[RFA] fix crasher on detach command

[RFA] fix crasher on detach command

[Michael Snyder]

[-- Attachment #1: Type: text/plain, Size: 273 bytes --]

Hi,

The circumstances are, detach from a remote target that doesn't have
threads.  Remote.c leaves the PID arbitrarily as "42000", and
target_detach calls remove_breakpoints_pid, which crashes because
find_inferior_pid returns NULL.

The patch just adds a test for NULL.


[-- Attachment #2: null.txt --]
[-- Type: text/plain, Size: 637 bytes --]

2010-06-07  Michael Snyder  <msnyder@vmware.com>

	* breakpoint.c (remove_breakpoints_pid): Check for null.

Index: breakpoint.c
===================================================================
RCS file: /cvs/src/src/gdb/breakpoint.c,v
retrieving revision 1.488
diff -u -p -r1.488 breakpoint.c
--- breakpoint.c	7 Jun 2010 13:38:25 -0000	1.488
+++ breakpoint.c	7 Jun 2010 18:05:28 -0000
@@ -2041,6 +2041,9 @@ remove_breakpoints_pid (int pid)
   int val;
   struct inferior *inf = find_inferior_pid (pid);
 
+  if (inf == NULL)      /* bail out */
+    return 0;
+
   ALL_BP_LOCATIONS (b, b_tmp)
   {
     if (b->pspace != inf->pspace)

Re: [RFA] fix crasher on detach command

[Pedro Alves]

On Monday 07 June 2010 19:11:02, Michael Snyder wrote:
> Hi,
> 
> The circumstances are, detach from a remote target that doesn't have
> threads.  Remote.c leaves the PID arbitrarily as "42000", and
> target_detach calls remove_breakpoints_pid, which crashes because
> find_inferior_pid returns NULL.

It shouldn't matter that the PID is arbitrary; there should be an
inferior with that PID in the inferior list.  This probably means
that the inferior got its PID cleared to 0 already when you get here?
How?

What's the backtrace like at the time of the crash?  I assume
the remove_breakpoints_pid call is coming from within target_detach?

> 
> The patch just adds a test for NULL.
> 
> 


-- 
Pedro Alves

Re: [RFA] fix crasher on detach command

[Michael Snyder]

Pedro Alves wrote:
> On Monday 07 June 2010 19:11:02, Michael Snyder wrote:
>> Hi,
>>
>> The circumstances are, detach from a remote target that doesn't have
>> threads.  Remote.c leaves the PID arbitrarily as "42000", and
>> target_detach calls remove_breakpoints_pid, which crashes because
>> find_inferior_pid returns NULL.
> 
> It shouldn't matter that the PID is arbitrary; there should be an
> inferior with that PID in the inferior list.  This probably means
> that the inferior got its PID cleared to 0 already when you get here?
> How?

It was a bad connect, which aborted part way through.
So yes, we're in an inconsistent internal state.


> What's the backtrace like at the time of the crash?  I assume
> the remove_breakpoints_pid call is coming from within target_detach?

It's fairly normal, target_detach is called by detach_command.

Re: [RFA] fix crasher on detach command

[Pedro Alves]

On Monday 07 June 2010 19:31:26, Michael Snyder wrote:
> Pedro Alves wrote:
> > On Monday 07 June 2010 19:11:02, Michael Snyder wrote:
> >> Hi,
> >>
> >> The circumstances are, detach from a remote target that doesn't have
> >> threads.  Remote.c leaves the PID arbitrarily as "42000", and
> >> target_detach calls remove_breakpoints_pid, which crashes because
> >> find_inferior_pid returns NULL.
> > 
> > It shouldn't matter that the PID is arbitrary; there should be an
> > inferior with that PID in the inferior list.  This probably means
> > that the inferior got its PID cleared to 0 already when you get here?
> > How?
> 
> It was a bad connect, which aborted part way through.
> So yes, we're in an inconsistent internal state.

Then we need to fix that, instead of adding workarounds in other
areas.

> > What's the backtrace like at the time of the crash?  I assume
> > the remove_breakpoints_pid call is coming from within target_detach?
> 
> It's fairly normal, target_detach is called by detach_command.

Okay.  What I was interested was in seeing a paste of the
backtrace, to confirm that's the where the call to
remove_breakpoints_pid is being done, but what you say seems
to confirm it.

-- 
Pedro Alves

Re: [RFA] fix crasher on detach command

[Michael Snyder]

Pedro Alves wrote:
> On Monday 07 June 2010 19:31:26, Michael Snyder wrote:
>> Pedro Alves wrote:
>>> On Monday 07 June 2010 19:11:02, Michael Snyder wrote:
>>>> Hi,
>>>>
>>>> The circumstances are, detach from a remote target that doesn't have
>>>> threads.  Remote.c leaves the PID arbitrarily as "42000", and
>>>> target_detach calls remove_breakpoints_pid, which crashes because
>>>> find_inferior_pid returns NULL.
>>> It shouldn't matter that the PID is arbitrary; there should be an
>>> inferior with that PID in the inferior list.  This probably means
>>> that the inferior got its PID cleared to 0 already when you get here?
>>> How?
>> It was a bad connect, which aborted part way through.
>> So yes, we're in an inconsistent internal state.
> 
> Then we need to fix that, instead of adding workarounds in other
> areas.

I'm not sure how feasible that is.  At this point I've had to use a
^C^C to get out of a failing attach (target remote), and I'm hoping to
use the "detach" to cancel out any remaining inconsistent state.
The ^C^C handler can't necessarily do it by itself, 'cause from its
point of view, you don't really know what state you're in or what
state you want to be in.

Re: [RFA] fix crasher on detach command

[Pedro Alves]

On Monday 07 June 2010 20:00:04, Michael Snyder wrote:
> > Then we need to fix that, instead of adding workarounds in other
> > areas.
> 
> I'm not sure how feasible that is.  At this point I've had to use a
> ^C^C to get out of a failing attach (target remote), and I'm hoping to
> use the "detach" to cancel out any remaining inconsistent state.
> The ^C^C handler can't necessarily do it by itself, 'cause from its
> point of view, you don't really know what state you're in or what
> state you want to be in.

It's feasible.  remote_open_1 + remote_start_remote and remote_close
(usually from pop_target calls within remote.c) are all designed for
this to not happen, but clearly there's a bug somewhere.  It just
sounds like there's something not exception safe that should be.

-- 
Pedro Alves

Re: [RFA] fix crasher on detach command

[Pedro Alves]

On Monday 07 June 2010 20:08:51, Pedro Alves wrote:
> On Monday 07 June 2010 20:00:04, Michael Snyder wrote:
> > > Then we need to fix that, instead of adding workarounds in other
> > > areas.
> > 
> > I'm not sure how feasible that is.  At this point I've had to use a
> > ^C^C to get out of a failing attach (target remote), and I'm hoping to
> > use the "detach" to cancel out any remaining inconsistent state.
> > The ^C^C handler can't necessarily do it by itself, 'cause from its
> > point of view, you don't really know what state you're in or what
> > state you want to be in.
> 
> It's feasible.  remote_open_1 + remote_start_remote and remote_close
> (usually from pop_target calls within remote.c) are all designed for
> this to not happen, but clearly there's a bug somewhere.  It just
> sounds like there's something not exception safe that should be.

To be a bit clearer --

 you've said that the pid was left as 42000 (I assume you meant
inferior_ptid, but that find_inferior no longer finds that inferior.
Where is the current inferior getting it's pid cleared out?  Why
aren't we clearing inferior_ptid as well?

-- 
Pedro Alves

Re: [RFA] fix crasher on detach command

[Michael Snyder]

Pedro Alves wrote:
> On Monday 07 June 2010 20:08:51, Pedro Alves wrote:
>> On Monday 07 June 2010 20:00:04, Michael Snyder wrote:
>>>> Then we need to fix that, instead of adding workarounds in other
>>>> areas.
>>> I'm not sure how feasible that is.  At this point I've had to use a
>>> ^C^C to get out of a failing attach (target remote), and I'm hoping to
>>> use the "detach" to cancel out any remaining inconsistent state.
>>> The ^C^C handler can't necessarily do it by itself, 'cause from its
>>> point of view, you don't really know what state you're in or what
>>> state you want to be in.
>> It's feasible.  remote_open_1 + remote_start_remote and remote_close
>> (usually from pop_target calls within remote.c) are all designed for
>> this to not happen, but clearly there's a bug somewhere.  It just
>> sounds like there's something not exception safe that should be.
> 
> To be a bit clearer --
> 
>  you've said that the pid was left as 42000 (I assume you meant
> inferior_ptid, but that find_inferior no longer finds that inferior.
> Where is the current inferior getting it's pid cleared out?  Why
> aren't we clearing inferior_ptid as well?

What do you mean by "the current inferior"?  I thought that was
inferior_ptid (which is "magic_null_ptid", (42000, 1, -1).

Re: [RFA] fix crasher on detach command

[Michael Snyder]

[-- Attachment #1: Type: text/plain, Size: 440 bytes --]

Pedro Alves wrote:

> To be a bit clearer --
> 
>  you've said that the pid was left as 42000 (I assume you meant
> inferior_ptid, but that find_inferior no longer finds that inferior.
> Where is the current inferior getting it's pid cleared out?  Why
> aren't we clearing inferior_ptid as well?


OK, right.

remote_close calls discard_all_inferiors -- it should also
set inferior_ptid to null_ptid at the same time.

How's this patch?




[-- Attachment #2: detach.txt --]
[-- Type: text/plain, Size: 721 bytes --]

2010-06-07  Michael Snyder  <msnyder@vmware.com>

	* remote.c (remote_close): Set inferior_ptid to null_ptid.

Index: remote.c
===================================================================
RCS file: /cvs/src/src/gdb/remote.c,v
retrieving revision 1.415
diff -u -p -r1.415 remote.c
--- remote.c	2 Jun 2010 22:21:53 -0000	1.415
+++ remote.c	8 Jun 2010 00:08:57 -0000
@@ -2811,6 +2811,7 @@ remote_close (int quitting)
   /* We don't have a connection to the remote stub anymore.  Get rid
      of all the inferiors and their threads we were controlling.  */
   discard_all_inferiors ();
+  inferior_ptid = null_ptid;
 
   /* We're no longer interested in any of these events.  */
   discard_pending_stop_replies (-1);

Re: [RFA] fix crasher on detach command

[Hui Zhu]

On Tue, Jun 8, 2010 at 02:28, Pedro Alves <pedro@codesourcery.com> wrote:
> On Monday 07 June 2010 19:11:02, Michael Snyder wrote:
>> Hi,
>>
>> The circumstances are, detach from a remote target that doesn't have
>> threads.  Remote.c leaves the PID arbitrarily as "42000", and
>> target_detach calls remove_breakpoints_pid, which crashes because
>> find_inferior_pid returns NULL.
>
> It shouldn't matter that the PID is arbitrary; there should be an
> inferior with that PID in the inferior list.  This probably means
> that the inferior got its PID cleared to 0 already when you get here?
> How?
>
> What's the backtrace like at the time of the crash?  I assume
> the remove_breakpoints_pid call is coming from within target_detach?
>
>>
>> The patch just adds a test for NULL.
>>
>>
>
>
> --
> Pedro Alves
>

I suggest we have a gdb_assert after this "struct inferior *inf =
find_inferior_pid (pid);"

Thanks,
Hui

Re: [RFA] fix crasher on detach command

[Pedro Alves]

On Tuesday 08 June 2010 03:42:05, Hui Zhu wrote:

> I suggest we have a gdb_assert after this "struct inferior *inf =
> find_inferior_pid (pid);"

A patch that does that is pre-approved.

-- 
Pedro Alves

Re: [RFA] fix crasher on detach command

[Pedro Alves]

On Tuesday 08 June 2010 00:50:35, Michael Snyder wrote:
> >  you've said that the pid was left as 42000 (I assume you meant
> > inferior_ptid, but that find_inferior no longer finds that inferior.
> > Where is the current inferior getting it's pid cleared out?  Why
> > aren't we clearing inferior_ptid as well?
> 
> What do you mean by "the current inferior"?  I thought that was
> inferior_ptid (which is "magic_null_ptid", (42000, 1, -1).

The "struct inferior" that is returned by the inferior.c:current_inferior
function.  It usually goes one-in-one with inferior_ptid, except, when
the inferior isn't running, at which point there's no pid, so
inferior_ptid is 0,0,0 (null_ptid).

-- 
Pedro Alves

Re: [RFA] fix crasher on detach command

[Pedro Alves]

On Tuesday 08 June 2010 01:11:19, Michael Snyder wrote:
> Pedro Alves wrote:
> 
> > To be a bit clearer --
> > 
> >  you've said that the pid was left as 42000 (I assume you meant
> > inferior_ptid, but that find_inferior no longer finds that inferior.
> > Where is the current inferior getting it's pid cleared out?  Why
> > aren't we clearing inferior_ptid as well?
> 
> 
> OK, right.
> 
> remote_close calls discard_all_inferiors -- it should also
> set inferior_ptid to null_ptid at the same time.
> How's this patch?

Yes, that's better.  That patch is okay.

-- 
Pedro Alves

Re: [RFA] fix crasher on detach command

[Michael Snyder]

Pedro Alves wrote:
> On Tuesday 08 June 2010 01:11:19, Michael Snyder wrote:
>> Pedro Alves wrote:
>>
>>> To be a bit clearer --
>>>
>>>  you've said that the pid was left as 42000 (I assume you meant
>>> inferior_ptid, but that find_inferior no longer finds that inferior.
>>> Where is the current inferior getting it's pid cleared out?  Why
>>> aren't we clearing inferior_ptid as well?
>>
>> OK, right.
>>
>> remote_close calls discard_all_inferiors -- it should also
>> set inferior_ptid to null_ptid at the same time.
>> How's this patch?
> 
> Yes, that's better.  That patch is okay.
> 

Thanks, committed.