Curt Wu and Steve Marotta are software engineers at Charles River Analytics (www.cra.com).
Developers using third-party applications or libraries often face the challenge of customizing that software to suit the task at hand. Sometimes the application performs exactly as designed, but still doesn't quite do what is required in a unique situation, and no amount of parameter tweaking does the trick. In this case, customization can be especially challenging if the third-party application is not open-source and offers limited extension points.
But even if source code is available, there may be good reasons not to modify it. For instance, one reason to use third-party code is to avoid reinventing the wheel and to automatically get that fancy new tire upgrade when Wheel 2.0 is released. Direct modification of code means that you've created a fork in the source code, and customizations will need to be manually merged with any subsequent versions that are released. Keeping the original application intact generally provides greater flexibility in the deployment of any modified code. For example, if the new code can be kept distinct and decoupled from the original application source code, then it is easier to port these changes to other applications. This let developers apply the same behavioral changes to multiple applications from different vendors. In this case, any additional code must be inserted in such a way that the original application will execute as-is, blissfully unaware that its behavior has been modified.
For a concrete example, let's examine the use of sockets in Java. Suppose we wanted to modify how a Java application communicates over a network to simulate low bandwidth or poor connection quality. We can achieve this by modifying or replacing Java's Socket class. Although inter-host communication between Java applications does not require Java Sockets, in practice, nearly all such communication leverages the Socket library found in the JRE's java.net package -- either directly or indirectly (e.g., through RMI classes). To slow down communications and simulate a slower network, we want to introduce a carefully controlled delay into each socket data stream. How can we do this without access to the application source code? There are several possible ways to do this, and we will discuss two approaches that we found useful for our modified socket problem.
By Your Own Bootstraps
One point of insertion of new code for an application is at its boundaries -- where it interfaces with external libraries. If the changes we would like to make can be made within these external libraries (e.g., communication over sockets), then replacing an external library with one that incorporates customized code would modify behavior without modifying the main application. Provided you have the means to modify and rebuild it, replacing a typical library found on the classpath is straightforward. However, the Socket class is part of the JRE in rt.jar, and modifying the JRE creates some complications.
If we want to modify a class in the JRE, there is a direct approach and a more subtle replacement approach. The direct approach is to build a custom JRE by, for example, replacing the socket-related classes within rt.jar. While this works, replacing the JRE limits the portability of the solution to other environments because multiple JREs would need to be maintained. A similar but more maintainable solution is to modify a JRE at runtime by adding a specific class to the bootstrap classloader that supersedes the behavior of the same class within rt.jar. For those unfamiliar with the bootstrap classloader, it is the primordial classloader that loads the JRE classes and is distinct from the system classloader, which loads classes from the classpath and is lower in the classpath hierarchy.
For our socket modification example, we would create a modified Socket class with the same name and interface as the original Socket but with different implementation that meets our needs. The name and interface must be identical because this new Socket will be a drop-in replacement. Science-fiction fans may recognize this as the "evil twin" approach, where clients of the Socket are unaware that beneath the same familiar exterior lurks a replacement implementation. Once we have the modified Socket, we simply prepend this new class to the bootstrap classpath, and the new Socket essentially replaces the original Socket for any code within the JVM that invokes it (see Example 1). Note that the new class must be prepended to the bootstrap classpath, so it takes precedence over the original Socket class found later in the path in rt.jar.
java -cp thirdparty.jar -Xbootclasspath/p:custom.jar; com.cra.MyApp
The downside of this modified JRE approach is that the changes to the libraries are JVM-wide and thus all code is stuck using these modified libraries. Also, because the modified code must be on the bootstrap classloader, all code that supports the modification (i.e., dependencies) must also be loaded by this classloader. If the application requires a custom classloader or is otherwise incompatible with the bootstrap classloader, and the modified code depends on code within the application, then this may not be feasible. Finally, the issue that is possibly most troubling is that we are modifying the internals of the JRE. Because we are replacing the implementation of classes in the JRE, any solution is highly dependent on the JRE version, and thus brittle. To support multiple JREs, we would need to maintain an entire family of evil twins, and any future changes to our modified code would need to be duplicated across the entire family.