mirror of
https://sourceware.org/git/binutils-gdb.git
synced 2025-01-18 12:24:38 +08:00
7b961964f8
This patch aims at fixing a bug where an inferior is unexpectedly
created when a fork happens at the same time as another event, and that
other event is reported to GDB first (and the fork event stays pending
in GDBserver). This happens for example when we step a thread and
another thread forks at the same time. The bug looks like (if I
reproduce the included test by hand):
(gdb) show detach-on-fork
Whether gdb will detach the child of a fork is on.
(gdb) show follow-fork-mode
Debugger response to a program call of fork or vfork is "parent".
(gdb) si
[New inferior 2]
Reading /home/simark/build/binutils-gdb/gdb/testsuite/outputs/gdb.threads/step-while-fork-in-other-thread/step-while-fork-in-other-thread from remote target...
Reading /home/simark/build/binutils-gdb/gdb/testsuite/outputs/gdb.threads/step-while-fork-in-other-thread/step-while-fork-in-other-thread from remote target...
Reading symbols from target:/home/simark/build/binutils-gdb/gdb/testsuite/outputs/gdb.threads/step-while-fork-in-other-thread/step-while-fork-in-other-thread...
[New Thread 965190.965190]
[Switching to Thread 965190.965190]
Remote 'g' packet reply is too long (expected 560 bytes, got 816 bytes): ... <long series of bytes>
The sequence of events leading to the problem is:
- We are using the all-stop user-visible mode as well as the
synchronous / all-stop variant of the remote protocol
- We have two threads, thread A that we single-step and thread B that
calls fork at the same time
- GDBserver's linux_process_target::wait pulls the "single step
complete SIGTRAP" and the "fork" events from the kernel. It
arbitrarily choses one event to report, it happens to be the
single-step SIGTRAP. The fork stays pending in the thread_info.
- GDBserver send that SIGTRAP as a stop reply to GDB
- While in stop_all_threads, GDB calls update_thread_list, which ends
up querying the remote thread list using qXfer:threads:read.
- In the reply, GDBserver includes the fork child created as a result
of thread B's fork.
- GDB-side, the remote target sees the new PID, calls
remote_notice_new_inferior, which ends up unexpectedly creating a new
inferior, and things go downhill from there.
The problem here is that as long as GDB did not process the fork event,
it should pretend the fork child does not exist. Ultimately, this event
will be reported, we'll go through follow_fork, and that process will be
detached.
The remote target (GDB-side), has some code to remove from the reported
thread list the threads that are the result of forks not processed by
GDB yet. But that only works for fork events that have made their way
to the remote target (GDB-side), but haven't been consumed by the core
yet, so are still lingering as pending stop replies in the remote target
(see remove_new_fork_children in remote.c). But in our case, the fork
event hasn't made its way to the GDB-side remote target. We need to
implement the same kind of logic GDBserver-side: if there exists a
thread / inferior that is the result of a fork event GDBserver hasn't
reported yet, it should exclude that thread / inferior from the reported
thread list.
This was actually discussed a while ago, but not implemented AFAIK:
https://pi.simark.ca/gdb-patches/1ad9f5a8-d00e-9a26-b0c9-3f4066af5142@redhat.com/#t
https://sourceware.org/pipermail/gdb-patches/2016-June/133906.html
Implementation details-wise, the fix for this is all in GDBserver. The
Linux layer of GDBserver already tracks unreported fork parent / child
relationships using the lwp_info::fork_relative, in order to avoid
wildcard actions resuming fork childs unknown to GDB. This information
needs to be made available to the handle_qxfer_threads_worker function,
so it can filter the reported threads. Add a new thread_pending_parent
target function that allows the Linux target to return the parent of an
eventual fork child.
Testing-wise, the test replicates pretty-much the sequence of events
shown above. The setup of the test makes it such that the main thread
is about to fork. We stepi the other thread, so that the step completes
very quickly, in a single event. Meanwhile, the main thread is resumed,
so very likely has time to call fork. This means that the bug may not
reproduce every time (if the main thread does not have time to call
fork), but it will reproduce more often than not. The test fails
without the fix applied on the native-gdbserver and
native-extended-gdbserver boards.
At some point I suspected that which thread called fork and which thread
did the step influenced the order in which the events were reported, and
therefore the reproducibility of the bug. So I made the test try both
combinations: main thread forks while other thread steps, and vice
versa. I'm not sure this is still necessary, but I left it there
anyway. It doesn't hurt to test a few more combinations.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=28288
Change-Id: I2158d5732fc7d7ca06b0eb01f88cf27bf527b990
|
||
|---|---|---|
| .. | ||
| .dir-locals.el | ||
| .gitattributes | ||
| .gitignore | ||
| acinclude.m4 | ||
| aclocal.m4 | ||
| ax.cc | ||
| ax.h | ||
| ChangeLog-2002-2021 | ||
| config.in | ||
| configure | ||
| configure.ac | ||
| configure.srv | ||
| debug.cc | ||
| debug.h | ||
| dll.cc | ||
| dll.h | ||
| fork-child.cc | ||
| gdb_proc_service.h | ||
| gdbreplay.cc | ||
| gdbthread.h | ||
| hostio.cc | ||
| hostio.h | ||
| i387-fp.cc | ||
| i387-fp.h | ||
| inferiors.cc | ||
| inferiors.h | ||
| linux-aarch32-low.cc | ||
| linux-aarch32-low.h | ||
| linux-aarch32-tdesc.cc | ||
| linux-aarch32-tdesc.h | ||
| linux-aarch64-ipa.cc | ||
| linux-aarch64-low.cc | ||
| linux-aarch64-tdesc.cc | ||
| linux-aarch64-tdesc.h | ||
| linux-amd64-ipa.cc | ||
| linux-arc-low.cc | ||
| linux-arm-low.cc | ||
| linux-arm-tdesc.cc | ||
| linux-arm-tdesc.h | ||
| linux-i386-ipa.cc | ||
| linux-ia64-low.cc | ||
| linux-low.cc | ||
| linux-low.h | ||
| linux-m68k-low.cc | ||
| linux-mips-low.cc | ||
| linux-nios2-low.cc | ||
| linux-or1k-low.cc | ||
| linux-ppc-ipa.cc | ||
| linux-ppc-low.cc | ||
| linux-ppc-tdesc-init.h | ||
| linux-riscv-low.cc | ||
| linux-s390-ipa.cc | ||
| linux-s390-low.cc | ||
| linux-s390-tdesc.h | ||
| linux-sh-low.cc | ||
| linux-sparc-low.cc | ||
| linux-tic6x-low.cc | ||
| linux-x86-low.cc | ||
| linux-x86-tdesc.cc | ||
| linux-x86-tdesc.h | ||
| linux-xtensa-low.cc | ||
| Makefile.in | ||
| mem-break.cc | ||
| mem-break.h | ||
| netbsd-aarch64-low.cc | ||
| netbsd-amd64-low.cc | ||
| netbsd-i386-low.cc | ||
| netbsd-low.cc | ||
| netbsd-low.h | ||
| notif.cc | ||
| notif.h | ||
| proc-service.cc | ||
| proc-service.list | ||
| README | ||
| regcache.cc | ||
| regcache.h | ||
| remote-utils.cc | ||
| remote-utils.h | ||
| server.cc | ||
| server.h | ||
| symbol.cc | ||
| target.cc | ||
| target.h | ||
| tdesc.cc | ||
| tdesc.h | ||
| thread-db.cc | ||
| tracepoint.cc | ||
| tracepoint.h | ||
| utils.cc | ||
| utils.h | ||
| win32-i386-low.cc | ||
| win32-low.cc | ||
| win32-low.h | ||
| x86-low.cc | ||
| x86-low.h | ||
| x86-tdesc.h | ||
| xtensa-xtregs.cc | ||
README for GDBserver & GDBreplay
by Stu Grossman and Fred Fish
Introduction:
This is GDBserver, a remote server for Un*x-like systems. It can be used to
control the execution of a program on a target system from a GDB on a different
host. GDB and GDBserver communicate using the standard remote serial protocol.
They communicate via either a serial line or a TCP connection.
For more information about GDBserver, see the GDB manual:
https://sourceware.org/gdb/current/onlinedocs/gdb/Remote-Protocol.html
Usage (server (target) side):
First, you need to have a copy of the program you want to debug put onto
the target system. The program can be stripped to save space if needed, as
GDBserver doesn't care about symbols. All symbol handling is taken care of by
the GDB running on the host system.
To use the server, you log on to the target system, and run the `gdbserver'
program. You must tell it (a) how to communicate with GDB, (b) the name of
your program, and (c) its arguments. The general syntax is:
target> gdbserver COMM PROGRAM [ARGS ...]
For example, using a serial port, you might say:
target> gdbserver /dev/com1 emacs foo.txt
This tells GDBserver to debug emacs with an argument of foo.txt, and to
communicate with GDB via /dev/com1. GDBserver now waits patiently for the
host GDB to communicate with it.
To use a TCP connection, you could say:
target> gdbserver host:2345 emacs foo.txt
This says pretty much the same thing as the last example, except that we are
going to communicate with the host GDB via TCP. The `host:2345' argument means
that we are expecting to see a TCP connection to local TCP port 2345.
(Currently, the `host' part is ignored.) You can choose any number you want for
the port number as long as it does not conflict with any existing TCP ports on
the target system. This same port number must be used in the host GDB's
`target remote' command, which will be described shortly. Note that if you chose
a port number that conflicts with another service, GDBserver will print an error
message and exit.
On some targets, GDBserver can also attach to running programs. This is
accomplished via the --attach argument. The syntax is:
target> gdbserver --attach COMM PID
PID is the process ID of a currently running process. It isn't necessary
to point GDBserver at a binary for the running process.
Usage (host side):
You need an unstripped copy of the target program on your host system, since
GDB needs to examine it's symbol tables and such. Start up GDB as you normally
would, with the target program as the first argument. (You may need to use the
--baud option if the serial line is running at anything except 9600 baud.)
Ie: `gdb TARGET-PROG', or `gdb --baud BAUD TARGET-PROG'. After that, the only
new command you need to know about is `target remote'. It's argument is either
a device name (usually a serial device, like `/dev/ttyb'), or a HOST:PORT
descriptor. For example:
(gdb) target remote /dev/ttyb
communicates with the server via serial line /dev/ttyb, and:
(gdb) target remote the-target:2345
communicates via a TCP connection to port 2345 on host `the-target', where
you previously started up GDBserver with the same port number. Note that for
TCP connections, you must start up GDBserver prior to using the `target remote'
command, otherwise you may get an error that looks something like
`Connection refused'.
Building GDBserver:
See the `configure.srv` file for the list of host triplets you can build
GDBserver for.
Building GDBserver for your host is very straightforward. If you build
GDB natively on a host which GDBserver supports, it will be built
automatically when you build GDB. You can also build just GDBserver:
% mkdir obj
% cd obj
% path-to-toplevel-sources/configure --disable-gdb
% make all-gdbserver
(If you have a combined binutils+gdb tree, you may want to also
disable other directories when configuring, e.g., binutils, gas, gold,
gprof, and ld.)
If you prefer to cross-compile to your target, then you can also build
GDBserver that way. For example:
% export CC=your-cross-compiler
% path-to-topevel-sources/configure --disable-gdb
% make all-gdbserver
Using GDBreplay:
A special hacked down version of GDBserver can be used to replay remote
debug log files created by GDB. Before using the GDB "target" command to
initiate a remote debug session, use "set remotelogfile <filename>" to tell
GDB that you want to make a recording of the serial or tcp session. Note
that when replaying the session, GDB communicates with GDBreplay via tcp,
regardless of whether the original session was via a serial link or tcp.
Once you are done with the remote debug session, start GDBreplay and
tell it the name of the log file and the host and port number that GDB
should connect to (typically the same as the host running GDB):
$ gdbreplay logfile host:port
Then start GDB (preferably in a different screen or window) and use the
"target" command to connect to GDBreplay:
(gdb) target remote host:port
Repeat the same sequence of user commands to GDB that you gave in the
original debug session. GDB should not be able to tell that it is talking
to GDBreplay rather than a real target, all other things being equal. Note
that GDBreplay echos the command lines to stderr, as well as the contents of
the packets it sends and receives. The last command echoed by GDBreplay is
the next command that needs to be typed to GDB to continue the session in
sync with the original session.