javaone ppt 16x9 - rainfocus...java platform debugger architecture •facilitate writing a debugger...

Java DebuggersA Peek Under the Hood

David BuckPrincipal Member of Technical StaffJava SE Sustaining EngineeringSeptember, 2016

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

About Me

David Buck

• Java SE Sustaining Engineering

• Mostly JRockit fixes

• OpenJDK 8 Updates

Project Maintainer

• Hobbies: Programming

Program Agenda

Introduction

Java Platform Debug Architecture

Java Debug Wire Protocol

JVM Tool Interface

Wrap-up

Introduction

The Elephant in the Room

• 2 JavaOne Debugger “under the hood talks” this year

By Peter H. Wrege (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL (http://www.gnu.org/copyleft/fdl.html)], via Wikimedia Commons

• 2 JavaOne Debugger “under the hood talks” this year

• Martin’s talk is really good!

By Peter H. Wrege (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL (http://www.gnu.org/copyleft/fdl.html)], via Wikimedia Commons

Buck’s Talk Martin’s talk

JVM TIJDWP

• Both talks needed for full picture

• Video and slides from a past version of Martin’s talk are available online

• No particular order to the content

AKA Martin’s Talk

JDIJVM TIJDWP

JDI?JVM TI?JDWP?

Java Platform Debugger Architecture

• Facilitate writing a debugger in Java

• Impact Debuggee application as little as possible

• Allow native-level / in-process tooling

Heisenbugs

Bug Heisenberg

Heisenbug

picture: Bundesarchiv, Bild 183-R57262 / Unknown / CC-BY-SA 3.0 [CC BY-SA 3.0 de (http://creativecommons.org/licenses/by-sa/3.0/de/deed.en)]

Observer Effect

picture: Christian Schirm (Own work) [CC0]

• Debugging, at the same level of abstraction (Java), in the same process, will cause problems

– Stop-the-world

– debugger heap overhead

Strange Loop Problems

Picture By Maurizio Codogno, it:Utente:.mau. (Own work) [GFDL (http://www.gnu.org/copyleft/fdl.html), CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0/) or CC BY 2.5 (http://creativecommons.org/licenses/by/2.5)], via Wikimedia Commons

• Facilitate writing a debugger in Java

– Java API

• Impact Debuggee application as little as possible

–Out-of-process debugger

• Allow native-level / in-process tooling– Native in-process debugger

Java vs. Native

In-process vs. Out-of-process

Why not both?

By Libertinus (http://www.flickr.com/photos/libertinus/5807760586) [CC BY-SA 2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons

TargetJVM

Debugger JVM

Events

DebuggerTarget Application

(Debuggee)

JVM TI

AgentJDWP

• Since Java 1.3

• Modular design

• 3 components

– JVM Tool Interface

– Java Debug Wire Protocol

– Java Debug Interface

TargetJVM

Debugger JVM

(Debuggee)

JVM TI

AgentJDWP

Commands

Events

TargetJVM

Debugger JVM

(Debuggee)

JVM DI

AgentJDWP

Commands

Events

TargetJVM

Native Debugger Tool

Target Application(Debuggee)

JVM TI

AgentJDWP

Commands

Events

TargetJVM

Debugger JVM

(Debuggee)

JVM TI

AgentJDWP

Commands

Events

TargetJVM

JVM TI

TargetJVM

Debugger JVM

(Debuggee)

JVM TI

AgentJDWP

Commands

Events

TargetJVM

Debugger JVM

JShellTarget Application

(Debuggee)

JVM TI

AgentJDWP

Commands

Events

Java Debug Interface (JDI)

• Reference implementation lives in

– tools.jar (JDK 6/7/8)

– jdk.jdi module (JDK 9)

• Pure Java implementation

• “speaks” JDWP on behalf of Java client code

Java Debug Wire Protocol (JDWP)

• Binary protocol between target JVM and debugger processes

• Does not specify transport

• Asynchronous

• Tailored to JDI

TargetJVM

Debugger JVM

(Debuggee)

JVM TI

AgentJDWP

Commands

Events

TargetJVM

Debugger

Commands

Events

JDWP Handshake

TargetJVM

Debugger

JDWP Handshake

TargetJVM

Debugger

JDWP-Handshake

JDWP Handshake

TargetJVM

Debugger

JDWP-Handshake

TargetJVM

Debugger

• All Packets have 11 byte header

• Some packets have data

–Optional

– Variable length

Header

• Command • Reply

JDWP Packets

Length

FlagsCommand

setCommand

Data(optional, variable length)

Length

Flags Error Code

Data(optional, variable length)

JDWP Header Fields

• length (4 bytes)

• id (4 bytes)

• flags (1 byte)

• command set (1 byte)

• command (1 byte)

• error code (2 bytes)

JDWP Length Field

• 32-bit value

• Size of entire packet in bytes (including header)

• Up to a 4GB packet size!

JDWP ID Field

• 32-bit value

• Only used to match command and reply packets

• Each “direction” (debugger <-> target) has it’s own ID-space

• Over 4 billion in flight packets per direction

JDWP Flags Field

• 8-bit value (but only one bit currently used)

• Only used to distinguish between Command / Reply packets

– 0x80 == Reply Packet

– 0x00 == Command Packet

• Additional flags may be added in the future

JDWP Command Fields

• Only in command packets

• Command Set Field

– 8 bit

– Each set corresponds to a JDI class• 0 - 63 debugger -> target VM

• 64 - 127 target VM -> debugger

• 128 - 256 Vendor-defined

• Command Field– 8 bit

– Each command corresponds to a JDI method

JDWP Error Code Field

• 16 bit value

• Only in reply packets

JDWP Data

• Variable size

• Optional

• Examples:

– Requested field ID (command)

– Requested field vale (reply)

JDWP Commands

What about transport?!

• In practice, this somewhat couples debugger / debuggee

• Socket transport

– All Oracle JDK supported platforms

– Supports remote debugging

– JVM TI agent currently only support IPv4

• Shared memory transport

–Only on Windows

• Service provider interface available for implementing your own transport / connectors

Security Implications of JDWP

• Zero Authentication

• JDWP access == Remote Code Execution

• As of yesterday www.shodan.io reports two IP sending JDWP handshake

• Many more are passively waiting for incoming connections

JVM Tool Interface

• JVM Debug Interface (JVM DI)

• JDK 1.1 ~ JDK 1.5

JVM Profiler Interface (JVM PI)

• JDK 1.1 ~ JDK 1.5

• Never officially supported

• Stability issues (esp. with HS)

• Hard to use with JNI

• Very invasive

– Not all GC supported

– Performance impact

A Tail of Two APIs

• JVM Debug Interface (JVM DI)

• JDK 1.1 ~ JDK 1.5

JVM Profiler Interface (JVM PI)

• JDK 1.1 ~ JDK 1.5

• Never officially supported

• Stability issues (esp. with HS)

• Hard to use with JNI

• Very invasive

– Not all GC supported

– Performance impact

A Tail of Two APIs

JVM Tool Interface (JVM TI)

• Introduced in JDK 5

• Replaced

– JVM PI (Removed in JDK 6)

– JVM DI (Removed in JDK 6)

• Many use cases outside of JPDA

• Fully supported

• Pay-as-you-go performance impact

• Based on JNI

JVM TI Agents

• Native code that runs in JVM’s address space

• Multiple concurrent agents supported

• Can be

– Statically linked into JVM

– Loaded at startup

– Loaded during runtime

• Can take command line arguments

-agentlib:<agent_lib_name>=<name1>[=<value1>],<name2>[=<value2>]...

Native Agent

• JVM TI

• Command line options:

– agentlib

– agentpath

Java Agent

• java.lang.instrument

• Comand line option:

– javaagent

A note about “agents”

Native Agent

• JVM TI

• Command line options:

– agentlib

– agentpath

Java Agent

• java.lang.instrument

• Comand line option:

– javaagent

A note about “agents”

TargetJVM

Debugger JVM

(Debuggee)

JVM TI

AgentJDWP

Commands

Events

TargetJVM

Debugger JVM

(Debuggee)

JVM TI

AgentJDWP

Commands

Events

libjdwp.sojdwp.dll

libjdwp.dylib

JVM TI based on Java Native Interface

• JVM TI Callbacks have JNI environment pointer

• Very hard to make a useful JVM TI agent without JNI calls

• JNI data types used (e.g. jint, jdouble)

• Same “modified UTF-8” for strings

• Not simply an extension of JNI, many important differences

Java Native Interface

jdouble Java_pkg_Cls_f__ILjava_lang_String_2 (JNIEnv *env,

jobject obj, jint i, jstring s) {

const char *str = (*env)->GetStringUTFChars(env, s, 0);

(*env)->ReleaseStringUTFChars(env, s, str);

return ...

jdouble Java_pkg_Cls_f__ILjava_lang_String_2 (JNIEnv *env,

jobject obj, jint i, jstring s) {

const char *str = (*env)->GetStringUTFChars(env, s, 0);

(*env)->ReleaseStringUTFChars(env, s, str);

return ...

JVM TI Environment

• event callbacks

• enabled events

• enabled capabilities

• memory allocation/deallocation hooks

JVM TI

Created dynamically and works across threads

One environment per thread

JVM TI Environment vs. JNI Environment

Capabilities

• Flags that represent JVM TI functionality

• Allows “negotiation” between agent and JVM

– Lets agent tell JVM what it needs

– Lets JVM tell agent what it supports

Picture: David Monniaux / Mai-Linh Doan (GFDL / cc-by-sa-2.0-fr)

• Only “pay” for the features you want / use

• Can be set dynamically

– Some can only be enabled before startup

• 2 levels of cost

– Enabling

– Using

Capabilities

Picture: David Monniaux / Mai-Linh Doan (GFDL / cc-by-sa-2.0-fr)

Bytecode Insertion (BCI)

• Many JVM PI use-cases replaced by BCI in JVM TI

• Instrumentation at the bytecode level is automatically compatible with all JVM technologies.

– Allows instrumented code to be JIT-compiled

– Use any GC collector

JVM TI Agent Lifecycle

• Initialize

– Agent_OnLoad()

– Agent_OnAttach()

• Probe / request capabilities

• Set callback functions

• Enable events

• Process events via callbacks

• Shutdown on Agent_OnUnload()

JVM TI Example

• Agent_OnLoad()

– Setup global data for agent’s private use

– Probe/request capabilities

–Modify JRE environment

– Set callback functions

– Enable few events, including VMInit

• VMInit callback– Enable rest of events

• Process events via callbacks

• Cleanup on Agent_OnUnload()

Peaking under the hood of JVM TI:

-XX:TraceJVMTI

XX:TraceJVMTI= desc {, desc } ...

-XX:TraceJVMTI

domain action kind

-XX:TraceJVMTI

domain action kind

name a particular function or event name

all all functions and events

func all major functions

allfunc all functions

event all events

ec event controller

-XX:TraceJVMTI

domain action kind

- remove

-XX:TraceJVMTI

domain action kind

i input parameters

e error returns

o output

t event triggered (posted)

s event sent

Full Speed Debugging

• 1.4.0 with client (c1) JIT compiler

• 1.4.1 with both client (c1) and server (c2) JIT compilers

O RLY?

By pe_ha45 - originally posted to Flickr as Snowy Owl - Schnee-Eule, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=11400326

Depends on your definition of “Full Speed”…

Pre-1.4: -Xdebug == -Xint

By Charles Homler - Own work, CC BY 3.0, https://commons.wikimedia.org/w/index.php?curid=29896748

Requiredcan_access_local_variables

can_generate_single_step_events

can_generate_exception_events

can_generate_frame_pop_events

can_generate_breakpoint_events

can_suspend

can_generate_method_entry_events

can_generate_method_exit_events

can_generate_garbage_collection_events

can_maintain_original_method_order

can_generate_monitor_events

can_tag_objects

can_get_source_debug_extension

can_get_source_file_name

can_get_line_numbers

Optionalcan_force_early_return

can_force_early_return

can_generate_field_modification_events

can_generate_field_access_events

can_get_bytecodes

can_get_synthetic_attribute

can_get_owned_monitor_info

can_get_current_contended_monitor

can_get_monitor_info

can_pop_frame

can_redefine_classes

can_redefine_any_class

can_get_owned_monitor_stack_depth_info

can_get_constant_pool

can_signal_thread

Capabilities Used by JDWP Agent

• Only methods with breakpoints are required to be interpreted

• But JVM TI capabilities used by jdwp agent do have a cost

• Only methods with breakpoints are required to be interpreted

• But JVM TI capabilities used by jdwp agent do have a cost

• Usually not a noticeable impact, but YMMV. There is no free lunch.

Wrap-up

Takeaways

• These APIs are

– Stable

–Officially supported

– Very flexible

• There are limitless new tools you can write and still a lot of room for new ideas

• Not simply for debugging

Resources

[ Martin Skarsaune’s JDI talk ]

video: https://www.youtube.com/watch?v=lNR4bEzYaH4

slides: https://prezi.com/ahspfg2wdkwt/jvm-debugging-under-the-hood-jdays/

[ JDWP Connection and Invocation Details ]

https://docs.oracle.com/javase/8/docs/technotes/guides/jpda/conninv.html

[ JDWP Specification ]

https://docs.oracle.com/javase/8/docs/technotes/guides/jpda/jdwp-spec.html

[ JVM TI Specification ]

https://docs.oracle.com/javase/8/docs/platform/jvmti/jvmti.html

[ Kelly O'Hair's Weblog ]

Use the search tool to find posts about “jvmti”

https://blogs.oracle.com/kto/

Thank You!

Safe Harbor Statement

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

javaone ppt 16x9 - rainfocus...java platform debugger architecture •facilitate writing a debugger...

Documents

building microservices with kotlin - rainfocus...about me...

totalview debugger

junit - rainfocus · #javaone #junit5 @sam_brannen experts...

gnu debugger

java ee 8 what’s new on the json front - rainfocus ·...

debugging java programs using eclipse debugger

java security architecture 2016 v3 - rainfocus · 1 the...

universidade estadual do cearÁ programa de pÓs … ·...

debugger arm

updating your java client - rainfocus...–relates to...

wdeb386 debugger

java se 8 for java ee developers - rainfocus...others talk,...

debugger & editor.ppt

refactoring to java 8 - rainfocus · trisha gee...

codewarrior debugger...

free your lambdas java se 8 - rainfocus · 2019-06-27 ·...

debugging java applications - netbeans · pdf filenetbeans...

build and debug - sparxsystems.com · php debugger - system...

freescale debugger

cool in java 8, and new in java 9 - rainfocus · pdf file•...