[profiler] Make no frame region detection code more robust [x86/x64]

src/sampler.cc

 // Copyright 2013 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/sampler.h"
 
 #if V8_OS_POSIX && !V8_OS_CYGWIN
 
 #define USE_SIGNALS
 
@@ skipping 155 matching lines @@
   PlatformDataCommon() : profiled_thread_id_(ThreadId::Current()) {}
   ThreadId profiled_thread_id() { return profiled_thread_id_; }
 
  protected:
   ~PlatformDataCommon() {}
 
  private:
   ThreadId profiled_thread_id_;
 };
 
+
+// Check if the code at specified address could potentially be a
+// frame setup code.
+bool IsNoFrameRegion(Address address) {
+  struct Pattern {
+    int bytes_count;
+    byte bytes[8];
+    int offsets[4];
+  };
+  byte* pc = reinterpret_cast<byte*>(address);
+  static Pattern patterns[] = {
+#if V8_HOST_ARCH_IA32
+    // push %ebp
+    // mov %esp,%ebp
+    {3, {0x55, 0x89, 0xe5}, {0, 1, -1}},
+    // pop %ebp
+    // ret N
+    {2, {0x5d, 0xc2}, {0, 1, -1}},
+    // pop %ebp
+    // ret
+    {2, {0x5d, 0xc3}, {0, 1, -1}},
+#elif V8_HOST_ARCH_X64
+    // pushq %rbp
+    // movq %rsp,%rbp
+    {4, {0x55, 0x48, 0x89, 0xe5}, {0, 1, -1}},
+    // popq %rbp
+    // ret N
+    {2, {0x5d, 0xc2}, {0, 1, -1}},
+    // popq %rbp
+    // ret
+    {2, {0x5d, 0xc3}, {0, 1, -1}},
+#endif
+    {0, {}, {}}
+  };
+  for (Pattern* pattern = patterns; pattern->bytes_count; ++pattern) {
+    for (int* offset = pattern->offsets; *offset != -1; ++offset) {
+      if (!memcmp(pc - *offset, pattern->bytes, pattern->bytes_count))

[yurys, 2015/09/16 14:42:01]

what about the potential case that we discussed offline, when pc is begin of a
page and we cannot access pc -1 ?

[alph, 2015/09/16 17:28:50]

It should never happen for JS code, because of Code object preceding  and in
fact every heap allocated objects are preceded with the system info.

As for the native code, I looked at the memory map for Chrome process and all
the code segments have ELF prologue, e.g.
(gdb) x/8c 0x7fb6cc498000
0x7fb6cc498000:	127 '\177'	69 'E'	76 'L'	70 'F'	2 '\002'	1 '\001'	1 '\001'	0
'\000'

So it looks like we should never hit an unallocated page. Not sure how the
loading behaves on Windows.

In any case we can monitor it for crashes. Or I can still add a check code just
to be on the safe side, but I don't think it's worth.

Wdyt?

+        return true;
+    }
+  }
+  return false;
+}
+
 }  // namespace
 
 #if defined(USE_SIGNALS)
 
 class Sampler::PlatformData : public PlatformDataCommon {
  public:
   PlatformData() : vm_tid_(pthread_self()) {}
   pthread_t vm_tid() const { return vm_tid_; }
 
  private:
@@ skipping 399 matching lines @@
   timestamp = base::TimeTicks::HighResolutionNow();
   pc = reinterpret_cast<Address>(regs.pc);
   state = isolate->current_vm_state();
 
   // Avoid collecting traces while doing GC.
   if (state == GC) return;
 
   Address js_entry_sp = isolate->js_entry_sp();
   if (js_entry_sp == 0) return;  // Not executing JS now.
 
+  if (pc && IsNoFrameRegion(pc)) {
+    pc = 0;
+    return;
+  }
+
   ExternalCallbackScope* scope = isolate->external_callback_scope();
   Address handler = Isolate::handler(isolate->thread_local_top());
   // If there is a handler on top of the external callback scope then
   // we have already entrered JavaScript again and the external callback
   // is not the top function.
   if (scope && scope->scope_address() < handler) {
     external_callback = scope->callback();
     has_external_callback = true;
   } else {
     // Sample potential return address value for frameless invocation of
@@ skipping 163 matching lines @@
     SampleStack(state);
   }
   ResumeThread(profiled_thread);
 }
 
 #endif  // USE_SIGNALS
 
 
 }  // namespace internal
 }  // namespace v8