1 /*
2 * Copyright (c) 2017, 2021, Red Hat, Inc. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "gc/shared/tlab_globals.hpp"
27 #include "gc/shenandoah/shenandoahAsserts.hpp"
28 #include "gc/shenandoah/shenandoahForwarding.inline.hpp"
29 #include "gc/shenandoah/shenandoahPhaseTimings.hpp"
30 #include "gc/shenandoah/shenandoahHeap.inline.hpp"
31 #include "gc/shenandoah/shenandoahHeapRegion.inline.hpp"
32 #include "gc/shenandoah/shenandoahRootProcessor.hpp"
33 #include "gc/shenandoah/shenandoahTaskqueue.inline.hpp"
34 #include "gc/shenandoah/shenandoahUtils.hpp"
35 #include "gc/shenandoah/shenandoahVerifier.hpp"
36 #include "memory/allocation.hpp"
37 #include "memory/iterator.inline.hpp"
38 #include "memory/resourceArea.hpp"
39 #include "oops/compressedOops.inline.hpp"
40 #include "runtime/atomic.hpp"
41 #include "runtime/orderAccess.hpp"
42 #include "runtime/threads.hpp"
43 #include "utilities/align.hpp"
44
45 // Avoid name collision on verify_oop (defined in macroAssembler_arm.hpp)
46 #ifdef verify_oop
47 #undef verify_oop
48 #endif
49
50 static bool is_instance_ref_klass(Klass* k) {
51 return k->is_instance_klass() && InstanceKlass::cast(k)->reference_type() != REF_NONE;
52 }
53
54 class ShenandoahVerifyOopClosure : public BasicOopIterateClosure {
55 private:
56 const char* _phase;
57 ShenandoahVerifier::VerifyOptions _options;
58 ShenandoahVerifierStack* _stack;
59 ShenandoahHeap* _heap;
60 MarkBitMap* _map;
61 ShenandoahLivenessData* _ld;
62 void* _interior_loc;
63 oop _loc;
64 ReferenceIterationMode _ref_mode;
65
66 public:
67 ShenandoahVerifyOopClosure(ShenandoahVerifierStack* stack, MarkBitMap* map, ShenandoahLivenessData* ld,
68 const char* phase, ShenandoahVerifier::VerifyOptions options) :
69 _phase(phase),
70 _options(options),
71 _stack(stack),
72 _heap(ShenandoahHeap::heap()),
73 _map(map),
74 _ld(ld),
75 _interior_loc(nullptr),
76 _loc(nullptr) {
77 if (options._verify_marked == ShenandoahVerifier::_verify_marked_complete_except_references ||
78 options._verify_marked == ShenandoahVerifier::_verify_marked_disable) {
79 // Unknown status for Reference.referent field. Do not touch it, it might be dead.
80 // Normally, barriers would prevent us from seeing the dead referents, but verifier
81 // runs with barriers disabled.
82 _ref_mode = DO_FIELDS_EXCEPT_REFERENT;
83 } else {
84 // Otherwise do all fields.
85 _ref_mode = DO_FIELDS;
86 }
87 }
88
89 ReferenceIterationMode reference_iteration_mode() override {
90 return _ref_mode;
91 }
92
93 private:
94 void check(ShenandoahAsserts::SafeLevel level, oop obj, bool test, const char* label) {
95 if (!test) {
96 ShenandoahAsserts::print_failure(level, obj, _interior_loc, _loc, _phase, label, __FILE__, __LINE__);
97 }
98 }
99
100 template <class T>
101 void do_oop_work(T* p) {
102 T o = RawAccess<>::oop_load(p);
103 if (!CompressedOops::is_null(o)) {
104 oop obj = CompressedOops::decode_not_null(o);
105 if (is_instance_ref_klass(ShenandoahForwarding::klass(obj))) {
106 obj = ShenandoahForwarding::get_forwardee(obj);
107 }
108 // Single threaded verification can use faster non-atomic stack and bitmap
109 // methods.
110 //
111 // For performance reasons, only fully verify non-marked field values.
112 // We are here when the host object for *p is already marked.
113
114 if (_map->par_mark(obj)) {
115 verify_oop_at(p, obj);
116 _stack->push(ShenandoahVerifierTask(obj));
117 }
118 }
119 }
120
121 void verify_oop(oop obj) {
122 // Perform consistency checks with gradually decreasing safety level. This guarantees
123 // that failure report would not try to touch something that was not yet verified to be
124 // safe to process.
125
126 check(ShenandoahAsserts::_safe_unknown, obj, _heap->is_in_reserved(obj),
127 "oop must be in heap bounds");
128 check(ShenandoahAsserts::_safe_unknown, obj, is_object_aligned(obj),
129 "oop must be aligned");
130
131 ShenandoahHeapRegion *obj_reg = _heap->heap_region_containing(obj);
132 Klass* obj_klass = ShenandoahForwarding::klass(obj);
133
134 // Verify that obj is not in dead space:
135 {
136 // Do this before touching obj->size()
137 check(ShenandoahAsserts::_safe_unknown, obj, obj_klass != nullptr,
138 "Object klass pointer should not be null");
139 check(ShenandoahAsserts::_safe_unknown, obj, Metaspace::contains(obj_klass),
140 "Object klass pointer must go to metaspace");
141
142 HeapWord *obj_addr = cast_from_oop<HeapWord*>(obj);
143 check(ShenandoahAsserts::_safe_unknown, obj, obj_addr < obj_reg->top(),
144 "Object start should be within the region");
145
146 if (!obj_reg->is_humongous()) {
147 check(ShenandoahAsserts::_safe_unknown, obj, (obj_addr + ShenandoahForwarding::size(obj)) <= obj_reg->top(),
148 "Object end should be within the region");
149 } else {
150 size_t humongous_start = obj_reg->index();
151 size_t humongous_end = humongous_start + (ShenandoahForwarding::size(obj) >> ShenandoahHeapRegion::region_size_words_shift());
152 for (size_t idx = humongous_start + 1; idx < humongous_end; idx++) {
153 check(ShenandoahAsserts::_safe_unknown, obj, _heap->get_region(idx)->is_humongous_continuation(),
154 "Humongous object is in continuation that fits it");
155 }
156 }
157
158 // ------------ obj is safe at this point --------------
159
160 check(ShenandoahAsserts::_safe_oop, obj, obj_reg->is_active(),
161 "Object should be in active region");
162
163 switch (_options._verify_liveness) {
164 case ShenandoahVerifier::_verify_liveness_disable:
165 // skip
166 break;
167 case ShenandoahVerifier::_verify_liveness_complete:
168 Atomic::add(&_ld[obj_reg->index()], (uint) ShenandoahForwarding::size(obj), memory_order_relaxed);
169 // fallthrough for fast failure for un-live regions:
170 case ShenandoahVerifier::_verify_liveness_conservative:
171 check(ShenandoahAsserts::_safe_oop, obj, obj_reg->has_live(),
172 "Object must belong to region with live data");
173 break;
174 default:
175 assert(false, "Unhandled liveness verification");
176 }
177 }
178
179 oop fwd = ShenandoahForwarding::get_forwardee_raw_unchecked(obj);
180
181 ShenandoahHeapRegion* fwd_reg = nullptr;
182
183 if (obj != fwd) {
184 check(ShenandoahAsserts::_safe_oop, obj, _heap->is_in_reserved(fwd),
185 "Forwardee must be in heap bounds");
186 check(ShenandoahAsserts::_safe_oop, obj, !CompressedOops::is_null(fwd),
187 "Forwardee is set");
188 check(ShenandoahAsserts::_safe_oop, obj, is_object_aligned(fwd),
189 "Forwardee must be aligned");
190
191 // Do this before touching fwd->size()
192 Klass* fwd_klass = fwd->klass_or_null();
193 check(ShenandoahAsserts::_safe_oop, obj, fwd_klass != nullptr,
194 "Forwardee klass pointer should not be null");
195 check(ShenandoahAsserts::_safe_oop, obj, Metaspace::contains(fwd_klass),
196 "Forwardee klass pointer must go to metaspace");
197 check(ShenandoahAsserts::_safe_oop, obj, obj_klass == fwd_klass,
198 "Forwardee klass pointer must go to metaspace");
199
200 fwd_reg = _heap->heap_region_containing(fwd);
201
202 check(ShenandoahAsserts::_safe_oop, obj, fwd_reg->is_active(),
203 "Forwardee should be in active region");
204
205 // Verify that forwardee is not in the dead space:
206 check(ShenandoahAsserts::_safe_oop, obj, !fwd_reg->is_humongous(),
207 "Should have no humongous forwardees");
208
209 HeapWord *fwd_addr = cast_from_oop<HeapWord *>(fwd);
210 check(ShenandoahAsserts::_safe_oop, obj, fwd_addr < fwd_reg->top(),
211 "Forwardee start should be within the region");
212 check(ShenandoahAsserts::_safe_oop, obj, (fwd_addr + ShenandoahForwarding::size(fwd)) <= fwd_reg->top(),
213 "Forwardee end should be within the region");
214
215 oop fwd2 = ShenandoahForwarding::get_forwardee_raw_unchecked(fwd);
216 check(ShenandoahAsserts::_safe_oop, obj, (fwd == fwd2),
217 "Double forwarding");
218 } else {
219 fwd_reg = obj_reg;
220 }
221
222 // Do additional checks for special objects: their fields can hold metadata as well.
223 // We want to check class loading/unloading did not corrupt them.
224
225 if (obj_klass == vmClasses::Class_klass()) {
226 Metadata* klass = obj->metadata_field(java_lang_Class::klass_offset());
227 check(ShenandoahAsserts::_safe_oop, obj,
228 klass == nullptr || Metaspace::contains(klass),
229 "Instance class mirror should point to Metaspace");
230
231 Metadata* array_klass = obj->metadata_field(java_lang_Class::array_klass_offset());
232 check(ShenandoahAsserts::_safe_oop, obj,
233 array_klass == nullptr || Metaspace::contains(array_klass),
234 "Array class mirror should point to Metaspace");
235 }
236
237 // ------------ obj and fwd are safe at this point --------------
238
239 switch (_options._verify_marked) {
240 case ShenandoahVerifier::_verify_marked_disable:
241 // skip
242 break;
243 case ShenandoahVerifier::_verify_marked_incomplete:
244 check(ShenandoahAsserts::_safe_all, obj, _heap->marking_context()->is_marked(obj),
245 "Must be marked in incomplete bitmap");
246 break;
247 case ShenandoahVerifier::_verify_marked_complete:
248 check(ShenandoahAsserts::_safe_all, obj, _heap->complete_marking_context()->is_marked(obj),
249 "Must be marked in complete bitmap");
250 break;
251 case ShenandoahVerifier::_verify_marked_complete_except_references:
252 check(ShenandoahAsserts::_safe_all, obj, _heap->complete_marking_context()->is_marked(obj),
253 "Must be marked in complete bitmap, except j.l.r.Reference referents");
254 break;
255 default:
256 assert(false, "Unhandled mark verification");
257 }
258
259 switch (_options._verify_forwarded) {
260 case ShenandoahVerifier::_verify_forwarded_disable:
261 // skip
262 break;
263 case ShenandoahVerifier::_verify_forwarded_none: {
264 check(ShenandoahAsserts::_safe_all, obj, (obj == fwd),
265 "Should not be forwarded");
266 break;
267 }
268 case ShenandoahVerifier::_verify_forwarded_allow: {
269 if (obj != fwd) {
270 check(ShenandoahAsserts::_safe_all, obj, obj_reg != fwd_reg,
271 "Forwardee should be in another region");
272 }
273 break;
274 }
275 default:
276 assert(false, "Unhandled forwarding verification");
277 }
278
279 switch (_options._verify_cset) {
280 case ShenandoahVerifier::_verify_cset_disable:
281 // skip
282 break;
283 case ShenandoahVerifier::_verify_cset_none:
284 check(ShenandoahAsserts::_safe_all, obj, !_heap->in_collection_set(obj),
285 "Should not have references to collection set");
286 break;
287 case ShenandoahVerifier::_verify_cset_forwarded:
288 if (_heap->in_collection_set(obj)) {
289 check(ShenandoahAsserts::_safe_all, obj, (obj != fwd),
290 "Object in collection set, should have forwardee");
291 }
292 break;
293 default:
294 assert(false, "Unhandled cset verification");
295 }
296
297 }
298
299 public:
300 /**
301 * Verify object with known interior reference.
302 * @param p interior reference where the object is referenced from; can be off-heap
303 * @param obj verified object
304 */
305 template <class T>
306 void verify_oop_at(T* p, oop obj) {
307 _interior_loc = p;
308 verify_oop(obj);
309 _interior_loc = nullptr;
310 }
311
312 /**
313 * Verify object without known interior reference.
314 * Useful when picking up the object at known offset in heap,
315 * but without knowing what objects reference it.
316 * @param obj verified object
317 */
318 void verify_oop_standalone(oop obj) {
319 _interior_loc = nullptr;
320 verify_oop(obj);
321 _interior_loc = nullptr;
322 }
323
324 /**
325 * Verify oop fields from this object.
326 * @param obj host object for verified fields
327 */
328 void verify_oops_from(oop obj) {
329 _loc = obj;
330 // oop_iterate() can not deal with forwarded objects, because
331 // it needs to load klass(), which may be overridden by the
332 // forwarding pointer.
333 oop fwd = ShenandoahForwarding::get_forwardee_raw(obj);
334 fwd->oop_iterate(this);
335 _loc = nullptr;
336 }
337
338 virtual void do_oop(oop* p) override { do_oop_work(p); }
339 virtual void do_oop(narrowOop* p) override { do_oop_work(p); }
340 };
341
342 class ShenandoahCalculateRegionStatsClosure : public ShenandoahHeapRegionClosure {
343 private:
344 size_t _used, _committed, _garbage;
345 public:
346 ShenandoahCalculateRegionStatsClosure() : _used(0), _committed(0), _garbage(0) {};
347
348 void heap_region_do(ShenandoahHeapRegion* r) {
349 _used += r->used();
350 _garbage += r->garbage();
351 _committed += r->is_committed() ? ShenandoahHeapRegion::region_size_bytes() : 0;
352 }
353
354 size_t used() { return _used; }
355 size_t committed() { return _committed; }
356 size_t garbage() { return _garbage; }
357 };
358
359 class ShenandoahVerifyHeapRegionClosure : public ShenandoahHeapRegionClosure {
360 private:
361 ShenandoahHeap* _heap;
362 const char* _phase;
363 ShenandoahVerifier::VerifyRegions _regions;
364 public:
365 ShenandoahVerifyHeapRegionClosure(const char* phase, ShenandoahVerifier::VerifyRegions regions) :
366 _heap(ShenandoahHeap::heap()),
367 _phase(phase),
368 _regions(regions) {};
369
370 void print_failure(ShenandoahHeapRegion* r, const char* label) {
371 ResourceMark rm;
372
373 ShenandoahMessageBuffer msg("Shenandoah verification failed; %s: %s\n\n", _phase, label);
374
375 stringStream ss;
376 r->print_on(&ss);
377 msg.append("%s", ss.as_string());
378
379 report_vm_error(__FILE__, __LINE__, msg.buffer());
380 }
381
382 void verify(ShenandoahHeapRegion* r, bool test, const char* msg) {
383 if (!test) {
384 print_failure(r, msg);
385 }
386 }
387
388 void heap_region_do(ShenandoahHeapRegion* r) {
389 switch (_regions) {
390 case ShenandoahVerifier::_verify_regions_disable:
391 break;
392 case ShenandoahVerifier::_verify_regions_notrash:
393 verify(r, !r->is_trash(),
394 "Should not have trash regions");
395 break;
396 case ShenandoahVerifier::_verify_regions_nocset:
397 verify(r, !r->is_cset(),
398 "Should not have cset regions");
399 break;
400 case ShenandoahVerifier::_verify_regions_notrash_nocset:
401 verify(r, !r->is_trash(),
402 "Should not have trash regions");
403 verify(r, !r->is_cset(),
404 "Should not have cset regions");
405 break;
406 default:
407 ShouldNotReachHere();
408 }
409
410 verify(r, r->capacity() == ShenandoahHeapRegion::region_size_bytes(),
411 "Capacity should match region size");
412
413 verify(r, r->bottom() <= r->top(),
414 "Region top should not be less than bottom");
415
416 verify(r, r->bottom() <= _heap->marking_context()->top_at_mark_start(r),
417 "Region TAMS should not be less than bottom");
418
419 verify(r, _heap->marking_context()->top_at_mark_start(r) <= r->top(),
420 "Complete TAMS should not be larger than top");
421
422 verify(r, r->get_live_data_bytes() <= r->capacity(),
423 "Live data cannot be larger than capacity");
424
425 verify(r, r->garbage() <= r->capacity(),
426 "Garbage cannot be larger than capacity");
427
428 verify(r, r->used() <= r->capacity(),
429 "Used cannot be larger than capacity");
430
431 verify(r, r->get_shared_allocs() <= r->capacity(),
432 "Shared alloc count should not be larger than capacity");
433
434 verify(r, r->get_tlab_allocs() <= r->capacity(),
435 "TLAB alloc count should not be larger than capacity");
436
437 verify(r, r->get_gclab_allocs() <= r->capacity(),
438 "GCLAB alloc count should not be larger than capacity");
439
440 verify(r, r->get_shared_allocs() + r->get_tlab_allocs() + r->get_gclab_allocs() == r->used(),
441 "Accurate accounting: shared + TLAB + GCLAB = used");
442
443 verify(r, !r->is_empty() || !r->has_live(),
444 "Empty regions should not have live data");
445
446 verify(r, r->is_cset() == _heap->collection_set()->is_in(r),
447 "Transitional: region flags and collection set agree");
448 }
449 };
450
451 class ShenandoahVerifierReachableTask : public WorkerTask {
452 private:
453 const char* _label;
454 ShenandoahVerifier::VerifyOptions _options;
455 ShenandoahHeap* _heap;
456 ShenandoahLivenessData* _ld;
457 MarkBitMap* _bitmap;
458 volatile size_t _processed;
459
460 public:
461 ShenandoahVerifierReachableTask(MarkBitMap* bitmap,
462 ShenandoahLivenessData* ld,
463 const char* label,
464 ShenandoahVerifier::VerifyOptions options) :
465 WorkerTask("Shenandoah Verifier Reachable Objects"),
466 _label(label),
467 _options(options),
468 _heap(ShenandoahHeap::heap()),
469 _ld(ld),
470 _bitmap(bitmap),
471 _processed(0) {};
472
473 size_t processed() {
474 return _processed;
475 }
476
477 virtual void work(uint worker_id) {
478 ResourceMark rm;
479 ShenandoahVerifierStack stack;
480
481 // On level 2, we need to only check the roots once.
482 // On level 3, we want to check the roots, and seed the local stack.
483 // It is a lesser evil to accept multiple root scans at level 3, because
484 // extended parallelism would buy us out.
485 if (((ShenandoahVerifyLevel == 2) && (worker_id == 0))
486 || (ShenandoahVerifyLevel >= 3)) {
487 ShenandoahVerifyOopClosure cl(&stack, _bitmap, _ld,
488 ShenandoahMessageBuffer("%s, Roots", _label),
489 _options);
490 if (_heap->unload_classes()) {
491 ShenandoahRootVerifier::strong_roots_do(&cl);
492 } else {
493 ShenandoahRootVerifier::roots_do(&cl);
494 }
495 }
496
497 size_t processed = 0;
498
499 if (ShenandoahVerifyLevel >= 3) {
500 ShenandoahVerifyOopClosure cl(&stack, _bitmap, _ld,
501 ShenandoahMessageBuffer("%s, Reachable", _label),
502 _options);
503 while (!stack.is_empty()) {
504 processed++;
505 ShenandoahVerifierTask task = stack.pop();
506 cl.verify_oops_from(task.obj());
507 }
508 }
509
510 Atomic::add(&_processed, processed, memory_order_relaxed);
511 }
512 };
513
514 class ShenandoahVerifierMarkedRegionTask : public WorkerTask {
515 private:
516 const char* _label;
517 ShenandoahVerifier::VerifyOptions _options;
518 ShenandoahHeap *_heap;
519 MarkBitMap* _bitmap;
520 ShenandoahLivenessData* _ld;
521 volatile size_t _claimed;
522 volatile size_t _processed;
523
524 public:
525 ShenandoahVerifierMarkedRegionTask(MarkBitMap* bitmap,
526 ShenandoahLivenessData* ld,
527 const char* label,
528 ShenandoahVerifier::VerifyOptions options) :
529 WorkerTask("Shenandoah Verifier Marked Objects"),
530 _label(label),
531 _options(options),
532 _heap(ShenandoahHeap::heap()),
533 _bitmap(bitmap),
534 _ld(ld),
535 _claimed(0),
536 _processed(0) {};
537
538 size_t processed() {
539 return Atomic::load(&_processed);
540 }
541
542 virtual void work(uint worker_id) {
543 ShenandoahVerifierStack stack;
544 ShenandoahVerifyOopClosure cl(&stack, _bitmap, _ld,
545 ShenandoahMessageBuffer("%s, Marked", _label),
546 _options);
547
548 while (true) {
549 size_t v = Atomic::fetch_then_add(&_claimed, 1u, memory_order_relaxed);
550 if (v < _heap->num_regions()) {
551 ShenandoahHeapRegion* r = _heap->get_region(v);
552 if (!r->is_humongous() && !r->is_trash()) {
553 work_regular(r, stack, cl);
554 } else if (r->is_humongous_start()) {
555 work_humongous(r, stack, cl);
556 }
557 } else {
558 break;
559 }
560 }
561 }
562
563 virtual void work_humongous(ShenandoahHeapRegion *r, ShenandoahVerifierStack& stack, ShenandoahVerifyOopClosure& cl) {
564 size_t processed = 0;
565 HeapWord* obj = r->bottom();
566 if (_heap->complete_marking_context()->is_marked(cast_to_oop(obj))) {
567 verify_and_follow(obj, stack, cl, &processed);
568 }
569 Atomic::add(&_processed, processed, memory_order_relaxed);
570 }
571
572 virtual void work_regular(ShenandoahHeapRegion *r, ShenandoahVerifierStack &stack, ShenandoahVerifyOopClosure &cl) {
573 size_t processed = 0;
574 ShenandoahMarkingContext* ctx = _heap->complete_marking_context();
575 HeapWord* tams = ctx->top_at_mark_start(r);
576
577 // Bitmaps, before TAMS
578 if (tams > r->bottom()) {
579 HeapWord* start = r->bottom();
580 HeapWord* addr = ctx->get_next_marked_addr(start, tams);
581
582 while (addr < tams) {
583 verify_and_follow(addr, stack, cl, &processed);
584 addr += 1;
585 if (addr < tams) {
586 addr = ctx->get_next_marked_addr(addr, tams);
587 }
588 }
589 }
590
591 // Size-based, after TAMS
592 {
593 HeapWord* limit = r->top();
594 HeapWord* addr = tams;
595
596 while (addr < limit) {
597 verify_and_follow(addr, stack, cl, &processed);
598 addr += ShenandoahForwarding::size(cast_to_oop(addr));
599 }
600 }
601
602 Atomic::add(&_processed, processed, memory_order_relaxed);
603 }
604
605 void verify_and_follow(HeapWord *addr, ShenandoahVerifierStack &stack, ShenandoahVerifyOopClosure &cl, size_t *processed) {
606 if (!_bitmap->par_mark(addr)) return;
607
608 // Verify the object itself:
609 oop obj = cast_to_oop(addr);
610 cl.verify_oop_standalone(obj);
611
612 // Verify everything reachable from that object too, hopefully realizing
613 // everything was already marked, and never touching further:
614 if (!is_instance_ref_klass(ShenandoahForwarding::klass(obj))) {
615 cl.verify_oops_from(obj);
616 (*processed)++;
617 }
618 while (!stack.is_empty()) {
619 ShenandoahVerifierTask task = stack.pop();
620 cl.verify_oops_from(task.obj());
621 (*processed)++;
622 }
623 }
624 };
625
626 class VerifyThreadGCState : public ThreadClosure {
627 private:
628 const char* const _label;
629 char const _expected;
630
631 public:
632 VerifyThreadGCState(const char* label, char expected) : _label(label), _expected(expected) {}
633 void do_thread(Thread* t) {
634 char actual = ShenandoahThreadLocalData::gc_state(t);
635 if (actual != _expected) {
636 fatal("%s: Thread %s: expected gc-state %d, actual %d", _label, t->name(), _expected, actual);
637 }
638 }
639 };
640
641 void ShenandoahVerifier::verify_at_safepoint(const char *label,
642 VerifyForwarded forwarded, VerifyMarked marked,
643 VerifyCollectionSet cset,
644 VerifyLiveness liveness, VerifyRegions regions,
645 VerifyGCState gcstate) {
646 guarantee(ShenandoahSafepoint::is_at_shenandoah_safepoint(), "only when nothing else happens");
647 guarantee(ShenandoahVerify, "only when enabled, and bitmap is initialized in ShenandoahHeap::initialize");
648
649 ShenandoahHeap::heap()->propagate_gc_state_to_java_threads();
650
651 // Avoid side-effect of changing workers' active thread count, but bypass concurrent/parallel protocol check
652 ShenandoahPushWorkerScope verify_worker_scope(_heap->workers(), _heap->max_workers(), false /*bypass check*/);
653
654 log_info(gc,start)("Verify %s, Level " INTX_FORMAT, label, ShenandoahVerifyLevel);
655
656 // GC state checks
657 {
658 char expected = -1;
659 bool enabled;
660 switch (gcstate) {
661 case _verify_gcstate_disable:
662 enabled = false;
663 break;
664 case _verify_gcstate_forwarded:
665 enabled = true;
666 expected = ShenandoahHeap::HAS_FORWARDED;
667 break;
668 case _verify_gcstate_stable:
669 enabled = true;
670 expected = ShenandoahHeap::STABLE;
671 break;
672 case _verify_gcstate_stable_weakroots:
673 enabled = true;
674 expected = ShenandoahHeap::STABLE;
675 if (!_heap->is_stw_gc_in_progress()) {
676 // Only concurrent GC sets this.
677 expected |= ShenandoahHeap::WEAK_ROOTS;
678 }
679 break;
680 default:
681 enabled = false;
682 assert(false, "Unhandled gc-state verification");
683 }
684
685 if (enabled) {
686 char actual = _heap->gc_state();
687 if (actual != expected) {
688 fatal("%s: Global gc-state: expected %d, actual %d", label, expected, actual);
689 }
690
691 VerifyThreadGCState vtgcs(label, expected);
692 Threads::java_threads_do(&vtgcs);
693 }
694 }
695
696 // Deactivate barriers temporarily: Verifier wants plain heap accesses
697 ShenandoahGCStateResetter resetter;
698
699 // Heap size checks
700 {
701 ShenandoahHeapLocker lock(_heap->lock());
702
703 ShenandoahCalculateRegionStatsClosure cl;
704 _heap->heap_region_iterate(&cl);
705 size_t heap_used = _heap->used();
706 guarantee(cl.used() == heap_used,
707 "%s: heap used size must be consistent: heap-used = " SIZE_FORMAT "%s, regions-used = " SIZE_FORMAT "%s",
708 label,
709 byte_size_in_proper_unit(heap_used), proper_unit_for_byte_size(heap_used),
710 byte_size_in_proper_unit(cl.used()), proper_unit_for_byte_size(cl.used()));
711
712 size_t heap_committed = _heap->committed();
713 guarantee(cl.committed() == heap_committed,
714 "%s: heap committed size must be consistent: heap-committed = " SIZE_FORMAT "%s, regions-committed = " SIZE_FORMAT "%s",
715 label,
716 byte_size_in_proper_unit(heap_committed), proper_unit_for_byte_size(heap_committed),
717 byte_size_in_proper_unit(cl.committed()), proper_unit_for_byte_size(cl.committed()));
718 }
719
720 // Internal heap region checks
721 if (ShenandoahVerifyLevel >= 1) {
722 ShenandoahVerifyHeapRegionClosure cl(label, regions);
723 _heap->heap_region_iterate(&cl);
724 }
725
726 OrderAccess::fence();
727
728 if (UseTLAB) {
729 _heap->labs_make_parsable();
730 }
731
732 // Allocate temporary bitmap for storing marking wavefront:
733 _verification_bit_map->clear();
734
735 // Allocate temporary array for storing liveness data
736 ShenandoahLivenessData* ld = NEW_C_HEAP_ARRAY(ShenandoahLivenessData, _heap->num_regions(), mtGC);
737 Copy::fill_to_bytes((void*)ld, _heap->num_regions()*sizeof(ShenandoahLivenessData), 0);
738
739 const VerifyOptions& options = ShenandoahVerifier::VerifyOptions(forwarded, marked, cset, liveness, regions, gcstate);
740
741 // Steps 1-2. Scan root set to get initial reachable set. Finish walking the reachable heap.
742 // This verifies what application can see, since it only cares about reachable objects.
743 size_t count_reachable = 0;
744 if (ShenandoahVerifyLevel >= 2) {
745 ShenandoahVerifierReachableTask task(_verification_bit_map, ld, label, options);
746 _heap->workers()->run_task(&task);
747 count_reachable = task.processed();
748 }
749
750 // Step 3. Walk marked objects. Marked objects might be unreachable. This verifies what collector,
751 // not the application, can see during the region scans. There is no reason to process the objects
752 // that were already verified, e.g. those marked in verification bitmap. There is interaction with TAMS:
753 // before TAMS, we verify the bitmaps, if available; after TAMS, we walk until the top(). It mimics
754 // what marked_object_iterate is doing, without calling into that optimized (and possibly incorrect)
755 // version
756
757 size_t count_marked = 0;
758 if (ShenandoahVerifyLevel >= 4 && (marked == _verify_marked_complete || marked == _verify_marked_complete_except_references)) {
759 guarantee(_heap->marking_context()->is_complete(), "Marking context should be complete");
760 ShenandoahVerifierMarkedRegionTask task(_verification_bit_map, ld, label, options);
761 _heap->workers()->run_task(&task);
762 count_marked = task.processed();
763 } else {
764 guarantee(ShenandoahVerifyLevel < 4 || marked == _verify_marked_incomplete || marked == _verify_marked_disable, "Should be");
765 }
766
767 // Step 4. Verify accumulated liveness data, if needed. Only reliable if verification level includes
768 // marked objects.
769
770 if (ShenandoahVerifyLevel >= 4 && marked == _verify_marked_complete && liveness == _verify_liveness_complete) {
771 for (size_t i = 0; i < _heap->num_regions(); i++) {
772 ShenandoahHeapRegion* r = _heap->get_region(i);
773
774 juint verf_live = 0;
775 if (r->is_humongous()) {
776 // For humongous objects, test if start region is marked live, and if so,
777 // all humongous regions in that chain have live data equal to their "used".
778 juint start_live = Atomic::load(&ld[r->humongous_start_region()->index()]);
779 if (start_live > 0) {
780 verf_live = (juint)(r->used() / HeapWordSize);
781 }
782 } else {
783 verf_live = Atomic::load(&ld[r->index()]);
784 }
785
786 size_t reg_live = r->get_live_data_words();
787 if (reg_live != verf_live) {
788 stringStream ss;
789 r->print_on(&ss);
790 fatal("%s: Live data should match: region-live = " SIZE_FORMAT ", verifier-live = " UINT32_FORMAT "\n%s",
791 label, reg_live, verf_live, ss.freeze());
792 }
793 }
794 }
795
796 log_info(gc)("Verify %s, Level " INTX_FORMAT " (" SIZE_FORMAT " reachable, " SIZE_FORMAT " marked)",
797 label, ShenandoahVerifyLevel, count_reachable, count_marked);
798
799 FREE_C_HEAP_ARRAY(ShenandoahLivenessData, ld);
800 }
801
802 void ShenandoahVerifier::verify_generic(VerifyOption vo) {
803 verify_at_safepoint(
804 "Generic Verification",
805 _verify_forwarded_allow, // conservatively allow forwarded
806 _verify_marked_disable, // do not verify marked: lots ot time wasted checking dead allocations
807 _verify_cset_disable, // cset may be inconsistent
808 _verify_liveness_disable, // no reliable liveness data
809 _verify_regions_disable, // no reliable region data
810 _verify_gcstate_disable // no data about gcstate
811 );
812 }
813
814 void ShenandoahVerifier::verify_before_concmark() {
815 verify_at_safepoint(
816 "Before Mark",
817 _verify_forwarded_none, // UR should have fixed up
818 _verify_marked_disable, // do not verify marked: lots ot time wasted checking dead allocations
819 _verify_cset_none, // UR should have fixed this
820 _verify_liveness_disable, // no reliable liveness data
821 _verify_regions_notrash, // no trash regions
822 _verify_gcstate_stable // there are no forwarded objects
823 );
824 }
825
826 void ShenandoahVerifier::verify_after_concmark() {
827 verify_at_safepoint(
828 "After Mark",
829 _verify_forwarded_none, // no forwarded references
830 _verify_marked_complete_except_references, // bitmaps as precise as we can get, except dangling j.l.r.Refs
831 _verify_cset_none, // no references to cset anymore
832 _verify_liveness_complete, // liveness data must be complete here
833 _verify_regions_disable, // trash regions not yet recycled
834 _verify_gcstate_stable_weakroots // heap is still stable, weakroots are in progress
835 );
836 }
837
838 void ShenandoahVerifier::verify_before_evacuation() {
839 verify_at_safepoint(
840 "Before Evacuation",
841 _verify_forwarded_none, // no forwarded references
842 _verify_marked_complete_except_references, // walk over marked objects too
843 _verify_cset_disable, // non-forwarded references to cset expected
844 _verify_liveness_complete, // liveness data must be complete here
845 _verify_regions_disable, // trash regions not yet recycled
846 _verify_gcstate_stable_weakroots // heap is still stable, weakroots are in progress
847 );
848 }
849
850 void ShenandoahVerifier::verify_before_updaterefs() {
851 verify_at_safepoint(
852 "Before Updating References",
853 _verify_forwarded_allow, // forwarded references allowed
854 _verify_marked_complete, // bitmaps might be stale, but alloc-after-mark should be well
855 _verify_cset_forwarded, // all cset refs are fully forwarded
856 _verify_liveness_disable, // no reliable liveness data anymore
857 _verify_regions_notrash, // trash regions have been recycled already
858 _verify_gcstate_forwarded // evacuation should have produced some forwarded objects
859 );
860 }
861
862 void ShenandoahVerifier::verify_after_updaterefs() {
863 verify_at_safepoint(
864 "After Updating References",
865 _verify_forwarded_none, // no forwarded references
866 _verify_marked_complete, // bitmaps might be stale, but alloc-after-mark should be well
867 _verify_cset_none, // no cset references, all updated
868 _verify_liveness_disable, // no reliable liveness data anymore
869 _verify_regions_nocset, // no cset regions, trash regions have appeared
870 _verify_gcstate_stable // update refs had cleaned up forwarded objects
871 );
872 }
873
874 void ShenandoahVerifier::verify_after_degenerated() {
875 verify_at_safepoint(
876 "After Degenerated GC",
877 _verify_forwarded_none, // all objects are non-forwarded
878 _verify_marked_complete, // all objects are marked in complete bitmap
879 _verify_cset_none, // no cset references
880 _verify_liveness_disable, // no reliable liveness data anymore
881 _verify_regions_notrash_nocset, // no trash, no cset
882 _verify_gcstate_stable // degenerated refs had cleaned up forwarded objects
883 );
884 }
885
886 void ShenandoahVerifier::verify_before_fullgc() {
887 verify_at_safepoint(
888 "Before Full GC",
889 _verify_forwarded_allow, // can have forwarded objects
890 _verify_marked_disable, // do not verify marked: lots ot time wasted checking dead allocations
891 _verify_cset_disable, // cset might be foobared
892 _verify_liveness_disable, // no reliable liveness data anymore
893 _verify_regions_disable, // no reliable region data here
894 _verify_gcstate_disable // no reliable gcstate data
895 );
896 }
897
898 void ShenandoahVerifier::verify_after_fullgc() {
899 verify_at_safepoint(
900 "After Full GC",
901 _verify_forwarded_none, // all objects are non-forwarded
902 _verify_marked_complete, // all objects are marked in complete bitmap
903 _verify_cset_none, // no cset references
904 _verify_liveness_disable, // no reliable liveness data anymore
905 _verify_regions_notrash_nocset, // no trash, no cset
906 _verify_gcstate_stable // full gc cleaned up everything
907 );
908 }
909
910 class ShenandoahVerifyNoForwared : public OopClosure {
911 private:
912 template <class T>
913 void do_oop_work(T* p) {
914 T o = RawAccess<>::oop_load(p);
915 if (!CompressedOops::is_null(o)) {
916 oop obj = CompressedOops::decode_not_null(o);
917 oop fwd = ShenandoahForwarding::get_forwardee_raw_unchecked(obj);
918 if (obj != fwd) {
919 ShenandoahAsserts::print_failure(ShenandoahAsserts::_safe_all, obj, p, nullptr,
920 "Verify Roots", "Should not be forwarded", __FILE__, __LINE__);
921 }
922 }
923 }
924
925 public:
926 void do_oop(narrowOop* p) { do_oop_work(p); }
927 void do_oop(oop* p) { do_oop_work(p); }
928 };
929
930 class ShenandoahVerifyInToSpaceClosure : public OopClosure {
931 private:
932 template <class T>
933 void do_oop_work(T* p) {
934 T o = RawAccess<>::oop_load(p);
935 if (!CompressedOops::is_null(o)) {
936 oop obj = CompressedOops::decode_not_null(o);
937 ShenandoahHeap* heap = ShenandoahHeap::heap();
938
939 if (!heap->marking_context()->is_marked(obj)) {
940 ShenandoahAsserts::print_failure(ShenandoahAsserts::_safe_all, obj, p, nullptr,
941 "Verify Roots In To-Space", "Should be marked", __FILE__, __LINE__);
942 }
943
944 if (heap->in_collection_set(obj)) {
945 ShenandoahAsserts::print_failure(ShenandoahAsserts::_safe_all, obj, p, nullptr,
946 "Verify Roots In To-Space", "Should not be in collection set", __FILE__, __LINE__);
947 }
948
949 oop fwd = ShenandoahForwarding::get_forwardee_raw_unchecked(obj);
950 if (obj != fwd) {
951 ShenandoahAsserts::print_failure(ShenandoahAsserts::_safe_all, obj, p, nullptr,
952 "Verify Roots In To-Space", "Should not be forwarded", __FILE__, __LINE__);
953 }
954 }
955 }
956
957 public:
958 void do_oop(narrowOop* p) { do_oop_work(p); }
959 void do_oop(oop* p) { do_oop_work(p); }
960 };
961
962 void ShenandoahVerifier::verify_roots_in_to_space() {
963 ShenandoahVerifyInToSpaceClosure cl;
964 ShenandoahRootVerifier::roots_do(&cl);
965 }
966
967 void ShenandoahVerifier::verify_roots_no_forwarded() {
968 ShenandoahVerifyNoForwared cl;
969 ShenandoahRootVerifier::roots_do(&cl);
970 }