We can't free "internal" on errors, since bfd_coff_swap_sym_in may
call bfd_alloc. For example, _bfd_XXi_swap_sym_in may even create new
sections, which use bfd_alloc'd memory. If "internal" is freed, all
more recently bfd_alloc'd memory is also freed.
* coffgen.c (coff_get_normalized_symtab): Don't bfd_release on
error.
* coff-mcore.c (coff_mcore_relocate_section): Sanity check sym
string offset when setting up name for use by error messages.
* coff-sh.c (sh_relocate_section): Likewise.
As far as I can see the only place that sets obj_coff_strings without
setting obj_coff_strings_len is pe_ILF_build_a_bfd. Fix that and we
can simplify the sym string offset check. This is just a tidy.
pe_ILF_build_a_bfd doesn't create bad symbols and
_bfd_coff_read_string_table will always result in non-zero
obj_coff_strings_len when obj_coff_strings is non-NULL.
PR 17910
* coffgen.c (_bfd_coff_internal_syment_name): Always sanity
check sym string offset.
* peicode.h (pe_ILF_build_a_bfd): Set obj_coff_strings_len.
It's an odd thing to have objdump -x show a different section table
to objdump -h, but that can happen if swapping in symbols leads to
creating sections. Setting SEC_LINKER_CREATED stops the display of
these sections, so that you get shown what is in the object file.
* peXXigen.c (_bfd_XXi_swap_sym_in): Set SEC_LINKER_CREATED on
fake section created for C_SECTION syms. Don't zero asection
fields that are already zero.
Free memory on closing bfds. The COFF close_and_cleanup does more
work than _bfd_generic_close_and_cleanup (defined as
_bfd_archive_close_and_cleanup).
* coff-rs6000.c (_bfd_xcoff_close_and_cleanup): Define as
_bfd_coff_close_and_cleanup.
* coff64-rs6000.c (rs6000_xcoff64_vec, rs6000_xcoff64_aix_vec): Use
_bfd_coff_close_and_cleanup.
The recent commit:
commit 2a8339b71f
Author: Carl Love <cel@us.ibm.com>
Date: Thu Mar 9 16:10:18 2023 -0500
PowerPC: fix for gdb.reverse/finish-precsave.exp and gdb.reverse/finish-reverse.exp
PPC64 multiple entry points, a normal entry point and an alternate entry
point. The alternate entry point is to setup the Table of Contents (TOC)
register before continuing at the normal entry point. When the TOC is
already valid, the normal entry point is used, this is typically the case.
The alternate entry point is typically referred to as the global entry
point (GEP) in IBM. The normal entry point is typically referred to as
the local entry point (LEP).
.....
Is causing regression failures on on PowerPC platforms. The regression
failures are in tests:
gdb.reverse/finish-precsave.exp
gdb.btrace/tailcall.exp
gdb.mi/mi-reverse.exp
gdb.btrace/step.exp
gdb.reverse/until-precsave.exp
gdb.reverse/finish-reverse.exp
gdb.btrace/tailcall-only.exp
The issue is in gdb/infcmd.c, function finish_command. The value of the
two new variables ALT_ENTRY_POINT and ENTRY_POINT are being initializezed
to SAL.PC. However, SAL has just been declared. The value of SAL.PC is
zero at this point. The intialization of ALT_ENTRY_POINT and ENTRY_POINT
needs to be after the initialization of SAL.
This patch moves the initialization of ALT_ENTRY_POINT and ENTRY_POINT
variables to fix the regression failures.
The patch has been tested on Power10 and on X86.
In a recent commit I forgot to add a double quote before chmod here:
...
remote_exec build $rsh_cmd chmod go-rx ."
...
Fix it by adding the missing double quote.
Looking at the implementation of ${board}_file in remote-stdio-gdbserver.exp,
I don't see a relevant difference with the implementation of standard_file
in dejagnu.
Simplify the board by removing ${board}_file.
Tested on x86_64-linux, by running gdb.testsuite/board-sanity.exp.
In commit ff581559f9 ("[gdb/testsuite] Add gdb.testsuite/board-sanity.exp") I
removed handling of HOST_DIR in local-remote-host-native.exp to fix FAILs
in test-case gdb.testsuite/board-sanity.exp.
Reintroduce handling of HOST_DIR using remotedir, now that using remotedir for
a host board no longer make compilation fail due to commit 80d6c79866
("[gdb/testsuite] Handle remotedir in remote_upload").
This fixes an XFAIL in gdb.testsuite/board-sanity.exp, introduced in commit
3741934fdb ("[gdb/testsuite] Set remotedir by default in some boards").
Tested on x86_64-linux.
Since the tdesc_powerpc_vsx32, tdesc_powerpc_vsx64, tdesc_powerpc_altivec32 and tdesc_powerpc_altivec64
definitions are moved to ppc-tdep.h we no longer need to import these .c files.
I noticed a weird comment in one of the .y files, and then ended up
removing some unnecessary #includes from these files.
Tested by rebuilding.
Approved-By: Simon Marchi <simon.marchi@efficios.com>
The mi_version function is unused, and I think it's better overall if
it is never used. This patch removes it. Tested by rebuilding.
Approved-By: Simon Marchi <simon.marchi@efficios.com>
The type allocation changes introduced a failure in python-helper.exp
that I did not notice. The bug is that, with these patches,
arch-allocated integer types have a TYPE_SPECIFIC_INT object attached.
This patch updates the test to allow this.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30253
Dejagnu's remotedir implementation has support in remote_exec and
remote_download, but not remote_upload.
Consider the following scenario:
- downloading an executable to target,
- running it,
- uploading a file produced by the executable
while assuming remote target user remote-target with homedir
/home/remote-target and remotedir set to /home/remote-target/tmp.
Concretely, it looks like this:
...
# binfile == "$outputs/gdb.abc/a.out"
set target_binfile [remote_download target $binfile]
# target_binfile == "/home/remote-target/tmp/a.out"
remote_exec target $target_binfile
# Running $target_binfile produced /home/remote-target/tmp/result.txt.
set result [remote_upload target /home/remote-target/tmp/result.txt \
$outputs/gdb.abc/result.txt]
# result == $outputs/gdb.abc/result.txt.
...
Add a remote_upload implementation that also handles remotedir in lib/gdb.exp,
overriding dejagnu's remote_upload, such that we can simplify the
remote_upload call to:
...
set result [remote_upload target result.txt $outputs/gdb.abc/result.txt]
...
Tested on x86_64-linux.
PR testsuite/30250
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30250
In some cases GDB will fail when attempting to complete a command that
involves a rust symbol, the failure can manifest as a crash.
The problem is caused by the completion_match_for_lcd object being
left containing invalid data during calls to cp_symbol_name_matches_1.
The first question to address is why we are calling a C++ support
function when handling a rust symbol. That's due to GDB's auto
language detection for msymbols, in some cases GDB can't tell if a
symbol is a rust symbol, or a C++ symbol.
The test application contains symbols for functions which are
statically linked in from various rust support libraries. There's no
DWARF for these symbols, so all GDB has is the msymbols built from the
ELF symbol table.
Here's the problematic symbol that leads to our crash:
mangled: _ZN4core3str21_$LT$impl$u20$str$GT$5parse17h5111d2d6a50d22bdE
demangled: core::str::<impl str>::parse
As an msymbol this is initially created with language auto, then GDB
eventually calls symbol_find_demangled_name, which loops over all
languages calling language_defn::sniff_from_mangled_name, the first
language that can demangle the symbol gets assigned as the language
for that symbol.
Unfortunately, there's overlap in the mangled symbol names,
some (legacy) rust symbols can be demangled as both rust and C++, see
cplus_demangle in libiberty/cplus-dem.c where this is mentioned.
And so, because we check the C++ language before we check for rust,
then the msymbol is (incorrectly) given the C++ language.
Now it's true that is some cases we might be able to figure out that a
demangled symbol is not actually a valid C++ symbol, for example, in
our case, the construct '::<impl str>::' is not, I believe, valid in a
C++ symbol, we could look for ':<' and '>:' and refuse to accept this
as a C++ symbol.
However, I'm not sure it is always possible to tell that a demangled
symbol is rust or C++, so, I think, we have to accept that some times
we will get this language detection wrong.
If we accept that we can't fix the symbol language detection 100% of
the time, then we should make sure that GDB doesn't crash when it gets
the language wrong, that is what this commit addresses.
In our test case the user tries to complete a symbol name like this:
(gdb) complete break pars
This results in GDB trying to find all symbols that match 'pars',
eventually we consider our problematic symbol, and we end up with a
call stack that looks like this:
#0 0x0000000000f3c6bd in strncmp_iw_with_mode
#1 0x0000000000706d8d in cp_symbol_name_matches_1
#2 0x0000000000706fa4 in cp_symbol_name_matches
#3 0x0000000000df3c45 in compare_symbol_name
#4 0x0000000000df3c91 in completion_list_add_name
#5 0x0000000000df3f1d in completion_list_add_msymbol
#6 0x0000000000df4c94 in default_collect_symbol_completion_matches_break_on
#7 0x0000000000658c08 in language_defn::collect_symbol_completion_matches
#8 0x0000000000df54c9 in collect_symbol_completion_matches
#9 0x00000000009d98fb in linespec_complete_function
#10 0x00000000009d99f0 in complete_linespec_component
#11 0x00000000009da200 in linespec_complete
#12 0x00000000006e4132 in complete_address_and_linespec_locations
#13 0x00000000006e4ac3 in location_completer
In cp_symbol_name_matches_1 we enter a loop, this loop repeatedly
tries to match the demangled problematic symbol name against the user
supplied text ('pars'). Each time around the loop another component
of the symbol name is stripped off, thus, we check 'pars' against
these options:
core::str::<impl str>::parse
str::<impl str>::parse
<impl str>::parse
parse
As soon as we get a match the cp_symbol_name_matches_1 exits its loop
and returns. In our case, when we're looking for 'pars', the match
occurs on the last iteration of the loop, when we are comparing to
'parse'.
Now the problem here is that cp_symbol_name_matches_1 uses the
strncmp_iw_with_mode, and inside strncmp_iw_with_mode we allow for
skipping over template parameters. This allows GDB to match the
symbol name 'foo<int>(int,int)' if the user supplies 'foo(int,'.
Inside strncmp_iw_with_mode GDB will record any template arguments
that it has skipped over inside the completion_match_for_lcd object
that is passed in as an argument.
And so, when GDB tries to match against '<impl str>::parse', the first
thing it sees is '<impl str>', GDB assumes this is a template argument
and records this as a skipped region within the
completion_match_for_lcd object. After '<impl str>' GDB sees a ':'
character, which doesn't match with the 'pars' the user supplied, so
strncmp_iw_with_mode returns a value indicating a non-match. GDB then
removes the '<impl str>' component from the symbol name and tries
again, this time comparing to 'parse', which does match.
Having found a match, then in cp_symbol_name_matches_1 we record the
match string, and the full symbol name within the
completion_match_result object, and return.
The problem here is that the skipped region, the '<impl str>' that we
recorded in the penultimate loop iteration was never discarded, its
still there in our returned result.
If we look at what the pointers held in the completion_match_result
that cp_symbol_name_matches_1 returns, this is what we see:
core::str::<impl str>::parse
| \________/ |
| | '--- completion match string
| '---skip range
'--- full symbol name
When GDB calls completion_match_for_lcd::finish, GDB tries to create a
string using the completion match string (parse), but excluding the
skip range, as the stored skip range is before the start of the
completion match string, then GDB tries to do some weird string
creation, which will cause GDB to crash.
The reason we don't often see this problem in C++ is that for C++
symbols there is always some non-template text before the template
argument. This non-template text means GDB is likely to either match
the symbol, or reject the symbol without storing a skip range.
However, notice, I did say, we don't often see this problem. Once I
understood the issue, I was able to reproduce the crash using a pure
C++ example:
template<typename S>
struct foo
{
template<typename T>
foo (int p1, T a)
{
s = 0;
}
S s;
};
int
main ()
{
foo<int> obj (2.3, 0);
return 0;
}
Then in GDB:
(gdb) complete break foo(int
The problem here is that the C++ symbol for the constructor looks like
this:
foo<int>::foo<double>(int, double)
When GDB enters cp_symbol_name_matches_1 the symbols it examines are:
foo<int>::foo<double>(int, double)
foo<double>(int, double)
The first iteration of the loop will match the 'foo', then add the
'<int>' template argument will be added as a skip range. When GDB
find the ':' after the '<int>' the first iteration of the loop fails
to match, GDB removes the 'foo<int>::' component, and starts the
second iteration of the loop.
Again, GDB matches the 'foo', and now adds '<double>' as a skip
region. After that the '(int' successfully matches, and so the second
iteration of the loop succeeds, but, once again we left the '<int>' in
place as a skip region, even though this occurs before the start of
our match string, and this will cause GDB to crash.
This problem was reported to the mailing list, and a solution
discussed in this thread:
https://sourceware.org/pipermail/gdb-patches/2023-January/195166.html
The solution proposed here is similar to one proposed by the original
bug reported, but implemented in a different location within GDB.
Instead of placing the fix in strncmp_iw_with_mode, I place the fix in
cp_symbol_name_matches_1. I believe this is a better location as it
is this function that implements the loop, and it is this loop, which
repeatedly calls strncmp_iw_with_mode, that should be resetting the
result object state (I believe).
What I have done is add an assert to strncmp_iw_with_mode that the
incoming result object is empty.
I've also added some other asserts in related code, in
completion_match_for_lcd::mark_ignored_range, I make some basic
assertions about the incoming range pointers, and in
completion_match_for_lcd::finish I also make some assertions about how
the skip ranges relate to the match pointer.
There's two new tests. The original rust example that was used in the
initial bug report, and a C++ test. The rust example depends on which
symbols are pulled in from the rust libraries, so it is possible that,
at some future date, the problematic symbol will disappear from this
test program. The C++ test should be more reliable, as this only
depends on symbols from within the C++ source code.
Since I originally posted this patch to the mailing list, the
following patch has been merged:
commit 6e7eef7216
Date: Sun Mar 19 09:13:10 2023 -0600
Use rust_demangle to fix a crash
This solves the problem of a rust symbol ending up in the C++ specific
code by changing the order languages are sorted. However, this new
commit doesn't address the issue in the C++ code which was fixed with
this commit.
Given that the C++ issue is real, and has a reproducer, I'm still
going to merge this fix. I've left the discussion of rust in this
commit message as I originally wrote it, but it should be read within
the context of GDB prior to commit 6e7eef7216.
Co-Authored-By: Zheng Zhan <zzlossdev@163.com>
It tries to resemble what's underlying is_part_of_name(), but doesn't
quite achieve that: '$' for example is unconditionally marked as part of
symbol names, but was included as identifier char for Intel syntax only.
Note that i386_att_operand() checks for the immediate prefix first, so
the wider coverage by starts_memory_operand() is has no real effect
there, but it does matter for something like
mov %fs:$dollar, %eax
which previously wasn't accepted (but which clearly is a memory
reference - there's no point in forcing people to parenthesize the
symbol name). Similarly including '%' as an identfier for Intel syntax
had no real significance to the rest of the assembler. If '%' was to be
valid in (unquoted) symbol names, LEX_PCT would need to be defined.
Note further that this also addresses the latent issue of a sub-target
defining LEX_AT or LEX_QM to zero: That would make '@' and/or '?' no
valid part of symbol names, but would have included them in what
is_identifier_char() considers a valid part of a name. (There's a minor
related issue which is actually being eliminated: te-interix.h allows
'@' only in the middle of symbol names, yet starts_memory_operand()
specifically looks at the first character of [possibly] a symbol name.)
In parse_real_register() there's no point also checking is_name_ender()
as at this point no character is marked solely LEX_END_NAME by any sub-
target. Checking is_name_beginner() is also pointless as the hash lookup
will fail anyway for a zero-length name.
While touching the check in parse_real_register() also drop the
"allow_naked_reg" part of the condition: This has only led to
inconsistent error messages.
While in principle merely rejecting this for .insn would be sufficient
for the purposes there, be more generic and reject it for anything that
isn't going to be a branch: All elements of same-mnemonic template
groups either are branches, or are not, and the few cases possibly
requiring a 2nd parsing pass aren't affected either. This then also
improves diagnostics for misuses like
inc *%eax
incl %fs:*(%eax)
add *$1, %eax
With VexVVVV only being boolean, the SSE shift-by-immediate instructions
don't need special casing anymore for SSE2AVX handling. Simplify the two
respective templates. (No change to generated tables.)
With the SDM long having dropped the NDS/NDD/DDS concept of identifying
encoding variants, we can finally do away with this concept as well. Of
the few consumers of the attribute, only an assertion was still checking
for a particular value, which we don't really need to retain.
When touching lines anyway, modernize other aspects as well. This often
improves similarity to adjacent lines.
The function has accumulated a number of special cases for no real
reason. Some were necessary because insn attributes (SwapSources in
particular) weren't suitably utilized instead. Note that the addition of
SwapSources actually increases consistency among the templates: Like
others which already have the attribute, these are all insns where the
VEX.VVVV-encoded register comes first (or last when looking at the SDM).
Note that the vexvvvv attribute now has merely boolean meaning anymore,
in line with the SDM long having dropped the NDS/NDD/DDS concept of
identifying encoding variants. The fallout will be taken care of
subsequently, though, to not further clutter the change here.
As to the TILEZERO special case: If more instructions like this
appeared, a new attribute would likely be the way to go. But as long as
it's only a single insn, going from the mnemonic is cheaper.
PR rust/30211 points out a crash caused by a particular completion.
This turns out to happen because a Rust minsym winds up in a
C++-specific path in strncmp_iw_with_mode, which ultimately causes the
completer to pass invalid arguments to string::append.
This patch fixes the bug by reordering the language constants so that
Rust comes before C++, and then using rust_demangle. This ensures
that minsyms are correctly marked as "Rust", avoiding this code and
thus the crash.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=20367
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30211
Reviewed-By: Andrew Burgess <aburgess@redhat.com>
I noticed that ui_out::do_progress_end is public, just to support one
use in debuginfod-support.c. This patch makes it private, updates
progress_info to call it from its destructor, and finally changes
debuginfod-support.c to follow.
I noticed that breakpoint::print_recreate_thread was printing the
global thread-id. This function is used to implement the 'save
breakpoints' command, and should be writing out suitable CLI commands
for recreating the current breakpoints. The CLI does not use global
thread-ids, but instead uses the inferior specific thread-ids,
e.g. "2.1".
After some discussion on the mailing list it was suggested that the
most consistent solution would be for the saved breakpoints file to
always contain the inferior-qualified thread-id, so the file would
include "thread 1.1" instead of just "thread 1", even when there is
only a single inferior.
So, this commit adds print_full_thread_id, which is just like the
existing print_thread_id, only it always prints the inferior-qualified
thread-id.
I then update the existing print_thread_id to make use of this new
function, and finally, I update breakpoint::print_recreate_thread to
also use this new function.
There's a multi-inferior test that confirms the saved breakpoints file
correctly includes the fully-qualified thread-id, and I've also
updated the single inferior test gdb.base/save-bp.exp to have it
validate that the saved breakpoints file includes the
inferior-qualified thread-id, even for this single inferior case.
This reverts commit 92d450c79a.
Accessing these local var structs using a volatile qualified pointer
may indeed read the object, but I don't think changed values are
guaranteed to be written back to the object unless the actual object
is declared volatile. That would probably slow down i386 disassembly
unacceptably.
libcollector may not link against libC.
We use dlsym() to get a function from libc.
In some files, pointers to these functions do not have prototypes.
I also moved the shared definitions to libcollector/collect.h.
gprofng/ChangeLog
2023-03-15 Vladimir Mezentsev <vladimir.mezentsev@oracle.com>
libcollector/collector.c: Add prototypes.
libcollector/dispatcher.c: Likewise.
libcollector/heaptrace.c: Likewise.
libcollector/iotrace.c: Likewise.
libcollector/linetrace.c: Likewise.
libcollector/mmaptrace.c: Likewise.
libcollector/synctrace.c: Likewise.
libcollector/collector.h: Add CALL_REAL(), NULL_PTR(), and DBG_LT.
XCOFF archive elements are in a linked list. Add a little more sanity
checking. This of course doesn't stop the fuzzers finding a way to
make a loop, but this check is cheap.
* coff-rs6000.c (_bfd_xcoff_openr_next_archived_file): Sanity
check that next element isn't pointing back to the header.
Layout in rewrite_elf_program_header is really done by lma, even if
program headers are going to have their p_paddr forced to zero. Thus
when not matching against an existing segment, don't try to use a
"vma" from elf_segment_map.
* elf.c (is_contained_by): Replace "bed" param with "use_vaddr".
(IS_SECTION_IN_INPUT_SEGMENT): Adjust is_contained_by call.
(rewrite_elf_program_header): Always match against lma in
calls to is_contained_by using new maps.
This adds some types to struct builtin_type, ensuring it contains all
the types currently used by objfile_type.
Reviewed-By: Simon Marchi <simon.marchi@efficios.com>
