Workaround crashes from stale frame_info pointer (BZ 804256).
This commit is contained in:
Jan Kratochvil
parent
78a785d4c5
commit
fbf39fd05f
174
gdb-stale-frame_info.patch
Normal file
174
gdb-stale-frame_info.patch
Normal file
@ -0,0 +1,174 @@
|
||||
http://sourceware.org/ml/gdb-patches/2012-04/msg00058.html
|
||||
Subject: [downstream patch FYI] workaround stale frame_info * (PR 13866)
|
||||
|
||||
Hi,
|
||||
|
||||
I did not look at which commit caused this regression but apparently it was
|
||||
introduced at least with multi-inferiors.
|
||||
|
||||
I understand this fix is not right fix of the crash; but in most GDB cases one
|
||||
does not use multi-inferior so why to regress single-inferior by it.
|
||||
Some more simple solutions still fix the single-inferior mode but they
|
||||
regressed the multi-inferior mode
|
||||
gdb.threads/no-unwaited-for-left.exp
|
||||
gdb.multi/base.exp
|
||||
so I had to put there that sorting magic.
|
||||
|
||||
With proper C++ sanity check of stale live frame_info references the testcase
|
||||
would be simple without the "frame_garbage_collection" reproducer below.
|
||||
It is also reproducible just with valgrind but regularly running the whole
|
||||
testsuite under valgrind I did not find feasible.
|
||||
|
||||
No regressions on {x86_64,x86_64-m32,i686}-fedora17-linux-gnu.
|
||||
|
||||
|
||||
Thanks,
|
||||
Jan
|
||||
|
||||
|
||||
gdb/
|
||||
2012-04-04 Jan Kratochvil <jan.kratochvil@redhat.com>
|
||||
|
||||
Workaround PR backtrace/13866.
|
||||
* progspace.c (switch_to_program_space_and_thread): Try not to call
|
||||
switch_to_thread.
|
||||
|
||||
--- a/gdb/progspace.c
|
||||
+++ b/gdb/progspace.c
|
||||
@@ -481,17 +481,28 @@ save_current_space_and_thread (void)
|
||||
void
|
||||
switch_to_program_space_and_thread (struct program_space *pspace)
|
||||
{
|
||||
- struct inferior *inf;
|
||||
+ struct inferior *inf = current_inferior ();
|
||||
|
||||
- inf = find_inferior_for_program_space (pspace);
|
||||
+ if (inf->pspace != pspace)
|
||||
+ inf = find_inferior_for_program_space (pspace);
|
||||
if (inf != NULL)
|
||||
{
|
||||
- struct thread_info *tp;
|
||||
+ struct thread_info *tp, *current_tp = NULL;
|
||||
+
|
||||
+ if (ptid_get_pid (inferior_ptid) == inf->pid)
|
||||
+ current_tp = find_thread_ptid (inferior_ptid);
|
||||
|
||||
tp = any_live_thread_of_process (inf->pid);
|
||||
if (tp != NULL)
|
||||
{
|
||||
- switch_to_thread (tp->ptid);
|
||||
+ /* Prefer primarily thread not THREAD_EXITED and secondarily thread
|
||||
+ not EXECUTING. */
|
||||
+ if (current_tp == NULL
|
||||
+ || (tp->state != THREAD_EXITED
|
||||
+ && current_tp->state == THREAD_EXITED)
|
||||
+ || (!tp->executing && current_tp->executing))
|
||||
+ switch_to_thread (tp->ptid);
|
||||
+
|
||||
/* Switching thread switches pspace implicitly. We're
|
||||
done. */
|
||||
return;
|
||||
|
||||
|
||||
Reproducer with:
|
||||
./gdb -nx ~/t/thread -ex 'b 24' -ex r -ex 'until 25'
|
||||
Breakpoint 1, main () at /home/jkratoch/t/thread.c:24
|
||||
24 v++;
|
||||
Segmentation fault (core dumped)
|
||||
|
||||
#include <pthread.h>
|
||||
#include <assert.h>
|
||||
#include <unistd.h>
|
||||
|
||||
static int v;
|
||||
|
||||
static void *start (void *arg)
|
||||
{
|
||||
v++;
|
||||
v++;
|
||||
v++;
|
||||
v++;
|
||||
sleep (100);
|
||||
return arg;
|
||||
}
|
||||
|
||||
int main (void)
|
||||
{
|
||||
pthread_t thread1;
|
||||
int i;
|
||||
|
||||
i = pthread_create (&thread1, NULL, start, NULL);
|
||||
assert (i == 0);
|
||||
v++;
|
||||
v++;
|
||||
v++;
|
||||
v++;
|
||||
i = pthread_join (thread1, NULL);
|
||||
assert (i == 0);
|
||||
|
||||
return 0;
|
||||
}
|
||||
### --- a/gdb/frame.c
|
||||
### +++ b/gdb/frame.c
|
||||
### @@ -1522,12 +1522,30 @@ frame_observer_target_changed (struct target_ops *target)
|
||||
### reinit_frame_cache ();
|
||||
### }
|
||||
###
|
||||
### +typedef struct obstack obstack_s;
|
||||
### +DEF_VEC_O (obstack_s);
|
||||
### +static VEC (obstack_s) *frame_poison_vec;
|
||||
### +
|
||||
### +void frame_garbage_collection (void);
|
||||
### +void
|
||||
### +frame_garbage_collection (void)
|
||||
### +{
|
||||
### + struct obstack *obstack_p;
|
||||
### + int ix;
|
||||
### +
|
||||
### + for (ix = 0; VEC_iterate (obstack_s, frame_poison_vec, ix, obstack_p); ix++)
|
||||
### + obstack_free (obstack_p, 0);
|
||||
### +
|
||||
### + VEC_free (obstack_s, frame_poison_vec);
|
||||
### + frame_poison_vec = NULL;
|
||||
### +}
|
||||
### +
|
||||
### /* Flush the entire frame cache. */
|
||||
###
|
||||
### void
|
||||
### reinit_frame_cache (void)
|
||||
### {
|
||||
### - struct frame_info *fi;
|
||||
### + struct frame_info *fi, *fi_prev;
|
||||
###
|
||||
### /* Tear down all frame caches. */
|
||||
### for (fi = current_frame; fi != NULL; fi = fi->prev)
|
||||
### @@ -1538,8 +1556,14 @@ reinit_frame_cache (void)
|
||||
### fi->base->unwind->dealloc_cache (fi, fi->base_cache);
|
||||
### }
|
||||
###
|
||||
### + for (fi = current_frame; fi != NULL; fi = fi_prev)
|
||||
### + {
|
||||
### + fi_prev = fi->prev;
|
||||
### + memset (fi, 0, sizeof (*fi));
|
||||
### + }
|
||||
### + VEC_safe_push (obstack_s, frame_poison_vec, &frame_cache_obstack);
|
||||
### +
|
||||
### /* Since we can't really be sure what the first object allocated was. */
|
||||
### - obstack_free (&frame_cache_obstack, 0);
|
||||
### obstack_init (&frame_cache_obstack);
|
||||
###
|
||||
### if (current_frame != NULL)
|
||||
### --- a/gdb/top.c
|
||||
### +++ b/gdb/top.c
|
||||
### @@ -359,6 +359,11 @@ prepare_execute_command (void)
|
||||
### if (non_stop)
|
||||
### target_dcache_invalidate ();
|
||||
###
|
||||
### + {
|
||||
### + extern void frame_garbage_collection (void);
|
||||
### + frame_garbage_collection ();
|
||||
### + }
|
||||
### +
|
||||
### return cleanup;
|
||||
### }
|
||||
###
|
||||
9
gdb.spec
9
gdb.spec
@ -33,7 +33,7 @@ Version: 7.4.50.%{snap}
|
||||
|
||||
# The release always contains a leading reserved number, start it at 1.
|
||||
# `upstream' is not a part of `name' to stay fully rpm dependencies compatible for the testing.
|
||||
Release: 37%{?dist}
|
||||
Release: 38%{?dist}
|
||||
|
||||
License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and BSD and Public Domain
|
||||
Group: Development/Debuggers
|
||||
@ -579,6 +579,9 @@ Patch656: gdb-die-cu-offset-2of2.patch
|
||||
# [vla] Fix regression on no type for subrange from IBM XLF Fortran (BZ 806920).
|
||||
Patch660: gdb-subrange-no-type.patch
|
||||
|
||||
# Workaround crashes from stale frame_info pointer (BZ 804256).
|
||||
Patch661: gdb-stale-frame_info.patch
|
||||
|
||||
%if 0%{!?rhel:1} || 0%{?rhel} > 6
|
||||
# RL_STATE_FEDORA_GDB would not be found for:
|
||||
# Patch642: gdb-readline62-ask-more-rh.patch
|
||||
@ -869,6 +872,7 @@ rm -f gdb/jv-exp.c gdb/m2-exp.c gdb/objc-exp.c gdb/p-exp.c
|
||||
%patch655 -p1
|
||||
%patch656 -p1
|
||||
%patch660 -p1
|
||||
%patch661 -p1
|
||||
|
||||
%patch393 -p1
|
||||
%if 0%{!?el5:1} || 0%{?scl:1}
|
||||
@ -1348,6 +1352,9 @@ fi
|
||||
%endif # 0%{!?el5:1} || "%{_target_cpu}" == "noarch"
|
||||
|
||||
%changelog
|
||||
* Wed Apr 4 2012 Jan Kratochvil <jan.kratochvil@redhat.com> - 7.4.50.20120120-38.fc17
|
||||
- Workaround crashes from stale frame_info pointer (BZ 804256).
|
||||
|
||||
* Wed Apr 4 2012 Jan Kratochvil <jan.kratochvil@redhat.com> - 7.4.50.20120120-37.fc17
|
||||
- testsuite: Fix break-interp.exp expections for updated glibc (BZ 752834).
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user