[Webkit-unassigned] [Bug 250823] New: Improve VMInspector::dumpRegisters().

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 18 20:39:20 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=250823

            Bug ID: 250823
           Summary: Improve VMInspector::dumpRegisters().
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

1. Change the order of the dump to go from low memory to high memory.  This makes the dump more intuitive to read because:
   a. C++ structures are dumped that way in debuggers, and
   b. Dumping this way allows us to dump the caller frame next, and the memory dumps just stitches together naturally.

2. Add VMInspector::vmForCallFrame() to find the VM for a CallFrame instead of relying on a CodeBlock being present.
   This allows us to ...

3. Add rudimentary support for dumping EntryFrame, as well as Wasm and native frames.

4. Also changed the layout of the dumped CallFrame registers to have more useful info while being easier to read.

For example, an old dump looks like this:
```
-----------------------------------------------------------------------------
            use            |   address  |                value               
-----------------------------------------------------------------------------
[r 10 arguments[  5]]      | 0x16fdfbfb0 | 0xa                Undefined
[r  9 arguments[  4]]      | 0x16fdfbfa8 | 0xfffe000000000000 Int32: 0
[r  8 arguments[  3]]      | 0x16fdfbfa0 | 0x10409c240        Object: 0x10409c240 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x30000afd0:[0xafd0/45008, Object, (2/6, 0/0){module:0, instance:1}, NonArray, Proto:0x103011968, Leaf]), StructureID: 45008
[r  7 arguments[  2]]      | 0x16fdfbf98 | 0xfffe000000000001 Int32: 1
[r  6 arguments[  1]]      | 0x16fdfbf90 | 0x103038de8        Object: 0x103038de8 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x3000077b0:[0x77b0/30640, Generator, (0/0, 0/0){}, NonArray, Proto:0x103012ae8, Leaf]), StructureID: 30640
[r  5           this]      | 0x16fdfbf88 | 0x10300e268        Object: 0x10300e268 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x300008720:[0x8720/34592, JSProxy, (0/0, 0/0){}, NonArray, Proto:0x103011968, Leaf]), StructureID: 34592
-----------------------------------------------------------------------------
[ArgumentCount]            | 0x16fdfbf80 | 5 
[ReturnVPC]                | 0x16fdfbf80 | 399 (line 20)
[Callee]                   | 0x16fdfbf78 | 0x10408e100        Object: 0x10408e100 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x3000057c0:[0x57c0/22464, Function, (0/0, 0/0){}, NonArray, Proto:0x1030305a8, Leaf]), StructureID: 22464
[CodeBlock]                | 0x16fdfbf70 | 0x1040d8580        #Bhpb2b:[0x1040d8580->0x104099980, LLIntFunctionCall, 412]
[ReturnPC]                 | 0x16fdfbf68 | 0x11a470248 
[CallerFrame]              | 0x16fdfbf60 | 0x16fdfc020 
-----------------------------------------------------------------------------
[r -1  CalleeSaveReg]      | 0x16fdfbf58 | 0xfffe000000000002 Int32: 2
[r -2  CalleeSaveReg]      | 0x16fdfbf50 | 0xfffe000000000000 Int32: 0
[r -3  CalleeSaveReg]      | 0x16fdfbf48 | 0x103030f40        
[r -4  CalleeSaveReg]      | 0x16fdfbf40 | 0x103059770        
[r -5               ]      | 0x16fdfbf38 | 0xa                Undefined
[r -6               ]      | 0x16fdfbf30 | 0xa                Undefined
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
```

The new dump now looks like this:
```
Registers for JS frame 0x16fdfbfe0 (entryFrame 0x16fdfc2d0):
-----------------------------------------------------------------------------
   VirtualRegister     : address      value
---------------------------------------------------- Outgoing Args + Misc ---
------------------------------------------------------------------ Locals ---
  -6                   : 0x16fdfbfb0  0x102038428 Object: 0x102038428 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x300005520:[0x5520/21792, JSGlobalLexicalEnvironment, (0/0, 0/0){}, NonArray, Leaf]), StructureID: 21792
  -5                   : 0x16fdfbfb8  0x102038428 Object: 0x102038428 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x300005520:[0x5520/21792, JSGlobalLexicalEnvironment, (0/0, 0/0){}, NonArray, Leaf]), StructureID: 21792
------------------------------------------------------------ Callee Saves ---
  -4  CalleeSaveReg    : 0x16fdfbfc0  0x102059130 
  -3  CalleeSaveReg    : 0x16fdfbfc8  0x102030f40 
  -2  CalleeSaveReg    : 0x16fdfbfd0  0xfffe000000000000 Int32: 0
  -1  CalleeSaveReg    : 0x16fdfbfd8  0xfffe000000000002 Int32: 2
-------------------------------------------------------- CallFrame Header ---
   0  CallerFrame      : 0x16fdfbfe0  0x16fdfc0a0 
   1  ReturnPC         : 0x16fdfbfe8  0x11a470248 (pac signed 0xff1c00011a470248) 
   2  CodeBlock        : 0x16fdfbff0  0x1050d8580 #D6UySe:[0x1050d8580->0x105099980, LLIntFunctionCall, 644]
   3  Callee           : 0x16fdfbff8  0x10508e100 Object: 0x10508e100 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x3000057c0:[0x57c0/22464, Function, (0/0, 0/0){}, NonArray, Proto:0x1020305a8]), StructureID: 22464
 4.1  ReturnVPC        : 0x16fdfc000  632 (line 20)
 4.2  ArgumentCount    : 0x16fdfc000  5 
--------------------------------------------------------------- Arguments ---
   5  this             : 0x16fdfc008  0x10200e1c8 Object: 0x10200e1c8 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x300008720:[0x8720/34592, JSProxy, (0/0, 0/0){}, NonArray, Proto:0x102011968, Leaf]), StructureID: 34592
   6  arguments[1]     : 0x16fdfc010  0x102038de8 Object: 0x102038de8 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x3000077b0:[0x77b0/30640, Generator, (0/0, 0/0){}, NonArray, Proto:0x102012ae8, Leaf]), StructureID: 30640
   7  arguments[2]     : 0x16fdfc018  0xfffe000000000001 Int32: 1
   8  arguments[3]     : 0x16fdfc020  0x10509c240 Object: 0x10509c240 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x30000b740:[0xb740/46912, Object, (2/6, 0/0){module:0, instance:1}, NonArray, Proto:0x102011968, Leaf]), StructureID: 46912
   9  arguments[4]     : 0x16fdfc028  0xfffe000000000000 Int32: 0
  10  arguments[5]     : 0x16fdfc030  0x1050e0130 Object: 0x1050e0130 with butterfly 0x0(base=0xfffffffffffffff8) (Structure 0x300005c20:[0x5c20/23584, JSLexicalEnvironment, (0/0, 0/0){}, NonArray, Leaf]), StructureID: 23584
--------------------------------------------------------------------- End ---
```

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230119/4cc78fc1/attachment.htm>

More information about the webkit-unassigned mailing list