From: Pedro Alves <palves@redhat.com>
To: Andrew Burgess <aburgess@broadcom.com>, gdb-patches@sourceware.org
Subject: Re: [PATCH 0/2] Demangler crash handler
Date: Wed, 14 May 2014 18:32:00 -0000 [thread overview]
Message-ID: <5373B6C6.6060401@redhat.com> (raw)
In-Reply-To: <5373950D.7050903@broadcom.com>
On 05/14/2014 05:08 PM, Andrew Burgess wrote:
> On 14/05/2014 3:01 PM, Pedro Alves wrote:
>> On 05/10/2014 09:55 PM, Florian Weimer wrote:
>>> * Mark Kettenis:
>>>
>>>> No. It's this skind of duct-tape that will make sure that bugs in the
>>>> demangler won't get fixed. Apart from removing the incentive to fix
>>>> the bugs, these SIGSEGV signal handlers make actually fixing the bugs
>>>> harder as you won't have core dumps.
>>>
>>> I find this approach extremely odd as well.
>>
>> I have to admit I'm not super keen on using signals for this either.
>> For one, not all bugs trigger segmentation faults. Then stealing
>> a signal handler always has multi-threading considerations. E.g.,
>> gdb Python code could well spawn a thread that happens to call
>> something that wants its own SIGSEGV handler... Signal handlers
>> are per-process, not per-thread.
>>
>> How about we instead add a new hook to the demangler interface,
>> that allows registering a callback that has the prototype of
>> gdb's internal_error?
>
> I thought that if the demangler couldn't demangle a symbol you
> just got back NULL indicating no demangle was possible.
Well, that's fine, and I think that it's a matter that can
be changed independently of the scheme used to detect bad state
in the demangled. For instance, we can have GDB's
demangler_internal_error callback throw a normal error,
and then catch it from within gdb_demangle, and have that return
NULL.
>
> Given that, it's not clear to me where you'd want to use the error
> handler, if you know something can't be demangled then you'd return
> NULL, but if some feature wasn't implemented yet then surely you're
> still better returning NULL than using the error handler, at least
> that way the user of the demangler will continue using the mangled
> version of the symbol.
>
> I'm not arguing _for_ catching SEGV, I just think that an error handler
> only helps with known bad states, the problem is that I think in all
> known bad states the demangler should just return NULL, it's the
> unknown bad states that are an issue here.
Well, the idea is about protecting against really bad state,
not unimplemented features. Such a mechanism would be used
just like gdb's assertions. E.g.,
#define d_assert(expr) \
((void) ((expr) ? 0 : \
(d_assert_fail (#expr, __FILE__, __LINE__, FUNCTION_NAME), 0)))
and then:
d_assert (...->index >= 0);
d_assert (...->count >= 0);
d_assert (len >= 0);
d_assert (ptr != NULL)
d_assert (!bad_recursion);
etc. That seems much easier and natural to write then a bunch
of error-return style handling, which may require changing
function's prototypes.
Having the libgcc/libstdc++ versions abort on broken state
(but not on bad symbols!) is I think just fine. We should
really prevent that with better testing, e.g., the
demangle-the-world testing, and/or fuzzy testing.
So I could see even the hook disappearing and the demangler
sigsetjmp/siglongjmp itself internally in the entry point
GDB uses (but not on libstdc++'s) and then returning NULL on
broken state. That'd avoid adding a hook that effectively won't
ever go away, even if in reality it might be or become unnecessary.
I do wonder whether the demangler quality issue isn't being
blown out of proportion though. I think further investments
in better testing/coverage would be much better and important
than all this bug swallowing... I think the pay off of e.g.,
running through all symbols in a distro is higher, as we're
likely to catch earlier. Yes, it's not mutually exclusive,
but in my mind, having something like that done routinely
effectively ups the quality assurance by a large margin.
--
Pedro Alves
next prev parent reply other threads:[~2014-05-14 18:32 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-09 10:07 Gary Benson
2014-05-09 10:09 ` [PATCH 1/2] " Gary Benson
2014-05-09 10:10 ` [PATCH 2/2] " Gary Benson
2014-05-09 11:20 ` [PATCH 0/2] " Mark Kettenis
2014-05-09 15:33 ` Gary Benson
2014-05-11 5:17 ` Doug Evans
2014-05-13 10:20 ` Gary Benson
2014-05-13 19:29 ` Tom Tromey
2014-05-14 13:07 ` Gary Benson
2014-05-13 19:39 ` Tom Tromey
2014-05-14 9:15 ` Gary Benson
2014-05-11 20:23 ` Mark Kettenis
2014-05-13 10:21 ` Gary Benson
2014-05-13 16:05 ` Pedro Alves
2014-05-15 13:24 ` Gary Benson
2014-05-15 14:07 ` Pedro Alves
2014-05-15 14:28 ` Gary Benson
2014-05-15 15:25 ` Pedro Alves
2014-05-16 11:06 ` Pedro Alves
2014-05-10 20:55 ` Florian Weimer
2014-05-11 5:10 ` Doug Evans
2014-05-13 10:22 ` Gary Benson
2014-05-13 18:22 ` Florian Weimer
2014-05-13 18:42 ` Pedro Alves
2014-05-13 19:16 ` Gary Benson
2014-05-13 19:19 ` Pedro Alves
2014-05-14 9:11 ` Gary Benson
2014-05-13 19:20 ` Florian Weimer
2014-05-13 19:22 ` Pedro Alves
2014-05-13 19:22 ` Gary Benson
2014-05-13 19:36 ` Tom Tromey
2014-05-14 9:13 ` Gary Benson
2014-05-14 14:18 ` Pedro Alves
2014-05-14 16:08 ` Andrew Burgess
2014-05-14 18:32 ` Pedro Alves [this message]
2014-05-15 13:25 ` Gary Benson
2014-05-15 16:01 ` Pedro Alves
2014-05-15 13:27 ` Gary Benson
2014-05-20 17:05 ` Tom Tromey
2014-05-20 18:40 ` Stan Shebs
2014-05-20 19:36 ` Tom Tromey
2014-05-20 20:23 ` Joel Brobecker
2014-05-22 12:56 ` Gary Benson
2014-05-22 13:09 ` Joel Brobecker
2014-05-22 14:13 ` Pedro Alves
2014-05-22 15:57 ` Gary Benson
2014-05-22 13:18 ` Gary Benson
2014-05-22 14:09 ` Gary Benson
2014-05-22 14:40 ` Mark Kettenis
2014-05-22 20:42 ` Gary Benson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5373B6C6.6060401@redhat.com \
--to=palves@redhat.com \
--cc=aburgess@broadcom.com \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).