1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "ti_heap.h"
18 
19 #include <ios>
20 #include <unordered_map>
21 
22 #include "android-base/logging.h"
23 #include "android-base/thread_annotations.h"
24 #include "arch/context.h"
25 #include "art_field-inl.h"
26 #include "art_jvmti.h"
27 #include "base/logging.h"
28 #include "base/macros.h"
29 #include "base/mutex.h"
30 #include "base/utils.h"
31 #include "class_linker.h"
32 #include "class_root.h"
33 #include "deopt_manager.h"
34 #include "dex/primitive.h"
35 #include "events-inl.h"
36 #include "gc/collector_type.h"
37 #include "gc/gc_cause.h"
38 #include "gc/heap-visit-objects-inl.h"
39 #include "gc/heap-inl.h"
40 #include "gc/scoped_gc_critical_section.h"
41 #include "gc_root-inl.h"
42 #include "handle.h"
43 #include "handle_scope.h"
44 #include "java_frame_root_info.h"
45 #include "jni/jni_env_ext.h"
46 #include "jni/jni_id_manager.h"
47 #include "jni/jni_internal.h"
48 #include "jvmti_weak_table-inl.h"
49 #include "mirror/array-inl.h"
50 #include "mirror/array.h"
51 #include "mirror/class.h"
52 #include "mirror/object-inl.h"
53 #include "mirror/object-refvisitor-inl.h"
54 #include "mirror/object_array-inl.h"
55 #include "mirror/object_array-alloc-inl.h"
56 #include "mirror/object_reference.h"
57 #include "obj_ptr-inl.h"
58 #include "object_callbacks.h"
59 #include "object_tagging.h"
60 #include "offsets.h"
61 #include "read_barrier.h"
62 #include "runtime.h"
63 #include "scoped_thread_state_change-inl.h"
64 #include "stack.h"
65 #include "thread-inl.h"
66 #include "thread_list.h"
67 #include "ti_logging.h"
68 #include "ti_stack.h"
69 #include "ti_thread.h"
70 #include "well_known_classes.h"
71 
72 namespace openjdkjvmti {
73 
74 EventHandler* HeapExtensions::gEventHandler = nullptr;
75 
76 namespace {
77 
78 struct IndexCache {
79   // The number of interface fields implemented by the class. This is a prefix to all assigned
80   // field indices.
81   size_t interface_fields;
82 
83   // It would be nice to also cache the following, but it is complicated to wire up into the
84   // generic visit:
85   // The number of fields in interfaces and superclasses. This is the first index assigned to
86   // fields of the class.
87   // size_t superclass_fields;
88 };
89 using IndexCachingTable = JvmtiWeakTable<IndexCache>;
90 
91 static IndexCachingTable gIndexCachingTable;
92 
93 // Report the contents of a string, if a callback is set.
ReportString(art::ObjPtr<art::mirror::Object> obj,jvmtiEnv * env,ObjectTagTable * tag_table,const jvmtiHeapCallbacks * cb,const void * user_data)94 jint ReportString(art::ObjPtr<art::mirror::Object> obj,
95                   jvmtiEnv* env,
96                   ObjectTagTable* tag_table,
97                   const jvmtiHeapCallbacks* cb,
98                   const void* user_data) REQUIRES_SHARED(art::Locks::mutator_lock_) {
99   if (UNLIKELY(cb->string_primitive_value_callback != nullptr) && obj->IsString()) {
100     art::ObjPtr<art::mirror::String> str = obj->AsString();
101     int32_t string_length = str->GetLength();
102     JvmtiUniquePtr<uint16_t[]> data;
103 
104     if (string_length > 0) {
105       jvmtiError alloc_error;
106       data = AllocJvmtiUniquePtr<uint16_t[]>(env, string_length, &alloc_error);
107       if (data == nullptr) {
108         // TODO: Not really sure what to do here. Should we abort the iteration and go all the way
109         //       back? For now just warn.
110         LOG(WARNING) << "Unable to allocate buffer for string reporting! Silently dropping value."
111                      << " >" << str->ToModifiedUtf8() << "<";
112         return 0;
113       }
114 
115       if (str->IsCompressed()) {
116         uint8_t* compressed_data = str->GetValueCompressed();
117         for (int32_t i = 0; i != string_length; ++i) {
118           data[i] = compressed_data[i];
119         }
120       } else {
121         // Can copy directly.
122         memcpy(data.get(), str->GetValue(), string_length * sizeof(uint16_t));
123       }
124     }
125 
126     const jlong class_tag = tag_table->GetTagOrZero(obj->GetClass());
127     jlong string_tag = tag_table->GetTagOrZero(obj.Ptr());
128     const jlong saved_string_tag = string_tag;
129 
130     jint result = cb->string_primitive_value_callback(class_tag,
131                                                       obj->SizeOf(),
132                                                       &string_tag,
133                                                       data.get(),
134                                                       string_length,
135                                                       const_cast<void*>(user_data));
136     if (string_tag != saved_string_tag) {
137       tag_table->Set(obj.Ptr(), string_tag);
138     }
139 
140     return result;
141   }
142   return 0;
143 }
144 
145 // Report the contents of a primitive array, if a callback is set.
ReportPrimitiveArray(art::ObjPtr<art::mirror::Object> obj,jvmtiEnv * env,ObjectTagTable * tag_table,const jvmtiHeapCallbacks * cb,const void * user_data)146 jint ReportPrimitiveArray(art::ObjPtr<art::mirror::Object> obj,
147                           jvmtiEnv* env,
148                           ObjectTagTable* tag_table,
149                           const jvmtiHeapCallbacks* cb,
150                           const void* user_data) REQUIRES_SHARED(art::Locks::mutator_lock_) {
151   if (UNLIKELY(cb->array_primitive_value_callback != nullptr) &&
152       obj->IsArrayInstance() &&
153       !obj->IsObjectArray()) {
154     art::ObjPtr<art::mirror::Array> array = obj->AsArray();
155     int32_t array_length = array->GetLength();
156     size_t component_size = array->GetClass()->GetComponentSize();
157     art::Primitive::Type art_prim_type = array->GetClass()->GetComponentType()->GetPrimitiveType();
158     jvmtiPrimitiveType prim_type =
159         static_cast<jvmtiPrimitiveType>(art::Primitive::Descriptor(art_prim_type)[0]);
160     DCHECK(prim_type == JVMTI_PRIMITIVE_TYPE_BOOLEAN ||
161            prim_type == JVMTI_PRIMITIVE_TYPE_BYTE ||
162            prim_type == JVMTI_PRIMITIVE_TYPE_CHAR ||
163            prim_type == JVMTI_PRIMITIVE_TYPE_SHORT ||
164            prim_type == JVMTI_PRIMITIVE_TYPE_INT ||
165            prim_type == JVMTI_PRIMITIVE_TYPE_LONG ||
166            prim_type == JVMTI_PRIMITIVE_TYPE_FLOAT ||
167            prim_type == JVMTI_PRIMITIVE_TYPE_DOUBLE);
168 
169     const jlong class_tag = tag_table->GetTagOrZero(obj->GetClass());
170     jlong array_tag = tag_table->GetTagOrZero(obj.Ptr());
171     const jlong saved_array_tag = array_tag;
172 
173     jint result;
174     if (array_length == 0) {
175       result = cb->array_primitive_value_callback(class_tag,
176                                                   obj->SizeOf(),
177                                                   &array_tag,
178                                                   0,
179                                                   prim_type,
180                                                   nullptr,
181                                                   const_cast<void*>(user_data));
182     } else {
183       jvmtiError alloc_error;
184       JvmtiUniquePtr<char[]> data = AllocJvmtiUniquePtr<char[]>(env,
185                                                                 array_length * component_size,
186                                                                 &alloc_error);
187       if (data == nullptr) {
188         // TODO: Not really sure what to do here. Should we abort the iteration and go all the way
189         //       back? For now just warn.
190         LOG(WARNING) << "Unable to allocate buffer for array reporting! Silently dropping value.";
191         return 0;
192       }
193 
194       memcpy(data.get(), array->GetRawData(component_size, 0), array_length * component_size);
195 
196       result = cb->array_primitive_value_callback(class_tag,
197                                                   obj->SizeOf(),
198                                                   &array_tag,
199                                                   array_length,
200                                                   prim_type,
201                                                   data.get(),
202                                                   const_cast<void*>(user_data));
203     }
204 
205     if (array_tag != saved_array_tag) {
206       tag_table->Set(obj.Ptr(), array_tag);
207     }
208 
209     return result;
210   }
211   return 0;
212 }
213 
214 template <typename UserData>
VisitorFalse(art::ObjPtr<art::mirror::Object> obj ATTRIBUTE_UNUSED,art::ObjPtr<art::mirror::Class> klass ATTRIBUTE_UNUSED,art::ArtField & field ATTRIBUTE_UNUSED,size_t field_index ATTRIBUTE_UNUSED,UserData * user_data ATTRIBUTE_UNUSED)215 bool VisitorFalse(art::ObjPtr<art::mirror::Object> obj ATTRIBUTE_UNUSED,
216                   art::ObjPtr<art::mirror::Class> klass ATTRIBUTE_UNUSED,
217                   art::ArtField& field ATTRIBUTE_UNUSED,
218                   size_t field_index ATTRIBUTE_UNUSED,
219                   UserData* user_data ATTRIBUTE_UNUSED) {
220   return false;
221 }
222 
223 template <typename UserData, bool kCallVisitorOnRecursion>
224 class FieldVisitor {
225  public:
226   // Report the contents of a primitive fields of the given object, if a callback is set.
227   template <typename StaticPrimitiveVisitor,
228             typename StaticReferenceVisitor,
229             typename InstancePrimitiveVisitor,
230             typename InstanceReferenceVisitor>
ReportFields(art::ObjPtr<art::mirror::Object> obj,UserData * user_data,StaticPrimitiveVisitor & static_prim_visitor,StaticReferenceVisitor & static_ref_visitor,InstancePrimitiveVisitor & instance_prim_visitor,InstanceReferenceVisitor & instance_ref_visitor)231   static bool ReportFields(art::ObjPtr<art::mirror::Object> obj,
232                            UserData* user_data,
233                            StaticPrimitiveVisitor& static_prim_visitor,
234                            StaticReferenceVisitor& static_ref_visitor,
235                            InstancePrimitiveVisitor& instance_prim_visitor,
236                            InstanceReferenceVisitor& instance_ref_visitor)
237       REQUIRES_SHARED(art::Locks::mutator_lock_) {
238     FieldVisitor fv(user_data);
239 
240     if (obj->IsClass()) {
241       // When visiting a class, we only visit the static fields of the given class. No field of
242       // superclasses is visited.
243       art::ObjPtr<art::mirror::Class> klass = obj->AsClass();
244       // Only report fields on resolved classes. We need valid field data.
245       if (!klass->IsResolved()) {
246         return false;
247       }
248       return fv.ReportFieldsImpl(nullptr,
249                                  obj->AsClass(),
250                                  obj->AsClass()->IsInterface(),
251                                  static_prim_visitor,
252                                  static_ref_visitor,
253                                  instance_prim_visitor,
254                                  instance_ref_visitor);
255     } else {
256       // See comment above. Just double-checking here, but an instance *should* mean the class was
257       // resolved.
258       DCHECK(obj->GetClass()->IsResolved() || obj->GetClass()->IsErroneousResolved());
259       return fv.ReportFieldsImpl(obj,
260                                  obj->GetClass(),
261                                  false,
262                                  static_prim_visitor,
263                                  static_ref_visitor,
264                                  instance_prim_visitor,
265                                  instance_ref_visitor);
266     }
267   }
268 
269  private:
FieldVisitor(UserData * user_data)270   explicit FieldVisitor(UserData* user_data) : user_data_(user_data) {}
271 
272   // Report the contents of fields of the given object. If obj is null, report the static fields,
273   // otherwise the instance fields.
274   template <typename StaticPrimitiveVisitor,
275             typename StaticReferenceVisitor,
276             typename InstancePrimitiveVisitor,
277             typename InstanceReferenceVisitor>
ReportFieldsImpl(art::ObjPtr<art::mirror::Object> obj,art::ObjPtr<art::mirror::Class> klass,bool skip_java_lang_object,StaticPrimitiveVisitor & static_prim_visitor,StaticReferenceVisitor & static_ref_visitor,InstancePrimitiveVisitor & instance_prim_visitor,InstanceReferenceVisitor & instance_ref_visitor)278   bool ReportFieldsImpl(art::ObjPtr<art::mirror::Object> obj,
279                         art::ObjPtr<art::mirror::Class> klass,
280                         bool skip_java_lang_object,
281                         StaticPrimitiveVisitor& static_prim_visitor,
282                         StaticReferenceVisitor& static_ref_visitor,
283                         InstancePrimitiveVisitor& instance_prim_visitor,
284                         InstanceReferenceVisitor& instance_ref_visitor)
285       REQUIRES_SHARED(art::Locks::mutator_lock_) {
286     // Compute the offset of field indices.
287     size_t interface_field_count = CountInterfaceFields(klass);
288 
289     size_t tmp;
290     bool aborted = ReportFieldsRecursive(obj,
291                                          klass,
292                                          interface_field_count,
293                                          skip_java_lang_object,
294                                          static_prim_visitor,
295                                          static_ref_visitor,
296                                          instance_prim_visitor,
297                                          instance_ref_visitor,
298                                          &tmp);
299     return aborted;
300   }
301 
302   // Visit primitive fields in an object (instance). Return true if the visit was aborted.
303   template <typename StaticPrimitiveVisitor,
304             typename StaticReferenceVisitor,
305             typename InstancePrimitiveVisitor,
306             typename InstanceReferenceVisitor>
ReportFieldsRecursive(art::ObjPtr<art::mirror::Object> obj,art::ObjPtr<art::mirror::Class> klass,size_t interface_fields,bool skip_java_lang_object,StaticPrimitiveVisitor & static_prim_visitor,StaticReferenceVisitor & static_ref_visitor,InstancePrimitiveVisitor & instance_prim_visitor,InstanceReferenceVisitor & instance_ref_visitor,size_t * field_index_out)307   bool ReportFieldsRecursive(art::ObjPtr<art::mirror::Object> obj,
308                              art::ObjPtr<art::mirror::Class> klass,
309                              size_t interface_fields,
310                              bool skip_java_lang_object,
311                              StaticPrimitiveVisitor& static_prim_visitor,
312                              StaticReferenceVisitor& static_ref_visitor,
313                              InstancePrimitiveVisitor& instance_prim_visitor,
314                              InstanceReferenceVisitor& instance_ref_visitor,
315                              size_t* field_index_out)
316       REQUIRES_SHARED(art::Locks::mutator_lock_) {
317     DCHECK(klass != nullptr);
318     size_t field_index;
319     if (klass->GetSuperClass() == nullptr) {
320       // j.l.Object. Start with the fields from interfaces.
321       field_index = interface_fields;
322       if (skip_java_lang_object) {
323         *field_index_out = field_index;
324         return false;
325       }
326     } else {
327       // Report superclass fields.
328       if (kCallVisitorOnRecursion) {
329         if (ReportFieldsRecursive(obj,
330                                   klass->GetSuperClass(),
331                                   interface_fields,
332                                   skip_java_lang_object,
333                                   static_prim_visitor,
334                                   static_ref_visitor,
335                                   instance_prim_visitor,
336                                   instance_ref_visitor,
337                                   &field_index)) {
338           return true;
339         }
340       } else {
341         // Still call, but with empty visitor. This is required for correct counting.
342         ReportFieldsRecursive(obj,
343                               klass->GetSuperClass(),
344                               interface_fields,
345                               skip_java_lang_object,
346                               VisitorFalse<UserData>,
347                               VisitorFalse<UserData>,
348                               VisitorFalse<UserData>,
349                               VisitorFalse<UserData>,
350                               &field_index);
351       }
352     }
353 
354     // Now visit fields for the current klass.
355 
356     for (auto& static_field : klass->GetSFields()) {
357       if (static_field.IsPrimitiveType()) {
358         if (static_prim_visitor(obj,
359                                 klass,
360                                 static_field,
361                                 field_index,
362                                 user_data_)) {
363           return true;
364         }
365       } else {
366         if (static_ref_visitor(obj,
367                                klass,
368                                static_field,
369                                field_index,
370                                user_data_)) {
371           return true;
372         }
373       }
374       field_index++;
375     }
376 
377     for (auto& instance_field : klass->GetIFields()) {
378       if (instance_field.IsPrimitiveType()) {
379         if (instance_prim_visitor(obj,
380                                   klass,
381                                   instance_field,
382                                   field_index,
383                                   user_data_)) {
384           return true;
385         }
386       } else {
387         if (instance_ref_visitor(obj,
388                                  klass,
389                                  instance_field,
390                                  field_index,
391                                  user_data_)) {
392           return true;
393         }
394       }
395       field_index++;
396     }
397 
398     *field_index_out = field_index;
399     return false;
400   }
401 
402   // Implements a visit of the implemented interfaces of a given class.
403   template <typename T>
404   struct RecursiveInterfaceVisit {
VisitStaticopenjdkjvmti::__anon859d03a70111::FieldVisitor::RecursiveInterfaceVisit405     static void VisitStatic(art::Thread* self, art::ObjPtr<art::mirror::Class> klass, T& visitor)
406         REQUIRES_SHARED(art::Locks::mutator_lock_) {
407       RecursiveInterfaceVisit rv;
408       rv.Visit(self, klass, visitor);
409     }
410 
Visitopenjdkjvmti::__anon859d03a70111::FieldVisitor::RecursiveInterfaceVisit411     void Visit(art::Thread* self, art::ObjPtr<art::mirror::Class> klass, T& visitor)
412         REQUIRES_SHARED(art::Locks::mutator_lock_) {
413       // First visit the parent, to get the order right.
414       // (We do this in preparation for actual visiting of interface fields.)
415       if (klass->GetSuperClass() != nullptr) {
416         Visit(self, klass->GetSuperClass(), visitor);
417       }
418       for (uint32_t i = 0; i != klass->NumDirectInterfaces(); ++i) {
419         art::ObjPtr<art::mirror::Class> inf_klass =
420             art::mirror::Class::GetDirectInterface(self, klass, i);
421         DCHECK(inf_klass != nullptr);
422         VisitInterface(self, inf_klass, visitor);
423       }
424     }
425 
VisitInterfaceopenjdkjvmti::__anon859d03a70111::FieldVisitor::RecursiveInterfaceVisit426     void VisitInterface(art::Thread* self, art::ObjPtr<art::mirror::Class> inf_klass, T& visitor)
427         REQUIRES_SHARED(art::Locks::mutator_lock_) {
428       auto it = visited_interfaces.find(inf_klass.Ptr());
429       if (it != visited_interfaces.end()) {
430         return;
431       }
432       visited_interfaces.insert(inf_klass.Ptr());
433 
434       // Let the visitor know about this one. Note that this order is acceptable, as the ordering
435       // of these fields never matters for known visitors.
436       visitor(inf_klass);
437 
438       // Now visit the superinterfaces.
439       for (uint32_t i = 0; i != inf_klass->NumDirectInterfaces(); ++i) {
440         art::ObjPtr<art::mirror::Class> super_inf_klass =
441             art::mirror::Class::GetDirectInterface(self, inf_klass, i);
442         DCHECK(super_inf_klass != nullptr);
443         VisitInterface(self, super_inf_klass, visitor);
444       }
445     }
446 
447     std::unordered_set<art::mirror::Class*> visited_interfaces;
448   };
449 
450   // Counting interface fields. Note that we cannot use the interface table, as that only contains
451   // "non-marker" interfaces (= interfaces with methods).
CountInterfaceFields(art::ObjPtr<art::mirror::Class> klass)452   static size_t CountInterfaceFields(art::ObjPtr<art::mirror::Class> klass)
453       REQUIRES_SHARED(art::Locks::mutator_lock_) {
454     // Do we have a cached value?
455     IndexCache tmp;
456     if (gIndexCachingTable.GetTag(klass.Ptr(), &tmp)) {
457       return tmp.interface_fields;
458     }
459 
460     size_t count = 0;
461     auto visitor = [&count](art::ObjPtr<art::mirror::Class> inf_klass)
462         REQUIRES_SHARED(art::Locks::mutator_lock_) {
463       DCHECK(inf_klass->IsInterface());
464       DCHECK_EQ(0u, inf_klass->NumInstanceFields());
465       count += inf_klass->NumStaticFields();
466     };
467     RecursiveInterfaceVisit<decltype(visitor)>::VisitStatic(art::Thread::Current(), klass, visitor);
468 
469     // Store this into the cache.
470     tmp.interface_fields = count;
471     gIndexCachingTable.Set(klass.Ptr(), tmp);
472 
473     return count;
474   }
475 
476   UserData* user_data_;
477 };
478 
479 // Debug helper. Prints the structure of an object.
480 template <bool kStatic, bool kRef>
481 struct DumpVisitor {
Callbackopenjdkjvmti::__anon859d03a70111::DumpVisitor482   static bool Callback(art::ObjPtr<art::mirror::Object> obj ATTRIBUTE_UNUSED,
483                        art::ObjPtr<art::mirror::Class> klass ATTRIBUTE_UNUSED,
484                        art::ArtField& field,
485                        size_t field_index,
486                        void* user_data ATTRIBUTE_UNUSED)
487       REQUIRES_SHARED(art::Locks::mutator_lock_) {
488     LOG(ERROR) << (kStatic ? "static " : "instance ")
489                << (kRef ? "ref " : "primitive ")
490                << field.PrettyField()
491                << " @ "
492                << field_index;
493     return false;
494   }
495 };
496 ATTRIBUTE_UNUSED
DumpObjectFields(art::ObjPtr<art::mirror::Object> obj)497 void DumpObjectFields(art::ObjPtr<art::mirror::Object> obj)
498     REQUIRES_SHARED(art::Locks::mutator_lock_) {
499   if (obj->IsClass()) {
500     FieldVisitor<void, false>:: ReportFields(obj,
501                                              nullptr,
502                                              DumpVisitor<true, false>::Callback,
503                                              DumpVisitor<true, true>::Callback,
504                                              DumpVisitor<false, false>::Callback,
505                                              DumpVisitor<false, true>::Callback);
506   } else {
507     FieldVisitor<void, true>::ReportFields(obj,
508                                            nullptr,
509                                            DumpVisitor<true, false>::Callback,
510                                            DumpVisitor<true, true>::Callback,
511                                            DumpVisitor<false, false>::Callback,
512                                            DumpVisitor<false, true>::Callback);
513   }
514 }
515 
516 class ReportPrimitiveField {
517  public:
Report(art::ObjPtr<art::mirror::Object> obj,ObjectTagTable * tag_table,const jvmtiHeapCallbacks * cb,const void * user_data)518   static bool Report(art::ObjPtr<art::mirror::Object> obj,
519                      ObjectTagTable* tag_table,
520                      const jvmtiHeapCallbacks* cb,
521                      const void* user_data)
522       REQUIRES_SHARED(art::Locks::mutator_lock_) {
523     if (UNLIKELY(cb->primitive_field_callback != nullptr)) {
524       jlong class_tag = tag_table->GetTagOrZero(obj->GetClass());
525       ReportPrimitiveField rpf(tag_table, class_tag, cb, user_data);
526       if (obj->IsClass()) {
527         return FieldVisitor<ReportPrimitiveField, false>::ReportFields(
528             obj,
529             &rpf,
530             ReportPrimitiveFieldCallback<true>,
531             VisitorFalse<ReportPrimitiveField>,
532             VisitorFalse<ReportPrimitiveField>,
533             VisitorFalse<ReportPrimitiveField>);
534       } else {
535         return FieldVisitor<ReportPrimitiveField, true>::ReportFields(
536             obj,
537             &rpf,
538             VisitorFalse<ReportPrimitiveField>,
539             VisitorFalse<ReportPrimitiveField>,
540             ReportPrimitiveFieldCallback<false>,
541             VisitorFalse<ReportPrimitiveField>);
542       }
543     }
544     return false;
545   }
546 
547 
548  private:
ReportPrimitiveField(ObjectTagTable * tag_table,jlong class_tag,const jvmtiHeapCallbacks * cb,const void * user_data)549   ReportPrimitiveField(ObjectTagTable* tag_table,
550                        jlong class_tag,
551                        const jvmtiHeapCallbacks* cb,
552                        const void* user_data)
553       : tag_table_(tag_table), class_tag_(class_tag), cb_(cb), user_data_(user_data) {}
554 
555   template <bool kReportStatic>
ReportPrimitiveFieldCallback(art::ObjPtr<art::mirror::Object> obj,art::ObjPtr<art::mirror::Class> klass,art::ArtField & field,size_t field_index,ReportPrimitiveField * user_data)556   static bool ReportPrimitiveFieldCallback(art::ObjPtr<art::mirror::Object> obj,
557                                            art::ObjPtr<art::mirror::Class> klass,
558                                            art::ArtField& field,
559                                            size_t field_index,
560                                            ReportPrimitiveField* user_data)
561       REQUIRES_SHARED(art::Locks::mutator_lock_) {
562     art::Primitive::Type art_prim_type = field.GetTypeAsPrimitiveType();
563     jvmtiPrimitiveType prim_type =
564         static_cast<jvmtiPrimitiveType>(art::Primitive::Descriptor(art_prim_type)[0]);
565     DCHECK(prim_type == JVMTI_PRIMITIVE_TYPE_BOOLEAN ||
566            prim_type == JVMTI_PRIMITIVE_TYPE_BYTE ||
567            prim_type == JVMTI_PRIMITIVE_TYPE_CHAR ||
568            prim_type == JVMTI_PRIMITIVE_TYPE_SHORT ||
569            prim_type == JVMTI_PRIMITIVE_TYPE_INT ||
570            prim_type == JVMTI_PRIMITIVE_TYPE_LONG ||
571            prim_type == JVMTI_PRIMITIVE_TYPE_FLOAT ||
572            prim_type == JVMTI_PRIMITIVE_TYPE_DOUBLE);
573     jvmtiHeapReferenceInfo info;
574     info.field.index = field_index;
575 
576     jvalue value;
577     memset(&value, 0, sizeof(jvalue));
578     art::ObjPtr<art::mirror::Object> src = kReportStatic ? klass : obj;
579     switch (art_prim_type) {
580       case art::Primitive::Type::kPrimBoolean:
581         value.z = field.GetBoolean(src) == 0 ? JNI_FALSE : JNI_TRUE;
582         break;
583       case art::Primitive::Type::kPrimByte:
584         value.b = field.GetByte(src);
585         break;
586       case art::Primitive::Type::kPrimChar:
587         value.c = field.GetChar(src);
588         break;
589       case art::Primitive::Type::kPrimShort:
590         value.s = field.GetShort(src);
591         break;
592       case art::Primitive::Type::kPrimInt:
593         value.i = field.GetInt(src);
594         break;
595       case art::Primitive::Type::kPrimLong:
596         value.j = field.GetLong(src);
597         break;
598       case art::Primitive::Type::kPrimFloat:
599         value.f = field.GetFloat(src);
600         break;
601       case art::Primitive::Type::kPrimDouble:
602         value.d = field.GetDouble(src);
603         break;
604       case art::Primitive::Type::kPrimVoid:
605       case art::Primitive::Type::kPrimNot: {
606         LOG(FATAL) << "Should not reach here";
607         UNREACHABLE();
608       }
609     }
610 
611     jlong obj_tag = user_data->tag_table_->GetTagOrZero(src.Ptr());
612     const jlong saved_obj_tag = obj_tag;
613 
614     jint ret = user_data->cb_->primitive_field_callback(kReportStatic
615                                                             ? JVMTI_HEAP_REFERENCE_STATIC_FIELD
616                                                             : JVMTI_HEAP_REFERENCE_FIELD,
617                                                         &info,
618                                                         user_data->class_tag_,
619                                                         &obj_tag,
620                                                         value,
621                                                         prim_type,
622                                                         const_cast<void*>(user_data->user_data_));
623 
624     if (saved_obj_tag != obj_tag) {
625       user_data->tag_table_->Set(src.Ptr(), obj_tag);
626     }
627 
628     if ((ret & JVMTI_VISIT_ABORT) != 0) {
629       return true;
630     }
631 
632     return false;
633   }
634 
635   ObjectTagTable* tag_table_;
636   jlong class_tag_;
637   const jvmtiHeapCallbacks* cb_;
638   const void* user_data_;
639 };
640 
641 struct HeapFilter {
HeapFilteropenjdkjvmti::__anon859d03a70111::HeapFilter642   explicit HeapFilter(jint heap_filter)
643       : filter_out_tagged((heap_filter & JVMTI_HEAP_FILTER_TAGGED) != 0),
644         filter_out_untagged((heap_filter & JVMTI_HEAP_FILTER_UNTAGGED) != 0),
645         filter_out_class_tagged((heap_filter & JVMTI_HEAP_FILTER_CLASS_TAGGED) != 0),
646         filter_out_class_untagged((heap_filter & JVMTI_HEAP_FILTER_CLASS_UNTAGGED) != 0),
647         any_filter(filter_out_tagged ||
648                    filter_out_untagged ||
649                    filter_out_class_tagged ||
650                    filter_out_class_untagged) {
651   }
652 
ShouldReportByHeapFilteropenjdkjvmti::__anon859d03a70111::HeapFilter653   bool ShouldReportByHeapFilter(jlong tag, jlong class_tag) const {
654     if (!any_filter) {
655       return true;
656     }
657 
658     if ((tag == 0 && filter_out_untagged) || (tag != 0 && filter_out_tagged)) {
659       return false;
660     }
661 
662     if ((class_tag == 0 && filter_out_class_untagged) ||
663         (class_tag != 0 && filter_out_class_tagged)) {
664       return false;
665     }
666 
667     return true;
668   }
669 
670   const bool filter_out_tagged;
671   const bool filter_out_untagged;
672   const bool filter_out_class_tagged;
673   const bool filter_out_class_untagged;
674   const bool any_filter;
675 };
676 
677 }  // namespace
678 
Register()679 void HeapUtil::Register() {
680   art::Runtime::Current()->AddSystemWeakHolder(&gIndexCachingTable);
681 }
682 
Unregister()683 void HeapUtil::Unregister() {
684   art::Runtime::Current()->RemoveSystemWeakHolder(&gIndexCachingTable);
685 }
686 
IterateOverInstancesOfClass(jvmtiEnv * env,jclass klass,jvmtiHeapObjectFilter filter,jvmtiHeapObjectCallback cb,const void * user_data)687 jvmtiError HeapUtil::IterateOverInstancesOfClass(jvmtiEnv* env,
688                                                  jclass klass,
689                                                  jvmtiHeapObjectFilter filter,
690                                                  jvmtiHeapObjectCallback cb,
691                                                  const void* user_data) {
692   if (cb == nullptr || klass == nullptr) {
693     return ERR(NULL_POINTER);
694   }
695 
696   art::Thread* self = art::Thread::Current();
697   art::ScopedObjectAccess soa(self);      // Now we know we have the shared lock.
698   art::StackHandleScope<1> hs(self);
699 
700   art::ObjPtr<art::mirror::Object> klass_ptr(soa.Decode<art::mirror::Class>(klass));
701   if (!klass_ptr->IsClass()) {
702     return ERR(INVALID_CLASS);
703   }
704   art::Handle<art::mirror::Class> filter_klass(hs.NewHandle(klass_ptr->AsClass()));
705   ObjectTagTable* tag_table = ArtJvmTiEnv::AsArtJvmTiEnv(env)->object_tag_table.get();
706   bool stop_reports = false;
707   auto visitor = [&](art::mirror::Object* obj) REQUIRES_SHARED(art::Locks::mutator_lock_) {
708     // Early return, as we can't really stop visiting.
709     if (stop_reports) {
710       return;
711     }
712 
713     art::ScopedAssertNoThreadSuspension no_suspension("IterateOverInstancesOfClass");
714 
715     art::ObjPtr<art::mirror::Class> klass = obj->GetClass();
716 
717     if (filter_klass != nullptr && !filter_klass->IsAssignableFrom(klass)) {
718       return;
719     }
720 
721     jlong tag = 0;
722     tag_table->GetTag(obj, &tag);
723     if ((filter != JVMTI_HEAP_OBJECT_EITHER) &&
724         ((tag == 0 && filter == JVMTI_HEAP_OBJECT_TAGGED) ||
725          (tag != 0 && filter == JVMTI_HEAP_OBJECT_UNTAGGED))) {
726       return;
727     }
728 
729     jlong class_tag = 0;
730     tag_table->GetTag(klass.Ptr(), &class_tag);
731 
732     jlong saved_tag = tag;
733     jint ret = cb(class_tag, obj->SizeOf(), &tag, const_cast<void*>(user_data));
734 
735     stop_reports = (ret == JVMTI_ITERATION_ABORT);
736 
737     if (tag != saved_tag) {
738       tag_table->Set(obj, tag);
739     }
740   };
741   art::Runtime::Current()->GetHeap()->VisitObjects(visitor);
742 
743   return OK;
744 }
745 
746 template <typename T>
DoIterateThroughHeap(T fn,jvmtiEnv * env,ObjectTagTable * tag_table,jint heap_filter_int,jclass klass,const jvmtiHeapCallbacks * callbacks,const void * user_data)747 static jvmtiError DoIterateThroughHeap(T fn,
748                                        jvmtiEnv* env,
749                                        ObjectTagTable* tag_table,
750                                        jint heap_filter_int,
751                                        jclass klass,
752                                        const jvmtiHeapCallbacks* callbacks,
753                                        const void* user_data) {
754   if (callbacks == nullptr) {
755     return ERR(NULL_POINTER);
756   }
757 
758   art::Thread* self = art::Thread::Current();
759   art::ScopedObjectAccess soa(self);      // Now we know we have the shared lock.
760 
761   bool stop_reports = false;
762   const HeapFilter heap_filter(heap_filter_int);
763   art::ObjPtr<art::mirror::Class> filter_klass = soa.Decode<art::mirror::Class>(klass);
764   auto visitor = [&](art::mirror::Object* obj) REQUIRES_SHARED(art::Locks::mutator_lock_) {
765     // Early return, as we can't really stop visiting.
766     if (stop_reports) {
767       return;
768     }
769 
770     art::ScopedAssertNoThreadSuspension no_suspension("IterateThroughHeapCallback");
771 
772     jlong tag = 0;
773     tag_table->GetTag(obj, &tag);
774 
775     jlong class_tag = 0;
776     art::ObjPtr<art::mirror::Class> klass = obj->GetClass();
777     tag_table->GetTag(klass.Ptr(), &class_tag);
778     // For simplicity, even if we find a tag = 0, assume 0 = not tagged.
779 
780     if (!heap_filter.ShouldReportByHeapFilter(tag, class_tag)) {
781       return;
782     }
783 
784     if (filter_klass != nullptr) {
785       if (filter_klass != klass) {
786         return;
787       }
788     }
789 
790     jlong size = obj->SizeOf();
791 
792     jint length = -1;
793     if (obj->IsArrayInstance()) {
794       length = obj->AsArray()->GetLength();
795     }
796 
797     jlong saved_tag = tag;
798     jint ret = fn(obj, callbacks, class_tag, size, &tag, length, const_cast<void*>(user_data));
799 
800     if (tag != saved_tag) {
801       tag_table->Set(obj, tag);
802     }
803 
804     stop_reports = (ret & JVMTI_VISIT_ABORT) != 0;
805 
806     if (!stop_reports) {
807       jint string_ret = ReportString(obj, env, tag_table, callbacks, user_data);
808       stop_reports = (string_ret & JVMTI_VISIT_ABORT) != 0;
809     }
810 
811     if (!stop_reports) {
812       jint array_ret = ReportPrimitiveArray(obj, env, tag_table, callbacks, user_data);
813       stop_reports = (array_ret & JVMTI_VISIT_ABORT) != 0;
814     }
815 
816     if (!stop_reports) {
817       stop_reports = ReportPrimitiveField::Report(obj, tag_table, callbacks, user_data);
818     }
819   };
820   art::Runtime::Current()->GetHeap()->VisitObjects(visitor);
821 
822   return ERR(NONE);
823 }
824 
IterateThroughHeap(jvmtiEnv * env,jint heap_filter,jclass klass,const jvmtiHeapCallbacks * callbacks,const void * user_data)825 jvmtiError HeapUtil::IterateThroughHeap(jvmtiEnv* env,
826                                         jint heap_filter,
827                                         jclass klass,
828                                         const jvmtiHeapCallbacks* callbacks,
829                                         const void* user_data) {
830   auto JvmtiIterateHeap = [](art::mirror::Object* obj ATTRIBUTE_UNUSED,
831                              const jvmtiHeapCallbacks* cb_callbacks,
832                              jlong class_tag,
833                              jlong size,
834                              jlong* tag,
835                              jint length,
836                              void* cb_user_data)
837       REQUIRES_SHARED(art::Locks::mutator_lock_) {
838     return cb_callbacks->heap_iteration_callback(class_tag,
839                                                  size,
840                                                  tag,
841                                                  length,
842                                                  cb_user_data);
843   };
844   return DoIterateThroughHeap(JvmtiIterateHeap,
845                               env,
846                               ArtJvmTiEnv::AsArtJvmTiEnv(env)->object_tag_table.get(),
847                               heap_filter,
848                               klass,
849                               callbacks,
850                               user_data);
851 }
852 
853 class FollowReferencesHelper final {
854  public:
FollowReferencesHelper(HeapUtil * h,jvmtiEnv * jvmti_env,art::ObjPtr<art::mirror::Object> initial_object,const jvmtiHeapCallbacks * callbacks,art::ObjPtr<art::mirror::Class> class_filter,jint heap_filter,const void * user_data)855   FollowReferencesHelper(HeapUtil* h,
856                          jvmtiEnv* jvmti_env,
857                          art::ObjPtr<art::mirror::Object> initial_object,
858                          const jvmtiHeapCallbacks* callbacks,
859                          art::ObjPtr<art::mirror::Class> class_filter,
860                          jint heap_filter,
861                          const void* user_data)
862       : env(jvmti_env),
863         tag_table_(h->GetTags()),
864         initial_object_(initial_object),
865         callbacks_(callbacks),
866         class_filter_(class_filter),
867         heap_filter_(heap_filter),
868         user_data_(user_data),
869         start_(0),
870         stop_reports_(false) {
871   }
872 
Init()873   void Init()
874       REQUIRES_SHARED(art::Locks::mutator_lock_)
875       REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
876     if (initial_object_.IsNull()) {
877       CollectAndReportRootsVisitor carrv(this, tag_table_, &worklist_, &visited_);
878 
879       // We need precise info (e.g., vregs).
880       constexpr art::VisitRootFlags kRootFlags = static_cast<art::VisitRootFlags>(
881           art::VisitRootFlags::kVisitRootFlagAllRoots | art::VisitRootFlags::kVisitRootFlagPrecise);
882       art::Runtime::Current()->VisitRoots(&carrv, kRootFlags);
883 
884       art::Runtime::Current()->VisitImageRoots(&carrv);
885       stop_reports_ = carrv.IsStopReports();
886 
887       if (stop_reports_) {
888         worklist_.clear();
889       }
890     } else {
891       visited_.insert(initial_object_.Ptr());
892       worklist_.push_back(initial_object_.Ptr());
893     }
894   }
895 
Work()896   void Work()
897       REQUIRES_SHARED(art::Locks::mutator_lock_)
898       REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
899     // Currently implemented as a BFS. To lower overhead, we don't erase elements immediately
900     // from the head of the work list, instead postponing until there's a gap that's "large."
901     //
902     // Alternatively, we can implement a DFS and use the work list as a stack.
903     while (start_ < worklist_.size()) {
904       art::mirror::Object* cur_obj = worklist_[start_];
905       start_++;
906 
907       if (start_ >= kMaxStart) {
908         worklist_.erase(worklist_.begin(), worklist_.begin() + start_);
909         start_ = 0;
910       }
911 
912       VisitObject(cur_obj);
913 
914       if (stop_reports_) {
915         break;
916       }
917     }
918   }
919 
920  private:
921   class CollectAndReportRootsVisitor final : public art::RootVisitor {
922    public:
CollectAndReportRootsVisitor(FollowReferencesHelper * helper,ObjectTagTable * tag_table,std::vector<art::mirror::Object * > * worklist,std::unordered_set<art::mirror::Object * > * visited)923     CollectAndReportRootsVisitor(FollowReferencesHelper* helper,
924                                  ObjectTagTable* tag_table,
925                                  std::vector<art::mirror::Object*>* worklist,
926                                  std::unordered_set<art::mirror::Object*>* visited)
927         : helper_(helper),
928           tag_table_(tag_table),
929           worklist_(worklist),
930           visited_(visited),
931           stop_reports_(false) {}
932 
VisitRoots(art::mirror::Object *** roots,size_t count,const art::RootInfo & info)933     void VisitRoots(art::mirror::Object*** roots, size_t count, const art::RootInfo& info)
934         override
935         REQUIRES_SHARED(art::Locks::mutator_lock_)
936         REQUIRES(!*helper_->tag_table_->GetAllowDisallowLock()) {
937       for (size_t i = 0; i != count; ++i) {
938         AddRoot(*roots[i], info);
939       }
940     }
941 
VisitRoots(art::mirror::CompressedReference<art::mirror::Object> ** roots,size_t count,const art::RootInfo & info)942     void VisitRoots(art::mirror::CompressedReference<art::mirror::Object>** roots,
943                     size_t count,
944                     const art::RootInfo& info)
945         override REQUIRES_SHARED(art::Locks::mutator_lock_)
946         REQUIRES(!*helper_->tag_table_->GetAllowDisallowLock()) {
947       for (size_t i = 0; i != count; ++i) {
948         AddRoot(roots[i]->AsMirrorPtr(), info);
949       }
950     }
951 
IsStopReports()952     bool IsStopReports() {
953       return stop_reports_;
954     }
955 
956    private:
AddRoot(art::mirror::Object * root_obj,const art::RootInfo & info)957     void AddRoot(art::mirror::Object* root_obj, const art::RootInfo& info)
958         REQUIRES_SHARED(art::Locks::mutator_lock_)
959         REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
960       if (stop_reports_) {
961         return;
962       }
963       bool add_to_worklist = ReportRoot(root_obj, info);
964       // We use visited_ to mark roots already so we do not need another set.
965       if (visited_->find(root_obj) == visited_->end()) {
966         if (add_to_worklist) {
967           visited_->insert(root_obj);
968           worklist_->push_back(root_obj);
969         }
970       }
971     }
972 
973     // Remove NO_THREAD_SAFETY_ANALYSIS once ASSERT_CAPABILITY works correctly.
FindThread(const art::RootInfo & info)974     art::Thread* FindThread(const art::RootInfo& info) NO_THREAD_SAFETY_ANALYSIS {
975       art::Locks::thread_list_lock_->AssertExclusiveHeld(art::Thread::Current());
976       return art::Runtime::Current()->GetThreadList()->FindThreadByThreadId(info.GetThreadId());
977     }
978 
GetReferenceKind(const art::RootInfo & info,jvmtiHeapReferenceInfo * ref_info)979     jvmtiHeapReferenceKind GetReferenceKind(const art::RootInfo& info,
980                                             jvmtiHeapReferenceInfo* ref_info)
981         REQUIRES_SHARED(art::Locks::mutator_lock_) {
982       // TODO: Fill in ref_info.
983       memset(ref_info, 0, sizeof(jvmtiHeapReferenceInfo));
984 
985       switch (info.GetType()) {
986         case art::RootType::kRootJNIGlobal:
987           return JVMTI_HEAP_REFERENCE_JNI_GLOBAL;
988 
989         case art::RootType::kRootJNILocal:
990         {
991           uint32_t thread_id = info.GetThreadId();
992           ref_info->jni_local.thread_id = thread_id;
993 
994           art::Thread* thread = FindThread(info);
995           if (thread != nullptr) {
996             art::mirror::Object* thread_obj;
997             if (thread->IsStillStarting()) {
998               thread_obj = nullptr;
999             } else {
1000               thread_obj = thread->GetPeerFromOtherThread();
1001             }
1002             if (thread_obj != nullptr) {
1003               ref_info->jni_local.thread_tag = tag_table_->GetTagOrZero(thread_obj);
1004             }
1005           }
1006 
1007           // TODO: We don't have this info.
1008           if (thread != nullptr) {
1009             ref_info->jni_local.depth = 0;
1010             art::ArtMethod* method = thread->GetCurrentMethod(nullptr,
1011                                                               /* check_suspended= */ true,
1012                                                               /* abort_on_error= */ false);
1013             if (method != nullptr) {
1014               ref_info->jni_local.method = art::jni::EncodeArtMethod(method);
1015             }
1016           }
1017 
1018           return JVMTI_HEAP_REFERENCE_JNI_LOCAL;
1019         }
1020 
1021         case art::RootType::kRootJavaFrame:
1022         {
1023           uint32_t thread_id = info.GetThreadId();
1024           ref_info->stack_local.thread_id = thread_id;
1025 
1026           art::Thread* thread = FindThread(info);
1027           if (thread != nullptr) {
1028             art::mirror::Object* thread_obj;
1029             if (thread->IsStillStarting()) {
1030               thread_obj = nullptr;
1031             } else {
1032               thread_obj = thread->GetPeerFromOtherThread();
1033             }
1034             if (thread_obj != nullptr) {
1035               ref_info->stack_local.thread_tag = tag_table_->GetTagOrZero(thread_obj);
1036             }
1037           }
1038 
1039           auto& java_info = static_cast<const art::JavaFrameRootInfo&>(info);
1040           size_t vreg = java_info.GetVReg();
1041           ref_info->stack_local.slot = static_cast<jint>(
1042               vreg <= art::JavaFrameRootInfo::kMaxVReg ? vreg : -1);
1043           const art::StackVisitor* visitor = java_info.GetVisitor();
1044           ref_info->stack_local.location =
1045               static_cast<jlocation>(visitor->GetDexPc(/* abort_on_failure= */ false));
1046           ref_info->stack_local.depth = static_cast<jint>(visitor->GetFrameDepth());
1047           art::ArtMethod* method = visitor->GetMethod();
1048           if (method != nullptr) {
1049             ref_info->stack_local.method = art::jni::EncodeArtMethod(method);
1050           }
1051 
1052           return JVMTI_HEAP_REFERENCE_STACK_LOCAL;
1053         }
1054 
1055         case art::RootType::kRootNativeStack:
1056         case art::RootType::kRootThreadBlock:
1057         case art::RootType::kRootThreadObject:
1058           return JVMTI_HEAP_REFERENCE_THREAD;
1059 
1060         case art::RootType::kRootStickyClass:
1061         case art::RootType::kRootInternedString:
1062           // Note: this isn't a root in the RI.
1063           return JVMTI_HEAP_REFERENCE_SYSTEM_CLASS;
1064 
1065         case art::RootType::kRootMonitorUsed:
1066         case art::RootType::kRootJNIMonitor:
1067           return JVMTI_HEAP_REFERENCE_MONITOR;
1068 
1069         case art::RootType::kRootFinalizing:
1070         case art::RootType::kRootDebugger:
1071         case art::RootType::kRootReferenceCleanup:
1072         case art::RootType::kRootVMInternal:
1073         case art::RootType::kRootUnknown:
1074           return JVMTI_HEAP_REFERENCE_OTHER;
1075       }
1076       LOG(FATAL) << "Unreachable";
1077       UNREACHABLE();
1078     }
1079 
ReportRoot(art::mirror::Object * root_obj,const art::RootInfo & info)1080     bool ReportRoot(art::mirror::Object* root_obj, const art::RootInfo& info)
1081         REQUIRES_SHARED(art::Locks::mutator_lock_)
1082         REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
1083       jvmtiHeapReferenceInfo ref_info;
1084       jvmtiHeapReferenceKind kind = GetReferenceKind(info, &ref_info);
1085       jint result = helper_->ReportReference(kind, &ref_info, nullptr, root_obj);
1086       if ((result & JVMTI_VISIT_ABORT) != 0) {
1087         stop_reports_ = true;
1088       }
1089       return (result & JVMTI_VISIT_OBJECTS) != 0;
1090     }
1091 
1092    private:
1093     FollowReferencesHelper* helper_;
1094     ObjectTagTable* tag_table_;
1095     std::vector<art::mirror::Object*>* worklist_;
1096     std::unordered_set<art::mirror::Object*>* visited_;
1097     bool stop_reports_;
1098   };
1099 
VisitObject(art::mirror::Object * obj)1100   void VisitObject(art::mirror::Object* obj)
1101       REQUIRES_SHARED(art::Locks::mutator_lock_)
1102       REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
1103     if (obj->IsClass()) {
1104       VisitClass(obj->AsClass().Ptr());
1105       return;
1106     }
1107     if (obj->IsArrayInstance()) {
1108       VisitArray(obj);
1109       return;
1110     }
1111 
1112     // All instance fields.
1113     auto report_instance_field = [&](art::ObjPtr<art::mirror::Object> src,
1114                                      art::ObjPtr<art::mirror::Class> obj_klass ATTRIBUTE_UNUSED,
1115                                      art::ArtField& field,
1116                                      size_t field_index,
1117                                      void* user_data ATTRIBUTE_UNUSED)
1118         REQUIRES_SHARED(art::Locks::mutator_lock_)
1119         REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
1120       art::ObjPtr<art::mirror::Object> field_value = field.GetObject(src);
1121       if (field_value != nullptr) {
1122         jvmtiHeapReferenceInfo reference_info;
1123         memset(&reference_info, 0, sizeof(reference_info));
1124 
1125         reference_info.field.index = field_index;
1126 
1127         jvmtiHeapReferenceKind kind =
1128             field.GetOffset().Int32Value() == art::mirror::Object::ClassOffset().Int32Value()
1129                 ? JVMTI_HEAP_REFERENCE_CLASS
1130                 : JVMTI_HEAP_REFERENCE_FIELD;
1131         const jvmtiHeapReferenceInfo* reference_info_ptr =
1132             kind == JVMTI_HEAP_REFERENCE_CLASS ? nullptr : &reference_info;
1133 
1134         return !ReportReferenceMaybeEnqueue(kind, reference_info_ptr, src.Ptr(), field_value.Ptr());
1135       }
1136       return false;
1137     };
1138     stop_reports_ = FieldVisitor<void, true>::ReportFields(obj,
1139                                                            nullptr,
1140                                                            VisitorFalse<void>,
1141                                                            VisitorFalse<void>,
1142                                                            VisitorFalse<void>,
1143                                                            report_instance_field);
1144     if (stop_reports_) {
1145       return;
1146     }
1147 
1148     jint string_ret = ReportString(obj, env, tag_table_, callbacks_, user_data_);
1149     stop_reports_ = (string_ret & JVMTI_VISIT_ABORT) != 0;
1150     if (stop_reports_) {
1151       return;
1152     }
1153 
1154     stop_reports_ = ReportPrimitiveField::Report(obj, tag_table_, callbacks_, user_data_);
1155   }
1156 
VisitArray(art::mirror::Object * array)1157   void VisitArray(art::mirror::Object* array)
1158       REQUIRES_SHARED(art::Locks::mutator_lock_)
1159       REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
1160     stop_reports_ = !ReportReferenceMaybeEnqueue(JVMTI_HEAP_REFERENCE_CLASS,
1161                                                  nullptr,
1162                                                  array,
1163                                                  array->GetClass());
1164     if (stop_reports_) {
1165       return;
1166     }
1167 
1168     if (array->IsObjectArray()) {
1169       art::ObjPtr<art::mirror::ObjectArray<art::mirror::Object>> obj_array =
1170           array->AsObjectArray<art::mirror::Object>();
1171       for (auto elem_pair : art::ZipCount(obj_array->Iterate())) {
1172         if (elem_pair.first != nullptr) {
1173           jvmtiHeapReferenceInfo reference_info;
1174           reference_info.array.index = elem_pair.second;
1175           stop_reports_ = !ReportReferenceMaybeEnqueue(JVMTI_HEAP_REFERENCE_ARRAY_ELEMENT,
1176                                                        &reference_info,
1177                                                        array,
1178                                                        elem_pair.first.Ptr());
1179           if (stop_reports_) {
1180             break;
1181           }
1182         }
1183       }
1184     } else {
1185       if (!stop_reports_) {
1186         jint array_ret = ReportPrimitiveArray(array, env, tag_table_, callbacks_, user_data_);
1187         stop_reports_ = (array_ret & JVMTI_VISIT_ABORT) != 0;
1188       }
1189     }
1190   }
1191 
VisitClass(art::mirror::Class * klass)1192   void VisitClass(art::mirror::Class* klass)
1193       REQUIRES_SHARED(art::Locks::mutator_lock_)
1194       REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
1195     // TODO: Are erroneous classes reported? Are non-prepared ones? For now, just use resolved ones.
1196     if (!klass->IsResolved()) {
1197       return;
1198     }
1199 
1200     // Superclass.
1201     stop_reports_ = !ReportReferenceMaybeEnqueue(JVMTI_HEAP_REFERENCE_SUPERCLASS,
1202                                                  nullptr,
1203                                                  klass,
1204                                                  klass->GetSuperClass().Ptr());
1205     if (stop_reports_) {
1206       return;
1207     }
1208 
1209     // Directly implemented or extended interfaces.
1210     art::Thread* self = art::Thread::Current();
1211     art::StackHandleScope<1> hs(self);
1212     art::Handle<art::mirror::Class> h_klass(hs.NewHandle<art::mirror::Class>(klass));
1213     for (size_t i = 0; i < h_klass->NumDirectInterfaces(); ++i) {
1214       art::ObjPtr<art::mirror::Class> inf_klass =
1215           art::mirror::Class::ResolveDirectInterface(self, h_klass, i);
1216       if (inf_klass == nullptr) {
1217         // TODO: With a resolved class this should not happen...
1218         self->ClearException();
1219         break;
1220       }
1221 
1222       stop_reports_ = !ReportReferenceMaybeEnqueue(JVMTI_HEAP_REFERENCE_INTERFACE,
1223                                                    nullptr,
1224                                                    klass,
1225                                                    inf_klass.Ptr());
1226       if (stop_reports_) {
1227         return;
1228       }
1229     }
1230 
1231     // Classloader.
1232     // TODO: What about the boot classpath loader? We'll skip for now, but do we have to find the
1233     //       fake BootClassLoader?
1234     if (klass->GetClassLoader() != nullptr) {
1235       stop_reports_ = !ReportReferenceMaybeEnqueue(JVMTI_HEAP_REFERENCE_CLASS_LOADER,
1236                                                    nullptr,
1237                                                    klass,
1238                                                    klass->GetClassLoader().Ptr());
1239       if (stop_reports_) {
1240         return;
1241       }
1242     }
1243     DCHECK_EQ(h_klass.Get(), klass);
1244 
1245     // Declared static fields.
1246     auto report_static_field = [&](art::ObjPtr<art::mirror::Object> obj ATTRIBUTE_UNUSED,
1247                                    art::ObjPtr<art::mirror::Class> obj_klass,
1248                                    art::ArtField& field,
1249                                    size_t field_index,
1250                                    void* user_data ATTRIBUTE_UNUSED)
1251         REQUIRES_SHARED(art::Locks::mutator_lock_)
1252         REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
1253       art::ObjPtr<art::mirror::Object> field_value = field.GetObject(obj_klass);
1254       if (field_value != nullptr) {
1255         jvmtiHeapReferenceInfo reference_info;
1256         memset(&reference_info, 0, sizeof(reference_info));
1257 
1258         reference_info.field.index = static_cast<jint>(field_index);
1259 
1260         return !ReportReferenceMaybeEnqueue(JVMTI_HEAP_REFERENCE_STATIC_FIELD,
1261                                             &reference_info,
1262                                             obj_klass.Ptr(),
1263                                             field_value.Ptr());
1264       }
1265       return false;
1266     };
1267     stop_reports_ = FieldVisitor<void, false>::ReportFields(klass,
1268                                                             nullptr,
1269                                                             VisitorFalse<void>,
1270                                                             report_static_field,
1271                                                             VisitorFalse<void>,
1272                                                             VisitorFalse<void>);
1273     if (stop_reports_) {
1274       return;
1275     }
1276 
1277     stop_reports_ = ReportPrimitiveField::Report(klass, tag_table_, callbacks_, user_data_);
1278   }
1279 
MaybeEnqueue(art::mirror::Object * obj)1280   void MaybeEnqueue(art::mirror::Object* obj) REQUIRES_SHARED(art::Locks::mutator_lock_) {
1281     if (visited_.find(obj) == visited_.end()) {
1282       worklist_.push_back(obj);
1283       visited_.insert(obj);
1284     }
1285   }
1286 
ReportReferenceMaybeEnqueue(jvmtiHeapReferenceKind kind,const jvmtiHeapReferenceInfo * reference_info,art::mirror::Object * referree,art::mirror::Object * referrer)1287   bool ReportReferenceMaybeEnqueue(jvmtiHeapReferenceKind kind,
1288                                    const jvmtiHeapReferenceInfo* reference_info,
1289                                    art::mirror::Object* referree,
1290                                    art::mirror::Object* referrer)
1291       REQUIRES_SHARED(art::Locks::mutator_lock_)
1292       REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
1293     jint result = ReportReference(kind, reference_info, referree, referrer);
1294     if ((result & JVMTI_VISIT_ABORT) == 0) {
1295       if ((result & JVMTI_VISIT_OBJECTS) != 0) {
1296         MaybeEnqueue(referrer);
1297       }
1298       return true;
1299     } else {
1300       return false;
1301     }
1302   }
1303 
ReportReference(jvmtiHeapReferenceKind kind,const jvmtiHeapReferenceInfo * reference_info,art::mirror::Object * referrer,art::mirror::Object * referree)1304   jint ReportReference(jvmtiHeapReferenceKind kind,
1305                        const jvmtiHeapReferenceInfo* reference_info,
1306                        art::mirror::Object* referrer,
1307                        art::mirror::Object* referree)
1308       REQUIRES_SHARED(art::Locks::mutator_lock_)
1309       REQUIRES(!*tag_table_->GetAllowDisallowLock()) {
1310     if (referree == nullptr || stop_reports_) {
1311       return 0;
1312     }
1313 
1314     if (UNLIKELY(class_filter_ != nullptr) && class_filter_ != referree->GetClass()) {
1315       return JVMTI_VISIT_OBJECTS;
1316     }
1317 
1318     const jlong class_tag = tag_table_->GetTagOrZero(referree->GetClass());
1319     jlong tag = tag_table_->GetTagOrZero(referree);
1320 
1321     if (!heap_filter_.ShouldReportByHeapFilter(tag, class_tag)) {
1322       return JVMTI_VISIT_OBJECTS;
1323     }
1324 
1325     const jlong referrer_class_tag =
1326         referrer == nullptr ? 0 : tag_table_->GetTagOrZero(referrer->GetClass());
1327     const jlong size = static_cast<jlong>(referree->SizeOf());
1328     jlong saved_tag = tag;
1329     jlong referrer_tag = 0;
1330     jlong saved_referrer_tag = 0;
1331     jlong* referrer_tag_ptr;
1332     if (referrer == nullptr) {
1333       referrer_tag_ptr = nullptr;
1334     } else {
1335       if (referrer == referree) {
1336         referrer_tag_ptr = &tag;
1337       } else {
1338         referrer_tag = saved_referrer_tag = tag_table_->GetTagOrZero(referrer);
1339         referrer_tag_ptr = &referrer_tag;
1340       }
1341     }
1342 
1343     jint length = -1;
1344     if (referree->IsArrayInstance()) {
1345       length = referree->AsArray()->GetLength();
1346     }
1347 
1348     jint result = callbacks_->heap_reference_callback(kind,
1349                                                       reference_info,
1350                                                       class_tag,
1351                                                       referrer_class_tag,
1352                                                       size,
1353                                                       &tag,
1354                                                       referrer_tag_ptr,
1355                                                       length,
1356                                                       const_cast<void*>(user_data_));
1357 
1358     if (tag != saved_tag) {
1359       tag_table_->Set(referree, tag);
1360     }
1361     if (referrer_tag != saved_referrer_tag) {
1362       tag_table_->Set(referrer, referrer_tag);
1363     }
1364 
1365     return result;
1366   }
1367 
1368   jvmtiEnv* env;
1369   ObjectTagTable* tag_table_;
1370   art::ObjPtr<art::mirror::Object> initial_object_;
1371   const jvmtiHeapCallbacks* callbacks_;
1372   art::ObjPtr<art::mirror::Class> class_filter_;
1373   const HeapFilter heap_filter_;
1374   const void* user_data_;
1375 
1376   std::vector<art::mirror::Object*> worklist_;
1377   size_t start_;
1378   static constexpr size_t kMaxStart = 1000000U;
1379 
1380   std::unordered_set<art::mirror::Object*> visited_;
1381 
1382   bool stop_reports_;
1383 
1384   friend class CollectAndReportRootsVisitor;
1385 };
1386 
FollowReferences(jvmtiEnv * env,jint heap_filter,jclass klass,jobject initial_object,const jvmtiHeapCallbacks * callbacks,const void * user_data)1387 jvmtiError HeapUtil::FollowReferences(jvmtiEnv* env,
1388                                       jint heap_filter,
1389                                       jclass klass,
1390                                       jobject initial_object,
1391                                       const jvmtiHeapCallbacks* callbacks,
1392                                       const void* user_data) {
1393   if (callbacks == nullptr) {
1394     return ERR(NULL_POINTER);
1395   }
1396 
1397   art::Thread* self = art::Thread::Current();
1398 
1399   art::gc::Heap* heap = art::Runtime::Current()->GetHeap();
1400   if (heap->IsGcConcurrentAndMoving()) {
1401     // Need to take a heap dump while GC isn't running. See the
1402     // comment in Heap::VisitObjects().
1403     heap->IncrementDisableMovingGC(self);
1404   }
1405   {
1406     art::ScopedObjectAccess soa(self);      // Now we know we have the shared lock.
1407     art::jni::ScopedEnableSuspendAllJniIdQueries sjni;  // make sure we can get JNI ids.
1408     art::ScopedThreadSuspension sts(self, art::kWaitingForVisitObjects);
1409     art::ScopedSuspendAll ssa("FollowReferences");
1410 
1411     art::ObjPtr<art::mirror::Class> class_filter = klass == nullptr
1412         ? nullptr
1413         : art::ObjPtr<art::mirror::Class>::DownCast(self->DecodeJObject(klass));
1414     FollowReferencesHelper frh(this,
1415                                env,
1416                                self->DecodeJObject(initial_object),
1417                                callbacks,
1418                                class_filter,
1419                                heap_filter,
1420                                user_data);
1421     frh.Init();
1422     frh.Work();
1423   }
1424   if (heap->IsGcConcurrentAndMoving()) {
1425     heap->DecrementDisableMovingGC(self);
1426   }
1427 
1428   return ERR(NONE);
1429 }
1430 
GetLoadedClasses(jvmtiEnv * env,jint * class_count_ptr,jclass ** classes_ptr)1431 jvmtiError HeapUtil::GetLoadedClasses(jvmtiEnv* env,
1432                                       jint* class_count_ptr,
1433                                       jclass** classes_ptr) {
1434   if (class_count_ptr == nullptr || classes_ptr == nullptr) {
1435     return ERR(NULL_POINTER);
1436   }
1437 
1438   class ReportClassVisitor : public art::ClassVisitor {
1439    public:
1440     explicit ReportClassVisitor(art::Thread* self) : self_(self) {}
1441 
1442     bool operator()(art::ObjPtr<art::mirror::Class> klass)
1443         override REQUIRES_SHARED(art::Locks::mutator_lock_) {
1444       if (klass->IsLoaded() || klass->IsErroneous()) {
1445         classes_.push_back(self_->GetJniEnv()->AddLocalReference<jclass>(klass));
1446       }
1447       return true;
1448     }
1449 
1450     art::Thread* self_;
1451     std::vector<jclass> classes_;
1452   };
1453 
1454   art::Thread* self = art::Thread::Current();
1455   ReportClassVisitor rcv(self);
1456   {
1457     art::ScopedObjectAccess soa(self);
1458     art::Runtime::Current()->GetClassLinker()->VisitClasses(&rcv);
1459   }
1460 
1461   size_t size = rcv.classes_.size();
1462   jclass* classes = nullptr;
1463   jvmtiError alloc_ret = env->Allocate(static_cast<jlong>(size * sizeof(jclass)),
1464                                        reinterpret_cast<unsigned char**>(&classes));
1465   if (alloc_ret != ERR(NONE)) {
1466     return alloc_ret;
1467   }
1468 
1469   for (size_t i = 0; i < size; ++i) {
1470     classes[i] = rcv.classes_[i];
1471   }
1472   *classes_ptr = classes;
1473   *class_count_ptr = static_cast<jint>(size);
1474 
1475   return ERR(NONE);
1476 }
1477 
ForceGarbageCollection(jvmtiEnv * env ATTRIBUTE_UNUSED)1478 jvmtiError HeapUtil::ForceGarbageCollection(jvmtiEnv* env ATTRIBUTE_UNUSED) {
1479   art::Runtime::Current()->GetHeap()->CollectGarbage(/* clear_soft_references= */ false);
1480 
1481   return ERR(NONE);
1482 }
1483 
1484 static constexpr jint kHeapIdDefault = 0;
1485 static constexpr jint kHeapIdImage = 1;
1486 static constexpr jint kHeapIdZygote = 2;
1487 static constexpr jint kHeapIdApp = 3;
1488 
GetHeapId(art::ObjPtr<art::mirror::Object> obj)1489 static jint GetHeapId(art::ObjPtr<art::mirror::Object> obj)
1490     REQUIRES_SHARED(art::Locks::mutator_lock_) {
1491   if (obj == nullptr) {
1492     return -1;
1493   }
1494 
1495   art::gc::Heap* const heap = art::Runtime::Current()->GetHeap();
1496   const art::gc::space::ContinuousSpace* const space =
1497       heap->FindContinuousSpaceFromObject(obj, true);
1498   jint heap_type = kHeapIdApp;
1499   if (space != nullptr) {
1500     if (space->IsZygoteSpace()) {
1501       heap_type = kHeapIdZygote;
1502     } else if (space->IsImageSpace() && heap->ObjectIsInBootImageSpace(obj)) {
1503       // Only count objects in the boot image as HPROF_HEAP_IMAGE, this leaves app image objects
1504       // as HPROF_HEAP_APP. b/35762934
1505       heap_type = kHeapIdImage;
1506     }
1507   } else {
1508     const auto* los = heap->GetLargeObjectsSpace();
1509     if (los->Contains(obj.Ptr()) && los->IsZygoteLargeObject(art::Thread::Current(), obj.Ptr())) {
1510       heap_type = kHeapIdZygote;
1511     }
1512   }
1513   return heap_type;
1514 };
1515 
GetObjectHeapId(jvmtiEnv * env,jlong tag,jint * heap_id,...)1516 jvmtiError HeapExtensions::GetObjectHeapId(jvmtiEnv* env, jlong tag, jint* heap_id, ...) {
1517   if (heap_id == nullptr) {
1518     return ERR(NULL_POINTER);
1519   }
1520 
1521   art::Thread* self = art::Thread::Current();
1522 
1523   auto work = [&]() REQUIRES_SHARED(art::Locks::mutator_lock_) {
1524     ObjectTagTable* tag_table = ArtJvmTiEnv::AsArtJvmTiEnv(env)->object_tag_table.get();
1525     art::ObjPtr<art::mirror::Object> obj = tag_table->Find(tag);
1526     jint heap_type = GetHeapId(obj);
1527     if (heap_type == -1) {
1528       return ERR(NOT_FOUND);
1529     }
1530     *heap_id = heap_type;
1531     return ERR(NONE);
1532   };
1533 
1534   if (!art::Locks::mutator_lock_->IsSharedHeld(self)) {
1535     if (!self->IsThreadSuspensionAllowable()) {
1536       return ERR(INTERNAL);
1537     }
1538     art::ScopedObjectAccess soa(self);
1539     return work();
1540   } else {
1541     // We cannot use SOA in this case. We might be holding the lock, but may not be in the
1542     // runnable state (e.g., during GC).
1543     art::Locks::mutator_lock_->AssertSharedHeld(self);
1544     // TODO: Investigate why ASSERT_SHARED_CAPABILITY doesn't work.
1545     auto annotalysis_workaround = [&]() NO_THREAD_SAFETY_ANALYSIS {
1546       return work();
1547     };
1548     return annotalysis_workaround();
1549   }
1550 }
1551 
CopyStringAndReturn(jvmtiEnv * env,const char * in,char ** out)1552 static jvmtiError CopyStringAndReturn(jvmtiEnv* env, const char* in, char** out) {
1553   jvmtiError error;
1554   JvmtiUniquePtr<char[]> param_name = CopyString(env, in, &error);
1555   if (param_name == nullptr) {
1556     return error;
1557   }
1558   *out = param_name.release();
1559   return ERR(NONE);
1560 }
1561 
1562 static constexpr const char* kHeapIdDefaultName = "default";
1563 static constexpr const char* kHeapIdImageName = "image";
1564 static constexpr const char* kHeapIdZygoteName = "zygote";
1565 static constexpr const char* kHeapIdAppName = "app";
1566 
GetHeapName(jvmtiEnv * env,jint heap_id,char ** heap_name,...)1567 jvmtiError HeapExtensions::GetHeapName(jvmtiEnv* env, jint heap_id, char** heap_name, ...) {
1568   switch (heap_id) {
1569     case kHeapIdDefault:
1570       return CopyStringAndReturn(env, kHeapIdDefaultName, heap_name);
1571     case kHeapIdImage:
1572       return CopyStringAndReturn(env, kHeapIdImageName, heap_name);
1573     case kHeapIdZygote:
1574       return CopyStringAndReturn(env, kHeapIdZygoteName, heap_name);
1575     case kHeapIdApp:
1576       return CopyStringAndReturn(env, kHeapIdAppName, heap_name);
1577 
1578     default:
1579       return ERR(ILLEGAL_ARGUMENT);
1580   }
1581 }
1582 
IterateThroughHeapExt(jvmtiEnv * env,jint heap_filter,jclass klass,const jvmtiHeapCallbacks * callbacks,const void * user_data)1583 jvmtiError HeapExtensions::IterateThroughHeapExt(jvmtiEnv* env,
1584                                                  jint heap_filter,
1585                                                  jclass klass,
1586                                                  const jvmtiHeapCallbacks* callbacks,
1587                                                  const void* user_data) {
1588   if (ArtJvmTiEnv::AsArtJvmTiEnv(env)->capabilities.can_tag_objects != 1) { \
1589     return ERR(MUST_POSSESS_CAPABILITY); \
1590   }
1591 
1592   // ART extension API: Also pass the heap id.
1593   auto ArtIterateHeap = [](art::mirror::Object* obj,
1594                            const jvmtiHeapCallbacks* cb_callbacks,
1595                            jlong class_tag,
1596                            jlong size,
1597                            jlong* tag,
1598                            jint length,
1599                            void* cb_user_data)
1600       REQUIRES_SHARED(art::Locks::mutator_lock_) {
1601     jint heap_id = GetHeapId(obj);
1602     using ArtExtensionAPI = jint (*)(jlong, jlong, jlong*, jint length, void*, jint);
1603     return reinterpret_cast<ArtExtensionAPI>(cb_callbacks->heap_iteration_callback)(
1604         class_tag, size, tag, length, cb_user_data, heap_id);
1605   };
1606   return DoIterateThroughHeap(ArtIterateHeap,
1607                               env,
1608                               ArtJvmTiEnv::AsArtJvmTiEnv(env)->object_tag_table.get(),
1609                               heap_filter,
1610                               klass,
1611                               callbacks,
1612                               user_data);
1613 }
1614 
1615 namespace {
1616 
1617 using ObjectPtr = art::ObjPtr<art::mirror::Object>;
1618 using ObjectMap = std::unordered_map<ObjectPtr, ObjectPtr, art::HashObjPtr>;
1619 
ReplaceObjectReferences(const ObjectMap & map)1620 static void ReplaceObjectReferences(const ObjectMap& map)
1621     REQUIRES(art::Locks::mutator_lock_,
1622              art::Roles::uninterruptible_) {
1623   art::Runtime::Current()->GetHeap()->VisitObjectsPaused(
1624       [&](art::mirror::Object* ref) REQUIRES_SHARED(art::Locks::mutator_lock_) {
1625         // Rewrite all references in the object if needed.
1626         class ResizeReferenceVisitor {
1627          public:
1628           using CompressedObj = art::mirror::CompressedReference<art::mirror::Object>;
1629           explicit ResizeReferenceVisitor(const ObjectMap& map, ObjectPtr ref)
1630               : map_(map), ref_(ref) {}
1631 
1632           // Ignore class roots.
1633           void VisitRootIfNonNull(CompressedObj* root) const
1634               REQUIRES_SHARED(art::Locks::mutator_lock_) {
1635             if (root != nullptr) {
1636               VisitRoot(root);
1637             }
1638           }
1639           void VisitRoot(CompressedObj* root) const REQUIRES_SHARED(art::Locks::mutator_lock_) {
1640             auto it = map_.find(root->AsMirrorPtr());
1641             if (it != map_.end()) {
1642               root->Assign(it->second);
1643               art::WriteBarrier::ForEveryFieldWrite(ref_);
1644             }
1645           }
1646 
1647           void operator()(art::ObjPtr<art::mirror::Object> obj,
1648                           art::MemberOffset off,
1649                           bool is_static) const
1650               REQUIRES_SHARED(art::Locks::mutator_lock_) {
1651             auto it = map_.find(obj->GetFieldObject<art::mirror::Object>(off));
1652             if (it != map_.end()) {
1653               UNUSED(is_static);
1654               if (UNLIKELY(!is_static && off == art::mirror::Object::ClassOffset())) {
1655                 // We don't want to update the declaring class of any objects. They will be replaced
1656                 // in the heap and we need the declaring class to know its size.
1657                 return;
1658               } else if (UNLIKELY(!is_static && off == art::mirror::Class::SuperClassOffset() &&
1659                                   obj->IsClass())) {
1660                 // We don't want to be messing with the class hierarcy either.
1661                 return;
1662               }
1663               VLOG(plugin) << "Updating field at offset " << off.Uint32Value() << " of type "
1664                            << obj->GetClass()->PrettyClass();
1665               obj->SetFieldObject</*transaction*/ false>(off, it->second);
1666               art::WriteBarrier::ForEveryFieldWrite(obj);
1667             }
1668           }
1669 
1670           // java.lang.ref.Reference visitor.
1671           void operator()(art::ObjPtr<art::mirror::Class> klass ATTRIBUTE_UNUSED,
1672                           art::ObjPtr<art::mirror::Reference> ref) const
1673               REQUIRES_SHARED(art::Locks::mutator_lock_) {
1674             operator()(ref, art::mirror::Reference::ReferentOffset(), /* is_static */ false);
1675           }
1676 
1677          private:
1678           const ObjectMap& map_;
1679           ObjectPtr ref_;
1680         };
1681 
1682         ResizeReferenceVisitor rrv(map, ref);
1683         if (ref->IsClass()) {
1684           // Class object native roots are the ArtField and ArtMethod 'declaring_class_' fields
1685           // which we don't want to be messing with as it would break ref-visitor assumptions about
1686           // what a class looks like. We want to keep the default behavior in other cases (such as
1687           // dex-cache) though. Unfortunately there is no way to tell from the visitor where exactly
1688           // the root came from.
1689           // TODO It might be nice to have the visitors told where the reference came from.
1690           ref->VisitReferences</*kVisitNativeRoots*/false>(rrv, rrv);
1691         } else {
1692           ref->VisitReferences</*kVisitNativeRoots*/true>(rrv, rrv);
1693         }
1694       });
1695 }
1696 
ReplaceStrongRoots(art::Thread * self,const ObjectMap & map)1697 static void ReplaceStrongRoots(art::Thread* self, const ObjectMap& map)
1698     REQUIRES(art::Locks::mutator_lock_, art::Roles::uninterruptible_) {
1699   // replace root references expcept java frames.
1700   struct ResizeRootVisitor : public art::RootVisitor {
1701    public:
1702     explicit ResizeRootVisitor(const ObjectMap& map) : map_(map) {}
1703 
1704     // TODO It's somewhat annoying to have to have this function implemented twice. It might be
1705     // good/useful to implement operator= for CompressedReference to allow us to use a template to
1706     // implement both of these.
1707     void VisitRoots(art::mirror::Object*** roots, size_t count, const art::RootInfo& info) override
1708         REQUIRES_SHARED(art::Locks::mutator_lock_) {
1709       art::mirror::Object*** end = roots + count;
1710       for (art::mirror::Object** obj = *roots; roots != end; obj = *(++roots)) {
1711         auto it = map_.find(*obj);
1712         if (it != map_.end()) {
1713           // Java frames might have the JIT doing optimizations (for example loop-unrolling or
1714           // eliding bounds checks) so we need deopt them once we're done here.
1715           if (info.GetType() == art::RootType::kRootJavaFrame) {
1716             const art::JavaFrameRootInfo& jfri =
1717                 art::down_cast<const art::JavaFrameRootInfo&>(info);
1718             if (jfri.GetVReg() == art::JavaFrameRootInfo::kMethodDeclaringClass) {
1719               info.Describe(VLOG_STREAM(plugin) << "Not changing declaring-class during stack"
1720                                                 << " walk. Found obsolete java frame id ");
1721               continue;
1722             } else {
1723               info.Describe(VLOG_STREAM(plugin) << "Found java frame id ");
1724               threads_with_roots_.insert(info.GetThreadId());
1725             }
1726           }
1727           *obj = it->second.Ptr();
1728         }
1729       }
1730     }
1731 
1732     void VisitRoots(art::mirror::CompressedReference<art::mirror::Object>** roots,
1733                     size_t count,
1734                     const art::RootInfo& info) override REQUIRES_SHARED(art::Locks::mutator_lock_) {
1735       art::mirror::CompressedReference<art::mirror::Object>** end = roots + count;
1736       for (art::mirror::CompressedReference<art::mirror::Object>* obj = *roots; roots != end;
1737            obj = *(++roots)) {
1738         auto it = map_.find(obj->AsMirrorPtr());
1739         if (it != map_.end()) {
1740           // Java frames might have the JIT doing optimizations (for example loop-unrolling or
1741           // eliding bounds checks) so we need deopt them once we're done here.
1742           if (info.GetType() == art::RootType::kRootJavaFrame) {
1743             const art::JavaFrameRootInfo& jfri =
1744                 art::down_cast<const art::JavaFrameRootInfo&>(info);
1745             if (jfri.GetVReg() == art::JavaFrameRootInfo::kMethodDeclaringClass) {
1746               info.Describe(VLOG_STREAM(plugin) << "Not changing declaring-class during stack"
1747                                                 << " walk. Found obsolete java frame id ");
1748               continue;
1749             } else {
1750               info.Describe(VLOG_STREAM(plugin) << "Found java frame id ");
1751               threads_with_roots_.insert(info.GetThreadId());
1752             }
1753           }
1754           obj->Assign(it->second);
1755         }
1756       }
1757     }
1758 
1759     const std::unordered_set<uint32_t>& GetThreadsWithJavaFrameRoots() const {
1760       return threads_with_roots_;
1761     }
1762 
1763    private:
1764     const ObjectMap& map_;
1765     std::unordered_set<uint32_t> threads_with_roots_;
1766   };
1767   ResizeRootVisitor rrv(map);
1768   art::Runtime::Current()->VisitRoots(&rrv, art::VisitRootFlags::kVisitRootFlagAllRoots);
1769   // Handle java Frames. Annoyingly the JIT can embed information about the length of the array into
1770   // the compiled code. By changing the length of the array we potentially invalidate these
1771   // assumptions and so could cause (eg) OOB array access or other issues.
1772   if (!rrv.GetThreadsWithJavaFrameRoots().empty()) {
1773     art::MutexLock mu(self, *art::Locks::thread_list_lock_);
1774     art::ThreadList* thread_list = art::Runtime::Current()->GetThreadList();
1775     art::instrumentation::Instrumentation* instr = art::Runtime::Current()->GetInstrumentation();
1776     for (uint32_t id : rrv.GetThreadsWithJavaFrameRoots()) {
1777       art::Thread* t = thread_list->FindThreadByThreadId(id);
1778       CHECK(t != nullptr) << "id " << id << " does not refer to a valid thread."
1779                           << " Where did the roots come from?";
1780       VLOG(plugin) << "Instrumenting thread stack of thread " << *t;
1781       // TODO Use deopt manager. We need a version that doesn't acquire all the locks we
1782       // already have.
1783       // TODO We technically only need to do this if the frames are not already being interpreted.
1784       // The cost for doing an extra stack walk is unlikely to be worth it though.
1785       instr->InstrumentThreadStack(t);
1786     }
1787   }
1788 }
1789 
ReplaceWeakRoots(art::Thread * self,EventHandler * event_handler,const ObjectMap & map)1790 static void ReplaceWeakRoots(art::Thread* self,
1791                              EventHandler* event_handler,
1792                              const ObjectMap& map)
1793     REQUIRES(art::Locks::mutator_lock_, art::Roles::uninterruptible_) {
1794   // Handle tags. We want to do this seprately from other weak-refs (handled below) because we need
1795   // to send additional events and handle cases where the agent might have tagged the new
1796   // replacement object during the VMObjectAlloc. We do this by removing all tags associated with
1797   // both the obsolete and the new arrays. Then we send the ObsoleteObjectCreated event and cache
1798   // the new tag values. We next update all the other weak-references (the tags have been removed)
1799   // and finally update the tag table with the new values. Doing things in this way (1) keeps all
1800   // code relating to updating weak-references together and (2) ensures we don't end up in strange
1801   // situations where the order of weak-ref visiting affects the final tagging state. Since we have
1802   // the mutator_lock_ and gc-paused throughout this whole process no threads should be able to see
1803   // the interval where the objects are not tagged.
1804   struct NewTagValue {
1805    public:
1806     ObjectPtr obsolete_obj_;
1807     jlong obsolete_tag_;
1808     ObjectPtr new_obj_;
1809     jlong new_tag_;
1810   };
1811 
1812   // Map from the environment to the list of <obsolete_tag, new_tag> pairs that were changed.
1813   std::unordered_map<ArtJvmTiEnv*, std::vector<NewTagValue>> changed_tags;
1814   event_handler->ForEachEnv(self, [&](ArtJvmTiEnv* env) {
1815     // Cannot have REQUIRES(art::Locks::mutator_lock_) since ForEachEnv doesn't require it.
1816     art::Locks::mutator_lock_->AssertExclusiveHeld(self);
1817     env->object_tag_table->Lock();
1818     // Get the tags and clear them (so we don't need to special-case the normal weak-ref visitor)
1819     for (auto it : map) {
1820       jlong new_tag = 0;
1821       jlong obsolete_tag = 0;
1822       bool had_obsolete_tag = env->object_tag_table->RemoveLocked(it.first, &obsolete_tag);
1823       bool had_new_tag = env->object_tag_table->RemoveLocked(it.second, &new_tag);
1824       // Dispatch event.
1825       if (had_obsolete_tag || had_new_tag) {
1826         event_handler->DispatchEventOnEnv<ArtJvmtiEvent::kObsoleteObjectCreated>(
1827             env, self, &obsolete_tag, &new_tag);
1828         changed_tags.try_emplace(env).first->second.push_back(
1829             { it.first, obsolete_tag, it.second, new_tag });
1830       }
1831     }
1832     // After weak-ref update we need to go back and re-add obsoletes. We wait to avoid having to
1833     // deal with the visit-weaks overwriting the initial new_obj_ptr tag and generally making things
1834     // difficult.
1835     env->object_tag_table->Unlock();
1836   });
1837   // Handle weak-refs.
1838   struct ReplaceWeaksVisitor : public art::IsMarkedVisitor {
1839    public:
1840     ReplaceWeaksVisitor(const ObjectMap& map) : map_(map) {}
1841 
1842     art::mirror::Object* IsMarked(art::mirror::Object* obj)
1843         REQUIRES_SHARED(art::Locks::mutator_lock_) {
1844       auto it = map_.find(obj);
1845       if (it != map_.end()) {
1846         return it->second.Ptr();
1847       } else {
1848         return obj;
1849       }
1850     }
1851 
1852    private:
1853     const ObjectMap& map_;
1854   };
1855   ReplaceWeaksVisitor rwv(map);
1856   art::Runtime::Current()->SweepSystemWeaks(&rwv);
1857   // Re-add the object tags. At this point all weak-references to the old_obj_ptr are gone.
1858   event_handler->ForEachEnv(self, [&](ArtJvmTiEnv* env) {
1859     // Cannot have REQUIRES(art::Locks::mutator_lock_) since ForEachEnv doesn't require it.
1860     art::Locks::mutator_lock_->AssertExclusiveHeld(self);
1861     env->object_tag_table->Lock();
1862     auto it = changed_tags.find(env);
1863     if (it != changed_tags.end()) {
1864       for (const NewTagValue& v : it->second) {
1865         env->object_tag_table->SetLocked(v.obsolete_obj_, v.obsolete_tag_);
1866         env->object_tag_table->SetLocked(v.new_obj_, v.new_tag_);
1867       }
1868     }
1869     env->object_tag_table->Unlock();
1870   });
1871 }
1872 
1873 }  // namespace
1874 
ReplaceReference(art::Thread * self,art::ObjPtr<art::mirror::Object> old_obj_ptr,art::ObjPtr<art::mirror::Object> new_obj_ptr)1875 void HeapExtensions::ReplaceReference(art::Thread* self,
1876                                       art::ObjPtr<art::mirror::Object> old_obj_ptr,
1877                                       art::ObjPtr<art::mirror::Object> new_obj_ptr) {
1878   ObjectMap map { { old_obj_ptr, new_obj_ptr } };
1879   ReplaceReferences(self, map);
1880 }
1881 
ReplaceReferences(art::Thread * self,const ObjectMap & map)1882 void HeapExtensions::ReplaceReferences(art::Thread* self, const ObjectMap& map) {
1883   ReplaceObjectReferences(map);
1884   ReplaceStrongRoots(self, map);
1885   ReplaceWeakRoots(self, HeapExtensions::gEventHandler, map);
1886 }
1887 
ChangeArraySize(jvmtiEnv * env,jobject arr,jsize new_size)1888 jvmtiError HeapExtensions::ChangeArraySize(jvmtiEnv* env, jobject arr, jsize new_size) {
1889   if (ArtJvmTiEnv::AsArtJvmTiEnv(env)->capabilities.can_tag_objects != 1) {
1890     return ERR(MUST_POSSESS_CAPABILITY);
1891   }
1892   art::Thread* self = art::Thread::Current();
1893   ScopedNoUserCodeSuspension snucs(self);
1894   art::ScopedObjectAccess soa(self);
1895   if (arr == nullptr) {
1896     JVMTI_LOG(INFO, env) << "Cannot resize a null object";
1897     return ERR(NULL_POINTER);
1898   }
1899   art::ObjPtr<art::mirror::Class> klass(soa.Decode<art::mirror::Object>(arr)->GetClass());
1900   if (!klass->IsArrayClass()) {
1901     JVMTI_LOG(INFO, env) << klass->PrettyClass() << " is not an array class!";
1902     return ERR(ILLEGAL_ARGUMENT);
1903   }
1904   if (new_size < 0) {
1905     JVMTI_LOG(INFO, env) << "Cannot resize an array to a negative size";
1906     return ERR(ILLEGAL_ARGUMENT);
1907   }
1908   // Allocate the new copy.
1909   art::StackHandleScope<2> hs(self);
1910   art::Handle<art::mirror::Array> old_arr(hs.NewHandle(soa.Decode<art::mirror::Array>(arr)));
1911   art::MutableHandle<art::mirror::Array> new_arr(hs.NewHandle<art::mirror::Array>(nullptr));
1912   if (klass->IsObjectArrayClass()) {
1913     new_arr.Assign(
1914         art::mirror::ObjectArray<art::mirror::Object>::Alloc(self, old_arr->GetClass(), new_size));
1915   } else {
1916     // NB This also copies the old array but since we aren't suspended we need to do this again to
1917     // catch any concurrent modifications.
1918     new_arr.Assign(art::mirror::Array::CopyOf(old_arr, self, new_size));
1919   }
1920   if (new_arr.IsNull()) {
1921     self->AssertPendingOOMException();
1922     JVMTI_LOG(INFO, env) << "Unable to allocate " << old_arr->GetClass()->PrettyClass()
1923                          << " (length: " << new_size << ") due to OOME. Error was: "
1924                          << self->GetException()->Dump();
1925     self->ClearException();
1926     return ERR(OUT_OF_MEMORY);
1927   } else {
1928     self->AssertNoPendingException();
1929   }
1930   // Suspend everything.
1931   art::ScopedThreadSuspension sts(self, art::ThreadState::kSuspended);
1932   art::gc::ScopedGCCriticalSection sgccs(
1933       self, art::gc::GcCause::kGcCauseDebugger, art::gc::CollectorType::kCollectorTypeDebugger);
1934   art::ScopedSuspendAll ssa("Resize array!");
1935   // Replace internals.
1936   new_arr->SetLockWord(old_arr->GetLockWord(false), false);
1937   old_arr->SetLockWord(art::LockWord::Default(), false);
1938   // Copy the contents now when everything is suspended.
1939   int32_t size = std::min(old_arr->GetLength(), new_size);
1940   switch (old_arr->GetClass()->GetComponentType()->GetPrimitiveType()) {
1941     case art::Primitive::kPrimBoolean:
1942       new_arr->AsBooleanArray()->Memcpy(0, old_arr->AsBooleanArray(), 0, size);
1943       break;
1944     case art::Primitive::kPrimByte:
1945       new_arr->AsByteArray()->Memcpy(0, old_arr->AsByteArray(), 0, size);
1946       break;
1947     case art::Primitive::kPrimChar:
1948       new_arr->AsCharArray()->Memcpy(0, old_arr->AsCharArray(), 0, size);
1949       break;
1950     case art::Primitive::kPrimShort:
1951       new_arr->AsShortArray()->Memcpy(0, old_arr->AsShortArray(), 0, size);
1952       break;
1953     case art::Primitive::kPrimInt:
1954       new_arr->AsIntArray()->Memcpy(0, old_arr->AsIntArray(), 0, size);
1955       break;
1956     case art::Primitive::kPrimLong:
1957       new_arr->AsLongArray()->Memcpy(0, old_arr->AsLongArray(), 0, size);
1958       break;
1959     case art::Primitive::kPrimFloat:
1960       new_arr->AsFloatArray()->Memcpy(0, old_arr->AsFloatArray(), 0, size);
1961       break;
1962     case art::Primitive::kPrimDouble:
1963       new_arr->AsDoubleArray()->Memcpy(0, old_arr->AsDoubleArray(), 0, size);
1964       break;
1965     case art::Primitive::kPrimNot:
1966       for (int32_t i = 0; i < size; i++) {
1967         new_arr->AsObjectArray<art::mirror::Object>()->Set(
1968             i, old_arr->AsObjectArray<art::mirror::Object>()->Get(i));
1969       }
1970       break;
1971     case art::Primitive::kPrimVoid:
1972       LOG(FATAL) << "void-array is not a legal type!";
1973       UNREACHABLE();
1974   }
1975   // Actually replace all the pointers.
1976   ReplaceReference(self, old_arr.Get(), new_arr.Get());
1977   return OK;
1978 }
1979 
Register(EventHandler * eh)1980 void HeapExtensions::Register(EventHandler* eh) {
1981   gEventHandler = eh;
1982 }
1983 
1984 }  // namespace openjdkjvmti
1985