Bug 223058

Summary: GDB can't unwind a JSC LLInt stack to show backtrace
Product: WebKit Reporter: Fujii Hironori <fujii.hironori>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: mark.lam, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch to crash jsc shell
none
gdb log of set debug frame 1 none

Fujii Hironori
Reported 2021-03-10 23:39:30 PST
Created attachment 422904 [details] Patch to crash jsc shell GDB can't unwind a JSC LLInt stack to show backtrace I created a coredump by crashing jsc shell. (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49 #1 0x00007fc562f16864 in __GI_abort () at abort.c:79 #2 0x0000562a8b718952 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713 #3 0x0000562a8b6fd741 in (anonymous namespace)::jscExit (status=0) at ../../Source/JavaScriptCore/jsc.cpp:169 #4 0x0000562a8b70c4a4 in functionQuit (globalObject=0x7fc51fff6068) at ../../Source/JavaScriptCore/jsc.cpp:2262 #5 0x00007fc5204ff178 in ?? () #6 0x00007ffcbae56e30 in ?? () #7 0x00007fc5635ad7e1 in llint_op_call () at /home/fujii/webkit/gb/Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1093 #8 0x0000000000000000 in ?? ()
Attachments
Patch to crash jsc shell (368 bytes, patch)
2021-03-10 23:39 PST, Fujii Hironori 		no flags
DetailsFormatted DiffDiff
gdb log of set debug frame 1 (20.21 KB, text/plain)
2021-03-10 23:43 PST, Fujii Hironori 		no flags
Details
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2021-03-10 23:40:21 PST
lldb can unwind the stack nicely. ((lldb) bt * thread #1, name = 'jsc', stop reason = signal SIGABRT * frame #0: 0x00007fc562f318cb libc.so.6`raise + 203 frame #1: 0x00007fc562f16864 libc.so.6`abort + 278 frame #2: 0x0000562a8b718952 jsc`CRASH_WITH_INFO(...) at Assertions.h:713:5 frame #3: 0x0000562a8b6fd741 jsc`(anonymous namespace)::jscExit(status=0) at jsc.cpp:169:5 frame #4: 0x0000562a8b70c4a4 jsc`::functionQuit(globalObject=0x00007fc51fff6068, (null)=0x00007ffcbae56dc0) at jsc.cpp:2262:12 frame #5: 0x00007fc5204ff178 frame #6: 0x00007fc5635ad7e1 libJavaScriptCore.so.1`llint_op_call at LowLevelInterpreter.asm:1093:1 frame #7: 0x00007fc56358e96b libJavaScriptCore.so.1`vmEntryToJavaScript at LowLevelInterpreter64.asm:316:1 frame #8: 0x00007fc5645eab40 libJavaScriptCore.so.1`JSC::JITCode::execute(this=0x00007fc5605a7f00, vm=0x00007fc520300000, protoCallFrame=0x00007ffcbae570d0) at JITCodeInlines.h:42:91 frame #9: 0x00007fc5645dfb79 libJavaScriptCore.so.1`JSC::Interpreter::executeProgram(this=0x00007fc5605fe258, source=0x00007ffcbae57b10, (null)=0x00007fc51fff6068, thisObj=0x00007fc5605b24e8) at Interpreter.cpp:839:59 frame #10: 0x00007fc56492072d libJavaScriptCore.so.1`JSC::evaluate(globalObject=0x00007fc51fff6068, source=0x00007ffcbae57b10, thisValue=JSValue @ 0x00007ffcbae579d8, returnedException=0x00007ff cbae57aa8) at Completion.cpp:137:82 frame #11: 0x0000562a8b71047d jsc`::runInteractive(globalObject=0x00007fc51fff6068) at jsc.cpp:3099:138 frame #12: 0x0000562a8b7137ab jsc`::runJSC<jscmain(int, char**)::<lambda(JSC::VM&, GlobalObject*, bool&)> >(options=0x0000562a8b7b6048, isWorker=false, func=0x00007ffcbae57e90) &) at jsc.cpp:342 0:27 frame #13: 0x0000562a8b711833 jsc`jscmain(argc=1, argv=0x00007ffcbae57fd8) at jsc.cpp:3581:24 frame #14: 0x0000562a8b70ea2e jsc`main(argc=1, argv=0x00007ffcbae57fd8) at jsc.cpp:2832:22 frame #15: 0x00007fc562f18cb2 libc.so.6`__libc_start_main + 242 frame #16: 0x0000562a8b6fd5be jsc`_start + 46
Fujii Hironori
Comment 2 2021-03-10 23:41:56 PST
Seems like this. c - How to use gdb stacktrace with run time generated machine code? - Stack Overflow https://stackoverflow.com/a/34960328
Fujii Hironori
Comment 3 2021-03-10 23:43:22 PST
Created attachment 422905 [details] gdb log of set debug frame 1
Fujii Hironori
Comment 4 2021-03-10 23:47:43 PST
Bug 75387 – Get GDB to display a proper backtrace through JITted functions It has a old patch for old JSC JIT.
Yusuke Suzuki
Comment 5 2021-03-10 23:57:52 PST
> The final way (new in gdb 7.10) is that you can write an unwinder in Python. When working on my JIT unwinder, I chose this approach because it is simple to debug, simple to deploy, reasonably flexible, and does not require any particular changes in the inferior. https://stackoverflow.com/questions/34940738/how-to-use-gdb-stacktrace-with-run-time-generated-machine-code/34960328#34960328 Sounds like this is the best way in terms of complexity / memory overhead etc.
Radar WebKit Bug Importer
Comment 6 2021-03-18 00:40:15 PDT
<rdar://problem/75563530>
Note You need to log in before you can comment on or make changes to this bug.