[Webkit-unassigned] [Bug 167714] New: Add a SIGILL crash analyzer to make debugging SIGILLs easier.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 1 15:48:14 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=167714

            Bug ID: 167714
           Summary: Add a SIGILL crash analyzer to make debugging SIGILLs
                    easier.
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

We'll start with just supporting this for OS(DARWIN).

With this feature, we can now get crash diagnostics like the following:

Filtered syslog:
Timestamp                  Thread     Type        Activity             PID
2017-02-01 14:06:20.1410 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: BEGIN SIGILL analysis
2017-02-01 14:06:20.1410 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: x0: ffff0000ffffffff x1: ffff0000ffffffff x2: 0000000000000001 x3: 000000000000009a
2017-02-01 14:06:20.1410 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: x4: 0000000000000005 x5: 0000000000000060 x6: 0000000000000000 x7: 0000000000000000
2017-02-01 14:06:20.1410 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: x8: 0000000104a00018 x9: 0000000000000000 x10: 0000000000000001 x11: 0000000000000001
2017-02-01 14:06:20.1410 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: x12: 0000000000000000 x13: 00000001043ac1b8 x14: 000000016fd0bce0 x15: 000000016fd09708
2017-02-01 14:06:20.1410 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: x16: 0000000000000000 x17: 0000000104a082e8 x18: 0000000000000000 x19: 0000000000000000
2017-02-01 14:06:20.1410 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: x20: 0000000000000000 x21: 0000000000000000 x22: 0000000000000000 x23: 0000000000000000
2017-02-01 14:06:20.1410 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: x24: 0000000000000000 x25: 0000000000000000 x26: 0000000000000000 x27: ffff000000000000
2017-02-01 14:06:20.1410 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: x28: ffff000000000002 fp: 000000016fd096c0 lr: 0000000153c1d744
2017-02-01 14:06:20.1410 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: sp: 000000016fd09640 pc: 0000000155c17bec cpsr: 20000000
2017-02-01 14:06:20.1411 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: pc 0x155c17bec is in valid JIT executable memory
2017-02-01 14:06:20.1411 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: instruction bits at pc 0x155c17bec is: 0x00000000
2017-02-01 14:06:20.1411 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: pc 0x155c17bec belongs to CodeBlock 0x104240760 of type DFG
2017-02-01 14:06:20.1411 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: JITCode 0x1051bd000 [0x155c17580-0x155c17f20]:
2017-02-01 14:06:20.1411 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: [0x155c17580-0x155c1759c]: a9bf7bfd 910003fd d280ec10 f2a08490 f2c00030 f80103b0 d10203a1 d2905b11
2017-02-01 14:06:20.1411 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: [0x155c175a0-0x155c175bc]: f2a09411 f2c00031 f87f6a30 eb01021f 540034e8 d10203bf f81f03bb f81f83bc
2017-02-01 14:06:20.1411 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: [0x155c175c0-0x155c175dc]: b2503ffb b27f037c f2400bbf 54000060 52800150 d4200000 b2503ff0 eb10037f
...
2017-02-01 14:06:20.1412 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: [0x155c17f00-0x155c17f1c]: 17801710 00000000 00000000 00000000 00000000 00000000 00000000 00000000
2017-02-01 14:06:20.1412 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: Disassembly:
2017-02-01 14:06:20.1412 -0800    0x29d81 1024 0x0 3711 JavaScriptCore:          0x155c17580:    stp    fp, lr, [sp, #-16]!
2017-02-01 14:06:20.1412 -0800    0x29d81 1024 0x0 3711 JavaScriptCore:          0x155c17584:    mov    fp, sp
2017-02-01 14:06:20.1412 -0800    0x29d81 1024 0x0 3711 JavaScriptCore:          0x155c17588:    movz   x16, #1888
2017-02-01 14:06:20.1412 -0800    0x29d81 1024 0x0 3711 JavaScriptCore:          0x155c1758c:    movk   x16, #1060, lsl #16
...
2017-02-01 14:06:20.1455 -0800    0x29d81 1024 0x0 3711 JavaScriptCore:          0x155c17be8:    mov    x1, x0
2017-02-01 14:06:20.1455 -0800    0x29d81 1024 0x0 3711 JavaScriptCore:        * 0x155c17bec:    .long  00000000    <=========================
2017-02-01 14:06:20.1455 -0800    0x29d81 1024 0x0 3711 JavaScriptCore:          0x155c17bf0:    tst    w1, #0x7fffffff
...
2017-02-01 14:06:20.1465 -0800    0x29d81 1024 0x0 3711 JavaScriptCore:          0x155c17f1c:    .long  00000000
2017-02-01 14:06:20.1465 -0800    0x29d81 1024 0x0 3711 JavaScriptCore: END SIGILL analysis

Patch coming soon.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170201/51654ae4/attachment-0001.html>

More information about the webkit-unassigned mailing list