Open Bug 1255884 Opened 8 years ago Updated 2 years ago

gdb unwinder can't unwind when newest frame is in JIT code

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

People

(Reporter: tromey, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

initial patch
12.13 KB, patch
Details | Diff | Splinter Review 
The unwinder added in bug 1232712 can't unwind if the newest frame is
in JIT code.  This is because in this case there is no way to find the
frame layout object.

A few possibilities come to mind.

1. Add a frame pointer
2. Find the function's start and duplicate gdb's prologue analysis
   code (or write a simpler prologue analyzer that only works for
   the spidermonkey jits)
3. Use some heuristic to try to find the frame layout object
4. Like #3, but add some kind of distinguishing cookie to the
   frame object to make it simpler to find
Before I would have go with the heuristic approach, but now I think it would make sense to reuse the JitcodeMap work, which is used by the Gecko profiler too.

One thing we can do is find the location of the current JitCode:
  https://dxr.mozilla.org/mozilla-central/source/js/src/jit/JitFrames.cpp#2701,2714,2718

This is probably more complex than requesting the symbol of a function, but should give us enough information to find the beginning of a frame, and compute the stack depth, when we have no JIT frame.
Maybe the JitcodeMap approach would let us remove the /proc/../maps parsing hack as well.

:nbp pointed out https://searchfox.org/mozilla-central/rev/7adb490485eff0783071a3e132005bceeb337461/js/src/jit/ProcessExecutableMemory.cpp#617 on irc.

<nbp> tromey: a JIT code is in the range ::execMemory.base_ to
::execMemory.base_ + ProcessExecutableMemory::MaxCodePages

Blocks: 1290898

I suspect that using execMemory would let us remove ExecutableAllocator.py entirely.

(In reply to Tom Tromey :tromey from comment #4)

I suspect that using execMemory would let us remove ExecutableAllocator.py entirely.

Yes.

Attached patch initial patchSplinter Review

This patch implements the basic idea, but in order to finish this bug
I think we need a second patch that searches the stack for the frame
descriptor. This could be done by looking for the two words and applying
some sanity checks: whether the one word decodes sanely, and whether the
return address corresponds to something that makes sense (either a JIT
address or something known to gdb).

Depends on: 1559461
Depends on: 1559462
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: