Hi Roman,

crashed on many runs:

Stack: [0x00007fbb790f9000,0x00007fbb791fa000],  sp=0x00007fbb791f8af0,  free space=1022k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [libjdwp.so+0xdb71]  bagEnumerateOver+0x11
C  [libjdwp.so+0xe365]  classTrack_reset+0x25
C  [libjdwp.so+0xfca1]  debugInit_reset+0x71
C  [libjdwp.so+0x12e0d]  debugLoop_run+0x38d
C  [libjdwp.so+0x25700]  acceptThread+0x80
V  [libjvm.so+0xf4b5a7]  JvmtiAgentThread::call_start_function()+0x1c7
V  [libjvm.so+0x15215c6]  JavaThread::thread_main_inner()+0x226
V  [libjvm.so+0x1527736]  Thread::call_run()+0xf6
V  [libjvm.so+0x1250ade]  thread_native_entry(Thread*)+0x10e

This happened during a test task run of open/test/jdk/:jdk_jdi. There doesn't seem to be anything magic on the command line that might be triggering. Pretty much I see it with all the various VM configs we test.

I'm also seeing crashes in the following tests, but not as often:




On 3/25/20 11:37 AM, Roman Kennke wrote:
Hi Chris,

Regarding the new assert:

 105     if (gdata && gdata->assertOn) {
 106         // Check this is not already tagged.
 107         jlong tag;
 108         error = JVMTI_FUNC_PTR(trackingEnv, GetTag)(env, klass, &tag);
 109         if (error != JVMTI_ERROR_NONE) {
 110             EXIT_ERROR(error, "Unable to GetTag with class
 111         }
 112         JDI_ASSERT(tag == NOT_TAGGED);
 113     }

I think you should remove the gdata check. gdata should never be NULL
when you get to this code. If it is ever NULL then there's a bug, and
the check will hide the bug.
Ok, will remove this.

Regarding testing, after you do the submit repo testing let me know the
jobID and I'll do additional testing on it.
I did the submit repo earlier today, and it came back green:





On 3/25/20 6:00 AM, Roman Kennke wrote:
Hi Sergei,

The fix looks pretty clean now.
I also like new name of the lock.:)
Thank you!

Just one comment below.


110 if (tag != 0l) {
111 return; // Already added
  112     }

  It is better to use a named constant or macro instead.
  Also, it'd be nice to add a short comment about this value is.
As I replied to Chris earlier, this whole block can be turned into an
assert. I also made a constant for the value 0, which should be pretty
much self-explaining.


How do you test the fix?
I am using a manual test that is provided in this bug report:

"Script to compare performance of GC with and without debugger, when
many classes are loaded and classes are being unloaded":


I am also using this test and manually attach/detach jdb a couple of
times in a row to check that disconnecting and reconnecting works well
(this tended to deadlock or crash with an earlier version of the patch,
and is now looking good).

I am also running tier1 and tier2 tests locally, and as soon as we all
agree that the fix is reasonable, I will push it to the submit repo. I
am not sure if any of those tests actually exercise that code, though.
Let me know if you want me to run any specific tests.

Thank you,


On 3/20/20 08:30, Roman Kennke wrote:
I believe I came up with a much simpler solution that also solves the
problems of the existing one, and the ones I proposed earlier.

It turns out that we can take advantage of the fact that we can use
*anything* as tags in JVMTI, even pointers to stuff (this is
mentioned in the JVMTI spec). This means we can simply stick a pointer
to the signature of a class into the tag, and pull it out again when we
get notified that the class gets unloaded.

This means we don't need an extra data-structure to keep track of
classes and signatures, and it also makes the story around locking
*much* simpler. Performance-wise this is O(1), i.e. no scanning of all
classes needed (as in the current implementation) and no searching of
table needed (like in my previous attempts).

Please review this new revision:

(Notice that there still appears to be a performance bottleneck with
class-unloading when an actual debugger is attached. This doesn't seem
to be related to the classTrack.c implementation though, but looks like
a consequence of getting all those class-unload notifications over the
wire. My testcase generates 1000s of them, and it's clogging up the

I am not sure why jdb needs to enable class-unload listener always. A
simple hack disables it, and performance is brilliant, even when jdb is

But this is not in the scope of this bug.)


On 3/16/20 8:05 AM, serguei.spit...@oracle.com wrote:
Sorry, forgot to complete my comments at the end (see below).

On 3/15/20 23:57, serguei.spit...@oracle.com wrote:
Hi Roman,

Thank you for the update and sorry for the latency in review.

Some comments are below.


87 cbTrackingObjectFree(jvmtiEnv* jvmti_env, jlong tag)
   88 {
89 debugMonitorEnter(deletedSignatureLock);
90 if (currentClassTag == -1) {
91 // Class tracking not initialized, nobody's interested
92 debugMonitorExit(deletedSignatureLock);
93 return;
   94     }
Just a question:
   Q1: Should the ObjectFree events be disabled for the jvmtiEnv
that does
       the class tracking if class tracking has not been initialized?

70 static jlong currentClassTag; I'm thinking if the name is
better to
be something like: lastClassTag or highestClassTag.

99 KlassNode* klass = *klass_ptr;
100 102 while (klass != NULL && klass->klass_tag != tag) { 103
klass_ptr = &klass->next; 104 klass = *klass_ptr;
105 } 106 if (klass != NULL || klass->klass_tag != tag) { // klass
found - ignore.
107 debugMonitorExit(deletedSignatureLock);
108 return;
  109     }
  It seems to me, something is wrong in the condition at L106 above.
  Should it be? :
     if (klass == NULL || klass->klass_tag != tag)

  Otherwise, how can the second check ever work correctly as the
will always happen when (klass != NULL)?

  There are several places in this file with the the indent:
90 if (currentClassTag == -1) {
91 // Class tracking not initialized, nobody's interested
92 debugMonitorExit(deletedSignatureLock);
93 return;
   94     }
152 if (currentClassTag == -1) {
153 // Class tracking not initialized yet, nobody's interested
154 debugMonitorExit(deletedSignatureLock);
155 return;
  156     }
161 if (error != JVMTI_ERROR_NONE) {
162 EXIT_ERROR(error, "Unable to GetTag with class trackingEnv");
  163     }
164 if (tag != 0l) {
165 debugMonitorExit(deletedSignatureLock);
166 return; // Already added
  167     }
281 cleanDeleted(void *signatureVoid, void *arg)
282 {
283 char* sig = (char*)signatureVoid;
284 jvmtiDeallocate(sig);
285 return JNI_TRUE;
  286 }
  291 void
  292 classTrack_reset(void)
  293 {
294 int idx;
295 debugMonitorEnter(deletedSignatureLock);
297 for (idx = 0; idx < CT_SLOT_COUNT; ++idx) {
298 KlassNode* node = table[idx];
299 while (node != NULL) {
300 KlassNode* next = node->next;
301 jvmtiDeallocate(node->signature);
302 jvmtiDeallocate(node);
303 node = next;
304 }
305 }
306 jvmtiDeallocate(table);
308 bagEnumerateOver(deletedSignatureBag, cleanDeleted, NULL);
309 bagDestroyBag(deletedSignatureBag);
311 currentClassTag = -1;
314 trackingEnv = NULL;
316 debugMonitorExit(deletedSignatureLock);

Could you, please, fix several comments below?
63 * The JVMTI tracking env to keep track of klass tags, for
  The comma is not needed.
  Would it better to replace: klass tags => klass_tag's ?

73 * Lock to keep table, currentClassTag and deletedSignatureBag
  Maybe: Lock to guard ... or lock to keep integrity of ...

84 * Callback when classes are freed, Finds the signature and
remembers it in deletedSignatureBag. Would be better to use words
"store" or "record", "Find" should not start from capital letter:
Invoke the callback when classes are freed, find and record the
signature in deletedSignatureBag.

96 // Find deleted KlassNode 133 // Class tracking not initialized,
nobody's interested 153 // Class tracking not initialized yet,
nobody's interested 158 /* Check this is not a duplicate */ Missed
at the end. 106 if (klass != NULL || klass->klass_tag != tag) { //
klass not found - ignore. In opposite, dot is not needed as the
comment does not start from a capital letter. 111 // At this point we
have the KlassNode corresponding to the tag
112 // in klass, and the pointer to it in klass_node.
  The comment above can be better. Maybe, something like:
    " At this point, we found the KlassNode matching the klass
tag(and it is

113 // Remember the unloaded signature.
  Better: Record the signature of the unloaded class and unlink it.



On 3/9/20 05:39, Roman Kennke wrote:
Hello all,

Can I please get reviews of this change? In the meantime, we've done
more testing and also field-/torture-testing by a customer who is
now. :-)


Hi Serguei,

Thanks for reviewing!

I updated the patch to reflect your suggestions, very good!
It also includes a fix to allow re-connecting an agent after
namely move setup of the trackingEnv and deletedSignatureBag to
_activate() to ensure have those structures after re-connect.


Let me know what you think!

Hi Roman,

Thank you for taking care about this scalability issue!

I have a couple of quick comments.


72 /*
73 * Lock to protect deletedSignatureBag
74 */
75 static jrawMonitorID deletedSignatureLock; 76 77 /*
78 * A bag containing all the deleted classes' signatures. Must be
accessed under
79 * deletedTagLock,
   80  */
81 struct bag* deletedSignatureBag;

   The comments contradict to each other.
   I guess, the lock name at line 79 has to be
instead of deletedTagLock.
   Also, comma at the end must be replaced with dot.

101 // Tag not found? Ignore.
102 if (klass == NULL) {
103 debugMonitorExit(deletedSignatureLock);
104 return;
105 }
107 // Scan linked-list.
108 jlong found_tag = klass->klass_tag;
109 while (klass != NULL && found_tag != tag) {
110 klass_ptr = &klass->next;
111 klass = *klass_ptr;
112 found_tag = klass->klass_tag;
  113     }
115 // Tag not found? Ignore.
116 if (found_tag != tag) {
117 debugMonitorExit(deletedSignatureLock);
118 return;
  119     }

  The code above can be simplified, so that the lines 101-105
are not
needed anymore.
  It can be something like this:

// Scan linked-list.
while (klass != NULL && klass->klass_tag != tag) {
klass_ptr = &klass->next;
klass = *klass_ptr;
if (klass == NULL || klass->klass_tag != tag) { // klass not
found - ignore.

It will take more time when I get a chance to look at the rest.


On 12/21/19 13:24, Roman Kennke wrote:
Here comes an update that resolves some races that happen when
disconnecting an agent. In particular, we need to take the
lock on
basically every operation, and also need to check whether or not
class-tracking is active and return an appropriate result
(e.g. an empty
list) when we're not.

Updated webrev:


So, here comes the O(1) implementation:

- Whenever a class is 'prepared', it is registered with a
tag, and we
set-up a listener to get notified when it is unloaded.
- Prepared classes are kept in a datastructure that is a
table, which
each entry being the head of a linked-list of KlassNode*. The
table is
indexed by tag % slot-count, and then simply prepend the new
This is O(1) operation.
- When we get notified of unloading a class, we look up the
signature of
the reported tag in that table, and remember it in a bag. The
is then unlinked from the table and deallocated. This is
~O(1) operation
too, depending on the depth of the table. In my testcase
which hammered
the code with class-loads and unloads, I usually see depths
of like 2-3,
but not usually more. It should be ok.
- when processUnloads() gets called, we simply hand out that
bag, and
allocate a new one.
- I also added cleanup-code in classTrack_reset() to avoid
leaking the
signatures and KlassNode* etc when debug agent gets detached
re-attached (was missing before).
- I also added locks around data-structure-manipulation (was
- Also, I only activate this whole process when an actual
listener gets
registered on EI_GC_FINISH. This seems to happen right when
attaching a
jdb, not sure why jdb does that though. This may be something
to improve
in the future?

In my tests, the performance of class-tracking itself looks
really good.
The bottleneck now is clearly actual synthesizing the
events. I don't see how this can be helped when the debug
agent asks for it?

Updated webrev:

Please let me know what you think of it.


Alright, the perfectionist in me got me. I am implementing
the even more
efficient ~O(1) class tracking. Please hold off reviewing
for now.


  Hi Chris,
I'll have a look at this, although it might not be for a
few days. In
the meantime, maybe you can describe your new
implementation in
classTrack.c so it's easier to look through the changes.

The purpose of this class-tracking is to be able to
determine the
signatures of unloaded classes when GC/class-unloading
happened, so that
we can generate the appropriate JDWP event.

The current implementation does so by maintaining a table
of currently
prepared classes by building that table when classTrack is
and then add new classes whenever a class gets loaded. When
occurs, that cache is rebuilt into a new table, and
compared with the
old table, and whatever is in the old, but not in the new
table gets
returned. The problem is that when GCs happen frequently
and/or many
classes get loaded+unloaded, this amounts to

The new implementation keeps a linked-list of prepared
classes, and also
tracks unloads via the listener cbTrackingObjectFree().
Whenever an
unload/GC occurs, the list of prepared classes is scanned,
and classes
that are also in the deletedTagBag are unlinked (thus
maintaining the
prepared-classes-list) and its signature put in the list
that gets returned.

The implementation is not perfect. In order to determine
whether or not
a class is unloaded, it needs to scan the deletedTagBag.
That process is
therefore still O(unloadedClassCount). The assumption here
is that
unloadedClassCount << classCount. In my experiments this
seems to be
true, and also reasonable to expect.

(I have some ideas how to improve the implementation to
~O(1) but it
would be considerably more complex: have to maintain a
(hash)table that
maps tags -> KlassNode*, unlink them directly upon unload,
and build the
unloaded-signatures list there, but I don't currently see
that it's
worth the effort).

In addition to all that, this process is only activated
when there's an
actual listener registered for EI_GC_FINISH.



On 12/18/19 5:05 AM, Roman Kennke wrote:
Hello all,


I am proposing what amounts to a rewrite of classTrack.c.
It avoids
throwing away the class cache on GC, and instead keeps
track of
loaded/unloaded classes one-by-one.

In addition to that, it avoids this whole dance until an
registers interest in EI_GC_FINISH.


Testing: manual testing of provided test scenarios and

Eg with the testcase provided here:

I am getting those numbers:
unpatched: no debug: 84s with debug: 225s
patched:   no debug: 85s with debug: 95s

I also tested successfully through jdk/submit repo

Can I please get a review?



