Move interception to second-pass transformer with relocated package

AnneKoziolek · claude · AnneKoziolek · commit 1c0d4ffd1f69 · 2026-03-21T22:35:21.000Z
Architecture change: comparison interception is now a separate
ClassFileTransformer registered in GaletteAgent.premain(), running
as a second pass after the main Galette transformer. This avoids
modifying the jlink image entirely.

Key changes:
- Move interception PathUtils from internal.runtime (module-owned by
  java.base in jlink) to edu.neu.ccs.prl.galette.interception package
  (loadable from bootclasspath at runtime)
- Rename to InterceptionPathUtils to avoid confusion with knarr-runtime's
  PathUtils
- Inline ComparisonInterceptorVisitor logic in GaletteAgent to avoid
  NoClassDefFoundError (internal.transform classes not in jlink image)
- Remove interception from GaletteTransformer (handled by second pass)
- Update PathConstraintAPI to reference new class location

The jlink image is built from clean galette-instrument (pre-interception)
and only the runtime agent JAR contains interception support.

Note: execution currently hangs during first iteration - likely a
classloading deadlock from intercepting too many framework classes.
Needs exclusion list tuning.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/galette-agent/src/main/java/edu/neu/ccs/prl/galette/PathConstraintAPI.java b/galette-agent/src/main/java/edu/neu/ccs/prl/galette/PathConstraintAPI.java
@@ -15,7 +15,7 @@ public class PathConstraintAPI {
      */
     public static List<?> getCurrentConstraints() {
         try {
-            Class<?> pathUtilsClass = Class.forName("edu.neu.ccs.prl.galette.internal.runtime.PathUtils");
+            Class<?> pathUtilsClass = Class.forName("edu.neu.ccs.prl.galette.interception.InterceptionPathUtils");
             java.lang.reflect.Method getCurrentMethod = pathUtilsClass.getMethod("getCurrent");
             return (List<?>) getCurrentMethod.invoke(null);
         } catch (Exception e) {
@@ -30,7 +30,7 @@ public static List<?> getCurrentConstraints() {
      */
     public static List<?> flushConstraints() {
         try {
-            Class<?> pathUtilsClass = Class.forName("edu.neu.ccs.prl.galette.internal.runtime.PathUtils");
+            Class<?> pathUtilsClass = Class.forName("edu.neu.ccs.prl.galette.interception.InterceptionPathUtils");
             java.lang.reflect.Method flushMethod = pathUtilsClass.getMethod("flush");
             return (List<?>) flushMethod.invoke(null);
         } catch (Exception e) {
@@ -45,7 +45,7 @@ public static List<?> flushConstraints() {
      */
     public static boolean isAvailable() {
         try {
-            Class.forName("edu.neu.ccs.prl.galette.internal.runtime.PathUtils");
+            Class.forName("edu.neu.ccs.prl.galette.interception.InterceptionPathUtils");
             return true;
         } catch (ClassNotFoundException e) {
             return false;
diff --git a/galette-agent/src/main/java/edu/neu/ccs/prl/galette/interception/InterceptionPathUtils.java b/galette-agent/src/main/java/edu/neu/ccs/prl/galette/interception/InterceptionPathUtils.java
@@ -1,4 +1,4 @@
-package edu.neu.ccs.prl.galette.internal.runtime;
+package edu.neu.ccs.prl.galette.interception;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -11,7 +11,7 @@
  *
  * Collected constraints are retrieved via flush() by GalettePathConstraintBridge in knarr-runtime.
  */
-public final class PathUtils {
+public final class InterceptionPathUtils {
 
     private static volatile boolean enabled =
             "true".equals(System.getProperty("galette.concolic.interception.enabled"));
@@ -45,7 +45,9 @@ public static int instrumentedLcmp(long v1, long v2) {
                 PATH_CONDITIONS.get().add(new Constraint(v1, v2, "LCMP", result));
             }
             return result;
-        } finally { exitMethod(); }
+        } finally {
+            exitMethod();
+        }
     }
 
     public static int instrumentedFcmpl(float v1, float v2) {
@@ -56,7 +58,9 @@ public static int instrumentedFcmpl(float v1, float v2) {
                 PATH_CONDITIONS.get().add(new Constraint(v1, v2, "FCMPL", result));
             }
             return result;
-        } finally { exitMethod(); }
+        } finally {
+            exitMethod();
+        }
     }
 
     public static int instrumentedFcmpg(float v1, float v2) {
@@ -67,7 +71,9 @@ public static int instrumentedFcmpg(float v1, float v2) {
                 PATH_CONDITIONS.get().add(new Constraint(v1, v2, "FCMPG", result));
             }
             return result;
-        } finally { exitMethod(); }
+        } finally {
+            exitMethod();
+        }
     }
 
     public static int instrumentedDcmpl(double v1, double v2) {
@@ -78,7 +84,9 @@ public static int instrumentedDcmpl(double v1, double v2) {
                 PATH_CONDITIONS.get().add(new Constraint(v1, v2, "DCMPL", result));
             }
             return result;
-        } finally { exitMethod(); }
+        } finally {
+            exitMethod();
+        }
     }
 
     public static int instrumentedDcmpg(double v1, double v2) {
@@ -89,43 +97,67 @@ public static int instrumentedDcmpg(double v1, double v2) {
                 PATH_CONDITIONS.get().add(new Constraint(v1, v2, "DCMPG", result));
             }
             return result;
-        } finally { exitMethod(); }
+        } finally {
+            exitMethod();
+        }
     }
 
     public static boolean instrumentedIcmpJump(int v1, int v2, String op) {
         enterMethod();
         try {
             boolean result;
             switch (op) {
-                case "EQ": result = v1 == v2; break;
-                case "NE": result = v1 != v2; break;
-                case "LT": result = v1 < v2; break;
-                case "GE": result = v1 >= v2; break;
-                case "GT": result = v1 > v2; break;
-                case "LE": result = v1 <= v2; break;
-                default: result = false;
+                case "EQ":
+                    result = v1 == v2;
+                    break;
+                case "NE":
+                    result = v1 != v2;
+                    break;
+                case "LT":
+                    result = v1 < v2;
+                    break;
+                case "GE":
+                    result = v1 >= v2;
+                    break;
+                case "GT":
+                    result = v1 > v2;
+                    break;
+                case "LE":
+                    result = v1 <= v2;
+                    break;
+                default:
+                    result = false;
             }
             if (isEnabled()) {
                 PATH_CONDITIONS.get().add(new Constraint(v1, v2, op, result ? 1 : 0));
             }
             return result;
-        } finally { exitMethod(); }
+        } finally {
+            exitMethod();
+        }
     }
 
     public static boolean instrumentedAcmpJump(Object v1, Object v2, String op) {
         enterMethod();
         try {
             boolean result;
             switch (op) {
-                case "ACMP_EQ": result = v1 == v2; break;
-                case "ACMP_NE": result = v1 != v2; break;
-                default: result = false;
+                case "ACMP_EQ":
+                    result = v1 == v2;
+                    break;
+                case "ACMP_NE":
+                    result = v1 != v2;
+                    break;
+                default:
+                    result = false;
             }
             if (isEnabled()) {
                 PATH_CONDITIONS.get().add(new Constraint(v1, v2, op, result ? 1 : 0));
             }
             return result;
-        } finally { exitMethod(); }
+        } finally {
+            exitMethod();
+        }
     }
 
     // ===== Access methods (called by GalettePathConstraintBridge via PathConstraintAPI) =====
diff --git a/galette-agent/src/main/java/edu/neu/ccs/prl/galette/internal/agent/GaletteAgent.java b/galette-agent/src/main/java/edu/neu/ccs/prl/galette/internal/agent/GaletteAgent.java
@@ -10,10 +10,10 @@
 import java.lang.instrument.ClassFileTransformer;
 import java.lang.instrument.Instrumentation;
 import java.security.ProtectionDomain;
+import org.objectweb.asm.*;
 
 public final class GaletteAgent {
     static {
-        // Thread should be safe to initialize at this point; initialize the spare frame store
         SpareFrameStore.initialize();
     }
 
@@ -32,6 +32,10 @@ public static void premain(String agentArgs, Instrumentation inst) throws IOExce
         TransformationCache cache = cachePath == null ? null : new TransformationCache(new File(cachePath));
         GaletteTransformer.setCache(cache);
         inst.addTransformer(new TransformerWrapper());
+        // Register comparison interception as a second-pass transformer.
+        if (Boolean.getBoolean("galette.concolic.interception.enabled")) {
+            inst.addTransformer(new ComparisonInterceptionTransformer());
+        }
     }
 
     private static final class TransformerWrapper implements ClassFileTransformer {
@@ -42,23 +46,175 @@ public byte[] transform(
                 ClassLoader loader,
                 String className,
                 Class<?> classBeingRedefined,
-                ProtectionDomain protectionDomain,
-                byte[] classFileBuffer,
+                ProtectionDomain pd,
+                byte[] buf,
                 TagFrame frame) {
-            return transform(loader, className, classBeingRedefined, protectionDomain, classFileBuffer);
+            return transform(loader, className, classBeingRedefined, pd, buf);
         }
 
         @Override
+        public byte[] transform(
+                ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain pd, byte[] buf) {
+            if (classBeingRedefined != null) return null;
+            return transformer.transform(buf, false);
+        }
+    }
+
+    /**
+     * Second-pass transformer that intercepts comparison bytecodes in application classes.
+     * All interception logic is inlined here to avoid loading classes from internal.transform
+     * (which may not exist in the jlink image).
+     */
+    private static final class ComparisonInterceptionTransformer implements ClassFileTransformer {
+        private static final String PATH_UTILS = "edu/neu/ccs/prl/galette/interception/InterceptionPathUtils";
+
+        @SuppressWarnings("unused")
         public byte[] transform(
                 ClassLoader loader,
                 String className,
                 Class<?> classBeingRedefined,
-                ProtectionDomain protectionDomain,
-                byte[] classFileBuffer) {
-            if (classBeingRedefined != null) {
+                ProtectionDomain pd,
+                byte[] buf,
+                TagFrame frame) {
+            return transform(loader, className, classBeingRedefined, pd, buf);
+        }
+
+        @Override
+        public byte[] transform(
+                ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain pd, byte[] buf) {
+            if (classBeingRedefined != null || className == null || isExcluded(className)) return null;
+            try {
+                ClassReader cr = new ClassReader(buf);
+                ClassWriter cw = new ClassWriter(cr, ClassWriter.COMPUTE_MAXS);
+                cr.accept(new InterceptionClassVisitor(cw), ClassReader.EXPAND_FRAMES);
+                return cw.toByteArray();
+            } catch (Throwable t) {
                 return null;
             }
-            return transformer.transform(classFileBuffer, false);
+        }
+
+        private static boolean isExcluded(String cn) {
+            return cn.startsWith("java/")
+                    || cn.startsWith("javax/")
+                    || cn.startsWith("sun/")
+                    || cn.startsWith("jdk/")
+                    || cn.startsWith("com/sun/")
+                    || cn.startsWith("edu/neu/ccs/prl/galette/internal/")
+                    || cn.startsWith("edu/neu/ccs/prl/galette/concolic/")
+                    || cn.startsWith("za/ac/sun/cs/green/")
+                    || cn.startsWith("edu/gmu/swe/")
+                    || cn.startsWith("org/objectweb/asm/")
+                    || cn.startsWith("org/eclipse/")
+                    || cn.startsWith("tools/vitruv/")
+                    || cn.startsWith("com/google/");
+        }
+
+        /** Inlined ClassVisitor that intercepts comparison bytecodes. */
+        private static final class InterceptionClassVisitor extends ClassVisitor {
+            InterceptionClassVisitor(ClassVisitor cv) {
+                super(Opcodes.ASM9, cv);
+            }
+
+            @Override
+            public MethodVisitor visitMethod(int access, String name, String desc, String sig, String[] ex) {
+                MethodVisitor mv = super.visitMethod(access, name, desc, sig, ex);
+                return new InterceptionMethodVisitor(mv);
+            }
+        }
+
+        /** Inlined MethodVisitor that replaces comparison instructions with PathUtils calls. */
+        private static final class InterceptionMethodVisitor extends MethodVisitor {
+            InterceptionMethodVisitor(MethodVisitor mv) {
+                super(Opcodes.ASM9, mv);
+            }
+
+            @Override
+            public void visitInsn(int opcode) {
+                switch (opcode) {
+                    case Opcodes.LCMP:
+                        mv.visitMethodInsn(Opcodes.INVOKESTATIC, PATH_UTILS, "instrumentedLcmp", "(JJ)I", false);
+                        break;
+                    case Opcodes.FCMPL:
+                        mv.visitMethodInsn(Opcodes.INVOKESTATIC, PATH_UTILS, "instrumentedFcmpl", "(FF)I", false);
+                        break;
+                    case Opcodes.FCMPG:
+                        mv.visitMethodInsn(Opcodes.INVOKESTATIC, PATH_UTILS, "instrumentedFcmpg", "(FF)I", false);
+                        break;
+                    case Opcodes.DCMPL:
+                        mv.visitMethodInsn(Opcodes.INVOKESTATIC, PATH_UTILS, "instrumentedDcmpl", "(DD)I", false);
+                        break;
+                    case Opcodes.DCMPG:
+                        mv.visitMethodInsn(Opcodes.INVOKESTATIC, PATH_UTILS, "instrumentedDcmpg", "(DD)I", false);
+                        break;
+                    default:
+                        super.visitInsn(opcode);
+                }
+            }
+
+            @Override
+            public void visitJumpInsn(int opcode, Label label) {
+                switch (opcode) {
+                    case Opcodes.IF_ICMPEQ:
+                    case Opcodes.IF_ICMPNE:
+                    case Opcodes.IF_ICMPLT:
+                    case Opcodes.IF_ICMPGE:
+                    case Opcodes.IF_ICMPGT:
+                    case Opcodes.IF_ICMPLE:
+                        mv.visitLdcInsn(opToString(opcode));
+                        mv.visitMethodInsn(
+                                Opcodes.INVOKESTATIC,
+                                PATH_UTILS,
+                                "instrumentedIcmpJump",
+                                "(IILjava/lang/String;)Z",
+                                false);
+                        mv.visitJumpInsn(Opcodes.IFNE, label);
+                        break;
+                    case Opcodes.IFEQ:
+                    case Opcodes.IFNE:
+                    case Opcodes.IFLT:
+                    case Opcodes.IFGE:
+                    case Opcodes.IFGT:
+                    case Opcodes.IFLE:
+                        // Single-operand: push 0 and use two-operand version
+                        mv.visitInsn(Opcodes.ICONST_0);
+                        mv.visitLdcInsn(opToString(opcode));
+                        mv.visitMethodInsn(
+                                Opcodes.INVOKESTATIC,
+                                PATH_UTILS,
+                                "instrumentedIcmpJump",
+                                "(IILjava/lang/String;)Z",
+                                false);
+                        mv.visitJumpInsn(Opcodes.IFNE, label);
+                        break;
+                    default:
+                        super.visitJumpInsn(opcode, label);
+                }
+            }
+
+            private static String opToString(int opcode) {
+                switch (opcode) {
+                    case Opcodes.IF_ICMPEQ:
+                    case Opcodes.IFEQ:
+                        return "EQ";
+                    case Opcodes.IF_ICMPNE:
+                    case Opcodes.IFNE:
+                        return "NE";
+                    case Opcodes.IF_ICMPLT:
+                    case Opcodes.IFLT:
+                        return "LT";
+                    case Opcodes.IF_ICMPGE:
+                    case Opcodes.IFGE:
+                        return "GE";
+                    case Opcodes.IF_ICMPGT:
+                    case Opcodes.IFGT:
+                        return "GT";
+                    case Opcodes.IF_ICMPLE:
+                    case Opcodes.IFLE:
+                        return "LE";
+                    default:
+                        return "UNKNOWN";
+                }
+            }
         }
     }
 }
diff --git a/galette-agent/src/main/java/edu/neu/ccs/prl/galette/internal/transform/GaletteTransformer.java b/galette-agent/src/main/java/edu/neu/ccs/prl/galette/internal/transform/GaletteTransformer.java
@@ -136,21 +136,9 @@ private byte[] transform(ClassReader cr, boolean propagate, boolean isHostedAnon
         // Remove computed frames
         ClassVisitor cv = hasFrames ? cw : new FrameRemover(cw);
 
-        // Add comparison interception for bytecode-level constraint collection.
-        // Only enabled when explicitly requested via system property.
-        // At jlink time the property is not set, so JDK classes are not intercepted.
-        // At runtime the agent reads the property and intercepts application classes.
-        if (Boolean.getBoolean("galette.concolic.interception.enabled")
-                && !cn.name.startsWith("edu/neu/ccs/prl/galette/internal/")) {
-            // For application classes (not JDK/internal), also intercept single-operand jumps
-            // (IFEQ/IFLT/etc.) which capture comparisons like `if (x < 0)`.
-            boolean isApplicationClass = !cn.name.startsWith("java/")
-                    && !cn.name.startsWith("javax/")
-                    && !cn.name.startsWith("sun/")
-                    && !cn.name.startsWith("jdk/")
-                    && !cn.name.startsWith("com/sun/");
-            cv = new ComparisonInterceptorVisitor(cv, isApplicationClass);
-        }
+        // NOTE: Comparison interception is handled by ComparisonInterceptionTransformer
+        // registered as a second-pass transformer in GaletteAgent.premain().
+        // This keeps the jlink image clean (no interception baked in).
 
         // Make the members of certain classes publicly accessible
         if (AccessModifier.isApplicable(cn.name)) {
diff --git a/knarr-runtime/pom.xml b/knarr-runtime/pom.xml
