|
|
Description[profiler] Make no frame region detection code more robust
Upon collection of the stack trace if the current PC falls into
the frame building code, the top frame might be in a non-consistent
state. That leads to some of the frames could be missing from the
stack trace.
The patch makes it check instructions under current PC and if they
look like the frame setup/destroy code, it skips the entire sample.
Support for x86/x64
BUG=chromium:529931
LOG=N
Committed: https://crrev.com/12c7bc9a226859c3200609495689592a675a21af
Cr-Commit-Position: refs/heads/master@{#30777}
Patch Set 1 #
Total comments: 2
Patch Set 2 : added a check for page boundary #
Total comments: 2
Patch Set 3 : Fix crashes on simulators #Messages
Total messages: 24 (7 generated)
alph@chromium.org changed reviewers: + bmeurer@chromium.org, yurys@chromium.org
lgtm
The CQ bit was checked by alph@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1341413002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1341413002/1
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: v8_linux_arm_rel on tryserver.v8 (JOB_FAILED, http://build.chromium.org/p/tryserver.v8/builders/v8_linux_arm_rel/builds/8077)
The CQ bit was checked by alph@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1341413002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1341413002/1
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: v8_linux_dbg on tryserver.v8 (JOB_FAILED, http://build.chromium.org/p/tryserver.v8/builders/v8_linux_dbg/builds/8683)
https://codereview.chromium.org/1341413002/diff/1/src/sampler.cc File src/sampler.cc (right): https://codereview.chromium.org/1341413002/diff/1/src/sampler.cc#newcode212 src/sampler.cc:212: if (!memcmp(pc - *offset, pattern->bytes, pattern->bytes_count)) what about the potential case that we discussed offline, when pc is begin of a page and we cannot access pc -1 ?
https://codereview.chromium.org/1341413002/diff/1/src/sampler.cc File src/sampler.cc (right): https://codereview.chromium.org/1341413002/diff/1/src/sampler.cc#newcode212 src/sampler.cc:212: if (!memcmp(pc - *offset, pattern->bytes, pattern->bytes_count)) On 2015/09/16 14:42:01, yurys wrote: > what about the potential case that we discussed offline, when pc is begin of a > page and we cannot access pc -1 ? It should never happen for JS code, because of Code object preceding and in fact every heap allocated objects are preceded with the system info. As for the native code, I looked at the memory map for Chrome process and all the code segments have ELF prologue, e.g. (gdb) x/8c 0x7fb6cc498000 0x7fb6cc498000: 127 '\177' 69 'E' 76 'L' 70 'F' 2 '\002' 1 '\001' 1 '\001' 0 '\000' So it looks like we should never hit an unallocated page. Not sure how the loading behaves on Windows. In any case we can monitor it for crashes. Or I can still add a check code just to be on the safe side, but I don't think it's worth. Wdyt?
lgtm
On 2015/09/16 17:28:51, alph wrote: > https://codereview.chromium.org/1341413002/diff/1/src/sampler.cc > File src/sampler.cc (right): > > https://codereview.chromium.org/1341413002/diff/1/src/sampler.cc#newcode212 > src/sampler.cc:212: if (!memcmp(pc - *offset, pattern->bytes, > pattern->bytes_count)) > On 2015/09/16 14:42:01, yurys wrote: > > what about the potential case that we discussed offline, when pc is begin of a > > page and we cannot access pc -1 ? > > It should never happen for JS code, because of Code object preceding and in > fact every heap allocated objects are preceded with the system info. > > As for the native code, I looked at the memory map for Chrome process and all > the code segments have ELF prologue, e.g. > (gdb) x/8c 0x7fb6cc498000 > 0x7fb6cc498000: 127 '\177' 69 'E' 76 'L' 70 'F' 2 '\002' 1 '\001' 1 '\001' 0 > '\000' > > So it looks like we should never hit an unallocated page. Not sure how the > loading behaves on Windows. > > In any case we can monitor it for crashes. Or I can still add a check code just > to be on the safe side, but I don't think it's worth. > > Wdyt? Looks like I just hit one in the test. ;-) There's an code section mapped right at the page boundary: (gdb) disassemble 0x3ab70000,+10 Dump of assembler code from 0x3ab70000 to 0x3ab70064: 0x3ab70000: push %edi 0x3ab70001: push %esi 0x3ab70002: mov 0xc(%esp),%edi $ cat /proc/37002/maps .... 3ab70000-3ab71000 r-xp 00000000 00:00 0 I'll add a check.
ptal
lgtm https://codereview.chromium.org/1341413002/diff/20001/src/sampler.cc File src/sampler.cc (right): https://codereview.chromium.org/1341413002/diff/20001/src/sampler.cc#newcode178 src/sampler.cc:178: const uint32_t kPageSize = 4096; Would be nice to have this constant defined in a single place rather than copying the declaration all around v8 code.
https://codereview.chromium.org/1341413002/diff/20001/src/sampler.cc File src/sampler.cc (right): https://codereview.chromium.org/1341413002/diff/20001/src/sampler.cc#newcode178 src/sampler.cc:178: const uint32_t kPageSize = 4096; On 2015/09/16 22:39:43, yurys wrote: > Would be nice to have this constant defined in a single place rather than > copying the declaration all around v8 code. Sounds like a good idea, though it should go as a separate patch.
The CQ bit was checked by alph@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from bmeurer@chromium.org Link to the patchset: https://codereview.chromium.org/1341413002/#ps20001 (title: "added a check for page boundary")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1341413002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1341413002/20001
Message was sent while issue was closed.
Committed patchset #2 (id:20001)
Message was sent while issue was closed.
Patchset 2 (id:??) landed as https://crrev.com/12c7bc9a226859c3200609495689592a675a21af Cr-Commit-Position: refs/heads/master@{#30777}
SimulatorHelper seems to provide a bogus value of PC sometimes. In most cases FP is set to zero, which means the simulator is updating registers, e.g. like in this sample: sim regs.sp:0x319afbc regs.fp:0x0 regs.pc:0xfffffffe and we gracefully bail out in HandleProfilerSignal. But sometimes both SP and FP are valid, but PC is still having that bogus value, e.g.: sim regs.sp:0x319aea8 regs.fp:0x319aecc regs.pc:0xfffffffe causing a crash. |