pythongh-149202: Fix frame pointer unwinding on s390x and ARM

pablogsal · pablogsal · commit 9dcfaa3d8566 · 2026-05-04T14:10:06.000+01:00
-fno-omit-frame-pointer is not enough to make every target walkable by
the simple manual frame pointer unwinder.

On s390x, GCC does not emit a usable backchain unless -mbackchain is
also enabled. Without it, the unwinder stops at the current C frame and
the test reports no Python frames. s390x also keeps the return address
in the caller-provided register save area rather than at fp[1], so read
it from the architecture frame layout.

On 32-bit ARM, GCC defaults to Thumb mode on common armhf toolchains.
The Thumb prologue keeps the saved frame pointer and link register at
offsets that depend on the generated frame, which breaks the fp[0]/fp[1]
walk used by the helper. Use -marm when it is supported for
frame-pointer builds, and teach the helper the GCC ARM-mode saved-fp and
saved-lr slots.
diff --git a/Doc/howto/perf_profiling.rst b/Doc/howto/perf_profiling.rst
@@ -219,7 +219,9 @@ How to obtain the best results
 
 For best results, keep frame pointers enabled. On supported GCC-compatible
 toolchains, CPython builds itself with ``-fno-omit-frame-pointer`` and, when
-available, ``-mno-omit-leaf-frame-pointer`` by default. These flags allow
+available, ``-mno-omit-leaf-frame-pointer`` by default. On 32-bit ARM,
+CPython also adds ``-marm`` when supported. On s390 platforms, CPython also
+adds ``-mbackchain`` when supported. These flags allow
 profilers to unwind using only the frame pointer and not on DWARF debug
 information. This is because as the code that is interposed to allow ``perf``
 support is dynamically generated it doesn't have any DWARF debugging information
diff --git a/Doc/using/configure.rst b/Doc/using/configure.rst
@@ -784,9 +784,11 @@ also be used to improve performance.
 
    Disable frame pointers, which are enabled by default (see :pep:`831`).
 
-   By default, the build appends ``-fno-omit-frame-pointer`` (and
-   ``-mno-omit-leaf-frame-pointer`` when the compiler supports it) to
-   ``BASECFLAGS`` so profilers, debuggers, and system tracing tools
+   By default, the build appends ``-fno-omit-frame-pointer``,
+   ``-mno-omit-leaf-frame-pointer`` when the compiler supports it,
+   ``-marm`` on 32-bit ARM when supported, and ``-mbackchain`` on s390
+   platforms when supported, to ``BASECFLAGS`` so
+   profilers, debuggers, and system tracing tools
    (``perf``, ``eBPF``, ``dtrace``, ``gdb``) can walk the C call stack
    without DWARF metadata. The flags propagate to third-party C
    extensions through :mod:`sysconfig`. On compilers that do not
diff --git a/Doc/whatsnew/3.15.rst b/Doc/whatsnew/3.15.rst
@@ -2305,8 +2305,9 @@ Build changes
   (:pep:`831`). Pass :option:`--without-frame-pointers` to opt out.
   Authors of C extensions and native libraries built with custom build
   systems should add ``-fno-omit-frame-pointer`` and
-  ``-mno-omit-leaf-frame-pointer`` to their own ``CFLAGS`` to keep the
-  unwind chain intact.
+  ``-mno-omit-leaf-frame-pointer`` to their own ``CFLAGS``,
+  ``-marm`` on 32-bit ARM, and ``-mbackchain`` on s390 platforms,
+  to keep the unwind chain intact.
   (Contributed by Pablo Galindo Salgado and Savannah Ostrowski in :gh:`149201`.)
 
 .. _whatsnew315-windows-tail-calling-interpreter:
diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2026-04-05-16-10-00.gh-issue-149202.W8sQeR.rst b/Misc/NEWS.d/next/Core_and_Builtins/2026-04-05-16-10-00.gh-issue-149202.W8sQeR.rst
@@ -1,4 +1,5 @@
 Enable frame pointers by default for GCC-compatible CPython builds, including
-``-mno-omit-leaf-frame-pointer`` when the compiler supports it, so profilers
-and debuggers can unwind native interpreter frames more reliably. Users can pass
+``-mno-omit-leaf-frame-pointer``, ``-marm`` on 32-bit ARM, and ``-mbackchain``
+on s390 platforms when the compiler supports them, so profilers and debuggers
+can unwind native interpreter frames more reliably. Users can pass
 ``--without-frame-pointers`` to opt out.
diff --git a/Modules/_testinternalcapi.c b/Modules/_testinternalcapi.c
@@ -325,6 +325,49 @@ get_jit_backend(PyObject *self, PyObject *Py_UNUSED(args))
 #endif
 }
 
+static int
+next_frame_pointer_is_valid(uintptr_t *frame_pointer, uintptr_t *next_fp,
+                            int stack_grows_down)
+{
+    uintptr_t fp_addr = (uintptr_t)frame_pointer;
+    uintptr_t next_addr = (uintptr_t)next_fp;
+    if (next_addr < min_frame_pointer_addr) {
+        return 0;
+    }
+    if ((next_addr % sizeof(uintptr_t)) != 0) {
+        return 0;
+    }
+    if (stack_grows_down) {
+        return next_addr > fp_addr;
+    }
+    return next_addr < fp_addr;
+}
+
+static uintptr_t *
+next_frame_pointer(uintptr_t *frame_pointer)
+{
+#if defined(__arm__) && !defined(__thumb__) && !defined(__clang__)
+    // GCC ARM mode keeps the saved LR at fp[0] and the caller's fp at fp[-1].
+    return (uintptr_t *)frame_pointer[-1];
+#else
+    return (uintptr_t *)frame_pointer[0];
+#endif
+}
+
+static uintptr_t
+frame_return_address(uintptr_t *frame_pointer)
+{
+#ifdef __s390x__
+    // zSeries stores the return address in the caller-provided register save
+    // area, 14 words above the frame address.
+    return *(uintptr_t *)((char *)frame_pointer + 14 * sizeof(uintptr_t));
+#elif defined(__arm__) && !defined(__thumb__) && !defined(__clang__)
+    return frame_pointer[0];
+#else
+    return frame_pointer[1];
+#endif
+}
+
 static PyObject *
 manual_unwind_from_fp(uintptr_t *frame_pointer)
 {
@@ -348,7 +391,8 @@ manual_unwind_from_fp(uintptr_t *frame_pointer)
         if ((fp_addr % sizeof(uintptr_t)) != 0) {
             break;
         }
-        uintptr_t return_addr = frame_pointer[1];
+        uintptr_t *next_fp = next_frame_pointer(frame_pointer);
+        uintptr_t return_addr = frame_return_address(frame_pointer);
 
         PyObject *addr_obj = PyLong_FromUnsignedLongLong(return_addr);
         if (addr_obj == NULL) {
@@ -362,22 +406,10 @@ manual_unwind_from_fp(uintptr_t *frame_pointer)
         }
         Py_DECREF(addr_obj);
 
-        uintptr_t *next_fp = (uintptr_t *)frame_pointer[0];
-        // Stop if the frame pointer is extremely low.
-        if ((uintptr_t)next_fp < min_frame_pointer_addr) {
+        if (!next_frame_pointer_is_valid(frame_pointer, next_fp,
+                                         stack_grows_down)) {
             break;
         }
-        uintptr_t next_addr = (uintptr_t)next_fp;
-        if (stack_grows_down) {
-            if (next_addr <= fp_addr) {
-                break;
-            }
-        }
-        else {
-            if (next_addr >= fp_addr) {
-                break;
-            }
-        }
         frame_pointer = next_fp;
     }
 
diff --git a/configure b/configure
diff --git a/configure.ac b/configure.ac
@@ -2548,6 +2548,16 @@ AS_VAR_IF([ac_cv_gcc_compat], [yes], [
       AX_CHECK_COMPILE_FLAG([-mno-omit-leaf-frame-pointer], [
         frame_pointer_cflags="$frame_pointer_cflags -mno-omit-leaf-frame-pointer"
       ], [], [-Werror])
+      AS_CASE([$host_cpu], [arm|armv*], [
+        AX_CHECK_COMPILE_FLAG([-marm], [
+          frame_pointer_cflags="$frame_pointer_cflags -marm"
+        ], [], [-Werror])
+      ])
+      AS_CASE([$host_cpu], [s390*], [
+        AX_CHECK_COMPILE_FLAG([-mbackchain], [
+          frame_pointer_cflags="$frame_pointer_cflags -mbackchain"
+        ], [], [-Werror])
+      ])
     ], [], [-Werror])
     if test -n "$frame_pointer_cflags" && test "x$with_frame_pointers" != xno; then
       BASECFLAGS="$frame_pointer_cflags $BASECFLAGS"
