通过前面的分析,创建的insttanceKlass 都没放入了java_lang_Class::fixup_mirror_list()这里类的数组里面了,所有的instance列举如下
---------------------------------------------list->at(8)
$3 = 0x7f6d6800f2b8 "java/lang/Object"
(gdb) p _klass
$4 = (InstanceKlass *) 0x100000f30
---------------------------------------------list->at(9)
$7 = 0x7f6d68014f58 "java/io/Serializable"
(gdb) p _klass
$8 = (InstanceKlass *) 0x100001120
---------------------------------------------list->at(10)
$9 = 0x7f6d68014fa8 "java/lang/Comparable"
(gdb) p _klass
$10 = (InstanceKlass *) 0x100001308
-----------------------------------------------list->at(11)
(gdb) p name->as_C_string()
$12 = 0x7f6d680156b8 "java/lang/CharSequence"
(gdb) p _klass
$13 = (InstanceKlass *) 0x1000014f0
-----------------------------------------------list->at(12)
(gdb) p name->as_C_string()
$15 = 0x7f6d68014d38 "java/lang/String"
(gdb) p _klass
$16 = (InstanceKlass *) 0x1000016d8
-----------------------------------------------
(gdb) p name->as_C_string()
$17 = 0x7f6d6800ea68 "java/lang/Class"
加载一半就不执行了,不知道为什么
-----------------------------------------------list->at(13)
$8 = 0x7ff06c0100a8 "java/lang/reflect/AnnotatedElement"
(gdb) p _klass
$9 = (InstanceKlass *) 0x100001948
-----------------------------------------------list->at(13)
(gdb) p name->as_C_string()
$11 = 0x7ff06c00ef28 "java/lang/reflect/GenericDeclaration"
(gdb) p _klass
$16 = (InstanceKlass *) 0x100001b30
-------------------------------------------预加载中创建的对象
(gdb) p $26.as_C_string()
$27 = 0x7ff06c009c88 "java/lang/Class"
(gdb) p k
$21 = (InstanceMirrorKlass *) 0x100001f00
--------------------------------------------
最后的java/lang/Class是,不再list中
进入主流程
GrowableArray <Klass*>* list = java_lang_Class::fixup_mirror_list();
int list_length = list->length();
for (int i = 0; i < list_length; i++) {
Klass* k = list->at(i);
assert(k->is_klass(), "List should only hold classes");
EXCEPTION_MARK;
KlassHandle kh(THREAD, k);
java_lang_Class::fixup_mirror(kh, CATCH);
}
说明上述的list_length为17 , 前面从list->at(8)就是读取的Object,之前的是ArrayKlass类型的对象,现在读取的是k 为 $32 = (TypeArrayKlass *) 0x100000030
-->
java_lang_Class::fixup_mirror(KlassHandle k, TRAPS) {create_mirror(k, Handle(NULL), CHECK);}
进入
oop java_lang_Class::create_mirror(KlassHandle k, Handle protection_domain, TRAPS) {
assert(k->java_mirror() == NULL, "should only assign mirror once");
int computed_modifiers = k->compute_modifier_flags(CHECK_0);
k->set_modifier_flags(computed_modifiers);
// Class_klass has to be loaded because it is used to allocate
// the mirror.
if (SystemDictionary::Class_klass_loaded()) {
// Allocate mirror (java.lang.Class instance)
Handle mirror = InstanceMirrorKlass::cast(SystemDictionary::Class_klass())->allocate_instance(k, CHECK_0);
InstanceMirrorKlass* mk = InstanceMirrorKlass::cast(mirror->klass());
java_lang_Class::set_static_oop_field_count(mirror(), mk->compute_static_oop_field_count(mirror()));
// It might also have a component mirror. This mirror must already exist.
if (k->oop_is_array()) {
Handle comp_mirror;
if (k->oop_is_typeArray()) {
BasicType type = TypeArrayKlass::cast(k())->element_type();
comp_mirror = Universe::java_mirror(type);
} else {
assert(k->oop_is_objArray(), "Must be");
Klass* element_klass = ObjArrayKlass::cast(k())->element_klass();
assert(element_klass != NULL, "Must have an element klass");
comp_mirror = element_klass->java_mirror();
}
assert(comp_mirror.not_null(), "must have a mirror");
// Two-way link between the array klass and its component mirror:
ArrayKlass::cast(k())->set_component_mirror(comp_mirror());
set_array_klass(comp_mirror(), k());
} else {
assert(k->oop_is_instance(), "Must be");
// Allocate a simple java object for a lock.
// This needs to be a java object because during class initialization
// it can be held across a java call.
typeArrayOop r = oopFactory::new_typeArray(T_INT, 0, CHECK_NULL);
set_init_lock(mirror(), r);
// Set protection domain also
set_protection_domain(mirror(), protection_domain());
// Initialize static fields
InstanceKlass::cast(k())->do_local_static_fields(&initialize_static_field, CHECK_NULL);
}
return mirror();
} else {
if (fixup_mirror_list() == NULL) {
GrowableArray<Klass*>* list =
new (ResourceObj::C_HEAP, mtClass) GrowableArray<Klass*>(40, true);
set_fixup_mirror_list(list);
}
fixup_mirror_list()->push(k());
return NULL;
}
}
解析橘色标记的橘色就是创建mirror的内存空间,
InstanceMirrorKlass::cast(SystemDictionary::Class_klass())->allocate_instance(k, CHECK_0);
这个句子的主干是 Klass->allocat_instance(k,xxx),这个Klass就是名字为"java/lang/Class"的instanceKlass对象,这个对象的地址为0x100001f00,这个对象非常重要
那么解析过程如下
//解析宏如下
获取 SystemDictionary::Class_klass()
static Klass* name() { return check_klass_##option(_well_known_klasses[Class_klass_knum]); }
--->
static Klass* check_klass_Pre( Klass* k) { return check_klass(k); }
----->
// Fast access to commonly used classes (preloaded)
static Klass* check_klass(Klass* k) {
assert(k != NULL, "preloaded klass not initialized");
return k;
}
(gdb) p k
$21 = (InstanceMirrorKlass *) 0x100001f00
打印对象
(gdb) p *k
$23 = (InstanceMirrorKlass) {
<InstanceKlass> = {
<Klass> = {
<Metadata> = {
<MetaspaceObj> = {<No data fields>},
members of Metadata:
_vptr.Metadata = 0x7ff071f18a50 <vtable for InstanceMirrorKlass+16>,
_valid = 0
},
members of Klass:
_layout_helper = 97,
_super_check_offset = 56,
_name = 0x7ff070064108,
_secondary_super_cache = 0x0,
_secondary_supers = 0x7ff05ada9560,
_primary_supers = {0x100000f30, 0x100001f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
_java_mirror = 0x0,
_super = 0x100000f30,
_subklass = 0x0,
_next_sibling = 0x100001d18,
_next_link = 0x100001d18,
_class_loader_data = 0x7ff06c02e868,
_modifier_flags = 17,
_access_flags = {
_flags = 538968113
},
_last_biased_lock_bulk_revocation_time = 0,
_prototype_header = 0x1,
_biased_lock_revocation_count = 0,
_modified_oops = 0 '\000',
_accumulated_modified_oops = 0 '\000'
},
members of InstanceKlass:
static _total_instanceKlass_count = 9,
_annotations = 0x0,
_array_klasses = 0x0,
_constants = 0x7ff05ad9da78,
_inner_classes = 0x7ff05ada94f0,
_source_debug_extension = 0x0,
_array_name = 0x0,
_nonstatic_field_size = 20,
_static_field_size = 5,
_generic_signature_index = 796,
_source_file_name_index = 798,
_static_oop_field_count = 3,
_java_fields_count = 20,
_nonstatic_oop_map_size = 1,
_is_marked_dependent = false,
_misc_flags = 34,
_minor_version = 0,
_major_version = 52,
_init_thread = 0x0,
_vtable_len = 5,
_itable_len = 20,
_oop_map_cache = 0x0,
_member_names = 0x0,
_jni_ids = 0x0,
_methods_jmethod_ids = 0x0,
_dependencies = 0x0,
_osr_nmethods_head = 0x0,
_breakpoints = 0x0,
_previous_versions = 0x0,
_cached_class_file = 0x0,
_idnum_allocated_count = 129,
_init_state = 1 '\001',
_reference_type = 0 '\000',
_jvmti_cached_class_field_map = 0x0,
_verify_count = 0,
_methods = 0x7ff05ada19f0,
_default_methods = 0x0,
_local_interfaces = 0x7ff05ada0440,
_transitive_interfaces = 0x7ff05ada9560,
_method_ordering = 0x7ff05ad94048,
_default_vtable_indices = 0x0,
_fields = 0x7ff05ada1898
},
members of InstanceMirrorKlass:
static _offset_of_static_fields = 96
}
(gdb) p k._name
$24 = (Symbol *) 0x7ff070064108
(gdb) p *(Symbol *) 0x7ff070064108
$26 = {
<SymbolBase> = {
<MetaspaceObj> = {<No data fields>},
members of SymbolBase:
_length = 15,
_refcount = -1,
_identity_hash = 813005551
},
members of Symbol:
_body = {106 'j'},
static _total_count = 3
}
View Code
(gdb) p $26.as_C_string()
$27= 0x7ff06c009c88 "java/lang/Class"
以上验证了 0x100001f00 是 java/lang/Class,但是他是预加载了,并没有在.Class文件解析中来创建对象
进入InstanceMirrorKlass::allocate_instance函数
instanceOop InstanceMirrorKlass::allocate_instance(KlassHandle k, TRAPS) {
// Query before forming handle.
int size = instance_size(k);
KlassHandle h_k(THREAD, this);
instanceOop i = (instanceOop) CollectedHeap::Class_obj_allocate(h_k, size, k, CHECK_NULL);
return i;
}
进入size()函数
int InstanceMirrorKlass::instance_size(KlassHandle k) {
if (k() != NULL && k->oop_is_instance()) {//不进入
return align_object_size(size_helper() + InstanceKlass::cast(k())->static_field_size());
}
return size_helper();
}
---->
int size_helper() const {
return layout_helper_to_size_helper(layout_helper());
}
-------> int layout_helper() const { return _layout_helper; }
那么这个名字为"java/lang/Class"的 _layout_helper
这里看到就是(const InstanceMirrorKlass * const) 0x100001f00 这个对象的成员
打印如下:
members of Klass:
_layout_helper = 97,
还经过了右移处理,返回为12
进入紫色函数
oop CollectedHeap::Class_obj_allocate(KlassHandle klass, int size, KlassHandle real_klass, TRAPS) {
HeapWord* obj;
obj = common_mem_allocate_init(real_klass, size, CHECK_NULL);
//设置oop的内容
post_allocation_setup_common(klass, obj);
oop mirror = (oop)obj;
// 这个是设置oop对象大小属性
java_lang_Class::set_oop_size(mirror, size);
// Setup indirections
if (!real_klass.is_null()) {
java_lang_Class::set_klass(mirror, real_klass());
real_klass->set_java_mirror(mirror);
}
InstanceMirrorKlass* mk = InstanceMirrorKlass::cast(mirror->klass());
assert(size == mk->instance_size(real_klass), "should have been set");
// notify jvmti and dtrace
post_allocation_notify(klass, (oop)obj);
return mirror;
}
绿色的就是分配函数,进去
HeapWord* CollectedHeap::common_mem_allocate_init(KlassHandle klass, size_t size, TRAPS) {
HeapWord* obj = common_mem_allocate_noinit(klass, size, CHECK_NULL);
// 初始化为0的函数
init_obj(obj, size);
return obj;
}
再进去
HeapWord* CollectedHeap::common_mem_allocate_noinit(KlassHandle klass, size_t size, TRAPS) {
// Clear unhandled oops for memory allocation. Memory allocation might
// not take out a lock if from tlab, so clear here.
CHECK_UNHANDLED_OOPS_ONLY(THREAD->clear_unhandled_oops();)
if (HAS_PENDING_EXCEPTION) {
NOT_PRODUCT(guarantee(false, "Should not allocate with exception pending"));
return NULL; // caller does a CHECK_0 too
}
HeapWord* result = NULL;
if (UseTLAB) {
result = allocate_from_tlab(klass, THREAD, size);
if (result != NULL) {
assert(!HAS_PENDING_EXCEPTION,
"Unexpected exception, will result in uninitialized storage");
return result;
}
}
}
那么UseTLAB=true 就是从TLAB分配内存打印一下
(gdb) p thread->tlab()
$9 = (ThreadLocalAllocBuffer &) @0x7f97cc00b860: {
<CHeapObj<512u>> = {
<AllocatedObj> = {
_vptr.AllocatedObj = 0x7f97d4254710 <vtable for ThreadLocalAllocBuffer+16>
}, <No data fields>},
members of ThreadLocalAllocBuffer:
_start = 0xd7580000,
_top = 0xd75803d0,
_pf_top = 0xd7580010,
_end = 0xd75828f0,
_desired_size = 1310,
_refill_waste_limit = 20,
static _target_refills = 50,
_number_of_refills = 1,
_fast_refill_waste = 0,
_slow_refill_waste = 0,
_gc_waste = 0,
_slow_allocations = 0,
_allocation_fraction = {
<CHeapObj<1280u>> = {
<AllocatedObj> = {
_vptr.AllocatedObj = 0x7f97d42429d0 <vtable for AdaptiveWeightedAverage+16>
}, <No data fields>},
members of AdaptiveWeightedAverage:
_average = 0.999450684,
_sample_count = 1,
_weight = 35,
_is_old = false,
static OLD_THRESHOLD = 100,
_last_sample = 0.999450684
},
static _global_stats = 0x7f97cc02d998
}
就是从线程中获取_tlab 然后调用它的allocate函数
inline HeapWord* ThreadLocalAllocBuffer::allocate(size_t size) {
invariants();
HeapWord* obj = top();
if (pointer_delta(end(), obj) >= size) {
// successful thread-local allocation
#ifdef ASSERT
// Skip mangling the space corresponding to the object header to
// ensure that the returned space is not considered parsable by
// any concurrent GC thread.
size_t hdr_size = oopDesc::header_size();
Copy::fill_to_words(obj + hdr_size, size - hdr_size, badHeapWordVal);
#endif // ASSERT
// This addition is safe because we know that top is
// at least size below end, so the add can't wrap.
set_top(obj + size);
invariants();
return obj;
}
return NULL;
}
然后,看的出来就是将_top = 0xd7580370 + 12 这个是指针加法
加完之后的_top为 0xd75803d0 一共加了0x60,即12*8字节
补充下黄色函数是
void CollectedHeap::init_obj(HeapWord* obj, size_t size) {
assert(obj != NULL, "cannot initialize NULL object");
const size_t hs = oopDesc::header_size();
assert(size >= hs, "unexpected object size");
((oop)obj)->set_klass_gap(0);
Copy::fill_to_aligned_words(obj + hs, size - hs);
}
((oop)obj)->set_klass_gap(0);
--->
inline void oopDesc::set_klass_gap(int v) {
if (UseCompressedClassPointers) {
*(int*)(((intptr_t)this) + klass_gap_offset_in_bytes()) = v;
}
}
//以下返回12 int类型
inline int oopDesc::klass_gap_offset_in_bytes() {
assert(UseCompressedClassPointers, "only applicable to compressed klass pointers");
return oopDesc::klass_offset_in_bytes() + sizeof(narrowKlass);
}
Copy::fill_to_aligned_words(obj + hs, size - hs);
--->
static void pd_fill_to_words(HeapWord* tohw, size_t count, juint value) { //count=10
#ifdef AMD64 //在这里执行,一共执行了10次,每次移动8个字节,所以将oop后面的
julong* to = (julong*) tohw; //value 0xd7580380
julong v = ((julong) value << 32) | value;
while (count-- > 0) {
*to++ = v;
}
#else //以下不执行
juint* to = (juint*)tohw;
count *= HeapWordSize / BytesPerInt;
while (count-- > 0) {
*to++ = value;
}
#endif // AMD64
}
最后的执行结果为
执行结果为
(gdb) x/13xg 0xd7580370
0xd7580370: 0xbaadbabebaadbabe 0x00000000baadbabe
0xd7580380: 0x0000000000000000 0x0000000000000000
0xd7580390: 0x0000000000000000 0x0000000000000000
0xd75803a0: 0x0000000000000000 0x0000000000000000
0xd75803b0: 0x0000000000000000 0x0000000000000000
0xd75803c0: 0x0000000000000000 0x0000000000000000
0xd75803d0: 0xbaadbabebaadbabe
红色设置oop内容函数
void CollectedHeap::post_allocation_setup_common(KlassHandle klass,
HeapWord* obj) {
//设置_mark为0x01
post_allocation_setup_no_klass_install(klass, obj);
//设置_metadata._compressed_klass的值为java/lang/Class的压缩指针0x100001f00
post_allocation_install_obj_klass(klass, oop(obj));
}
具体只贴一下代码
void CollectedHeap::post_allocation_setup_no_klass_install(KlassHandle klass,
HeapWord* objPtr) {
oop obj = (oop)objPtr;
assert(obj != NULL, "NULL object pointer");
if (UseBiasedLocking && (klass() != NULL)) {
obj->set_mark(klass->prototype_header());
} else {
// May be bootstrapping
obj->set_mark(markOopDesc::prototype());
}
}
打印java/lang/Class类instanceKlass的属性为
_prototype_header = 0x1,
还有
void CollectedHeap::post_allocation_install_obj_klass(KlassHandle klass,
oop obj) {
// These asserts are kind of complicated because of klassKlass
// and the beginning of the world.
assert(klass() != NULL || !Universe::is_fully_initialized(), "NULL klass");
assert(klass() == NULL || klass()->is_klass(), "not a klass");
assert(obj != NULL, "NULL object pointer");
obj->set_klass(klass());
assert(!Universe::is_fully_initialized() || obj->klass() != NULL,
"missing klass");
}
inline void oopDesc::set_klass(Klass* k) {
// since klasses are promoted no store check is needed
assert(Universe::is_bootstrapping() || k != NULL, "must be a real Klass*");
assert(Universe::is_bootstrapping() || k->is_klass(), "not a Klass*");
if (UseCompressedClassPointers) {
*compressed_klass_addr() = Klass::encode_klass_not_null(k);
} else {
*klass_addr() = k;
}
}
//这个压缩指针,就是设置为0x200003e0
inline narrowKlass Klass::encode_klass_not_null(Klass* v) {
assert(!is_null(v), "klass value can never be zero");
assert(check_klass_alignment(v), "Address not aligned");
int shift = Universe::narrow_klass_shift();
uint64_t pd = (uint64_t)(pointer_delta((void*)v, Universe::narrow_klass_base(), 1));
assert(KlassEncodingMetaspaceMax > pd, "change encoding max if new encoding");
uint64_t result = pd >> shift;
assert((result & CONST64(0xffffffff00000000)) == 0, "narrow klass pointer overflow");
assert(decode_klass(result) == v, "reversibility");
return (narrowKlass)result;
}
进入紫色的函数
void java_lang_Class::set_oop_size(oop java_class, int size) {
assert(_oop_size_offset != 0, "must be set");
java_class->int_field_put(_oop_size_offset, size);
}
先弄清楚了定义java_lang_Class 中的定义
打印的的内容
_klass_offset =64
_array_klass_offset =72
_oop_size_offset =84
_static_oop_field_count_offset =88
_protection_domain_offset = 52
_init_lock_offset =56
_signers_offset=60
offsets_computed=80
一连串后
inline void* oopDesc::field_base(int offset) const { return (void*)&((char*)this)[offset]; }
就是那么就是将 _oop_size_offset =84 的位置设置为12
还有灰色函数 是设置mirror 和real_class的对应关系
//设置oop的偏移量为64的时候,为真是instancekass的地址 0x100000030
void java_lang_Class::set_klass(oop java_class, Klass* klass) {
assert(java_lang_Class::is_instance(java_class), "must be a Class object");
java_class->metadata_field_put(_klass_offset, klass);
}
另外的是设置mirror
(gdb) p this
$15 = (TypeArrayKlass * const) 0x100000030
real_klass->set_java_mirror(mirror);
void set_java_mirror(oop m) { klass_oop_store(&_java_mirror, m); }
void Klass::klass_oop_store(oop* p, oop v) {
assert(!Universe::heap()->is_in_reserved((void*)p), "Should store pointer into metadata");
assert(v == NULL || Universe::heap()->is_in_reserved((void*)v), "Should store pointer to an object");
//真是对象的_java_mirror设置为oop
设置klass对象_java_mirror变量值,这个_java_mirror是很重要的呢
以上就结束了 mirror的创建打印一下
(gdb) p mirror
$16 = (oopDesc *) 0xd7580370
(gdb) x/12xg mirror
0xd7580370: 0x0000000000000001 0x00000000200003e0
0xd7580380: 0x0000000000000000 0x0000000000000000
0xd7580390: 0x0000000000000000 0x0000000000000000
0xd75803a0: 0x0000000000000000 0x0000000000000000
0xd75803b0: 0x0000000100000030 0x0000000000000000
0xd75803c0: 0x0000000c00000000 0x0000000000000000
那么就是叶子颜色的函数
InstanceMirrorKlass* mk = InstanceMirrorKlass::cast(mirror->klass());
inline Klass* oopDesc::klass() const {
if (UseCompressedClassPointers) {
return Klass::decode_klass_not_null(_metadata._compressed_klass);
} else {
return _metadata._klass;
}
}
这就是获取了之前设置的压缩指针_klass
(gdb) p mk
$29 = (InstanceMirrorKlass *) 0x100001f00
还有
(gdb) p ** mirror._handle
$28 = {
_mark = 0x1,
_metadata = {
_klass = 0x200003e0,
_compressed_klass = 536871904
},
static _bs = 0x7f6ba401ea48
}
0x200003e0左移3位 得到 0x100001f00
java/lang/Class 内存为 0x100001f00, 处理的对象内存为 0x100000030
进入最顶级紫色函数
int InstanceMirrorKlass::compute_static_oop_field_count(oop obj) {
Klass* k = java_lang_Class::as_Klass(obj);
if (k != NULL && k->oop_is_instance()) {
return InstanceKlass::cast(k)->static_oop_field_count();
}
return 0;
}
//因为是array返回为0
mirror()函数返回oop对象0xd7580370
还是给oop对象设置内容
void java_lang_Class::set_static_oop_field_count(oop java_class, int size) {
assert(_static_oop_field_count_offset != 0, "must be set");
java_class->int_field_put(_static_oop_field_count_offset, size);
}
顶级灰色
(gdb) p k
$30 = (TypeArrayKlass *) 0x100000030
BasicType type = TypeArrayKlass::cast(k())->element_type();
comp_mirror = Universe::java_mirror(type);
static oop java_mirror(BasicType t) {
assert((uint)t < T_VOID+1, "range check");
return check_mirror(_mirrors[t]);
}
//从上边看的出来type为4 Bool类型
$31 = (oopDesc *) 0xd7580190
(gdb) p _mirrors[4]
$32 = (oopDesc *) 0xd7580190
那么将_mirror[4]设置为comp_mirror
// Two-way link between the array klass and its component mirror:
ArrayKlass::cast(k())->set_component_mirror(comp_mirror());
void set_component_mirror(oop m) { klass_oop_store(&_component_mirror, m); }
// comp_mirror() = 0xd7580190 ,,,k()=0x100000030
//设置oop的72便宜量为0x100000030
set_array_klass(comp_mirror(), k());
void java_lang_Class::set_array_klass(oop java_class, Klass* klass) {
assert(klass->is_klass() && klass->oop_is_array(), "should be array klass");
java_class->metadata_field_put(_array_klass_offset, klass); //off=72
}
最后的oop内存结构为
(gdb) x/12xg 0xd7580370
0xd7580370: 0x0000000000000001 0x00000000200003e0
0xd7580380: 0x0000000000000000 0x0000000000000000
0xd7580390: 0x0000000000000000 0x0000000000000000
0xd75803a0: 0x0000000000000000 0x0000000000000000
0xd75803b0: 0x0000000100000030 0x0000000000000000
0xd75803c0: 0x0000000c00000000 0x0000000000000000
这就结束了mirror的创建arrrayinstancemirror的创建003e