Closed Bug 1846534 Opened 1 year ago Closed 1 year ago

The FF profiler crashes when tail calls spec application is used

Categories

(Core :: JavaScript: WebAssembly, defect, P2)

Product:
Core
Component:
JavaScript: WebAssembly
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
120 Branch
Tracking Flags:
Tracking Status
firefox120 --- fixed

People

(Reporter: yury, Assigned: yury)

References

Details

Attachments

(1 file)

Bug 1846534 - Track unwind info for tail calls. r?jseward,mstange
48 bytes, text/x-phabricator-request
Details | Review

Bug 1571998 lands Wasm tail calls proposal. The implementation uses some native stack manipulations that are not understood by profilers or stack unwinders.

It is possible to modify WasmFrameIter to interpret unwind metadata and to rely on CPU registers to provide necessary information about how to reach next frame.

Tail calls are doing some stack data manipulations, and profiler (iterator) needs to know how to find where caller RA and FP stored. A platform now preserves temporary registers used to store FP/RA using collapse frame operations.

Depends on D167158

Severity: -- → S2
Type: task → defect
Priority: -- → P2

The progress is stalled at https://phabricator.services.mozilla.com/D183269#6098058

I would have expected to see additonal code in static void UseRuleSet (LulMain.cpp) (plus maybe in other places), that computes new values for the new registers as we unwind. And in principle I would expect the same for the other unwinders too. But I didn't see any such changes.

Markus, how I can reproduce and tests this behavior? Can you provide an example of a test to expose the defect?

Flags: needinfo?(mstange.moz)

(In reply to Yury Delendik (:yury) from comment #2)

Markus, how I can reproduce and tests this behavior?

We don't have a good way to test unwinders in isolation, unfortunately. Here's the best I can suggest:

  1. Create an HTML + WASM testcase that uses wasm tail calls at a very high rate. Make a loop that runs for a full second or so, which exercises the tricky instruction sequences.
  2. Record the testcase execution with the Gecko profiler.
  3. Check that there aren't any broken stacks.

With "broken stacks" I mean stacks for which native unwinding aborted early. Those stacks usually only have a few native frames at the "deep" end of the stack, and fall back to the profiler label stack for the remainder of the stack. These broken stacks can be found in the profiler call tree because they'll be a separate "root"; they'll look different from the stacks that have complete C++ frames at the "bottom".

Flags: needinfo?(mstange.moz)
Pushed by ydelendik@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b77462a148ed Track unwind info for tail calls. r=jseward,mstange,profiler-reviewers

https://hg.mozilla.org/mozilla-central/rev/b77462a148ed

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox120: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 120 Branch
Regressions: 1866839
No longer regressions: 1866839
Regressions: 1865953
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: