mirrors/binutils-gdb
1
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2024-11-25 11:04:18 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
c1955e1792
binutils-gdb/gdb/frame-unwind.c
Pedro Alves 980548fd88 Fix GDB crash after Quit thrown from unwinder sniffer 
I ran into a GDB crash in gdb.base/bp-cmds-continue-ctrl-c.exp in my
multi-target branch, which turns out exposed a bug that exists in
master too.

That testcase has a breakpoint with a "continue" command associated.
Then the breakpoint is constantly being hit.  At the same time, the
testcase is continualy interrupting the program with Ctrl-C, and
re-resuming it, in a loop.

Running that testcase manually under Valgrind, after a few sequences
of 'Ctrl-C' + 'continue', I got:

 Breakpoint 1, Quit
 (gdb) ==21270== Invalid read of size 8
 ==21270==    at 0x4D8185: pyuw_this_id(frame_info*, void**, frame_id*) (py-unwind.c:461)
 ==21270==    by 0x6D426A: compute_frame_id(frame_info*) (frame.c:505)
 ==21270==    by 0x6D43B7: get_frame_id(frame_info*) (frame.c:537)
 ==21270==    by 0x84F3B8: scoped_restore_current_thread::scoped_restore_current_thread() (thread.c:1678)
 ==21270==    by 0x718E3D: fetch_inferior_event(void*) (infrun.c:4076)
 ==21270==    by 0x7067C9: inferior_event_handler(inferior_event_type, void*) (inf-loop.c:43)
 ==21270==    by 0x45BEF9: handle_target_event(int, void*) (linux-nat.c:4419)
 ==21270==    by 0x6C4255: handle_file_event(file_handler*, int) (event-loop.c:733)
 ==21270==    by 0x6C47F8: gdb_wait_for_event(int) (event-loop.c:859)
 ==21270==    by 0x6C3666: gdb_do_one_event() (event-loop.c:322)
 ==21270==    by 0x6C3712: start_event_loop() (event-loop.c:371)
 ==21270==    by 0x746801: captured_command_loop() (main.c:329)
 ==21270==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
 ==21270==
 ==21270==
 ==21270== Process terminating with default action of signal 11 (SIGSEGV): dumping core
 ==21270==  Access not within mapped region at address 0x0
 ==21270==    at 0x4D8185: pyuw_this_id(frame_info*, void**, frame_id*) (py-unwind.c:461)
 ==21270==    by 0x6D426A: compute_frame_id(frame_info*) (frame.c:505)
 ==21270==    by 0x6D43B7: get_frame_id(frame_info*) (frame.c:537)
 ==21270==    by 0x84F3B8: scoped_restore_current_thread::scoped_restore_current_thread() (thread.c:1678)
 ==21270==    by 0x718E3D: fetch_inferior_event(void*) (infrun.c:4076)
 ==21270==    by 0x7067C9: inferior_event_handler(inferior_event_type, void*) (inf-loop.c:43)
 ==21270==    by 0x45BEF9: handle_target_event(int, void*) (linux-nat.c:4419)
 ==21270==    by 0x6C4255: handle_file_event(file_handler*, int) (event-loop.c:733)
 ==21270==    by 0x6C47F8: gdb_wait_for_event(int) (event-loop.c:859)
 ==21270==    by 0x6C3666: gdb_do_one_event() (event-loop.c:322)
 ==21270==    by 0x6C3712: start_event_loop() (event-loop.c:371)
 ==21270==    by 0x746801: captured_command_loop() (main.c:329)
 ==21270==  If you believe this happened as a result of a stack
 ==21270==  overflow in your program's main thread (unlikely but
 ==21270==  possible), you can try to increase the size of the
 ==21270==  main thread stack using the --main-stacksize= flag.
 ==21270==  The main thread stack size used in this run was 8388608.
 ==21270==

Above, when we get to compute_frame_id, fi->unwind is non-NULL,
meaning, we found an unwinder, in this case the Python unwinder, but
somehow, fi->prologue_cache is left NULL.  pyuw_this_id then crashes
because it assumes fi->prologue_cache is non-NULL:

  static void
  pyuw_this_id (struct frame_info *this_frame, void **cache_ptr,
		struct frame_id *this_id)
  {
    *this_id = ((cached_frame_info *) *cache_ptr)->frame_id;
                                      ^^^^^^^^^^

'*cache_ptr' here is 'fi->prologue_cache'.

There's a quit() call in pyuw_sniffer that I believe is the one that
sometimes triggers the crash above.  The crash can be reproduced
easily with this hack to force a quit out of the python unwinder:

 --- a/gdb/python/py-unwind.c
 +++ b/gdb/python/py-unwind.c
 @@ -497,6 +497,8 @@ pyuw_sniffer (const struct frame_unwind *self, struct frame_info *this_frame,
    struct gdbarch *gdbarch = (struct gdbarch *) (self->unwind_data);
    cached_frame_info *cached_frame;

 +  quit ();
 +
    gdbpy_enter enter_py (gdbarch, current_language);

    TRACE_PY_UNWIND (3, "%s (SP=%s, PC=%s)\n", __FUNCTION__,

After that quit is thrown, any subsequent operation that involves
unwinding results in GDB crashing with SIGSEGV like above.

The problem is that this commit:

  commit 30a9c02fef
  CommitDate: Sun Oct 8 23:16:42 2017 -0600
  Subject: Remove cleanup from frame_prepare_for_sniffer

missed that we need to call frame_cleanup_after_sniffer before
rethrowing the exception too.

Without the fix, the "bt" added to
gdb.base/bp-cmds-continue-ctrl-c.exp in this commit makes GDB crash:

  Running src/gdb/testsuite/gdb.base/bp-cmds-continue-ctrl-c.exp ...
  ERROR: Process no longer exists

gdb/ChangeLog:
2018-02-14  Pedro Alves  <palves@redhat.com>

	* frame-unwind.c (frame_unwind_try_unwinder): Always call
	frame_cleanup_after_sniffer on exception.

gdb/testsuite/ChangeLog:
2018-02-14  Pedro Alves  <palves@redhat.com>

	* gdb.base/bp-cmds-continue-ctrl-c.exp (do_test): Test "bt" after
	getting a "Quit".
2018-02-14 18:59:00 +00:00

293 lines
8.9 KiB
C
Raw Blame History

/* Definitions for frame unwinder, for GDB, the GNU debugger.
Copyright (C) 2003-2018 Free Software Foundation, Inc.
This file is part of GDB.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
#include "defs.h"
#include "frame.h"
#include "frame-unwind.h"
#include "dummy-frame.h"
#include "inline-frame.h"
#include "value.h"
#include "regcache.h"
#include "gdb_obstack.h"
#include "target.h"
static struct gdbarch_data *frame_unwind_data;
struct frame_unwind_table_entry
{
const struct frame_unwind *unwinder;
struct frame_unwind_table_entry *next;
};
struct frame_unwind_table
{
struct frame_unwind_table_entry *list;
/* The head of the OSABI part of the search list. */
struct frame_unwind_table_entry **osabi_head;
};
static void *
frame_unwind_init (struct obstack *obstack)
{
struct frame_unwind_table *table
= OBSTACK_ZALLOC (obstack, struct frame_unwind_table);
/* Start the table out with a few default sniffers. OSABI code
can't override this. */
table->list = OBSTACK_ZALLOC (obstack, struct frame_unwind_table_entry);
table->list->unwinder = &dummy_frame_unwind;
table->list->next = OBSTACK_ZALLOC (obstack,
struct frame_unwind_table_entry);
table->list->next->unwinder = &inline_frame_unwind;
/* The insertion point for OSABI sniffers. */
table->osabi_head = &table->list->next->next;
return table;
}
void
frame_unwind_prepend_unwinder (struct gdbarch *gdbarch,
const struct frame_unwind *unwinder)
{
struct frame_unwind_table *table
= (struct frame_unwind_table *) gdbarch_data (gdbarch, frame_unwind_data);
struct frame_unwind_table_entry *entry;
/* Insert the new entry at the start of the list. */
entry = GDBARCH_OBSTACK_ZALLOC (gdbarch, struct frame_unwind_table_entry);
entry->unwinder = unwinder;
entry->next = (*table->osabi_head);
(*table->osabi_head) = entry;
}
void
frame_unwind_append_unwinder (struct gdbarch *gdbarch,
const struct frame_unwind *unwinder)
{
struct frame_unwind_table *table
= (struct frame_unwind_table *) gdbarch_data (gdbarch, frame_unwind_data);
struct frame_unwind_table_entry **ip;
/* Find the end of the list and insert the new entry there. */
for (ip = table->osabi_head; (*ip) != NULL; ip = &(*ip)->next);
(*ip) = GDBARCH_OBSTACK_ZALLOC (gdbarch, struct frame_unwind_table_entry);
(*ip)->unwinder = unwinder;
}
/* Call SNIFFER from UNWINDER. If it succeeded set UNWINDER for
THIS_FRAME and return 1. Otherwise the function keeps THIS_FRAME
unchanged and returns 0. */
static int
frame_unwind_try_unwinder (struct frame_info *this_frame, void **this_cache,
const struct frame_unwind *unwinder)
{
int res = 0;
frame_prepare_for_sniffer (this_frame, unwinder);
TRY
{
res = unwinder->sniffer (unwinder, this_frame, this_cache);
}
CATCH (ex, RETURN_MASK_ALL)
{
/* Catch all exceptions, caused by either interrupt or error.
Reset *THIS_CACHE. */
*this_cache = NULL;
frame_cleanup_after_sniffer (this_frame);
if (ex.error == NOT_AVAILABLE_ERROR)
{
/* This usually means that not even the PC is available,
thus most unwinders aren't able to determine if they're
the best fit. Keep trying. Fallback prologue unwinders
should always accept the frame. */
return 0;
}
throw_exception (ex);
}
END_CATCH
if (res)
return 1;
else
{
/* Don't set *THIS_CACHE to NULL here, because sniffer has to do
so. */
frame_cleanup_after_sniffer (this_frame);
return 0;
}
gdb_assert_not_reached ("frame_unwind_try_unwinder");
}
/* Iterate through sniffers for THIS_FRAME frame until one returns with an
unwinder implementation. THIS_FRAME->UNWIND must be NULL, it will get set
by this function. Possibly initialize THIS_CACHE. */
void
frame_unwind_find_by_frame (struct frame_info *this_frame, void **this_cache)
{
struct gdbarch *gdbarch = get_frame_arch (this_frame);
struct frame_unwind_table *table
= (struct frame_unwind_table *) gdbarch_data (gdbarch, frame_unwind_data);
struct frame_unwind_table_entry *entry;
const struct frame_unwind *unwinder_from_target;
unwinder_from_target = target_get_unwinder ();
if (unwinder_from_target != NULL
&& frame_unwind_try_unwinder (this_frame, this_cache,
unwinder_from_target))
return;
unwinder_from_target = target_get_tailcall_unwinder ();
if (unwinder_from_target != NULL
&& frame_unwind_try_unwinder (this_frame, this_cache,
unwinder_from_target))
return;
for (entry = table->list; entry != NULL; entry = entry->next)
if (frame_unwind_try_unwinder (this_frame, this_cache, entry->unwinder))
return;
internal_error (__FILE__, __LINE__, _("frame_unwind_find_by_frame failed"));
}
/* A default frame sniffer which always accepts the frame. Used by
fallback prologue unwinders. */
int
default_frame_sniffer (const struct frame_unwind *self,
struct frame_info *this_frame,
void **this_prologue_cache)
{
return 1;
}
/* The default frame unwinder stop_reason callback. */
enum unwind_stop_reason
default_frame_unwind_stop_reason (struct frame_info *this_frame,
void **this_cache)
{
struct frame_id this_id = get_frame_id (this_frame);
if (frame_id_eq (this_id, outer_frame_id))
return UNWIND_OUTERMOST;
else
return UNWIND_NO_REASON;
}
/* Helper functions for value-based register unwinding. These return
a (possibly lazy) value of the appropriate type. */
/* Return a value which indicates that FRAME did not save REGNUM. */
struct value *
frame_unwind_got_optimized (struct frame_info *frame, int regnum)
{
struct gdbarch *gdbarch = frame_unwind_arch (frame);
struct type *type = register_type (gdbarch, regnum);
struct value *val;
/* Return an lval_register value, so that we print it as
"<not saved>". */
val = allocate_value_lazy (type);
set_value_lazy (val, 0);
mark_value_bytes_optimized_out (val, 0, TYPE_LENGTH (type));
VALUE_LVAL (val) = lval_register;
VALUE_REGNUM (val) = regnum;
VALUE_NEXT_FRAME_ID (val)
= get_frame_id (get_next_frame_sentinel_okay (frame));
return val;
}
/* Return a value which indicates that FRAME copied REGNUM into
register NEW_REGNUM. */
struct value *
frame_unwind_got_register (struct frame_info *frame,
int regnum, int new_regnum)
{
return value_of_register_lazy (frame, new_regnum);
}
/* Return a value which indicates that FRAME saved REGNUM in memory at
ADDR. */
struct value *
frame_unwind_got_memory (struct frame_info *frame, int regnum, CORE_ADDR addr)
{
struct gdbarch *gdbarch = frame_unwind_arch (frame);
struct value *v = value_at_lazy (register_type (gdbarch, regnum), addr);
set_value_stack (v, 1);
return v;
}
/* Return a value which indicates that FRAME's saved version of
REGNUM has a known constant (computed) value of VAL. */
struct value *
frame_unwind_got_constant (struct frame_info *frame, int regnum,
ULONGEST val)
{
struct gdbarch *gdbarch = frame_unwind_arch (frame);
enum bfd_endian byte_order = gdbarch_byte_order (gdbarch);
struct value *reg_val;
reg_val = value_zero (register_type (gdbarch, regnum), not_lval);
store_unsigned_integer (value_contents_writeable (reg_val),
register_size (gdbarch, regnum), byte_order, val);
return reg_val;
}
struct value *
frame_unwind_got_bytes (struct frame_info *frame, int regnum, gdb_byte *buf)
{
struct gdbarch *gdbarch = frame_unwind_arch (frame);
struct value *reg_val;
reg_val = value_zero (register_type (gdbarch, regnum), not_lval);
memcpy (value_contents_raw (reg_val), buf, register_size (gdbarch, regnum));
return reg_val;
}
/* Return a value which indicates that FRAME's saved version of REGNUM
has a known constant (computed) value of ADDR. Convert the
CORE_ADDR to a target address if necessary. */
struct value *
frame_unwind_got_address (struct frame_info *frame, int regnum,
CORE_ADDR addr)
{
struct gdbarch *gdbarch = frame_unwind_arch (frame);
struct value *reg_val;
reg_val = value_zero (register_type (gdbarch, regnum), not_lval);
pack_long (value_contents_writeable (reg_val),
register_type (gdbarch, regnum), addr);
return reg_val;
}
void
_initialize_frame_unwind (void)
{
frame_unwind_data = gdbarch_data_register_pre_init (frame_unwind_init);
}
Reference in New Issue View Git Blame Copy Permalink