Bug 223058

Summary: GDB can't unwind a JSC LLInt stack to show backtrace
Product: WebKit Reporter: Fujii Hironori <Hironori.Fujii>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: mark.lam, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch to crash jsc shell
none
gdb log of set debug frame 1 none

Description Fujii Hironori 2021-03-10 23:39:30 PST 
Created attachment 422904 [details]
Patch to crash jsc shell

GDB can't unwind a JSC LLInt stack to show backtrace

I created a coredump by crashing jsc shell.

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1  0x00007fc562f16864 in __GI_abort () at abort.c:79
#2  0x0000562a8b718952 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
#3  0x0000562a8b6fd741 in (anonymous namespace)::jscExit (status=0) at ../../Source/JavaScriptCore/jsc.cpp:169
#4  0x0000562a8b70c4a4 in functionQuit (globalObject=0x7fc51fff6068) at ../../Source/JavaScriptCore/jsc.cpp:2262
#5  0x00007fc5204ff178 in ?? ()
#6  0x00007ffcbae56e30 in ?? ()
#7  0x00007fc5635ad7e1 in llint_op_call () at /home/fujii/webkit/gb/Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1093
#8  0x0000000000000000 in ?? ()
Comment 1 Fujii Hironori 2021-03-10 23:40:21 PST 
lldb can unwind the stack nicely.

((lldb) bt
* thread #1, name = 'jsc', stop reason = signal SIGABRT
  * frame #0: 0x00007fc562f318cb libc.so.6`raise + 203
    frame #1: 0x00007fc562f16864 libc.so.6`abort + 278
    frame #2: 0x0000562a8b718952 jsc`CRASH_WITH_INFO(...) at Assertions.h:713:5
    frame #3: 0x0000562a8b6fd741 jsc`(anonymous namespace)::jscExit(status=0) at jsc.cpp:169:5
    frame #4: 0x0000562a8b70c4a4 jsc`::functionQuit(globalObject=0x00007fc51fff6068, (null)=0x00007ffcbae56dc0) at jsc.cpp:2262:12
    frame #5: 0x00007fc5204ff178
    frame #6: 0x00007fc5635ad7e1 libJavaScriptCore.so.1`llint_op_call at LowLevelInterpreter.asm:1093:1
    frame #7: 0x00007fc56358e96b libJavaScriptCore.so.1`vmEntryToJavaScript at LowLevelInterpreter64.asm:316:1
    frame #8: 0x00007fc5645eab40 libJavaScriptCore.so.1`JSC::JITCode::execute(this=0x00007fc5605a7f00, vm=0x00007fc520300000, protoCallFrame=0x00007ffcbae570d0) at JITCodeInlines.h:42:91
    frame #9: 0x00007fc5645dfb79 libJavaScriptCore.so.1`JSC::Interpreter::executeProgram(this=0x00007fc5605fe258, source=0x00007ffcbae57b10, (null)=0x00007fc51fff6068, thisObj=0x00007fc5605b24e8) at
 Interpreter.cpp:839:59                                                                                                                                                                              
    frame #10: 0x00007fc56492072d libJavaScriptCore.so.1`JSC::evaluate(globalObject=0x00007fc51fff6068, source=0x00007ffcbae57b10, thisValue=JSValue @ 0x00007ffcbae579d8, returnedException=0x00007ff
cbae57aa8) at Completion.cpp:137:82                                                                                                                                                                  
    frame #11: 0x0000562a8b71047d jsc`::runInteractive(globalObject=0x00007fc51fff6068) at jsc.cpp:3099:138
    frame #12: 0x0000562a8b7137ab jsc`::runJSC<jscmain(int, char**)::<lambda(JSC::VM&, GlobalObject*, bool&)> >(options=0x0000562a8b7b6048, isWorker=false, func=0x00007ffcbae57e90) &) at jsc.cpp:342
0:27                                                                                                                                                                                                 
    frame #13: 0x0000562a8b711833 jsc`jscmain(argc=1, argv=0x00007ffcbae57fd8) at jsc.cpp:3581:24
    frame #14: 0x0000562a8b70ea2e jsc`main(argc=1, argv=0x00007ffcbae57fd8) at jsc.cpp:2832:22
    frame #15: 0x00007fc562f18cb2 libc.so.6`__libc_start_main + 242
    frame #16: 0x0000562a8b6fd5be jsc`_start + 46
Comment 2 Fujii Hironori 2021-03-10 23:41:56 PST 
Seems like this.

c - How to use gdb stacktrace with run time generated machine code? - Stack Overflow
https://stackoverflow.com/a/34960328
Comment 3 Fujii Hironori 2021-03-10 23:43:22 PST 
Created attachment 422905 [details]
gdb log of set debug frame 1
Comment 4 Fujii Hironori 2021-03-10 23:47:43 PST 
Bug 75387 – Get GDB to display a proper backtrace through JITted functions

It has a old patch for old JSC JIT.
Comment 5 Yusuke Suzuki 2021-03-10 23:57:52 PST 
> The final way (new in gdb 7.10) is that you can write an unwinder in Python. When working on my JIT unwinder, I chose this approach because it is simple to debug, simple to deploy, reasonably flexible, and does not require any particular changes in the inferior.
https://stackoverflow.com/questions/34940738/how-to-use-gdb-stacktrace-with-run-time-generated-machine-code/34960328#34960328

Sounds like this is the best way in terms of complexity / memory overhead etc.
Comment 6 Radar WebKit Bug Importer 2021-03-18 00:40:15 PDT 
<rdar://problem/75563530>