Closed Bug 1820281 Opened 1 year ago Closed 1 year ago

The generated code for VM Wrappers isn't managing the frame pointer properly

Categories

(Core :: JavaScript Engine: JIT, defect)

defect

Tracking

()

RESOLVED FIXED
112 Branch
Tracking Status
firefox112 --- fixed

People

(Reporter: mstange, Assigned: mstange)

References

Details

(Whiteboard: [sp3])

Attachments

(1 file)

When profiling with native profilers, we are missing the callers of VM Wrapper frames. This causes misleading profiles where time is attributed to the wrong function, and it makes it hard to compare time spent in JS functions between JS engines.

For example, here's a profile recorded with perf on Linux: https://share.firefox.dev/3JcCzQP

The bad stack is this one:

[...]
_reconcilerUpdateChildren
flattenChildren
traverseAllChildren
traverseAllChildrenImpl
traverseAllChildrenImpl
Arguments Rectifier
!!! missing frame for "flattenSingleChildIntoContext"
VM Wrapper
js::jit::SetElementMegamorphic
[...]

It looks like VM Wrapper JIT code does not contain mov rbp, rsp and pop rbp instructions. This causes frame pointer stackwalking to always miss the immediate caller frame, and skip over it to the caller's caller.

Blocks: 1771085
Whiteboard: [sp3]
Assignee: nobody → mstange.moz
Attachment #9321129 - Attachment description: WIP: Bug 1820281 - Maintain frame pointer in VM Wrapper calls on x86_64 and aarch64. Other platforms still missing. Untested. → Bug 1820281 - Maintain frame pointer in VM wrappers on x86_64 and aarch64. r=jandem
Status: NEW → ASSIGNED
Attachment #9321129 - Attachment description: Bug 1820281 - Maintain frame pointer in VM wrappers on x86_64 and aarch64. r=jandem → Bug 1820281 - Maintain frame pointers in VM wrappers, interpreter stubs, and lazy link stubs. r=jandem
Pushed by mstange@themasta.com:
https://hg.mozilla.org/integration/autoland/rev/398be96f9104
Maintain frame pointers in VM wrappers, interpreter stubs, and lazy link stubs. r=jandem
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 112 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: