Created attachment 422904 [details] Patch to crash jsc shell GDB can't unwind a JSC LLInt stack to show backtrace I created a coredump by crashing jsc shell. (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49 #1 0x00007fc562f16864 in __GI_abort () at abort.c:79 #2 0x0000562a8b718952 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713 #3 0x0000562a8b6fd741 in (anonymous namespace)::jscExit (status=0) at ../../Source/JavaScriptCore/jsc.cpp:169 #4 0x0000562a8b70c4a4 in functionQuit (globalObject=0x7fc51fff6068) at ../../Source/JavaScriptCore/jsc.cpp:2262 #5 0x00007fc5204ff178 in ?? () #6 0x00007ffcbae56e30 in ?? () #7 0x00007fc5635ad7e1 in llint_op_call () at /home/fujii/webkit/gb/Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1093 #8 0x0000000000000000 in ?? ()
lldb can unwind the stack nicely. ((lldb) bt * thread #1, name = 'jsc', stop reason = signal SIGABRT * frame #0: 0x00007fc562f318cb libc.so.6`raise + 203 frame #1: 0x00007fc562f16864 libc.so.6`abort + 278 frame #2: 0x0000562a8b718952 jsc`CRASH_WITH_INFO(...) at Assertions.h:713:5 frame #3: 0x0000562a8b6fd741 jsc`(anonymous namespace)::jscExit(status=0) at jsc.cpp:169:5 frame #4: 0x0000562a8b70c4a4 jsc`::functionQuit(globalObject=0x00007fc51fff6068, (null)=0x00007ffcbae56dc0) at jsc.cpp:2262:12 frame #5: 0x00007fc5204ff178 frame #6: 0x00007fc5635ad7e1 libJavaScriptCore.so.1`llint_op_call at LowLevelInterpreter.asm:1093:1 frame #7: 0x00007fc56358e96b libJavaScriptCore.so.1`vmEntryToJavaScript at LowLevelInterpreter64.asm:316:1 frame #8: 0x00007fc5645eab40 libJavaScriptCore.so.1`JSC::JITCode::execute(this=0x00007fc5605a7f00, vm=0x00007fc520300000, protoCallFrame=0x00007ffcbae570d0) at JITCodeInlines.h:42:91 frame #9: 0x00007fc5645dfb79 libJavaScriptCore.so.1`JSC::Interpreter::executeProgram(this=0x00007fc5605fe258, source=0x00007ffcbae57b10, (null)=0x00007fc51fff6068, thisObj=0x00007fc5605b24e8) at Interpreter.cpp:839:59 frame #10: 0x00007fc56492072d libJavaScriptCore.so.1`JSC::evaluate(globalObject=0x00007fc51fff6068, source=0x00007ffcbae57b10, thisValue=JSValue @ 0x00007ffcbae579d8, returnedException=0x00007ff cbae57aa8) at Completion.cpp:137:82 frame #11: 0x0000562a8b71047d jsc`::runInteractive(globalObject=0x00007fc51fff6068) at jsc.cpp:3099:138 frame #12: 0x0000562a8b7137ab jsc`::runJSC<jscmain(int, char**)::<lambda(JSC::VM&, GlobalObject*, bool&)> >(options=0x0000562a8b7b6048, isWorker=false, func=0x00007ffcbae57e90) &) at jsc.cpp:342 0:27 frame #13: 0x0000562a8b711833 jsc`jscmain(argc=1, argv=0x00007ffcbae57fd8) at jsc.cpp:3581:24 frame #14: 0x0000562a8b70ea2e jsc`main(argc=1, argv=0x00007ffcbae57fd8) at jsc.cpp:2832:22 frame #15: 0x00007fc562f18cb2 libc.so.6`__libc_start_main + 242 frame #16: 0x0000562a8b6fd5be jsc`_start + 46
Seems like this. c - How to use gdb stacktrace with run time generated machine code? - Stack Overflow https://stackoverflow.com/a/34960328
Created attachment 422905 [details] gdb log of set debug frame 1
Bug 75387 – Get GDB to display a proper backtrace through JITted functions It has a old patch for old JSC JIT.
> The final way (new in gdb 7.10) is that you can write an unwinder in Python. When working on my JIT unwinder, I chose this approach because it is simple to debug, simple to deploy, reasonably flexible, and does not require any particular changes in the inferior. https://stackoverflow.com/questions/34940738/how-to-use-gdb-stacktrace-with-run-time-generated-machine-code/34960328#34960328 Sounds like this is the best way in terms of complexity / memory overhead etc.
<rdar://problem/75563530>