0

Other than reflection, Is there a way by which we can identify if java class has been modified (fields). We have thousands of classes within our application .We have a requirement that we need to have some tests in place which can detect if java classes had been modified by developers - interms of adding fields or changing the accessmodifiers or changing types etc.

Reflection doesnt work since we have 100s of classes which we want to keep track of ?

Is there a reliable way by which we can calculate some kind of hash reliably, given that we have java class files stored in db as bytea type postgres ?

M. Shashanka
  • 39
  • 1
  • 8
  • 4
    How about checking for changes to the relevant files in your source control? – khelwood Apr 25 '20 at 14:03
  • Wait ... you're storing binary images of compiled Java classes in your database? Is this a common practice? – Jim Mischel Apr 28 '20 at 01:12
  • @JimMischel thats altogether a different discussion :-) Lets not discuss it. What i am more interested to know is Given i have access to dot class file of a source java file, i need to figure out from the dot class file incase source java file is changed.. i am assuming any changes in java source file will cause dot class file to get changed. Now, how can i use my dot class file to detect that a change has happened – M. Shashanka Apr 28 '20 at 15:21
  • @M.Shashanka is your question now: Will a change to a java source always result in a different bytecode? I'm almost certain there are already a question and answers to that. – anttix Apr 28 '20 at 15:36
  • @khelwood that option is not feasible for us. we wanted to build some automation which detects changes before they are checked into repository – M. Shashanka Apr 28 '20 at 19:26

1 Answers1

0

Reflection would work assuming that you can load the classes; i.e. their dependencies are available.

Another approach would be to use the Apache BCEL (http://commons.apache.org/proper/commons-bcel/) or ASM (https://asm.ow2.io/) libraries. In addition to checking field and method signatures, these would also allow you to examine and even modify the bytecodes of the methods.

Finally, it would be feasible to parse the output of javap, though that approach is fragile. The javap output format is not specified, and it could change from one Java version to the next.

I just realized that my requirement has changed - I need to basically detect any business logic changes inside methods within my java class.

The only way you can do to detect logic changes is to compare the bytecodes (or hashes of the bytecodes) for the methods. That is going to be sensitive to the bytecode compiler that was used, and is also going to give false positives for many code changes that don't effect the method semantics. Doing better than this is probably not feasible ... unless you are willing to spend man-years on the problem.

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
  • Thanks Stephen ! i just realized that my requirement has changed - i need to basically detect any business logic changes inside methods within my java class, not just fields, accessmodifiers - Note that i cant rely on source java file for detecting the change. Essentially, it is like any change in java file that can change the output . – M. Shashanka Apr 28 '20 at 14:50
  • It seems you have no other choice than to use a checksum (such as a SHA hash) of the binary representation of the class in the database. This is how, ahem, source control software such as Git works: It computes checksums and diffs. Now that said, your problem is mostly due to bad architecture. Change management is generally done at the source level, not against binary artifacts. The next "ask" is going to be to actually find the differences and this is where you will hit a wall: Binary diff of two class files does not make much sense to mere mortals. – anttix Apr 28 '20 at 15:31
  • @anttix are these binary representaion of class (essentialy dot class files) sensitive to java compiler version ? In other words, for a given source java file, can we have different binary representations , when run with different jdk versions - if that is the case, checksum may not be helpful here.. – M. Shashanka Apr 28 '20 at 19:54
  • This is a different question altogether. Yes they are: https://stackoverflow.com/questions/14984984/is-the-creation-of-java-class-files-deterministic This is the wall I was talking about. Anything more advanced than just detecting if the bytecode changed would need a way to reconstruct the source from the binary. Sorry bro, but there is no replacement for source control. If you need to know for sure if a *source* has changed, you need to track changes to source. Simple! – anttix Apr 28 '20 at 21:32