JFR Cooperative Sampling relies on a trick to reconstruct a sampled frame at the method exit poll instruction, because at that location, the frame has already been popped. The trick takes the frame_size() from the nmethod and subtracts that value from the SafepointBlob sender frames' sp.

With Valhalla's new scalarized and non-scalarized frames and calling conventions, this trick no longer works because the actual frame size is not kept in the nmethod; instead, it is part of the frame itself, on the stack (it's the first word below rbp). The problem for JFR Cooperative Sampling is that, at the time of frame reconstruction, the SafepointBlob stub will have overwritten the sp_inc slot of the popped frame, making frame reconstruction problematic, and next to impossible.

JDK-8368099 provided a workaround for this problem by skipping all sampled frames with the property "needs_stack_repair" and moving directly to the sender frame instead. This results in biased sampling for nearly all samples taken inside frames whose next poll instruction is the method exit return.

A solution must be found that can handle both scalarized and non-scalarized frame layouts.