1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
|
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this file,
# You can obtain one at http://mozilla.org/MPL/2.0/.
# mozilla/unwind.py --- unwinder and frame filter for SpiderMonkey
import gdb
import gdb.types
from gdb.FrameDecorator import FrameDecorator
import platform
# For ease of use in Python 2, we use "long" instead of "int"
# everywhere.
try:
long
except NameError:
long = int
# The Python 3 |map| built-in works lazily, but in Python 2 we need
# itertools.imap to get this.
try:
from itertools import imap
except ImportError:
imap = map
_have_unwinder = True
try:
from gdb.unwinder import Unwinder
except ImportError:
_have_unwinder = False
# We need something here; it doesn't matter what as no unwinder
# will ever be instantiated.
Unwinder = object
def debug(something):
# print("@@ " + something)
pass
# Maps frametype enum base names to corresponding class.
SizeOfFramePrefix = {
"FrameType::IonJS": "ExitFrameLayout",
"FrameType::BaselineJS": "JitFrameLayout",
"FrameType::BaselineStub": "BaselineStubFrameLayout",
"FrameType::IonStub": "JitStubFrameLayout",
"FrameType::CppToJSJit": "JitFrameLayout",
"FrameType::WasmToJSJit": "JitFrameLayout",
"FrameType::JSJitToWasm": "JitFrameLayout",
"FrameType::Rectifier": "RectifierFrameLayout",
"FrameType::IonAccessorIC": "IonAccessorICFrameLayout",
"FrameType::IonICCall": "IonICCallFrameLayout",
"FrameType::Exit": "ExitFrameLayout",
"FrameType::Bailout": "JitFrameLayout",
}
# We cannot have semi-colon as identifier names, so use a colon instead,
# and forward the name resolution to the type cache class.
class UnwinderTypeCacheFrameType(object):
def __init__(self, tc):
self.tc = tc
def __getattr__(self, name):
return self.tc.__getattr__("FrameType::" + name)
class UnwinderTypeCache(object):
# All types and symbols that we need are attached to an object that we
# can dispose of as needed.
def __init__(self):
self.d = None
self.frame_enum_names = {}
self.frame_class_types = {}
# We take this bizarre approach to defer trying to look up any
# symbols until absolutely needed. Without this, the loading
# approach taken by the gdb-tests would cause spurious exceptions.
def __getattr__(self, name):
if self.d is None:
self.initialize()
if name == "frame_type":
return UnwinderTypeCacheFrameType(self)
return self.d[name]
def value(self, name):
return long(gdb.lookup_symbol(name)[0].value())
def jit_value(self, name):
return self.value("js::jit::" + name)
def initialize(self):
self.d = {}
self.d["FRAMETYPE_MASK"] = (1 << self.jit_value("FRAMETYPE_BITS")) - 1
self.d["FRAMESIZE_SHIFT"] = self.jit_value("FRAMESIZE_SHIFT")
self.d["FRAME_HEADER_SIZE_SHIFT"] = self.jit_value("FRAME_HEADER_SIZE_SHIFT")
self.d["FRAME_HEADER_SIZE_MASK"] = self.jit_value("FRAME_HEADER_SIZE_MASK")
self.compute_frame_info()
commonFrameLayout = gdb.lookup_type("js::jit::CommonFrameLayout")
self.d["typeCommonFrameLayout"] = commonFrameLayout
self.d["typeCommonFrameLayoutPointer"] = commonFrameLayout.pointer()
self.d["per_tls_context"] = gdb.lookup_global_symbol("js::TlsContext")
self.d["void_starstar"] = gdb.lookup_type("void").pointer().pointer()
jitframe = gdb.lookup_type("js::jit::JitFrameLayout")
self.d["jitFrameLayoutPointer"] = jitframe.pointer()
self.d["CalleeToken_Function"] = self.jit_value("CalleeToken_Function")
self.d["CalleeToken_FunctionConstructing"] = self.jit_value(
"CalleeToken_FunctionConstructing"
)
self.d["CalleeToken_Script"] = self.jit_value("CalleeToken_Script")
self.d["JSFunction"] = gdb.lookup_type("JSFunction").pointer()
self.d["JSScript"] = gdb.lookup_type("JSScript").pointer()
self.d["Value"] = gdb.lookup_type("JS::Value")
self.d["SOURCE_SLOT"] = self.value("js::ScriptSourceObject::SOURCE_SLOT")
self.d["NativeObject"] = gdb.lookup_type("js::NativeObject").pointer()
self.d["HeapSlot"] = gdb.lookup_type("js::HeapSlot").pointer()
self.d["ScriptSource"] = gdb.lookup_type("js::ScriptSource").pointer()
# ProcessExecutableMemory, used to identify if a pc is in the section
# pre-allocated by the JIT.
self.d["MaxCodeBytesPerProcess"] = self.jit_value("MaxCodeBytesPerProcess")
self.d["execMemory"] = gdb.lookup_symbol("::execMemory")[0].value()
# Compute maps related to jit frames.
def compute_frame_info(self):
t = gdb.lookup_type("enum js::jit::FrameType")
for field in t.fields():
# Strip off "js::jit::", remains: "FrameType::*".
name = field.name[9:]
enumval = long(field.enumval)
self.d[name] = enumval
self.frame_enum_names[enumval] = name
class_type = gdb.lookup_type("js::jit::" + SizeOfFramePrefix[name])
self.frame_class_types[enumval] = class_type.pointer()
class FrameSymbol(object):
"A symbol/value pair as expected from gdb frame decorators."
def __init__(self, sym, val):
self.sym = sym
self.val = val
def symbol(self):
return self.sym
def value(self):
return self.val
class JitFrameDecorator(FrameDecorator):
"""This represents a single JIT frame for the purposes of display.
That is, the frame filter creates instances of this when it sees a
JIT frame in the stack."""
def __init__(self, base, info, cache):
super(JitFrameDecorator, self).__init__(base)
self.info = info
self.cache = cache
def _decode_jitframe(self, this_frame):
calleetoken = long(this_frame["calleeToken_"])
tag = calleetoken & 3
calleetoken = calleetoken ^ tag
function = None
script = None
if (
tag == self.cache.CalleeToken_Function
or tag == self.cache.CalleeToken_FunctionConstructing
):
fptr = gdb.Value(calleetoken).cast(self.cache.JSFunction)
try:
atom = fptr["atom_"]
if atom:
function = str(atom)
except gdb.MemoryError:
function = "(could not read function name)"
script = fptr["u"]["scripted"]["s"]["script_"]
elif tag == self.cache.CalleeToken_Script:
script = gdb.Value(calleetoken).cast(self.cache.JSScript)
return {"function": function, "script": script}
def function(self):
if self.info["name"] is None:
return FrameDecorator.function(self)
name = self.info["name"]
result = "<<" + name
# If we have a frame, we can extract the callee information
# from it for display here.
this_frame = self.info["this_frame"]
if this_frame is not None:
if gdb.types.has_field(this_frame.type.target(), "calleeToken_"):
function = self._decode_jitframe(this_frame)["function"]
if function is not None:
result = result + " " + function
return result + ">>"
def filename(self):
this_frame = self.info["this_frame"]
if this_frame is not None:
if gdb.types.has_field(this_frame.type.target(), "calleeToken_"):
script = self._decode_jitframe(this_frame)["script"]
if script is not None:
obj = script["sourceObject_"]["value"]
# Verify that this is a ScriptSource object.
# FIXME should also deal with wrappers here.
nativeobj = obj.cast(self.cache.NativeObject)
# See bug 987069 and despair. At least this
# approach won't give exceptions.
class_name = nativeobj["group_"]["value"]["clasp_"]["name"].string(
"ISO-8859-1"
)
if class_name != "ScriptSource":
return FrameDecorator.filename(self)
scriptsourceobj = (nativeobj + 1).cast(self.cache.HeapSlot)[
self.cache.SOURCE_SLOT
]
scriptsource = scriptsourceobj["value"]["asBits_"] << 1
scriptsource = scriptsource.cast(self.cache.ScriptSource)
return scriptsource["filename_"]["mTuple"]["mFirstA"].string()
return FrameDecorator.filename(self)
def frame_args(self):
this_frame = self.info["this_frame"]
if this_frame is None:
return FrameDecorator.frame_args(self)
if not gdb.types.has_field(this_frame.type.target(), "numActualArgs_"):
return FrameDecorator.frame_args(self)
# See if this is a function call.
if self._decode_jitframe(this_frame)["function"] is None:
return FrameDecorator.frame_args(self)
# Construct and return an iterable of all the arguments.
result = []
num_args = long(this_frame["numActualArgs_"])
# Sometimes we see very large values here, so truncate it to
# bypass the damage.
if num_args > 10:
num_args = 10
args_ptr = (this_frame + 1).cast(self.cache.Value.pointer())
for i in range(num_args + 1):
# Synthesize names, since there doesn't seem to be
# anything better to do.
if i == 0:
name = "this"
else:
name = "arg%d" % i
result.append(FrameSymbol(name, args_ptr[i]))
return result
class SpiderMonkeyFrameFilter(object):
"A frame filter for SpiderMonkey."
# |state_holder| is either None, or an instance of
# SpiderMonkeyUnwinder. If the latter, then this class will
# reference the |unwinder_state| attribute to find the current
# unwinder state.
def __init__(self, cache, state_holder):
self.name = "SpiderMonkey"
self.enabled = True
self.priority = 100
self.state_holder = state_holder
self.cache = cache
def maybe_wrap_frame(self, frame):
if self.state_holder is None or self.state_holder.unwinder_state is None:
return frame
base = frame.inferior_frame()
info = self.state_holder.unwinder_state.get_frame(base)
if info is None:
return frame
return JitFrameDecorator(frame, info, self.cache)
def filter(self, frame_iter):
return imap(self.maybe_wrap_frame, frame_iter)
class SpiderMonkeyFrameId(object):
"A frame id class, as specified by the gdb unwinder API."
def __init__(self, sp, pc):
self.sp = sp
self.pc = pc
class UnwinderState(object):
"""This holds all the state needed during a given unwind. Each time a
new unwind is done, a new instance of this class is created. It
keeps track of all the state needed to unwind JIT frames. Note that
this class is not directly instantiated.
This is a base class, and must be specialized for each target
architecture, both because we need to use arch-specific register
names, and because entry frame unwinding is arch-specific.
See https://sourceware.org/bugzilla/show_bug.cgi?id=19286 for info
about the register name issue.
Each subclass must define SP_REGISTER, PC_REGISTER, and
SENTINEL_REGISTER (see x64UnwinderState for info); and implement
unwind_entry_frame_registers."""
def __init__(self, typecache):
self.next_sp = None
self.next_type = None
self.activation = None
# An unwinder instance is specific to a thread. Record the
# selected thread for later verification.
self.thread = gdb.selected_thread()
self.frame_map = {}
self.typecache = typecache
# If the given gdb.Frame was created by this unwinder, return the
# corresponding informational dictionary for the frame.
# Otherwise, return None. This is used by the frame filter to
# display extra information about the frame.
def get_frame(self, frame):
sp = long(frame.read_register(self.SP_REGISTER))
if sp in self.frame_map:
return self.frame_map[sp]
return None
# Add information about a frame to the frame map. This map is
# queried by |self.get_frame|. |sp| is the frame's stack pointer,
# and |name| the frame's type as a string, e.g. "FrameType::Exit".
def add_frame(self, sp, name=None, this_frame=None):
self.frame_map[long(sp)] = {"name": name, "this_frame": this_frame}
# See whether |pc| is claimed by the Jit.
def is_jit_address(self, pc):
execMem = self.typecache.execMemory
base = long(execMem["base_"])
length = self.typecache.MaxCodeBytesPerProcess
# If the base pointer is null, then no memory got allocated yet.
if long(base) == 0:
return False
# If allocated, then we allocated MaxCodeBytesPerProcess.
return base <= pc and pc < base + length
# Check whether |self| is valid for the selected thread.
def check(self):
return gdb.selected_thread() is self.thread
# Essentially js::TlsContext.get().
def get_tls_context(self):
return self.typecache.per_tls_context.value()["mValue"]
# |common| is a pointer to a CommonFrameLayout object. Return a
# tuple (local_size, header_size, frame_type), where |size| is the
# integer size of the previous frame's locals; |header_size| is
# the size of this frame's header; and |frame_type| is an integer
# representing the previous frame's type.
def unpack_descriptor(self, common):
value = long(common["descriptor_"])
local_size = value >> self.typecache.FRAMESIZE_SHIFT
header_size = (
value >> self.typecache.FRAME_HEADER_SIZE_SHIFT
) & self.typecache.FRAME_HEADER_SIZE_MASK
header_size = header_size * self.typecache.void_starstar.sizeof
frame_type = long(value & self.typecache.FRAMETYPE_MASK)
if frame_type == self.typecache.frame_type.CppToJSJit:
# Trampoline-x64.cpp pushes a JitFrameLayout object, but
# the stack pointer is actually adjusted as if a
# CommonFrameLayout object was pushed.
header_size = self.typecache.typeCommonFrameLayout.sizeof
return (local_size, header_size, frame_type)
# Create a new frame for gdb. This makes a new unwind info object
# and fills it in, then returns it. It also registers any
# pertinent information with the frame filter for later display.
#
# |pc| is the PC from the pending frame
# |sp| is the stack pointer to use
# |frame| points to the CommonFrameLayout object
# |frame_type| is a integer, one of the |enum FrameType| values,
# describing the current frame.
# |pending_frame| is the pending frame (see the gdb unwinder
# documentation).
def create_frame(self, pc, sp, frame, frame_type, pending_frame):
# Make a frame_id that claims that |frame| is sort of like a
# frame pointer for this frame.
frame_id = SpiderMonkeyFrameId(frame, pc)
# Read the frame layout object to find the next such object.
# This lets us unwind the necessary registers for the next
# frame, and also update our internal state to match.
common = frame.cast(self.typecache.typeCommonFrameLayoutPointer)
next_pc = common["returnAddress_"]
(local_size, header_size, next_type) = self.unpack_descriptor(common)
next_sp = frame + header_size + local_size
# Compute the type of the next oldest frame's descriptor.
this_class_type = self.typecache.frame_class_types[frame_type]
this_frame = frame.cast(this_class_type)
# Register this frame so the frame filter can find it. This
# is registered using SP because we don't have any other good
# approach -- you can't get the frame id from a gdb.Frame.
# https://sourceware.org/bugzilla/show_bug.cgi?id=19800
frame_name = self.typecache.frame_enum_names[frame_type]
self.add_frame(sp, name=frame_name, this_frame=this_frame)
# Update internal state for the next unwind.
self.next_sp = next_sp
self.next_type = next_type
unwind_info = pending_frame.create_unwind_info(frame_id)
unwind_info.add_saved_register(self.PC_REGISTER, next_pc)
unwind_info.add_saved_register(self.SP_REGISTER, next_sp)
# FIXME it would be great to unwind any other registers here.
return unwind_info
# Unwind an "ordinary" JIT frame. This is used for JIT frames
# other than enter and exit frames. Returns the newly-created
# unwind info for gdb.
def unwind_ordinary(self, pc, pending_frame):
return self.create_frame(
pc, self.next_sp, self.next_sp, self.next_type, pending_frame
)
# Unwind an exit frame. Returns None if this cannot be done;
# otherwise returns the newly-created unwind info for gdb.
def unwind_exit_frame(self, pc, pending_frame):
if self.activation == 0:
# Reached the end of the list.
return None
elif self.activation is None:
cx = self.get_tls_context()
self.activation = cx["jitActivation"]["value"]
else:
self.activation = self.activation["prevJitActivation_"]
packedExitFP = self.activation["packedExitFP_"]
if packedExitFP == 0:
return None
exit_sp = pending_frame.read_register(self.SP_REGISTER)
frame_type = self.typecache.frame_type.Exit
return self.create_frame(pc, exit_sp, packedExitFP, frame_type, pending_frame)
# A wrapper for unwind_entry_frame_registers that handles
# architecture-independent boilerplate.
def unwind_entry_frame(self, pc, pending_frame):
sp = self.next_sp
# Notify the frame filter.
self.add_frame(sp, name="FrameType::CppToJSJit")
# Make an unwind_info for the per-architecture code to fill in.
frame_id = SpiderMonkeyFrameId(sp, pc)
unwind_info = pending_frame.create_unwind_info(frame_id)
self.unwind_entry_frame_registers(sp, unwind_info)
self.next_sp = None
self.next_type = None
return unwind_info
# The main entry point that is called to try to unwind a JIT frame
# of any type. Returns None if this cannot be done; otherwise
# returns the newly-created unwind info for gdb.
def unwind(self, pending_frame):
pc = pending_frame.read_register(self.PC_REGISTER)
# If the jit does not claim this address, bail. GDB defers to our
# unwinder by default, but we don't really want that kind of power.
if not self.is_jit_address(long(pc)):
return None
if self.next_sp is not None:
if self.next_type == self.typecache.frame_type.CppToJSJit:
return self.unwind_entry_frame(pc, pending_frame)
return self.unwind_ordinary(pc, pending_frame)
# Maybe we've found an exit frame. FIXME I currently don't
# know how to identify these precisely, so we'll just hope for
# the time being.
return self.unwind_exit_frame(pc, pending_frame)
class x64UnwinderState(UnwinderState):
"The UnwinderState subclass for x86-64."
SP_REGISTER = "rsp"
PC_REGISTER = "rip"
# A register unique to this architecture, that is also likely to
# have been saved in any frame. The best thing to use here is
# some arch-specific name for PC or SP.
SENTINEL_REGISTER = "rip"
# Must be in sync with Trampoline-x64.cpp:generateEnterJIT. Note
# that rip isn't pushed there explicitly, but rather by the
# previous function's call.
PUSHED_REGS = ["r15", "r14", "r13", "r12", "rbx", "rbp", "rip"]
# Fill in the unwound registers for an entry frame.
def unwind_entry_frame_registers(self, sp, unwind_info):
sp = sp.cast(self.typecache.void_starstar)
# Skip the "result" push.
sp = sp + 1
for reg in self.PUSHED_REGS:
data = sp.dereference()
sp = sp + 1
unwind_info.add_saved_register(reg, data)
if reg == "rbp":
unwind_info.add_saved_register(self.SP_REGISTER, sp)
class SpiderMonkeyUnwinder(Unwinder):
"""The unwinder object. This provides the "user interface" to the JIT
unwinder, and also handles constructing or destroying UnwinderState
objects as needed."""
# A list of all the possible unwinders. See |self.make_unwinder|.
UNWINDERS = [x64UnwinderState]
def __init__(self, typecache):
super(SpiderMonkeyUnwinder, self).__init__("SpiderMonkey")
self.typecache = typecache
self.unwinder_state = None
# Disabled by default until we figure out issues in gdb.
self.enabled = False
gdb.write(
"SpiderMonkey unwinder is disabled by default, to enable it type:\n"
+ "\tenable unwinder .* SpiderMonkey\n"
)
# Some versions of gdb did not flush the internal frame cache
# when enabling or disabling an unwinder. This was fixed in
# the same release of gdb that added the breakpoint_created
# event.
if not hasattr(gdb.events, "breakpoint_created"):
gdb.write("\tflushregs\n")
# We need to invalidate the unwinder state whenever the
# inferior starts executing. This avoids having a stale
# cache.
gdb.events.cont.connect(self.invalidate_unwinder_state)
assert self.test_sentinels()
def test_sentinels(self):
# Self-check.
regs = {}
for unwinder in self.UNWINDERS:
if unwinder.SENTINEL_REGISTER in regs:
return False
regs[unwinder.SENTINEL_REGISTER] = 1
return True
def make_unwinder(self, pending_frame):
# gdb doesn't provide a good way to find the architecture.
# See https://sourceware.org/bugzilla/show_bug.cgi?id=19399
# So, we look at each known architecture and see if the
# corresponding "unique register" is known.
for unwinder in self.UNWINDERS:
try:
pending_frame.read_register(unwinder.SENTINEL_REGISTER)
except Exception:
# Failed to read the register, so let's keep going.
# This is more fragile than it might seem, because it
# fails if the sentinel register wasn't saved in the
# previous frame.
continue
return unwinder(self.typecache)
return None
def __call__(self, pending_frame):
if self.unwinder_state is None or not self.unwinder_state.check():
self.unwinder_state = self.make_unwinder(pending_frame)
if not self.unwinder_state:
return None
return self.unwinder_state.unwind(pending_frame)
def invalidate_unwinder_state(self, *args, **kwargs):
self.unwinder_state = None
def register_unwinder(objfile):
"""Register the unwinder and frame filter with |objfile|. If |objfile|
is None, register them globally."""
type_cache = UnwinderTypeCache()
unwinder = None
# This currently only works on Linux, due to parse_proc_maps.
if _have_unwinder and platform.system() == "Linux":
unwinder = SpiderMonkeyUnwinder(type_cache)
gdb.unwinder.register_unwinder(objfile, unwinder, replace=True)
# We unconditionally register the frame filter, because at some
# point we'll add interpreter frame filtering.
filt = SpiderMonkeyFrameFilter(type_cache, unwinder)
if objfile is None:
objfile = gdb
objfile.frame_filters[filt.name] = filt
|