SNAPSHOT~eb98d0407a
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1764942021 1764942021
ci_job_id 1272304402 1272304402
ci_pipeline_id 85006173 85006173
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-4qzyhb1d 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-4qzyhb1d 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 19 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:petclinic:appsec:high_load better
[-1513.178µs; -428.147µs] or [-7.844%; -2.220%]		 unsure
[-2.086ms; -0.410ms] or [-6.674%; -1.311%]		 unstable
[-13.456op/s; +32.831op/s] or [-5.616%; +13.703%]		 18.319ms 30.010ms 249.281op/s 19.290ms 31.258ms 239.594op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~eb98d0407a, baseline=1.57.0-SNAPSHOT~4e48384724
    dateFormat X
    axisFormat %s
section baseline
no_agent (17.992 ms) : 17806, 18178
.   : milestone, 17992,
appsec (19.48 ms) : 19278, 19681
.   : milestone, 19480,
code_origins (18.016 ms) : 17836, 18196
.   : milestone, 18016,
iast (17.661 ms) : 17486, 17836
.   : milestone, 17661,
profiling (19.531 ms) : 19327, 19734
.   : milestone, 19531,
tracing (17.666 ms) : 17490, 17842
.   : milestone, 17666,
section candidate
no_agent (17.873 ms) : 17687, 18059
.   : milestone, 17873,
appsec (18.723 ms) : 18530, 18916
.   : milestone, 18723,
code_origins (17.51 ms) : 17337, 17683
.   : milestone, 17510,
iast (17.528 ms) : 17352, 17704
.   : milestone, 17528,
profiling (19.381 ms) : 19187, 19575
.   : milestone, 19381,
tracing (17.474 ms) : 17302, 17647
.   : milestone, 17474,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.992 ms [17.806 ms, 18.178 ms] -
appsec 19.48 ms [19.278 ms, 19.681 ms] 1.488 ms (8.3%)
code_origins 18.016 ms [17.836 ms, 18.196 ms] 23.965 µs (0.1%)
iast 17.661 ms [17.486 ms, 17.836 ms] -331.001 µs (-1.8%)
profiling 19.531 ms [19.327 ms, 19.734 ms] 1.538 ms (8.6%)
tracing 17.666 ms [17.49 ms, 17.842 ms] -325.895 µs (-1.8%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.873 ms [17.687 ms, 18.059 ms] -
appsec 18.723 ms [18.53 ms, 18.916 ms] 850.51 µs (4.8%)
code_origins 17.51 ms [17.337 ms, 17.683 ms] -362.924 µs (-2.0%)
iast 17.528 ms [17.352 ms, 17.704 ms] -344.863 µs (-1.9%)
profiling 19.381 ms [19.187 ms, 19.575 ms] 1.508 ms (8.4%)
tracing 17.474 ms [17.302 ms, 17.647 ms] -398.283 µs (-2.2%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.57.0-SNAPSHOT~eb98d0407a, baseline=1.57.0-SNAPSHOT~4e48384724
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.182 ms) : 1171, 1193
.   : milestone, 1182,
iast (3.291 ms) : 3246, 3335
.   : milestone, 3291,
iast_FULL (5.755 ms) : 5698, 5812
.   : milestone, 5755,
iast_GLOBAL (3.642 ms) : 3582, 3703
.   : milestone, 3642,
profiling (1.897 ms) : 1881, 1914
.   : milestone, 1897,
tracing (1.784 ms) : 1769, 1799
.   : milestone, 1784,
section candidate
no_agent (1.195 ms) : 1183, 1206
.   : milestone, 1195,
iast (3.384 ms) : 3335, 3433
.   : milestone, 3384,
iast_FULL (5.679 ms) : 5623, 5735
.   : milestone, 5679,
iast_GLOBAL (3.607 ms) : 3556, 3658
.   : milestone, 3607,
profiling (1.984 ms) : 1967, 2000
.   : milestone, 1984,
tracing (1.749 ms) : 1734, 1763
.   : milestone, 1749,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.182 ms [1.171 ms, 1.193 ms] -
iast 3.291 ms [3.246 ms, 3.335 ms] 2.109 ms (178.4%)
iast_FULL 5.755 ms [5.698 ms, 5.812 ms] 4.573 ms (386.9%)
iast_GLOBAL 3.642 ms [3.582 ms, 3.703 ms] 2.46 ms (208.2%)
profiling 1.897 ms [1.881 ms, 1.914 ms] 715.466 µs (60.5%)
tracing 1.784 ms [1.769 ms, 1.799 ms] 601.787 µs (50.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.195 ms [1.183 ms, 1.206 ms] -
iast 3.384 ms [3.335 ms, 3.433 ms] 2.189 ms (183.2%)
iast_FULL 5.679 ms [5.623 ms, 5.735 ms] 4.484 ms (375.3%)
iast_GLOBAL 3.607 ms [3.556 ms, 3.658 ms] 2.413 ms (201.9%)
profiling 1.984 ms [1.967 ms, 2.0 ms] 788.933 µs (66.0%)
tracing 1.749 ms [1.734 ms, 1.763 ms] 553.792 µs (46.4%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mcculls/avoid-config-loopback-via-process-instrumentation
git_commit_date 1764888648 1764939746
git_commit_sha 4e48384 eb98d04
release_version 1.57.0-SNAPSHOT~4e48384724 1.57.0-SNAPSHOT~eb98d0407a
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1764941785 1764941785
ci_job_id 1272304403 1272304403
ci_pipeline_id 85006173 85006173
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-2oruoc87 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-2oruoc87 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~eb98d0407a, baseline=1.57.0-SNAPSHOT~4e48384724
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.057 s) : 15057000, 15057000
.   : milestone, 15057000,
appsec (14.474 s) : 14474000, 14474000
.   : milestone, 14474000,
iast (18.043 s) : 18043000, 18043000
.   : milestone, 18043000,
iast_GLOBAL (17.97 s) : 17970000, 17970000
.   : milestone, 17970000,
profiling (15.345 s) : 15345000, 15345000
.   : milestone, 15345000,
tracing (14.823 s) : 14823000, 14823000
.   : milestone, 14823000,
section candidate
no_agent (15.478 s) : 15478000, 15478000
.   : milestone, 15478000,
appsec (14.518 s) : 14518000, 14518000
.   : milestone, 14518000,
iast (18.153 s) : 18153000, 18153000
.   : milestone, 18153000,
iast_GLOBAL (17.989 s) : 17989000, 17989000
.   : milestone, 17989000,
profiling (14.775 s) : 14775000, 14775000
.   : milestone, 14775000,
tracing (14.971 s) : 14971000, 14971000
.   : milestone, 14971000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.057 s [15.057 s, 15.057 s] -
appsec 14.474 s [14.474 s, 14.474 s] -583.0 ms (-3.9%)
iast 18.043 s [18.043 s, 18.043 s] 2.986 s (19.8%)
iast_GLOBAL 17.97 s [17.97 s, 17.97 s] 2.913 s (19.3%)
profiling 15.345 s [15.345 s, 15.345 s] 288.0 ms (1.9%)
tracing 14.823 s [14.823 s, 14.823 s] -234.0 ms (-1.6%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.478 s [15.478 s, 15.478 s] -
appsec 14.518 s [14.518 s, 14.518 s] -960.0 ms (-6.2%)
iast 18.153 s [18.153 s, 18.153 s] 2.675 s (17.3%)
iast_GLOBAL 17.989 s [17.989 s, 17.989 s] 2.511 s (16.2%)
profiling 14.775 s [14.775 s, 14.775 s] -703.0 ms (-4.5%)
tracing 14.971 s [14.971 s, 14.971 s] -507.0 ms (-3.3%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.57.0-SNAPSHOT~eb98d0407a, baseline=1.57.0-SNAPSHOT~4e48384724
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.484 ms) : 1472, 1496
.   : milestone, 1484,
appsec (2.472 ms) : 2420, 2523
.   : milestone, 2472,
iast (2.208 ms) : 2144, 2273
.   : milestone, 2208,
iast_GLOBAL (2.254 ms) : 2190, 2319
.   : milestone, 2254,
profiling (2.103 ms) : 2049, 2157
.   : milestone, 2103,
tracing (2.034 ms) : 1984, 2085
.   : milestone, 2034,
section candidate
no_agent (1.476 ms) : 1464, 1487
.   : milestone, 1476,
appsec (2.487 ms) : 2435, 2539
.   : milestone, 2487,
iast (2.22 ms) : 2155, 2285
.   : milestone, 2220,
iast_GLOBAL (2.256 ms) : 2191, 2321
.   : milestone, 2256,
profiling (2.07 ms) : 2017, 2122
.   : milestone, 2070,
tracing (2.048 ms) : 1997, 2099
.   : milestone, 2048,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.484 ms [1.472 ms, 1.496 ms] -
appsec 2.472 ms [2.42 ms, 2.523 ms] 987.634 µs (66.6%)
iast 2.208 ms [2.144 ms, 2.273 ms] 724.517 µs (48.8%)
iast_GLOBAL 2.254 ms [2.19 ms, 2.319 ms] 770.356 µs (51.9%)
profiling 2.103 ms [2.049 ms, 2.157 ms] 619.354 µs (41.7%)
tracing 2.034 ms [1.984 ms, 2.085 ms] 550.494 µs (37.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.476 ms [1.464 ms, 1.487 ms] -
appsec 2.487 ms [2.435 ms, 2.539 ms] 1.012 ms (68.5%)
iast 2.22 ms [2.155 ms, 2.285 ms] 744.175 µs (50.4%)
iast_GLOBAL 2.256 ms [2.191 ms, 2.321 ms] 780.406 µs (52.9%)
profiling 2.07 ms [2.017 ms, 2.122 ms] 593.678 µs (40.2%)
tracing 2.048 ms [1.997 ms, 2.099 ms] 572.093 µs (38.8%)

@mcculls mcculls force-pushed the mcculls/avoid-config-loopback-via-process-instrumentation branch from bb69b39 to 7cdda3a Compare December 5, 2025 12:46
@mcculls mcculls changed the title Disable process advice until after agent tracer is registered Disable RASP process advice until APPSEC feature is ready Dec 5, 2025
@mcculls mcculls force-pushed the mcculls/avoid-config-loopback-via-process-instrumentation branch from 7cdda3a to bb69b39 Compare December 5, 2025 12:56
@mcculls mcculls changed the title Disable RASP process advice until APPSEC feature is ready Disable process advice until after agent tracer is registered Dec 5, 2025
@mcculls
Disable process advice until after agent tracer is registered
eb98d04 
This avoids a potential reentrant situation when tracer debug is enabled:
1. The full `Config` is logged during startup in its constructor
2. This includes any lazy config fields, such as the `hostname`
3. If the host is not available in the environment/host-files then
   `Config` calls the `hostname` command using `Runtime.exec(...)`
4. The `Runtime.exec(...)` call is intercepted by the process advice
5. The process advice calls `Config.get()` to see if RASP is enabled
6. `Config.get()` returns `null` as the config is still being built

The resulting NPE is caught before it escapes to the application,
but it still results in log-spam that could confuse investigations.
@mcculls mcculls force-pushed the mcculls/avoid-config-loopback-via-process-instrumentation branch from bb69b39 to eb98d04 Compare December 5, 2025 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amarziali amarziali amarziali approved these changes

@jandro996 jandro996 Awaiting requested review from jandro996

Assignees

No one assigned

Labels

inst: java Core Java language instrumentation tag: no release notes Changes to exclude from release notes type: bug Bug report and fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mcculls @amarziali