blob: 54c7b6e45da99ebe4a18559393511b3378b49129 [file] [log] [blame]
/*
* Copyright (C) 2009 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "indirect_reference_table.h"
#include "jni_internal.h"
#include "reference_table.h"
#include "runtime.h"
#include "scoped_thread_state_change.h"
#include "thread.h"
#include "utils.h"
#include <cstdlib>
namespace art {
static void AbortMaybe() {
// If -Xcheck:jni is on, it'll give a more detailed error before aborting.
if (!Runtime::Current()->GetJavaVM()->check_jni) {
// Otherwise, we want to abort rather than hand back a bad reference.
LOG(FATAL) << "JNI ERROR (app bug): see above.";
}
}
IndirectReferenceTable::IndirectReferenceTable(size_t initialCount,
size_t maxCount, IndirectRefKind desiredKind) {
CHECK_GT(initialCount, 0U);
CHECK_LE(initialCount, maxCount);
CHECK_NE(desiredKind, kSirtOrInvalid);
table_ = reinterpret_cast<mirror::Object**>(malloc(initialCount * sizeof(const mirror::Object*)));
CHECK(table_ != NULL);
memset(table_, 0xd1, initialCount * sizeof(const mirror::Object*));
slot_data_ = reinterpret_cast<IndirectRefSlot*>(calloc(initialCount, sizeof(IndirectRefSlot)));
CHECK(slot_data_ != NULL);
segment_state_.all = IRT_FIRST_SEGMENT;
alloc_entries_ = initialCount;
max_entries_ = maxCount;
kind_ = desiredKind;
}
IndirectReferenceTable::~IndirectReferenceTable() {
free(table_);
free(slot_data_);
table_ = NULL;
slot_data_ = NULL;
alloc_entries_ = max_entries_ = -1;
}
// Make sure that the entry at "idx" is correctly paired with "iref".
bool IndirectReferenceTable::CheckEntry(const char* what, IndirectRef iref, int idx) const {
const mirror::Object* obj = table_[idx];
IndirectRef checkRef = ToIndirectRef(obj, idx);
if (UNLIKELY(checkRef != iref)) {
LOG(ERROR) << "JNI ERROR (app bug): attempt to " << what
<< " stale " << kind_ << " " << iref
<< " (should be " << checkRef << ")";
AbortMaybe();
return false;
}
return true;
}
IndirectRef IndirectReferenceTable::Add(uint32_t cookie, mirror::Object* obj) {
IRTSegmentState prevState;
prevState.all = cookie;
size_t topIndex = segment_state_.parts.topIndex;
CHECK(obj != NULL);
// TODO: stronger sanity check on the object (such as in heap)
DCHECK_ALIGNED(reinterpret_cast<uintptr_t>(obj), 8);
DCHECK(table_ != NULL);
DCHECK_LE(alloc_entries_, max_entries_);
DCHECK_GE(segment_state_.parts.numHoles, prevState.parts.numHoles);
if (topIndex == alloc_entries_) {
// reached end of allocated space; did we hit buffer max?
if (topIndex == max_entries_) {
LOG(FATAL) << "JNI ERROR (app bug): " << kind_ << " table overflow "
<< "(max=" << max_entries_ << ")\n"
<< MutatorLockedDumpable<IndirectReferenceTable>(*this);
}
size_t newSize = alloc_entries_ * 2;
if (newSize > max_entries_) {
newSize = max_entries_;
}
DCHECK_GT(newSize, alloc_entries_);
table_ = reinterpret_cast<mirror::Object**>(realloc(table_, newSize * sizeof(mirror::Object*)));
slot_data_ = reinterpret_cast<IndirectRefSlot*>(realloc(slot_data_,
newSize * sizeof(IndirectRefSlot)));
if (table_ == NULL || slot_data_ == NULL) {
LOG(FATAL) << "JNI ERROR (app bug): unable to expand "
<< kind_ << " table (from "
<< alloc_entries_ << " to " << newSize
<< ", max=" << max_entries_ << ")\n"
<< MutatorLockedDumpable<IndirectReferenceTable>(*this);
}
// Clear the newly-allocated slot_data_ elements.
memset(slot_data_ + alloc_entries_, 0, (newSize - alloc_entries_) * sizeof(IndirectRefSlot));
alloc_entries_ = newSize;
}
// We know there's enough room in the table. Now we just need to find
// the right spot. If there's a hole, find it and fill it; otherwise,
// add to the end of the list.
IndirectRef result;
int numHoles = segment_state_.parts.numHoles - prevState.parts.numHoles;
if (numHoles > 0) {
DCHECK_GT(topIndex, 1U);
// Find the first hole; likely to be near the end of the list.
mirror::Object** pScan = &table_[topIndex - 1];
DCHECK(*pScan != NULL);
while (*--pScan != NULL) {
DCHECK_GE(pScan, table_ + prevState.parts.topIndex);
}
UpdateSlotAdd(obj, pScan - table_);
result = ToIndirectRef(obj, pScan - table_);
*pScan = obj;
segment_state_.parts.numHoles--;
} else {
// Add to the end.
UpdateSlotAdd(obj, topIndex);
result = ToIndirectRef(obj, topIndex);
table_[topIndex++] = obj;
segment_state_.parts.topIndex = topIndex;
}
if (false) {
LOG(INFO) << "+++ added at " << ExtractIndex(result) << " top=" << segment_state_.parts.topIndex
<< " holes=" << segment_state_.parts.numHoles;
}
DCHECK(result != NULL);
return result;
}
void IndirectReferenceTable::AssertEmpty() {
if (UNLIKELY(begin() != end())) {
ScopedObjectAccess soa(Thread::Current());
LOG(FATAL) << "Internal Error: non-empty local reference table\n"
<< MutatorLockedDumpable<IndirectReferenceTable>(*this);
}
}
// Verifies that the indirect table lookup is valid.
// Returns "false" if something looks bad.
bool IndirectReferenceTable::GetChecked(IndirectRef iref) const {
if (UNLIKELY(iref == NULL)) {
LOG(WARNING) << "Attempt to look up NULL " << kind_;
return false;
}
if (UNLIKELY(GetIndirectRefKind(iref) == kSirtOrInvalid)) {
LOG(ERROR) << "JNI ERROR (app bug): invalid " << kind_ << " " << iref;
AbortMaybe();
return false;
}
int topIndex = segment_state_.parts.topIndex;
int idx = ExtractIndex(iref);
if (UNLIKELY(idx >= topIndex)) {
LOG(ERROR) << "JNI ERROR (app bug): accessed stale " << kind_ << " "
<< iref << " (index " << idx << " in a table of size " << topIndex << ")";
AbortMaybe();
return false;
}
if (UNLIKELY(table_[idx] == NULL)) {
LOG(ERROR) << "JNI ERROR (app bug): accessed deleted " << kind_ << " " << iref;
AbortMaybe();
return false;
}
if (UNLIKELY(!CheckEntry("use", iref, idx))) {
return false;
}
return true;
}
static int Find(mirror::Object* direct_pointer, int bottomIndex, int topIndex,
mirror::Object** table) {
for (int i = bottomIndex; i < topIndex; ++i) {
if (table[i] == direct_pointer) {
return i;
}
}
return -1;
}
bool IndirectReferenceTable::ContainsDirectPointer(mirror::Object* direct_pointer) const {
return Find(direct_pointer, 0, segment_state_.parts.topIndex, table_) != -1;
}
// Removes an object. We extract the table offset bits from "iref"
// and zap the corresponding entry, leaving a hole if it's not at the top.
// If the entry is not between the current top index and the bottom index
// specified by the cookie, we don't remove anything. This is the behavior
// required by JNI's DeleteLocalRef function.
// This method is not called when a local frame is popped; this is only used
// for explicit single removals.
// Returns "false" if nothing was removed.
bool IndirectReferenceTable::Remove(uint32_t cookie, IndirectRef iref) {
IRTSegmentState prevState;
prevState.all = cookie;
int topIndex = segment_state_.parts.topIndex;
int bottomIndex = prevState.parts.topIndex;
DCHECK(table_ != NULL);
DCHECK_LE(alloc_entries_, max_entries_);
DCHECK_GE(segment_state_.parts.numHoles, prevState.parts.numHoles);
int idx = ExtractIndex(iref);
JavaVMExt* vm = Runtime::Current()->GetJavaVM();
if (GetIndirectRefKind(iref) == kSirtOrInvalid &&
Thread::Current()->SirtContains(reinterpret_cast<jobject>(iref))) {
LOG(WARNING) << "Attempt to remove local SIRT entry from IRT, ignoring";
return true;
}
if (GetIndirectRefKind(iref) == kSirtOrInvalid && vm->work_around_app_jni_bugs) {
mirror::Object* direct_pointer = reinterpret_cast<mirror::Object*>(iref);
idx = Find(direct_pointer, bottomIndex, topIndex, table_);
if (idx == -1) {
LOG(WARNING) << "Trying to work around app JNI bugs, but didn't find " << iref << " in table!";
return false;
}
}
if (idx < bottomIndex) {
// Wrong segment.
LOG(WARNING) << "Attempt to remove index outside index area (" << idx
<< " vs " << bottomIndex << "-" << topIndex << ")";
return false;
}
if (idx >= topIndex) {
// Bad --- stale reference?
LOG(WARNING) << "Attempt to remove invalid index " << idx
<< " (bottom=" << bottomIndex << " top=" << topIndex << ")";
return false;
}
if (idx == topIndex-1) {
// Top-most entry. Scan up and consume holes.
if (!vm->work_around_app_jni_bugs && !CheckEntry("remove", iref, idx)) {
return false;
}
table_[idx] = NULL;
int numHoles = segment_state_.parts.numHoles - prevState.parts.numHoles;
if (numHoles != 0) {
while (--topIndex > bottomIndex && numHoles != 0) {
if (false) {
LOG(INFO) << "+++ checking for hole at " << topIndex-1
<< " (cookie=" << cookie << ") val=" << table_[topIndex - 1];
}
if (table_[topIndex-1] != NULL) {
break;
}
if (false) {
LOG(INFO) << "+++ ate hole at " << (topIndex - 1);
}
numHoles--;
}
segment_state_.parts.numHoles = numHoles + prevState.parts.numHoles;
segment_state_.parts.topIndex = topIndex;
} else {
segment_state_.parts.topIndex = topIndex-1;
if (false) {
LOG(INFO) << "+++ ate last entry " << topIndex - 1;
}
}
} else {
// Not the top-most entry. This creates a hole. We NULL out the
// entry to prevent somebody from deleting it twice and screwing up
// the hole count.
if (table_[idx] == NULL) {
LOG(INFO) << "--- WEIRD: removing null entry " << idx;
return false;
}
if (!vm->work_around_app_jni_bugs && !CheckEntry("remove", iref, idx)) {
return false;
}
table_[idx] = NULL;
segment_state_.parts.numHoles++;
if (false) {
LOG(INFO) << "+++ left hole at " << idx << ", holes=" << segment_state_.parts.numHoles;
}
}
return true;
}
void IndirectReferenceTable::VisitRoots(RootCallback* callback, void* arg, uint32_t tid,
RootType root_type) {
for (auto ref : *this) {
callback(ref, arg, tid, root_type);
DCHECK(*ref != nullptr);
}
}
void IndirectReferenceTable::Dump(std::ostream& os) const {
os << kind_ << " table dump:\n";
ReferenceTable::Table entries(table_, table_ + Capacity());
// Remove NULLs.
for (int i = entries.size() - 1; i >= 0; --i) {
if (entries[i] == NULL) {
entries.erase(entries.begin() + i);
}
}
ReferenceTable::Dump(os, entries);
}
} // namespace art