mirror of
https://sourceware.org/git/binutils-gdb.git
synced 2025-01-24 12:35:55 +08:00
980548fd88
I ran into a GDB crash in gdb.base/bp-cmds-continue-ctrl-c.exp in my
multi-target branch, which turns out exposed a bug that exists in
master too.
That testcase has a breakpoint with a "continue" command associated.
Then the breakpoint is constantly being hit. At the same time, the
testcase is continualy interrupting the program with Ctrl-C, and
re-resuming it, in a loop.
Running that testcase manually under Valgrind, after a few sequences
of 'Ctrl-C' + 'continue', I got:
Breakpoint 1, Quit
(gdb) ==21270== Invalid read of size 8
==21270== at 0x4D8185: pyuw_this_id(frame_info*, void**, frame_id*) (py-unwind.c:461)
==21270== by 0x6D426A: compute_frame_id(frame_info*) (frame.c:505)
==21270== by 0x6D43B7: get_frame_id(frame_info*) (frame.c:537)
==21270== by 0x84F3B8: scoped_restore_current_thread::scoped_restore_current_thread() (thread.c:1678)
==21270== by 0x718E3D: fetch_inferior_event(void*) (infrun.c:4076)
==21270== by 0x7067C9: inferior_event_handler(inferior_event_type, void*) (inf-loop.c:43)
==21270== by 0x45BEF9: handle_target_event(int, void*) (linux-nat.c:4419)
==21270== by 0x6C4255: handle_file_event(file_handler*, int) (event-loop.c:733)
==21270== by 0x6C47F8: gdb_wait_for_event(int) (event-loop.c:859)
==21270== by 0x6C3666: gdb_do_one_event() (event-loop.c:322)
==21270== by 0x6C3712: start_event_loop() (event-loop.c:371)
==21270== by 0x746801: captured_command_loop() (main.c:329)
==21270== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==21270==
==21270==
==21270== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==21270== Access not within mapped region at address 0x0
==21270== at 0x4D8185: pyuw_this_id(frame_info*, void**, frame_id*) (py-unwind.c:461)
==21270== by 0x6D426A: compute_frame_id(frame_info*) (frame.c:505)
==21270== by 0x6D43B7: get_frame_id(frame_info*) (frame.c:537)
==21270== by 0x84F3B8: scoped_restore_current_thread::scoped_restore_current_thread() (thread.c:1678)
==21270== by 0x718E3D: fetch_inferior_event(void*) (infrun.c:4076)
==21270== by 0x7067C9: inferior_event_handler(inferior_event_type, void*) (inf-loop.c:43)
==21270== by 0x45BEF9: handle_target_event(int, void*) (linux-nat.c:4419)
==21270== by 0x6C4255: handle_file_event(file_handler*, int) (event-loop.c:733)
==21270== by 0x6C47F8: gdb_wait_for_event(int) (event-loop.c:859)
==21270== by 0x6C3666: gdb_do_one_event() (event-loop.c:322)
==21270== by 0x6C3712: start_event_loop() (event-loop.c:371)
==21270== by 0x746801: captured_command_loop() (main.c:329)
==21270== If you believe this happened as a result of a stack
==21270== overflow in your program's main thread (unlikely but
==21270== possible), you can try to increase the size of the
==21270== main thread stack using the --main-stacksize= flag.
==21270== The main thread stack size used in this run was 8388608.
==21270==
Above, when we get to compute_frame_id, fi->unwind is non-NULL,
meaning, we found an unwinder, in this case the Python unwinder, but
somehow, fi->prologue_cache is left NULL. pyuw_this_id then crashes
because it assumes fi->prologue_cache is non-NULL:
static void
pyuw_this_id (struct frame_info *this_frame, void **cache_ptr,
struct frame_id *this_id)
{
*this_id = ((cached_frame_info *) *cache_ptr)->frame_id;
^^^^^^^^^^
'*cache_ptr' here is 'fi->prologue_cache'.
There's a quit() call in pyuw_sniffer that I believe is the one that
sometimes triggers the crash above. The crash can be reproduced
easily with this hack to force a quit out of the python unwinder:
--- a/gdb/python/py-unwind.c
+++ b/gdb/python/py-unwind.c
@@ -497,6 +497,8 @@ pyuw_sniffer (const struct frame_unwind *self, struct frame_info *this_frame,
struct gdbarch *gdbarch = (struct gdbarch *) (self->unwind_data);
cached_frame_info *cached_frame;
+ quit ();
+
gdbpy_enter enter_py (gdbarch, current_language);
TRACE_PY_UNWIND (3, "%s (SP=%s, PC=%s)\n", __FUNCTION__,
After that quit is thrown, any subsequent operation that involves
unwinding results in GDB crashing with SIGSEGV like above.
The problem is that this commit:
commit 30a9c02fef
CommitDate: Sun Oct 8 23:16:42 2017 -0600
Subject: Remove cleanup from frame_prepare_for_sniffer
missed that we need to call frame_cleanup_after_sniffer before
rethrowing the exception too.
Without the fix, the "bt" added to
gdb.base/bp-cmds-continue-ctrl-c.exp in this commit makes GDB crash:
Running src/gdb/testsuite/gdb.base/bp-cmds-continue-ctrl-c.exp ...
ERROR: Process no longer exists
gdb/ChangeLog:
2018-02-14 Pedro Alves <palves@redhat.com>
* frame-unwind.c (frame_unwind_try_unwinder): Always call
frame_cleanup_after_sniffer on exception.
gdb/testsuite/ChangeLog:
2018-02-14 Pedro Alves <palves@redhat.com>
* gdb.base/bp-cmds-continue-ctrl-c.exp (do_test): Test "bt" after
getting a "Quit".
293 lines
8.9 KiB
C
293 lines
8.9 KiB
C
/* Definitions for frame unwinder, for GDB, the GNU debugger.
|
|
|
|
Copyright (C) 2003-2018 Free Software Foundation, Inc.
|
|
|
|
This file is part of GDB.
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>. */
|
|
|
|
#include "defs.h"
|
|
#include "frame.h"
|
|
#include "frame-unwind.h"
|
|
#include "dummy-frame.h"
|
|
#include "inline-frame.h"
|
|
#include "value.h"
|
|
#include "regcache.h"
|
|
#include "gdb_obstack.h"
|
|
#include "target.h"
|
|
|
|
static struct gdbarch_data *frame_unwind_data;
|
|
|
|
struct frame_unwind_table_entry
|
|
{
|
|
const struct frame_unwind *unwinder;
|
|
struct frame_unwind_table_entry *next;
|
|
};
|
|
|
|
struct frame_unwind_table
|
|
{
|
|
struct frame_unwind_table_entry *list;
|
|
/* The head of the OSABI part of the search list. */
|
|
struct frame_unwind_table_entry **osabi_head;
|
|
};
|
|
|
|
static void *
|
|
frame_unwind_init (struct obstack *obstack)
|
|
{
|
|
struct frame_unwind_table *table
|
|
= OBSTACK_ZALLOC (obstack, struct frame_unwind_table);
|
|
|
|
/* Start the table out with a few default sniffers. OSABI code
|
|
can't override this. */
|
|
table->list = OBSTACK_ZALLOC (obstack, struct frame_unwind_table_entry);
|
|
table->list->unwinder = &dummy_frame_unwind;
|
|
table->list->next = OBSTACK_ZALLOC (obstack,
|
|
struct frame_unwind_table_entry);
|
|
table->list->next->unwinder = &inline_frame_unwind;
|
|
/* The insertion point for OSABI sniffers. */
|
|
table->osabi_head = &table->list->next->next;
|
|
return table;
|
|
}
|
|
|
|
void
|
|
frame_unwind_prepend_unwinder (struct gdbarch *gdbarch,
|
|
const struct frame_unwind *unwinder)
|
|
{
|
|
struct frame_unwind_table *table
|
|
= (struct frame_unwind_table *) gdbarch_data (gdbarch, frame_unwind_data);
|
|
struct frame_unwind_table_entry *entry;
|
|
|
|
/* Insert the new entry at the start of the list. */
|
|
entry = GDBARCH_OBSTACK_ZALLOC (gdbarch, struct frame_unwind_table_entry);
|
|
entry->unwinder = unwinder;
|
|
entry->next = (*table->osabi_head);
|
|
(*table->osabi_head) = entry;
|
|
}
|
|
|
|
void
|
|
frame_unwind_append_unwinder (struct gdbarch *gdbarch,
|
|
const struct frame_unwind *unwinder)
|
|
{
|
|
struct frame_unwind_table *table
|
|
= (struct frame_unwind_table *) gdbarch_data (gdbarch, frame_unwind_data);
|
|
struct frame_unwind_table_entry **ip;
|
|
|
|
/* Find the end of the list and insert the new entry there. */
|
|
for (ip = table->osabi_head; (*ip) != NULL; ip = &(*ip)->next);
|
|
(*ip) = GDBARCH_OBSTACK_ZALLOC (gdbarch, struct frame_unwind_table_entry);
|
|
(*ip)->unwinder = unwinder;
|
|
}
|
|
|
|
/* Call SNIFFER from UNWINDER. If it succeeded set UNWINDER for
|
|
THIS_FRAME and return 1. Otherwise the function keeps THIS_FRAME
|
|
unchanged and returns 0. */
|
|
|
|
static int
|
|
frame_unwind_try_unwinder (struct frame_info *this_frame, void **this_cache,
|
|
const struct frame_unwind *unwinder)
|
|
{
|
|
int res = 0;
|
|
|
|
frame_prepare_for_sniffer (this_frame, unwinder);
|
|
|
|
TRY
|
|
{
|
|
res = unwinder->sniffer (unwinder, this_frame, this_cache);
|
|
}
|
|
CATCH (ex, RETURN_MASK_ALL)
|
|
{
|
|
/* Catch all exceptions, caused by either interrupt or error.
|
|
Reset *THIS_CACHE. */
|
|
*this_cache = NULL;
|
|
frame_cleanup_after_sniffer (this_frame);
|
|
|
|
if (ex.error == NOT_AVAILABLE_ERROR)
|
|
{
|
|
/* This usually means that not even the PC is available,
|
|
thus most unwinders aren't able to determine if they're
|
|
the best fit. Keep trying. Fallback prologue unwinders
|
|
should always accept the frame. */
|
|
return 0;
|
|
}
|
|
throw_exception (ex);
|
|
}
|
|
END_CATCH
|
|
|
|
if (res)
|
|
return 1;
|
|
else
|
|
{
|
|
/* Don't set *THIS_CACHE to NULL here, because sniffer has to do
|
|
so. */
|
|
frame_cleanup_after_sniffer (this_frame);
|
|
return 0;
|
|
}
|
|
gdb_assert_not_reached ("frame_unwind_try_unwinder");
|
|
}
|
|
|
|
/* Iterate through sniffers for THIS_FRAME frame until one returns with an
|
|
unwinder implementation. THIS_FRAME->UNWIND must be NULL, it will get set
|
|
by this function. Possibly initialize THIS_CACHE. */
|
|
|
|
void
|
|
frame_unwind_find_by_frame (struct frame_info *this_frame, void **this_cache)
|
|
{
|
|
struct gdbarch *gdbarch = get_frame_arch (this_frame);
|
|
struct frame_unwind_table *table
|
|
= (struct frame_unwind_table *) gdbarch_data (gdbarch, frame_unwind_data);
|
|
struct frame_unwind_table_entry *entry;
|
|
const struct frame_unwind *unwinder_from_target;
|
|
|
|
unwinder_from_target = target_get_unwinder ();
|
|
if (unwinder_from_target != NULL
|
|
&& frame_unwind_try_unwinder (this_frame, this_cache,
|
|
unwinder_from_target))
|
|
return;
|
|
|
|
unwinder_from_target = target_get_tailcall_unwinder ();
|
|
if (unwinder_from_target != NULL
|
|
&& frame_unwind_try_unwinder (this_frame, this_cache,
|
|
unwinder_from_target))
|
|
return;
|
|
|
|
for (entry = table->list; entry != NULL; entry = entry->next)
|
|
if (frame_unwind_try_unwinder (this_frame, this_cache, entry->unwinder))
|
|
return;
|
|
|
|
internal_error (__FILE__, __LINE__, _("frame_unwind_find_by_frame failed"));
|
|
}
|
|
|
|
/* A default frame sniffer which always accepts the frame. Used by
|
|
fallback prologue unwinders. */
|
|
|
|
int
|
|
default_frame_sniffer (const struct frame_unwind *self,
|
|
struct frame_info *this_frame,
|
|
void **this_prologue_cache)
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
/* The default frame unwinder stop_reason callback. */
|
|
|
|
enum unwind_stop_reason
|
|
default_frame_unwind_stop_reason (struct frame_info *this_frame,
|
|
void **this_cache)
|
|
{
|
|
struct frame_id this_id = get_frame_id (this_frame);
|
|
|
|
if (frame_id_eq (this_id, outer_frame_id))
|
|
return UNWIND_OUTERMOST;
|
|
else
|
|
return UNWIND_NO_REASON;
|
|
}
|
|
|
|
/* Helper functions for value-based register unwinding. These return
|
|
a (possibly lazy) value of the appropriate type. */
|
|
|
|
/* Return a value which indicates that FRAME did not save REGNUM. */
|
|
|
|
struct value *
|
|
frame_unwind_got_optimized (struct frame_info *frame, int regnum)
|
|
{
|
|
struct gdbarch *gdbarch = frame_unwind_arch (frame);
|
|
struct type *type = register_type (gdbarch, regnum);
|
|
struct value *val;
|
|
|
|
/* Return an lval_register value, so that we print it as
|
|
"<not saved>". */
|
|
val = allocate_value_lazy (type);
|
|
set_value_lazy (val, 0);
|
|
mark_value_bytes_optimized_out (val, 0, TYPE_LENGTH (type));
|
|
VALUE_LVAL (val) = lval_register;
|
|
VALUE_REGNUM (val) = regnum;
|
|
VALUE_NEXT_FRAME_ID (val)
|
|
= get_frame_id (get_next_frame_sentinel_okay (frame));
|
|
return val;
|
|
}
|
|
|
|
/* Return a value which indicates that FRAME copied REGNUM into
|
|
register NEW_REGNUM. */
|
|
|
|
struct value *
|
|
frame_unwind_got_register (struct frame_info *frame,
|
|
int regnum, int new_regnum)
|
|
{
|
|
return value_of_register_lazy (frame, new_regnum);
|
|
}
|
|
|
|
/* Return a value which indicates that FRAME saved REGNUM in memory at
|
|
ADDR. */
|
|
|
|
struct value *
|
|
frame_unwind_got_memory (struct frame_info *frame, int regnum, CORE_ADDR addr)
|
|
{
|
|
struct gdbarch *gdbarch = frame_unwind_arch (frame);
|
|
struct value *v = value_at_lazy (register_type (gdbarch, regnum), addr);
|
|
|
|
set_value_stack (v, 1);
|
|
return v;
|
|
}
|
|
|
|
/* Return a value which indicates that FRAME's saved version of
|
|
REGNUM has a known constant (computed) value of VAL. */
|
|
|
|
struct value *
|
|
frame_unwind_got_constant (struct frame_info *frame, int regnum,
|
|
ULONGEST val)
|
|
{
|
|
struct gdbarch *gdbarch = frame_unwind_arch (frame);
|
|
enum bfd_endian byte_order = gdbarch_byte_order (gdbarch);
|
|
struct value *reg_val;
|
|
|
|
reg_val = value_zero (register_type (gdbarch, regnum), not_lval);
|
|
store_unsigned_integer (value_contents_writeable (reg_val),
|
|
register_size (gdbarch, regnum), byte_order, val);
|
|
return reg_val;
|
|
}
|
|
|
|
struct value *
|
|
frame_unwind_got_bytes (struct frame_info *frame, int regnum, gdb_byte *buf)
|
|
{
|
|
struct gdbarch *gdbarch = frame_unwind_arch (frame);
|
|
struct value *reg_val;
|
|
|
|
reg_val = value_zero (register_type (gdbarch, regnum), not_lval);
|
|
memcpy (value_contents_raw (reg_val), buf, register_size (gdbarch, regnum));
|
|
return reg_val;
|
|
}
|
|
|
|
/* Return a value which indicates that FRAME's saved version of REGNUM
|
|
has a known constant (computed) value of ADDR. Convert the
|
|
CORE_ADDR to a target address if necessary. */
|
|
|
|
struct value *
|
|
frame_unwind_got_address (struct frame_info *frame, int regnum,
|
|
CORE_ADDR addr)
|
|
{
|
|
struct gdbarch *gdbarch = frame_unwind_arch (frame);
|
|
struct value *reg_val;
|
|
|
|
reg_val = value_zero (register_type (gdbarch, regnum), not_lval);
|
|
pack_long (value_contents_writeable (reg_val),
|
|
register_type (gdbarch, regnum), addr);
|
|
return reg_val;
|
|
}
|
|
|
|
void
|
|
_initialize_frame_unwind (void)
|
|
{
|
|
frame_unwind_data = gdbarch_data_register_pre_init (frame_unwind_init);
|
|
}
|