8352088: Call of com.sun.jdi.ThreadReference.threadGroups() can lock up target VM #24236
Conversation
|
👋 Welcome back cjplummer! A progress list of the required criteria for merging this PR into |
|
@plummercj This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 273 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
openjdk
bot
changed the title
|
@plummercj The following labels will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command. |
openjdk
bot
added
serviceability
|
The reason is because this JDI API eventually ends up with JVMTI doing a java upcall to ThreadGroup.subgroupsAsArray(), which can trigger class loading the first time it is called. Thjis results in a ClassPrepareEvent that the debugger will get, but not process because its event handler thread is blocked on the ThreadGroupReference.groups(), so we have a deadlock. The workaround is to make ThreadGroupReference.groups() not trigger any class loading. The fix is subtle. Before the fix, the java stack trace at the time of the ClasPrepareEvent looks like: java.util.Arrays.copyOf(java.lang.Object[], int, java.lang.Class) bci:18 line:3513 This is ThreadGroup.subgroupsAsArray: private ThreadGroup[] subgroupsAsArray() { This is ArrayList.toArray(): public T[] toArray(T[] a) { And this is Arrays.copyOf(): public static <T,U> T[] copyOf(U[] original, int newLength, Class<? extends T[]> newType) { Line 3513 is actually the return statement, so this seems incorrect of by a bit. Adding some tracing of ClassPrepareEvents shows that we are currently handling the following: cbClassPrepare: java.lang.reflect.Array So it looks like we took the Array.newInstance() path, which triggered class loading of java.lang.reflect.Array. After the fix we never end up in Arrays.copyOf(). Instead ArrayList.toArray() calls System.arraycopy() directly, avoiding any class loading.. |
Webrevs
|
|
Sorry, I used the wrong bugID for this PR |
plummercj
changed the title
openjdk
bot
changed the title
|
Ok, bugID is correct now. |
| @@ -661,7 +661,7 @@ private List<ThreadGroup> synchronizedSubgroups() { | |||
| */ | |||
| private ThreadGroup[] subgroupsAsArray() { | |||
| List<ThreadGroup> groups = synchronizedSubgroups(); | |||
| return groups.toArray(new ThreadGroup[0]); | |||
| return groups.toArray(new ThreadGroup[groups.size()]); | |||
There was a problem hiding this comment.
Hello Chris, would a comment on this line be necessary to prevent future (IDE encouraged [1]) refactoring of this code back to toArray(new ThreadGroup[0])?
[1]
There was a problem hiding this comment.
What would you think about using the simple code + loop from the JBS comment? That would remove any discussion about toArray and any concerns that it would load classes.
There was a problem hiding this comment.
Regarding adding a comment, I wasn't too sure what the comment should say because once you start down that path, it's hard to not end up with too much detail, and then things just get very wordy. Since we have a test that will fail if this is ever modified to cause classloading again, at least that should help prevent undoing this fix. However, the one downside of the test is that I can only get it to fail with non-debug builds, so it may not be caught early.
Regarding using the loop, that's probably a more bullet proof option, although there is still no guarantee that someday someone won't look at it and say "I can just use toArray() here". There's probably no escaping an AI code cleaning bot coming to that conclusion sometime in the near future. Then we're back to adding a comment to make sure it isn't changed.
There was a problem hiding this comment.
I just noticed that this subgroupsAsArray() private method is only used by JVMTI and a comment exists about that on that method:
/**
* Returns a snapshot of the subgroups as an array, used by JVMTI.
*/
So, irrespective of what solution we choose, perhaps we could add another brief sentence to that comment, something like the following?
/**
* Returns a snapshot of the subgroups as an array, used by JVMTI.
* Care should be taken not to trigger any classloading in this method.
*/
There was a problem hiding this comment.
I switched to the code that does the array copy inline rather than rely on toArray(). I also added a comment. I intentionally kept is short and simple. I was tempted to say something about toArray(), reference the CR, mention JDI and the debug agent, etc, but that's heading down the "too wordy" path that I wanted to avoid. Readers can "git blame" to find out why it was done.
| @@ -658,10 +658,16 @@ private List<ThreadGroup> synchronizedSubgroups() { | |||
|
|
|||
| /** | |||
| * Returns a snapshot of the subgroups as an array, used by JVMTI. | |||
| * WARNING: Make sure this API does not trigger any class loading. | |||
There was a problem hiding this comment.
Might be better to say "method" rather than "API" as this is all internal.
|
|
||
| public class EarlyThreadGroupChildrenTest extends TestScaffold { | ||
| ClassType targetClass; | ||
| ThreadReference mainThread; |
There was a problem hiding this comment.
Are these used? Maybe copied over from another test?
There was a problem hiding this comment.
Yes, copied from another test. I'll remove them.
| @Override | ||
| public void classPrepared(ClassPrepareEvent event) { | ||
| try { | ||
| ++classPreparedCount; |
There was a problem hiding this comment.
It's a long time since I looked at at test based on TestScaffold. Would I be correct to say that it creates an event handler thread to remove events from the event queue and dispatch them to the registered listeners? Only asking as it's not immediately clear if the increment of the event count is correct. I think TestScaffold uses one thread but would need to dig into the test infra to be sure.
There was a problem hiding this comment.
Yes, one EventHandler thread dispatching to all listeners. More details below:
There is an interface called TargetListener which declares all the event callbacks. TargetAdapter implements TargetListener and provides and empty implementation for each callback. TestScaffold extends TargetAdapter, and each test extends TestScaffold. So every test has default empty implementations of all the callbacks, and can override some (there are a couple of overrides in this tests).
A TargetListener instance gets events by adding itself as a listener using TestScaffold.addListener(). You can see that this test is doing that early on so it gets events.
In addition, some of the TestScaffold APIs will create an instance of a TargetAdapter with one or more event callback overrides, and register that listener. For example, see waitForRequestedEvent(). So it is possible to have 2 or more listeners registered, although as I just pointed out in JDK-8352759, that can be problematic at times.
TestScaffold always has an EventHandler thread active (and only one). It sits in a loop calling EventQueue.remove(). For any each EventSet received it will iterate over each Event in the EventSet, and for each registered listener, it will call the listener's event callback for that Event.
There was a problem hiding this comment.
BTW, classPreparedCount is somewhat unneeded legacy code. Previously I had limited it to 50 events to avoid the VMDisconnected exception, but I got rid of the count check and instead now catch the exception.
There was a problem hiding this comment.
Thanks for the expanded comment, it just means that classPreparedCount doesn't need to be volatile, it's only accessed by one thread. For this test it doesn't matter of course.
| @@ -658,10 +658,16 @@ private List<ThreadGroup> synchronizedSubgroups() { | |||
|
|
|||
| /** | |||
| * Returns a snapshot of the subgroups as an array, used by JVMTI. | |||
| * WARNING: Make sure this method does not trigger any class loading. | |||
There was a problem hiding this comment.
Can you say why briefly here? Because it's called during thread startup and may deadlock with ClassLoad events. I see the comment in the test but not sure if someone will find it, except through git blame, which might be enough.
There was a problem hiding this comment.
I was trying to avoid getting too much into the weeds with the explanation. There's always that one extra bit of information that would be useful, but after adding that then there's another, and you need to decide when to stop. How about the following (and I really don't want to go any further than this):
* WARNING: Make sure this method does not trigger any class loading,
* because a ClassPrepareEvent can deadlock the debugger and debug agent.
Yes. That is the failure mode. There is no detecting the failure other than a timeout. |
openjdk
bot
removed
ready
| @@ -658,10 +658,17 @@ private List<ThreadGroup> synchronizedSubgroups() { | |||
|
|
|||
| /** | |||
| * Returns a snapshot of the subgroups as an array, used by JVMTI. | |||
| * WARNING: Make sure this method does not trigger any class loading, | |||
| * because a ClassPrepareEvent can deadlock the debugger and debug agent. | |||
There was a problem hiding this comment.
The comment is okay but if you are doing any further edits then you could change this to say that a callback for the ClassPrepare event can deadlock (the event is "ClassPrepare" in the JVM TI spec, I realize the "ClassPrepareEvent" may have come from JDI).
There was a problem hiding this comment.
I'd rather not use "callback" here. Even the JVMTI spec mostly documents in terms of events, not callbacks. For example, for the ClassLoad callback it says "For most purposes the ClassPrepare event will be more useful". Maybe as a compromise I can change "ClassPrepareEvent" to "ClassPrepare event".
|
Thanks reviews Sergei, Jai, and Alan /integrate |
|
Going to push as commit cc870d4.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
|
@plummercj Pushed as commit cc870d4. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
Calling ThreadGroupReference.groups() from an event handler can cause a deadlock. Details in first comment. Tested with :jdk_lang on all supported platforms and tier1, tier2, tier3, and tier5 svc testing.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/24236/head:pull/24236$ git checkout pull/24236Update a local copy of the PR:
$ git checkout pull/24236$ git pull https://git.openjdk.org/jdk.git pull/24236/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 24236View PR using the GUI difftool:
$ git pr show -t 24236Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/24236.diff
Using Webrev
Link to Webrev Comment