From fbf39fd05fd4700fcc6c578fa84efe4a26c0f339 Mon Sep 17 00:00:00 2001 From: Jan Kratochvil Date: Wed, 4 Apr 2012 21:56:56 +0200 Subject: [PATCH] Workaround crashes from stale frame_info pointer (BZ 804256). --- gdb-stale-frame_info.patch | 174 +++++++++++++++++++++++++++++++++++++ gdb.spec | 9 +- 2 files changed, 182 insertions(+), 1 deletion(-) create mode 100644 gdb-stale-frame_info.patch diff --git a/gdb-stale-frame_info.patch b/gdb-stale-frame_info.patch new file mode 100644 index 0000000..59f8ea1 --- /dev/null +++ b/gdb-stale-frame_info.patch @@ -0,0 +1,174 @@ +http://sourceware.org/ml/gdb-patches/2012-04/msg00058.html +Subject: [downstream patch FYI] workaround stale frame_info * (PR 13866) + +Hi, + +I did not look at which commit caused this regression but apparently it was +introduced at least with multi-inferiors. + +I understand this fix is not right fix of the crash; but in most GDB cases one +does not use multi-inferior so why to regress single-inferior by it. +Some more simple solutions still fix the single-inferior mode but they +regressed the multi-inferior mode + gdb.threads/no-unwaited-for-left.exp + gdb.multi/base.exp +so I had to put there that sorting magic. + +With proper C++ sanity check of stale live frame_info references the testcase +would be simple without the "frame_garbage_collection" reproducer below. +It is also reproducible just with valgrind but regularly running the whole +testsuite under valgrind I did not find feasible. + +No regressions on {x86_64,x86_64-m32,i686}-fedora17-linux-gnu. + + +Thanks, +Jan + + +gdb/ +2012-04-04 Jan Kratochvil + + Workaround PR backtrace/13866. + * progspace.c (switch_to_program_space_and_thread): Try not to call + switch_to_thread. + +--- a/gdb/progspace.c ++++ b/gdb/progspace.c +@@ -481,17 +481,28 @@ save_current_space_and_thread (void) + void + switch_to_program_space_and_thread (struct program_space *pspace) + { +- struct inferior *inf; ++ struct inferior *inf = current_inferior (); + +- inf = find_inferior_for_program_space (pspace); ++ if (inf->pspace != pspace) ++ inf = find_inferior_for_program_space (pspace); + if (inf != NULL) + { +- struct thread_info *tp; ++ struct thread_info *tp, *current_tp = NULL; ++ ++ if (ptid_get_pid (inferior_ptid) == inf->pid) ++ current_tp = find_thread_ptid (inferior_ptid); + + tp = any_live_thread_of_process (inf->pid); + if (tp != NULL) + { +- switch_to_thread (tp->ptid); ++ /* Prefer primarily thread not THREAD_EXITED and secondarily thread ++ not EXECUTING. */ ++ if (current_tp == NULL ++ || (tp->state != THREAD_EXITED ++ && current_tp->state == THREAD_EXITED) ++ || (!tp->executing && current_tp->executing)) ++ switch_to_thread (tp->ptid); ++ + /* Switching thread switches pspace implicitly. We're + done. */ + return; + + +Reproducer with: +./gdb -nx ~/t/thread -ex 'b 24' -ex r -ex 'until 25' +Breakpoint 1, main () at /home/jkratoch/t/thread.c:24 +24 v++; +Segmentation fault (core dumped) + +#include +#include +#include + +static int v; + +static void *start (void *arg) +{ + v++; + v++; + v++; + v++; + sleep (100); + return arg; +} + +int main (void) +{ + pthread_t thread1; + int i; + + i = pthread_create (&thread1, NULL, start, NULL); + assert (i == 0); + v++; + v++; + v++; + v++; + i = pthread_join (thread1, NULL); + assert (i == 0); + + return 0; +} +### --- a/gdb/frame.c +### +++ b/gdb/frame.c +### @@ -1522,12 +1522,30 @@ frame_observer_target_changed (struct target_ops *target) +### reinit_frame_cache (); +### } +### +### +typedef struct obstack obstack_s; +### +DEF_VEC_O (obstack_s); +### +static VEC (obstack_s) *frame_poison_vec; +### + +### +void frame_garbage_collection (void); +### +void +### +frame_garbage_collection (void) +### +{ +### + struct obstack *obstack_p; +### + int ix; +### + +### + for (ix = 0; VEC_iterate (obstack_s, frame_poison_vec, ix, obstack_p); ix++) +### + obstack_free (obstack_p, 0); +### + +### + VEC_free (obstack_s, frame_poison_vec); +### + frame_poison_vec = NULL; +### +} +### + +### /* Flush the entire frame cache. */ +### +### void +### reinit_frame_cache (void) +### { +### - struct frame_info *fi; +### + struct frame_info *fi, *fi_prev; +### +### /* Tear down all frame caches. */ +### for (fi = current_frame; fi != NULL; fi = fi->prev) +### @@ -1538,8 +1556,14 @@ reinit_frame_cache (void) +### fi->base->unwind->dealloc_cache (fi, fi->base_cache); +### } +### +### + for (fi = current_frame; fi != NULL; fi = fi_prev) +### + { +### + fi_prev = fi->prev; +### + memset (fi, 0, sizeof (*fi)); +### + } +### + VEC_safe_push (obstack_s, frame_poison_vec, &frame_cache_obstack); +### + +### /* Since we can't really be sure what the first object allocated was. */ +### - obstack_free (&frame_cache_obstack, 0); +### obstack_init (&frame_cache_obstack); +### +### if (current_frame != NULL) +### --- a/gdb/top.c +### +++ b/gdb/top.c +### @@ -359,6 +359,11 @@ prepare_execute_command (void) +### if (non_stop) +### target_dcache_invalidate (); +### +### + { +### + extern void frame_garbage_collection (void); +### + frame_garbage_collection (); +### + } +### + +### return cleanup; +### } +### diff --git a/gdb.spec b/gdb.spec index bc470aa..faad53e 100644 --- a/gdb.spec +++ b/gdb.spec @@ -33,7 +33,7 @@ Version: 7.4.50.%{snap} # The release always contains a leading reserved number, start it at 1. # `upstream' is not a part of `name' to stay fully rpm dependencies compatible for the testing. -Release: 37%{?dist} +Release: 38%{?dist} License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and BSD and Public Domain Group: Development/Debuggers @@ -579,6 +579,9 @@ Patch656: gdb-die-cu-offset-2of2.patch # [vla] Fix regression on no type for subrange from IBM XLF Fortran (BZ 806920). Patch660: gdb-subrange-no-type.patch +# Workaround crashes from stale frame_info pointer (BZ 804256). +Patch661: gdb-stale-frame_info.patch + %if 0%{!?rhel:1} || 0%{?rhel} > 6 # RL_STATE_FEDORA_GDB would not be found for: # Patch642: gdb-readline62-ask-more-rh.patch @@ -869,6 +872,7 @@ rm -f gdb/jv-exp.c gdb/m2-exp.c gdb/objc-exp.c gdb/p-exp.c %patch655 -p1 %patch656 -p1 %patch660 -p1 +%patch661 -p1 %patch393 -p1 %if 0%{!?el5:1} || 0%{?scl:1} @@ -1348,6 +1352,9 @@ fi %endif # 0%{!?el5:1} || "%{_target_cpu}" == "noarch" %changelog +* Wed Apr 4 2012 Jan Kratochvil - 7.4.50.20120120-38.fc17 +- Workaround crashes from stale frame_info pointer (BZ 804256). + * Wed Apr 4 2012 Jan Kratochvil - 7.4.50.20120120-37.fc17 - testsuite: Fix break-interp.exp expections for updated glibc (BZ 752834).