Open Bug 1255884 Opened 10 years ago Updated 3 years ago

gdb unwinder can't unwind when newest frame is in JIT code

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

People

(Reporter: tromey, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

initial patch
12.13 KB, patch
Details | Diff | Splinter Review
The unwinder added in bug 1232712 can't unwind if the newest frame is in JIT code. This is because in this case there is no way to find the frame layout object. A few possibilities come to mind. 1. Add a frame pointer 2. Find the function's start and duplicate gdb's prologue analysis code (or write a simpler prologue analyzer that only works for the spidermonkey jits) 3. Use some heuristic to try to find the frame layout object 4. Like #3, but add some kind of distinguishing cookie to the frame object to make it simpler to find
Before I would have go with the heuristic approach, but now I think it would make sense to reuse the JitcodeMap work, which is used by the Gecko profiler too. One thing we can do is find the location of the current JitCode: https://dxr.mozilla.org/mozilla-central/source/js/src/jit/JitFrames.cpp#2701,2714,2718 This is probably more complex than requesting the symbol of a function, but should give us enough information to find the beginning of a frame, and compute the stack depth, when we have no JIT frame.
Maybe the JitcodeMap approach would let us remove the /proc/../maps parsing hack as well.

:nbp pointed out https://searchfox.org/mozilla-central/rev/7adb490485eff0783071a3e132005bceeb337461/js/src/jit/ProcessExecutableMemory.cpp#617 on irc.

<nbp> tromey: a JIT code is in the range ::execMemory.base_ to
::execMemory.base_ + ProcessExecutableMemory::MaxCodePages

Blocks: 1290898

I suspect that using execMemory would let us remove ExecutableAllocator.py entirely.

(In reply to Tom Tromey :tromey from comment #4)

I suspect that using execMemory would let us remove ExecutableAllocator.py entirely.

Yes.

Attached patch initial patchSplinter Review

This patch implements the basic idea, but in order to finish this bug
I think we need a second patch that searches the stack for the frame
descriptor. This could be done by looking for the two words and applying
some sanity checks: whether the one word decodes sanely, and whether the
return address corresponds to something that makes sense (either a JIT
address or something known to gdb).

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: