I ran into a GDB crash in gdb.base/bp-cmds-continue-ctrl-c.exp in my
multi-target branch, which turns out exposed a bug that exists in
master too.
That testcase has a breakpoint with a "continue" command associated.
Then the breakpoint is constantly being hit. At the same time, the
testcase is continualy interrupting the program with Ctrl-C, and
re-resuming it, in a loop.
Running that testcase manually under Valgrind, after a few sequences
of 'Ctrl-C' + 'continue', I got:
Breakpoint 1, Quit
(gdb) ==21270== Invalid read of size 8
==21270== at 0x4D8185: pyuw_this_id(frame_info*, void**, frame_id*) (py-unwind.c:461)
==21270== by 0x6D426A: compute_frame_id(frame_info*) (frame.c:505)
==21270== by 0x6D43B7: get_frame_id(frame_info*) (frame.c:537)
==21270== by 0x84F3B8: scoped_restore_current_thread::scoped_restore_current_thread() (thread.c:1678)
==21270== by 0x718E3D: fetch_inferior_event(void*) (infrun.c:4076)
==21270== by 0x7067C9: inferior_event_handler(inferior_event_type, void*) (inf-loop.c:43)
==21270== by 0x45BEF9: handle_target_event(int, void*) (linux-nat.c:4419)
==21270== by 0x6C4255: handle_file_event(file_handler*, int) (event-loop.c:733)
==21270== by 0x6C47F8: gdb_wait_for_event(int) (event-loop.c:859)
==21270== by 0x6C3666: gdb_do_one_event() (event-loop.c:322)
==21270== by 0x6C3712: start_event_loop() (event-loop.c:371)
==21270== by 0x746801: captured_command_loop() (main.c:329)
==21270== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==21270==
==21270==
==21270== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==21270== Access not within mapped region at address 0x0
==21270== at 0x4D8185: pyuw_this_id(frame_info*, void**, frame_id*) (py-unwind.c:461)
==21270== by 0x6D426A: compute_frame_id(frame_info*) (frame.c:505)
==21270== by 0x6D43B7: get_frame_id(frame_info*) (frame.c:537)
==21270== by 0x84F3B8: scoped_restore_current_thread::scoped_restore_current_thread() (thread.c:1678)
==21270== by 0x718E3D: fetch_inferior_event(void*) (infrun.c:4076)
==21270== by 0x7067C9: inferior_event_handler(inferior_event_type, void*) (inf-loop.c:43)
==21270== by 0x45BEF9: handle_target_event(int, void*) (linux-nat.c:4419)
==21270== by 0x6C4255: handle_file_event(file_handler*, int) (event-loop.c:733)
==21270== by 0x6C47F8: gdb_wait_for_event(int) (event-loop.c:859)
==21270== by 0x6C3666: gdb_do_one_event() (event-loop.c:322)
==21270== by 0x6C3712: start_event_loop() (event-loop.c:371)
==21270== by 0x746801: captured_command_loop() (main.c:329)
==21270== If you believe this happened as a result of a stack
==21270== overflow in your program's main thread (unlikely but
==21270== possible), you can try to increase the size of the
==21270== main thread stack using the --main-stacksize= flag.
==21270== The main thread stack size used in this run was 8388608.
==21270==
Above, when we get to compute_frame_id, fi->unwind is non-NULL,
meaning, we found an unwinder, in this case the Python unwinder, but
somehow, fi->prologue_cache is left NULL. pyuw_this_id then crashes
because it assumes fi->prologue_cache is non-NULL:
static void
pyuw_this_id (struct frame_info *this_frame, void **cache_ptr,
struct frame_id *this_id)
{
*this_id = ((cached_frame_info *) *cache_ptr)->frame_id;
^^^^^^^^^^
'*cache_ptr' here is 'fi->prologue_cache'.
There's a quit() call in pyuw_sniffer that I believe is the one that
sometimes triggers the crash above. The crash can be reproduced
easily with this hack to force a quit out of the python unwinder:
--- a/gdb/python/py-unwind.c
+++ b/gdb/python/py-unwind.c
@@ -497,6 +497,8 @@ pyuw_sniffer (const struct frame_unwind *self, struct frame_info *this_frame,
struct gdbarch *gdbarch = (struct gdbarch *) (self->unwind_data);
cached_frame_info *cached_frame;
+ quit ();
+
gdbpy_enter enter_py (gdbarch, current_language);
TRACE_PY_UNWIND (3, "%s (SP=%s, PC=%s)\n", __FUNCTION__,
After that quit is thrown, any subsequent operation that involves
unwinding results in GDB crashing with SIGSEGV like above.
The problem is that this commit:
commit 30a9c02fef
CommitDate: Sun Oct 8 23:16:42 2017 -0600
Subject: Remove cleanup from frame_prepare_for_sniffer
missed that we need to call frame_cleanup_after_sniffer before
rethrowing the exception too.
Without the fix, the "bt" added to
gdb.base/bp-cmds-continue-ctrl-c.exp in this commit makes GDB crash:
Running src/gdb/testsuite/gdb.base/bp-cmds-continue-ctrl-c.exp ...
ERROR: Process no longer exists
gdb/ChangeLog:
2018-02-14 Pedro Alves <palves@redhat.com>
* frame-unwind.c (frame_unwind_try_unwinder): Always call
frame_cleanup_after_sniffer on exception.
gdb/testsuite/ChangeLog:
2018-02-14 Pedro Alves <palves@redhat.com>
* gdb.base/bp-cmds-continue-ctrl-c.exp (do_test): Test "bt" after
getting a "Quit".
This constifies the bfd_open method of struct target_so_ops.
gdb/ChangeLog
2018-02-14 Tom Tromey <tom@tromey.com>
* solist.h (struct target_so_ops) <bfd_open>: Make pathname
const.
(solib_bfd_open): Make pathname const.
* solib.c (solib_bfd_open): Make pathname const.
* solib-spu.c (spu_bfd_fopen): Make name const.
(spu_bfd_open): Make pathname const.
* solib-darwin.c (darwin_bfd_open): Make pathname const.
* solib-aix.c (solib_aix_bfd_open): Make pathname const.
This changes openp, source_full_path_of, and find_and_open_source to
take a unique_xmalloc_ptr, rather than a char*, as an outgoing
argument type. This simplifies the API, ownership-wise, and allows
for the removal of some cleanups.
gdb/ChangeLog
2018-02-14 Tom Tromey <tom@tromey.com>
* symfile.c (symfile_bfd_open): Update.
* source.h (openp, source_full_path_of, find_and_open_source):
Change argument type to unique_xmalloc_ptr.
* source.c (openp): Take a unique_xmalloc_ptr.
(source_full_path_of, find_and_open_source): Likewise.
(open_source_file, symtab_to_fullname): Update.
* solist.h (struct target_so_ops) <find_and_open_solib>: Take a
unique_xmalloc_ptr.
* solib.c (solib_find_1): Use unique_xmalloc_ptr.
(exec_file_find): Update.
* psymtab.c (psymtab_to_fullname): Update.
* nto-tdep.h (nto_find_and_open_solib): Update.
* nto-tdep.c (nto_find_and_open_solib): Change temp_path to a
unique_xmalloc_ptr.
* exec.c (exec_file_attach): Update.
* dwarf2read.c (try_open_dwop_file): Use unique_xmalloc_ptr.
* cli/cli-cmds.c (find_and_open_script): Use unique_xmalloc_ptr.
I noticed a few declarations in defs.h that really could be put into
source.h. I think it's generally preferable to something out of
defs.h unless it is needed by most of the files in gdb.
gdb/ChangeLog
2018-02-14 Tom Tromey <tom@tromey.com>
* solib.c: Include source.h.
* nto-tdep.c: Include source.h.
* mi/mi-cmd-env.c: Include source.h.
* infcmd.c: Include source.h.
* exec.c: Include source.h.
* defs.h (enum openp_flag, openp, source_full_path_of, mod_path)
(add_path, directory_switch, source_path, init_source_path): Move
declarations...
* source.h (enum openp_flag, openp, source_full_path_of, mod_path)
(add_path, directory_switch, source_path, init_source_path):
...here.
This changes a couple of solib.c functions -- exec_file_find and
solib_find -- to return a unique_xmalloc_ptr, and then fixes up the
users. This allows the removal of some cleanups.
This also changes solib_bfd_open to not take ownership of its
argument. I think this change is somewhat cleaner.
gdb/ChangeLog
2018-02-14 Tom Tromey <tom@tromey.com>
* solist.h (exec_file_find, solib_find): Return
unique_xmalloc_ptr.
(solib_bfd_fopen): Take a const char *.
* solib.c (solib_find_1): Return unique_xmalloc_ptr.
(exec_file_find, solib_find): Likewise.
(solib_bfd_fopen): Do not take ownership of "pathname".
(solib_bfd_open): Use unique_xmalloc_ptr.
* solib-darwin.c (darwin_bfd_open): Use unique_xmalloc_ptr.
* solib-aix.c (solib_aix_bfd_open): Use unique_xmalloc_ptr.
* infrun.c (follow_exec): Use unique_xmalloc_ptr.
* exec.c (exec_file_locate_attach): Use unique_xmalloc_ptr.
Since PLT in PDE and PC-relative PLT in PIE can be used as function
address, there is no need for dynamic PC-relative relocation against
a dynamic function definition in PIE. Linker should resolve PC-relative
reference to its PLT address.
NB: i386 has non-PIC PLT and PIC PLT. Only non-PIC PLT in PDE can
be used as function address. PIC PLT in PIE can't be used as
function address.
bfd/
PR ld/22842
* elf32-i386.c (elf_i386_check_relocs): Pass FALSE for non
PC-relative PLT to NEED_DYNAMIC_RELOCATION_P.
* elf64-x86-64.c (elf_x86_64_check_relocs): Create PLT for
R_X86_64_PC32 reloc against dynamic function in data section.
Pass TRUE for PC-relative PLT to NEED_DYNAMIC_RELOCATION_P.
(elf_x86_64_relocate_section): Use PLT for R_X86_64_PC32 reloc
against dynamic function in data section.
* elfxx-x86.c (elf_x86_allocate_dynrelocs): Use PLT in PIE as
function address only if pcrel_plt is true.
(_bfd_x86_elf_link_hash_table_create): Set pcrel_plt.
* elfxx-x86.h (NEED_DYNAMIC_RELOCATION_P): Add PCREL_PLT for
PC-relative PLT. If PLT is PC-relative, don't generate dynamic
PC-relative relocation against a function definition in data
secton in PIE. Remove the obsolete comments.
(elf_x86_link_hash_table): Add pcrel_plt.
ld/
PR ld/22842
* testsuite/ld-i386/i386.exp: Run PR ld/22842 tests.
* testsuite/ld-x86-64/x86-64.exp: Likewise.
* testsuite/ld-i386/pr22842a.c: New file.
* testsuite/ld-i386/pr22842b.S: Likewise.
* testsuite/ld-x86-64/pr22842a.c: Likewise.
* testsuite/ld-x86-64/pr22842a.rd: Likewise.
* testsuite/ld-x86-64/pr22842b.S: Likewise.
* testsuite/ld-x86-64/pr22842b.rd: Likewise.
This function was deleted on 2017-11-08, but its declaration and
a reference to it in a comment was left behind. This patch just
removes those.
gdb/ChangeLog:
* ada-lang.c (name_match_type_from_name): Remove reference to
ada_name_for_lookup in function's documentation.
* ada-lang.h (ada_name_for_lookup): Delete declaration.
Tested by rebuilding GDB.
Complement commit d4e5e3c330 ("Use getopt instead of lex and yacc to
parse the command line.") and remove a stale `ldlex_command' prototype
for an inexistent function removed back in 1994.
ld/
* ldlex.h (ldlex_command): Remove prototype.
They should be pr22393-3a.so and pr22393-3a-now.so, not pr22393-2a.so
and pr22393-2a-now.so. Since ld-elf/shared.exp creates pr22393-2a.so
and pr22393-2a-now.so, we won't notice the problem if x86-64.exp runs
after ld-elf/shared.exp.
* testsuite/ld-x86-64/x86-64.exp: Replace pr22393-2a.so and
pr22393-2a-now.so with pr22393-3a.so and pr22393-3a-now.so.
If a symbol is not defined in a regular file, and we are not generating
a shared library, then set the symbol to its location in the .plt. This
is required to make function pointers compare as equal between the normal
executable and the shared library.
* elfxx-x86.c (elf_x86_allocate_dynrelocs): Check bfd_link_dll,
instead of bfd_link_pic, for building shared library.
For jumps requiring multiple trampolines trampoline placement code may
place multiple sequential trampolines into the same frag. Don't do that.
gas/
2018-02-13 Max Filippov <jcmvbkbc@gmail.com>
* config/tc-xtensa.c (xg_find_best_trampoline): Skip trampoline
frag that contains source address.
gdb/ChangeLog:
* defs.h (enum openp_flags): New enum.
(OPF_TRY_CWD_FIRST, OPF_SEARCH_IN_PATH, OPF_RETURN_REALPATH):
Move to enum openp_flags.
(openp_flags): New enum flags.
(openp): Change parameter type to openp_flags.
* source.c (openp): Change parameter type to openp_flags.
* cli/cli-cmds.c (find_and_open_script): Use openp_flags.
* dwarf2read.c (try_open_dwop_file): Use openp_flags.
PR 22773
* config/tc-arm.c (md_apply_fix): Test Rn field of Thumb ORR
instruction before assuming that it is a MOV instruction.
* testsuite/gas/arm/pr22773.s: New test.
* testsuite/gas/arm/pr22773.d: New test driver.
* testsuite/gas/arm/pr22773.l: New expected output.
Since there is no need to prepare for PLT branch on x86-64, generate
R_X86_64_PLT32, instead of R_X86_64_PC32, if possible, which can be
used as a marker for 32-bit PC-relative branches.
To compile Linux kernel, this patch:
From: "H.J. Lu" <hjl.tools@gmail.com>
Subject: [PATCH] x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
On i386, there are 2 types of PLTs, PIC and non-PIC. PIE and shared
objects must use PIC PLT. To use PIC PLT, you need to load
_GLOBAL_OFFSET_TABLE_ into EBX first. There is no need for that on
x86-64 since x86-64 uses PC-relative PLT.
On x86-64, for 32-bit PC-relative branches, we can generate PLT32
relocation, instead of PC32 relocation, which can also be used as
a marker for 32-bit PC-relative branches. Linker can always reduce
PLT32 relocation to PC32 if function is defined locally. Local
functions should use PC32 relocation. As far as Linux kernel is
concerned, R_X86_64_PLT32 can be treated the same as R_X86_64_PC32
since Linux kernel doesn't use PLT.
is needed. It is available on hjl/plt32/master branch at
https://github.com/hjl-tools/linux
bfd/
PR gas/22791
* elf64-x86-64.c (is_32bit_relative_branch): Removed.
(elf_x86_64_relocate_section): Check PIC relocations in PIE.
Remove is_32bit_relative_branch usage. Disallow PC32 reloc
against protected function in shared object.
gas/
PR gas/22791
* config/tc-i386.c (need_plt32_p): New function.
(output_jump): Generate BFD_RELOC_X86_64_PLT32 if possible.
(md_estimate_size_before_relax): Likewise.
* testsuite/gas/i386/reloc64.d: Updated.
* testsuite/gas/i386/x86-64-jump.d: Likewise.
* testsuite/gas/i386/x86-64-mpx-branch-1.d: Likewise.
* testsuite/gas/i386/x86-64-mpx-branch-2.d: Likewise.
* testsuite/gas/i386/x86-64-relax-2.d: Likewise.
* testsuite/gas/i386/x86-64-relax-3.d: Likewise.
* testsuite/gas/i386/ilp32/reloc64.d: Likewise.
* testsuite/gas/i386/ilp32/x86-64-branch.d: Likewise.
ld/
PR gas/22791
* testsuite/ld-x86-64/mpx1c.rd: Updated.
* testsuite/ld-x86-64/pr22791-1.err: New file.
* testsuite/ld-x86-64/pr22791-1a.c: Likewise.
* testsuite/ld-x86-64/pr22791-1b.s: Likewise.
* testsuite/ld-x86-64/pr22791-2.rd: Likewise.
* testsuite/ld-x86-64/pr22791-2a.s: Likewise.
* testsuite/ld-x86-64/pr22791-2b.c: Likewise.
* testsuite/ld-x86-64/pr22791-2c.s: Likewise.
* testsuite/ld-x86-64/x86-64.exp: Run PR ld/22791 tests.
Remove an LD subdirectory configuration error:
*** ld does not support target wasm32-unknown-none
*** see ld/configure.tgt for supported targets
make[1]: *** [configure-ld] Error 1
which prevents binutils for the WebAssembly target from being built
unless an explicit `--disable-ld' configuration option has been given.
Users must not have to disable features selected by default to get a
working configuration.
/
* configure.ac <wasm32-*-*> (noconfigdirs): Add `ld'.
* configure: Regenerate.
Remove `-Wshadow' compilation errors:
cc1: warnings being treated as errors
.../bfd/wasm-module.c: In function 'wasm_scan_name_function_section':
.../bfd/wasm-module.c:312: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:303: error: shadowed declaration is here
.../bfd/wasm-module.c: In function 'wasm_register_section':
.../bfd/wasm-module.c:494: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:303: error: shadowed declaration is here
.../bfd/wasm-module.c: In function 'wasm_compute_custom_section_file_position':
.../bfd/wasm-module.c:523: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:303: error: shadowed declaration is here
and:
cc1: warnings being treated as errors
.../opcodes/wasm32-dis.c: In function 'print_insn_wasm32':
.../opcodes/wasm32-dis.c:272: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:303: error: shadowed declaration is here
make[4]: *** [wasm32-dis.lo] Error 1
which for versions of GCC before 4.8 prevent support for the WebAssembly
target from being built. See also GCC PR c/53066.
bfd/
* wasm-module.c (wasm_scan_name_function_section): Rename
`index' local variable to `idx'.
opcodes/
* wasm32-dis.c (print_insn_wasm32): Rename `index' local
variable to `function_index'.
Correct a duplicate `Loongson-3A tests' GAS test name introduced with
commit 9867540240 ("Add Loongson3A specific instructions"),
<https://sourceware.org/ml/binutils/2010-12/msg00447.html>, shared
between gas/testsuite/gas/mips/loongson-3a.d and
gas/testsuite/gas/mips/loongson-3a-2.d.
gas/
* testsuite/gas/mips/loongson-3a-2.d: Rename test.
This fixes the case where all of a group is removed with ld -r, the
situation in the PR, and failures where part of a group is removed
that contain relocs.
bfd/
PR 22836
* elf.c (_bfd_elf_fixup_group_sections): Account for removed
relocation sections. If size reduces to just the flag word,
remove that too and mark with SEC_EXCLUDE.
* elflink.c (bfd_elf_final_link): Strip empty group sections.
binutils/
* testsuite/binutils-all/group-7.s,
* testsuite/binutils-all/group-7a.d,
* testsuite/binutils-all/group-7b.d,
* testsuite/binutils-all/group-7c.d: New tests.
* testsuite/binutils-all/objcopy.exp: Run them.
ld/
* testsuite/ld-elf/pr22836-2.d,
* testsuite/ld-elf/pr22836-2.s: New test.
lld lays out the relro segment differently to GNU ld, not bothering to
include the first few bytes of .got.plt and padding out to a page at
the end of the segment. This patch teaches binutils to recognize the
different (and somewhat inferior) layout as valid.
bfd/
PR 22829
* elf.c (assign_file_positions_for_non_load_sections): Rewrite
PT_GNU_RELRO setup.
ld/
* testsuite/ld-x86-64/pr14207.d: Adjust relro p_filesz.
I noticed this:
(gdb) apropos per-command
maintenance set per-command -- Per-command statistics settings
set per-command space -- Set whether to display per-command space usage
set per-command symtab -- Set whether to display per-command symtab statistics
set per-command time -- Set whether to display per-command execution time
maintenance show per-command -- Show per-command statistics settings
show per-command space -- Show whether to display per-command space usage
show per-command symtab -- Show whether to display per-command symtab statistics
show per-command time -- Show whether to display per-command execution time
The subcommands of "maintenance set per-command" are missing the
maintenance keyword. This is because that command is registered with
the wrong prefix. This patch fixes that.
gdb/ChangeLog:
* maint.c (_initialize_maint_cmds): Fix prefix of maint set/show
per-command.
When running the test gdb.dwarf2/dw2-bad-parameter-type.exp under
valgrind, I see the following issue reported (on x86-64 Fedora):
(gdb) ptype f
==5203== Invalid read of size 1
==5203== at 0x6931FE: process_die_scope::~process_die_scope() (dwarf2read.c:10642)
==5203== by 0x66818F: process_die(die_info*, dwarf2_cu*) (dwarf2read.c:10664)
==5203== by 0x66A01F: read_file_scope(die_info*, dwarf2_cu*) (dwarf2read.c:11650)
==5203== by 0x667F2D: process_die(die_info*, dwarf2_cu*) (dwarf2read.c:10672)
==5203== by 0x6677B6: process_full_comp_unit(dwarf2_per_cu_data*, language) (dwarf2read.c:10445)
==5203== by 0x66657A: process_queue(dwarf2_per_objfile*) (dwarf2read.c:9945)
==5203== by 0x6559B4: dw2_do_instantiate_symtab(dwarf2_per_cu_data*) (dwarf2read.c:3163)
==5203== by 0x66683D: psymtab_to_symtab_1(partial_symtab*) (dwarf2read.c:10034)
==5203== by 0x66622A: dwarf2_read_symtab(partial_symtab*, objfile*) (dwarf2read.c:9811)
==5203== by 0x787984: psymtab_to_symtab(objfile*, partial_symtab*) (psymtab.c:792)
==5203== by 0x786E3E: psym_lookup_symbol(objfile*, int, char const*, domain_enum_tag) (psymtab.c:522)
==5203== by 0x804BD0: lookup_symbol_via_quick_fns(objfile*, int, char const*, domain_enum_tag) (symtab.c:2383)
==5203== Address 0x147ed063 is 291 bytes inside a block of size 4,064 free'd
==5203== at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==5203== by 0x444415: void xfree<void>(void*) (common-utils.h:60)
==5203== by 0x9DA8C2: call_freefun (obstack.c:103)
==5203== by 0x9DAD35: _obstack_free (obstack.c:280)
==5203== by 0x44464C: auto_obstack::~auto_obstack() (gdb_obstack.h:73)
==5203== by 0x68AFB0: dwarf2_cu::~dwarf2_cu() (dwarf2read.c:25080)
==5203== by 0x68B204: free_one_cached_comp_unit(dwarf2_per_cu_data*) (dwarf2read.c:25174)
==5203== by 0x66668C: dwarf2_release_queue(void*) (dwarf2read.c:9982)
==5203== by 0x563A4C: do_my_cleanups(cleanup**, cleanup*) (cleanups.c:154)
==5203== by 0x563AA7: do_cleanups(cleanup*) (cleanups.c:176)
==5203== by 0x5646CE: throw_exception_cxx(gdb_exception) (common-exceptions.c:289)
==5203== by 0x5647B7: throw_exception(gdb_exception) (common-exceptions.c:317)
==5203== Block was alloc'd at
==5203== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==5203== by 0x564BE8: xmalloc (common-utils.c:44)
==5203== by 0x9DA872: call_chunkfun (obstack.c:94)
==5203== by 0x9DA935: _obstack_begin_worker (obstack.c:141)
==5203== by 0x9DAA3C: _obstack_begin (obstack.c:164)
==5203== by 0x4445E0: auto_obstack::auto_obstack() (gdb_obstack.h:70)
==5203== by 0x68AE07: dwarf2_cu::dwarf2_cu(dwarf2_per_cu_data*) (dwarf2read.c:25073)
==5203== by 0x661A8A: init_cutu_and_read_dies(dwarf2_per_cu_data*, abbrev_table*, int, int, void (*)(die_reader_specs const*, unsigned char const*, die_info*, int, void*), void*) (dwarf2read.c:7869)
==5203== by 0x666A29: load_full_comp_unit(dwarf2_per_cu_data*, language) (dwarf2read.c:10108)
==5203== by 0x655847: load_cu(dwarf2_per_cu_data*) (dwarf2read.c:3120)
==5203== by 0x655928: dw2_do_instantiate_symtab(dwarf2_per_cu_data*) (dwarf2read.c:3148)
==5203== by 0x66683D: psymtab_to_symtab_1(partial_symtab*) (dwarf2read.c:10034)
There's actually a series of three issues reported, but it turns out
they're all related, so we can consider on the first one.
The invalid read is triggered from a destructor which is being invoked
as part of a stack unwind after throwing an error. At the time the
error is thrown, the stack looks like this:
#0 0x00000000009f4ecd in __cxa_throw ()
#1 0x0000000000564761 in throw_exception_cxx (exception=...) at ../../src/gdb/common/common-exceptions.c:303
#2 0x00000000005647b8 in throw_exception (exception=...) at ../../src/gdb/common/common-exceptions.c:317
#3 0x00000000005648ff in throw_it(return_reason, errors, const char *, typedef __va_list_tag __va_list_tag *) (reason=RETURN_ERROR,
error=GENERIC_ERROR, fmt=0xb33020 "Dwarf Error: Cannot find DIE at 0x%x referenced from DIE at 0x%x [in module %s]",
ap=0x7fff387f2d68) at ../../src/gdb/common/common-exceptions.c:373
#4 0x0000000000564929 in throw_verror (error=GENERIC_ERROR,
fmt=0xb33020 "Dwarf Error: Cannot find DIE at 0x%x referenced from DIE at 0x%x [in module %s]", ap=0x7fff387f2d68)
at ../../src/gdb/common/common-exceptions.c:379
#5 0x0000000000867be4 in verror (string=0xb33020 "Dwarf Error: Cannot find DIE at 0x%x referenced from DIE at 0x%x [in module %s]",
args=0x7fff387f2d68) at ../../src/gdb/utils.c:251
#6 0x000000000056879d in error (fmt=0xb33020 "Dwarf Error: Cannot find DIE at 0x%x referenced from DIE at 0x%x [in module %s]")
at ../../src/gdb/common/errors.c:43
#7 0x0000000000686875 in follow_die_ref (src_die=0x30bc8a0, attr=0x30bc8c8, ref_cu=0x7fff387f2ed0) at ../../src/gdb/dwarf2read.c:22969
#8 0x00000000006844cd in lookup_die_type (die=0x30bc8a0, attr=0x30bc8c8, cu=0x30bc5d0) at ../../src/gdb/dwarf2read.c:21976
#9 0x0000000000683f27 in die_type (die=0x30bc8a0, cu=0x30bc5d0) at ../../src/gdb/dwarf2read.c:21832
#10 0x0000000000679b39 in read_subroutine_type (die=0x30bc830, cu=0x30bc5d0) at ../../src/gdb/dwarf2read.c:17343
#11 0x00000000006845fb in read_type_die_1 (die=0x30bc830, cu=0x30bc5d0) at ../../src/gdb/dwarf2read.c:22035
#12 0x0000000000684576 in read_type_die (die=0x30bc830, cu=0x30bc5d0) at ../../src/gdb/dwarf2read.c:22010
#13 0x000000000067003f in read_func_scope (die=0x30bc830, cu=0x30bc5d0) at ../../src/gdb/dwarf2read.c:13822
#14 0x0000000000667f5e in process_die (die=0x30bc830, cu=0x30bc5d0) at ../../src/gdb/dwarf2read.c:10679
#15 0x000000000066a020 in read_file_scope (die=0x30bc720, cu=0x30bc5d0) at ../../src/gdb/dwarf2read.c:11650
#16 0x0000000000667f2e in process_die (die=0x30bc720, cu=0x30bc5d0) at ../../src/gdb/dwarf2read.c:10672
#17 0x00000000006677b7 in process_full_comp_unit (per_cu=0x3089b80, pretend_language=language_minimal)
at ../../src/gdb/dwarf2read.c:10445
#18 0x000000000066657b in process_queue (dwarf2_per_objfile=0x30897d0) at ../../src/gdb/dwarf2read.c:9945
#19 0x00000000006559b5 in dw2_do_instantiate_symtab (per_cu=0x3089b80) at ../../src/gdb/dwarf2read.c:3163
#20 0x000000000066683e in psymtab_to_symtab_1 (pst=0x3089bd0) at ../../src/gdb/dwarf2read.c:10034
#21 0x000000000066622b in dwarf2_read_symtab (self=0x3089bd0, objfile=0x3073f40) at ../../src/gdb/dwarf2read.c:9811
#22 0x0000000000787985 in psymtab_to_symtab (objfile=0x3073f40, pst=0x3089bd0) at ../../src/gdb/psymtab.c:792
#23 0x0000000000786e3f in psym_lookup_symbol (objfile=0x3073f40, block_index=1, name=0x30b2e30 "f", domain=VAR_DOMAIN)
at ../../src/gdb/psymtab.c:522
#24 0x0000000000804bd1 in lookup_symbol_via_quick_fns (objfile=0x3073f40, block_index=1, name=0x30b2e30 "f", domain=VAR_DOMAIN)
at ../../src/gdb/symtab.c:2383
#25 0x0000000000804fe4 in lookup_symbol_in_objfile (objfile=0x3073f40, block_index=1, name=0x30b2e30 "f", domain=VAR_DOMAIN)
at ../../src/gdb/symtab.c:2558
#26 0x0000000000805125 in lookup_static_symbol (name=0x30b2e30 "f", domain=VAR_DOMAIN) at ../../src/gdb/symtab.c:2595
#27 0x0000000000804357 in lookup_symbol_aux (name=0x30b2e30 "f", match_type=symbol_name_match_type::FULL, block=0x0,
domain=VAR_DOMAIN, language=language_c, is_a_field_of_this=0x0) at ../../src/gdb/symtab.c:2105
#28 0x0000000000803ad9 in lookup_symbol_in_language (name=0x30b2e30 "f", block=0x0, domain=VAR_DOMAIN, lang=language_c,
is_a_field_of_this=0x0) at ../../src/gdb/symtab.c:1887
#29 0x0000000000803b53 in lookup_symbol (name=0x30b2e30 "f", block=0x0, domain=VAR_DOMAIN, is_a_field_of_this=0x0)
at ../../src/gdb/symtab.c:1899
#30 0x000000000053b246 in classify_name (par_state=0x7fff387f6090, block=0x0, is_quoted_name=false, is_after_structop=false)
at ../../src/gdb/c-exp.y:2879
#31 0x000000000053b7e9 in c_yylex () at ../../src/gdb/c-exp.y:3083
#32 0x000000000053414a in c_yyparse () at c-exp.c:1903
#33 0x000000000053c2e7 in c_parse (par_state=0x7fff387f6090) at ../../src/gdb/c-exp.y:3255
#34 0x0000000000774a02 in parse_exp_in_context_1 (stringptr=0x7fff387f61c0, pc=0, block=0x0, comma=0, void_context_p=0, out_subexp=0x0)
at ../../src/gdb/parse.c:1213
#35 0x000000000077476a in parse_exp_in_context (stringptr=0x7fff387f61c0, pc=0, block=0x0, comma=0, void_context_p=0, out_subexp=0x0)
at ../../src/gdb/parse.c:1115
#36 0x0000000000774714 in parse_exp_1 (stringptr=0x7fff387f61c0, pc=0, block=0x0, comma=0) at ../../src/gdb/parse.c:1106
#37 0x0000000000774c53 in parse_expression (string=0x27ff996 "f") at ../../src/gdb/parse.c:1253
#38 0x0000000000861dc4 in whatis_exp (exp=0x27ff996 "f", show=1) at ../../src/gdb/typeprint.c:472
#39 0x00000000008620d8 in ptype_command (type_name=0x27ff996 "f", from_tty=1) at ../../src/gdb/typeprint.c:561
#40 0x000000000047430b in do_const_cfunc (c=0x3012010, args=0x27ff996 "f", from_tty=1) at ../../src/gdb/cli/cli-decode.c:106
#41 0x000000000047715e in cmd_func (cmd=0x3012010, args=0x27ff996 "f", from_tty=1) at ../../src/gdb/cli/cli-decode.c:1886
#42 0x00000000008431bb in execute_command (p=0x27ff996 "f", from_tty=1) at ../../src/gdb/top.c:630
#43 0x00000000006bf946 in command_handler (command=0x27ff990 "ptype f") at ../../src/gdb/event-top.c:583
#44 0x00000000006bfd12 in command_line_handler (rl=0x30bb3a0 "\240\305\v\003") at ../../src/gdb/event-top.c:774
The problem is that in `process_die` (frames 14 and 16) we create a
`process_die_scope` object, that takes a copy of the `struct
dwarf2_cu *` passed into the frame. The destructor of the
`process_die_scope` dereferences the stored pointer. This wouldn't be
an issue, except...
... in dw2_do_instantiate_symtab (frame 19) a clean up was registered that
clears the dwarf2_queue in case of an error. Part of this clean up
involves deleting the `struct dwarf2_cu`s referenced from the queue..
The problem then, is that cleanups are processed at the site of the
throw, while, class destructors are invoked as we unwind their frame.
The result is that we process the frame 19 cleanup (and delete the
struct dwarf2_cu) before we process the destructors in frames 14 and 16.
When we do get back to frames 14 and 16 the objects being references
have already been deleted.
The solution is to remove the cleanup from dw2_do_instantiate_symtab, and
instead use a destructor to release the dwarf2_queue instead. With this
patch in place, the valgrind errors are now resolved.
gdb/ChangeLog:
* dwarf2read.c (dwarf2_release_queue): Delete function, move body
into...
(class dwarf2_queue_guard): ...the destructor of this new class.
(dw2_do_instantiate_symtab): Create instance of the new class
dwarf2_queue_guard, remove cleanup.
Correct a commit 2d6dda7161 ("MIPS/BFD: Correctly report unsupported
`.reginfo' section size") issue and avoid a GAS test failure:
regexp_diff match failure
regexp "^.*: Incorrect `\.reginfo' section size; expected 24, got 28$"
line "../as-new: dump.o: Incorrect `.reginfo' section size; expected 24, got 32"
FAIL: MIPS assembled .reginfo section size (n32)
on MIPS targets other than bare-metal ones. The reason for this failure
is section padding to alignment, done in `size_seg'. For n32 `.reginfo'
the section alignment is set to 3, and therefore the section is padded
to a multiple of 8, except for bare-metal targets, for which padding is
unconditionally disabled in `md_section_align'.
Use `--no-pad-sections' then to disable padding for all targets, so that
the size of `.reginfo' is always the same, matching the message pattern.
gas/
* testsuite/gas/mips/reginfo-2-n32.d: Add `--no-pad-sections' to
`as' flags.
The instruction encoding for the MIPS r6 sigrie instruction seems to be
incorrect. It's currently 0x4170xxxx (which overlaps with ei, di, evp,
and dvp), but should be 0x0417xxxx. See ISA reference[1][2].
References:
[1] "MIPS Architecture for Programmers Volume II-A: The MIPS32
Instruction Set Manual", Imagination Technologies, Inc., Document
Number: MD00086, Revision 6.06, December 15, 2016, Table A.4 "MIPS32
REGIMM Encoding of rt Field", p. 452
[2] "MIPS Architecture For Programmers Volume II-A: The MIPS64
Instruction Set Reference Manual", Imagination Technologies, Inc.,
Document Number: MD00087, Revision 6.06, December 15, 2016, Table
A.4 "MIPS64 REGIMM Encoding of rt Field", p. 581
opcodes/
* mips-opc.c (mips_builtin_opcodes): Correct "sigrie" encoding.
gas/
* testsuite/gas/mips/r6.d: Update for "sigrie" encoding fix.
* testsuite/gas/mips/r6-n32.d: Likewise.
* testsuite/gas/mips/r6-n64.d: Likewise.
See email thread starting here: https://www.sourceware.org/ml/binutils/2018-01/msg00001.html
include * coff/msdos.h: New header.
* coff/pe.h: Move common defines to msdos.h.
* coff/powerpc.h: Likewise.
bfd * i386msdos.c (msdos_mkobject); New function.
(msdos_object_p): New function.
(i386_msdos_vec): Use msdos_object_p as the check_format
function.
* peicode.h: Rename external_PEI_DOS_hdr, DOSMAGIC, and
NT_SIGNATURE to external_DOS_hdr, IMAGE_DOS_SIGNATURE, and
IMAGE_NT_SIGNATURE.
* peXXigen.c: Likewise.
* coff-ia64.c: Likewise.
There are 2 failures left in the linker testsuite on SPARC64/Linux and
they are caused by 2 different issues leading to the same end effect:
the overflow of the relocation section for the GOT, i.e. the linker
generates too many dynamic relocations for the GOT wrt the size of the
relocation section, leading to memory corruption and missing relocations
in the final binary.
The first issue was introduced by:
https://sourceware.org/ml/binutils/2017-06/msg00368.html
which makes the linker generate more R_SPARC_RELATIVE relocations for
the GOT without adjusting the size of the relocation section. This is
fixed by (1) preventively adjusting this size in allocate_dynrelocs and
(2) generating R_SPARC_NONE if needed when R_SPARC_GOTDATA_OP is relaxed.
The second issue is that we generate a GOT relocation for an undefined
weak symbol with non-default visibility in a PIC binary without accounting
for that in the size of the relocation section. Since the address of the
symbol should resolve to 0 at run time, it is fixed by not generating the
relocation at all, i.e. leaving the GOT entry zeroed.
bfd/
* elfxx-sparc.c (UNDEFINED_WEAK_RESOLVED_TO_ZERO): Reorder conditions.
(sparc_elf_append_rela): Assert that there is enough room in section.
(_bfd_sparc_elf_copy_indirect_symbol): Fix formatting.
(_bfd_sparc_elf_adjust_dynamic_symbol): Minor tweak.
(allocate_dynrelocs): Remove outdated comments and reorder conditions.
For a symbol subject to a GOT relocation, reserve a slot in the
relocation section if the symbol isn't dynamic and we are in PIC mode.
(_bfd_sparc_elf_relocate_section) <R_SPARC_GOTDATA_OP>: If relocation
is relaxed and a slot was reserved, generate a R_SPARC_NONE relocation.
<R_SPARC_GOTDATA_OP_HIX22>: Adjust comments.
<R_SPARC_PC10>: Reorder conditions. Remove always-false assertion.
(_bfd_sparc_elf_finish_dynamic_symbol): Rename local_undefweak into
resolved_to_zero. Do not generate a dynamic GOT relocation for an
undefined weak symbol with non-default visibility. Remove superfluous
'else' and fix formatting.
An earlier change made find_source_lines read:
end = &data[size];
However, since 'size' is the size of the vector, this seems fishy.
More obviously ok is to compute the end of the data directly:
end = data.data () + size;
2018-02-09 Tom Tromey <tom@tromey.com>
* source.c (find_source_lines): Don't reference past the end of
the vector.
One recurring error on Debian systems is that the default perf_event_paranoid
setting disables the perf_event interface for user-space.
Check the current level and point the user to the file.
gdb/
* nat/linux-btrace.c (diagnose_perf_event_open_fail): New.
(linux_enable_pt, linux_enable_bts): Call
diagnose_perf_event_open_fail.
Improve the error message when GDB fails to start recording branch trace.
This patch also removes a zero buffer size check for PT to align with BTS. The
buffer size can not be configured to be zero.
gdb/
* nat/linux-btrace.c (perf_event_pt_event_type): Improve error message.
Remove parameter and change return type. Update callers. Move it.
(linux_enable_bts, linux_enable_pt): Improve error message.
(linux_enable_pt): Remove zero buffer size check.
(linux_enable_btrace): Improve error messages. Remove NULL return
check.
Remove the to_supports_btrace target method and instead rely on detecting errors
when trying to enable recording. This will also provide a suitable error
message explaining why recording is not possible.
For remote debugging, gdbserver will now always advertise branch tracing related
packets. When talking to an older GDB, this will cause GDB to try to enable
branch tracing and gdbserver to report a suitable error message every time.
An older gdbserver will not advertise branch tracing related packets if the
one-time check failed, so a newer GDB with this patch will fail to enable branch
tracing at remote_enable_btrace() rather than at btrace_enable(). The error
message is the same in both cases so there should be no user-visible change.
gdb/
* btrace.c (btrace_enable): Remove target_supports_btrace call.
* nat/linux-btrace.c (perf_event_pt_event_type): Move.
(kernel_supports_bts, kernel_supports_pt, linux_supports_bts)
(linux_supports_pt, linux_supports_btrace): Remove.
(linux_enable_bts): Call cpu_supports_bts.
* nat/linux-btrace.h (linux_supports_btrace): Remove.
* remote.c (remote_supports_btrace): Remove.
(init_remote_ops): Remove remote_supports_btrace.
* target-delegates.c: Regenerated.
* target.c (target_supports_btrace): Remove.
* target.h (target_ops) <to_supports_btrace>: Remove
(target_supports_btrace): Remove.
* x86-linux-nat.c (x86_linux_create_target): Remove
linux_supports_btrace.
gdbserver/
* linux-low.c (linux_target_ops): Remove linux_supports_btrace.
* nto-low.c (nto_target_ops): Remove NULL for supports_btrace.
* spu-low.c (spu_target_ops): Likewise.
* win32-low.c (win32_target_ops): Likewise.
* server.c (supported_btrace_packets): Report packets unconditionally.
* target.h (target_ops) <supports_btrace>: Remove.
(target_supports_btrace): Remove.
Change error reporting to use exceptions and be prepared to catch them in
gdbserver. We use the exception message in our error reply to GDB.
This may remove some detail from the error message in the native case since
errno is no longer printed. Later patches will improve that.
We're still using error strings on the RSP level. This patch does not affect
the interoperability of older/newer GDB/gdbserver.
gdbserver/
* server.c (handle_btrace_enable_bts, handle_btrace_enable_pt)
(handle_btrace_disable): Change return type to void. Use exceptions
to report errors.
(handle_btrace_general_set): Catch exception and copy message to
return message.
gdb/
* nat/linux-btrace.c (linux_enable_btrace): Throw exception if enabling
btrace failed.
* x86-linux-nat.c (x86_linux_enable_btrace): Catch btrace enabling
exception and use message in own exception.
We indicate success or failure for enabling branch tracing via the pointer
return value. Depending on the type of error, errno may provide additional
information.
Prepare for using exceptions with more descriptive error messages by using smart
pointers and objects with automatic destruction to hold intermediate results.
gdb/
* nat/linux-btrace.c: Include scoped_fd.h and scoped_mmap.h.
(perf_event_pt_event_type): Use gdb_file_up.
(linux_enable_bts, linux_enable_pt): Use gdb::unique_xmalloc_ptr,
scoped_fd, and scoped_mmap.
This changes auto_load_section_scripts to use gdb::unique_xmalloc_ptr,
allowing the removal of a cleanup.
2018-02-09 Tom Tromey <tom@tromey.com>
* auto-load.c (auto_load_section_scripts): Use
gdb::unique_xmalloc_ptr.