[PATCH 1/2] gdb/testsuite: add test for negative subrange bounds with unsigned form

[PATCH 1/2] gdb/testsuite: add test for negative subrange bounds with unsigned form

[Simon Marchi]

I am looking at this code [1]:

  /* Normally, the DWARF producers are expected to use a signed
     constant form (Eg. DW_FORM_sdata) to express negative bounds.
     But this is unfortunately not always the case, as witnessed
     with GCC, for instance, where the ambiguous DW_FORM_dataN form
     is used instead.  To work around that ambiguity, we treat
     the bounds as signed, and thus sign-extend their values, when
     the base type is signed.  */
  negative_mask =
    -((ULONGEST) 1 << (base_type->length () * TARGET_CHAR_BIT - 1));
  if (low.kind () == PROP_CONST
      && !base_type->is_unsigned () && (low.const_val () & negative_mask))
    low.set_const_val (low.const_val () | negative_mask);
  if (high.kind () == PROP_CONST
      && !base_type->is_unsigned () && (high.const_val () & negative_mask))
    high.set_const_val (high.const_val () | negative_mask);

Nothing in the testsuite seems to exercise it, as when I remove it, all
of gdb.dwarf2 still passes.  And tests in other directories would be
compiler-dependent, so would rely on having a buggy compiler.

Update gdb.dwarf2/subrange.exp to have a test for it.  When removing the
code above, the new test fails with:

  ptype array_with_buggy_negative_bounds_type^M
  type = array [240..244] of signed_byte^M
  (gdb) FAIL: gdb.dwarf2/subrange.exp: ptype array_with_buggy_negative_bounds_type

instead of the expected:

  ptype array_with_buggy_negative_bounds_type^M
  type = array [-16..-12] of signed_byte^M
  (gdb) PASS: gdb.dwarf2/subrange.exp: ptype array_with_buggy_negative_bounds_type

[1] https://gitlab.com/gnutools/binutils-gdb/-/blob/5ea14aa4e53fa37f4ba4517497ed2c1e4c60dee2/gdb/dwarf2/read.c#L17681-17695

Change-Id: I1992a3ff0cb1e90fa8a9114dae6c591792f059c2
---
 gdb/testsuite/gdb.dwarf2/subrange.exp | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/gdb/testsuite/gdb.dwarf2/subrange.exp b/gdb/testsuite/gdb.dwarf2/subrange.exp
index 72d7babc88e..8a8443f31a8 100644
--- a/gdb/testsuite/gdb.dwarf2/subrange.exp
+++ b/gdb/testsuite/gdb.dwarf2/subrange.exp
@@ -28,6 +28,7 @@ Dwarf::assemble $asm_file {
  	compile_unit {{language @DW_LANG_Pascal83}} {
 	    declare_labels byte_label typedef_label array_label
 
+	    # A subrange's underlying type that is a typedef.
 	    byte_label: base_type {
 		{name byte}
 		{encoding @DW_ATE_unsigned}
@@ -54,6 +55,28 @@ Dwarf::assemble $asm_file {
 		{name TByteArray}
 		{type :$array_label}
 	    }
+
+	    # This subrange's underlying type is signed, but the bounds are
+	    # specified using a non-signed form.
+	    declare_labels signed_byte_label subrange_with_buggy_negative_bounds_label
+
+	    signed_byte_label: base_type {
+		{name signed_byte}
+		{encoding @DW_ATE_signed}
+		{byte_size 1 DW_FORM_sdata}
+	    }
+
+	    # The bounds mean -16 to -12.
+	    subrange_with_buggy_negative_bounds_label: subrange_type {
+		{lower_bound 0xf0 DW_FORM_udata}
+		{upper_bound 0xf4 DW_FORM_udata}
+		{type :$signed_byte_label}
+	    }
+
+	    DW_TAG_variable {
+		{name subrange_with_buggy_negative_bounds_variable}
+		{type :$subrange_with_buggy_negative_bounds_label}
+	    }
 	}
     }
 }
@@ -67,3 +90,5 @@ gdb_test_no_output "set language pascal"
 
 gdb_test "ptype TByteArray" \
     "type = array \\\[0\\.\\.191\\\] of byte"
+gdb_test "ptype subrange_with_buggy_negative_bounds_variable" \
+    "type = -16..-12"
-- 
2.39.1

[PATCH 2/2] gdb/dwarf: fix UBsan crash in read_subrange_type

[Simon Marchi]

When running gdb.ada/arrayptr.exp (and others) on Ubuntu 22.04, with the
`gnat-11` package installed (not `gnat`), with UBSan activated, I get:

    (gdb) break foo.adb:40
    /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:17689:20: runtime error: shift exponent 127 is too large for 64-bit type 'long unsigned int'

The problematic DIEs are:

    0x00001460:       DW_TAG_subrange_type
                        DW_AT_lower_bound [DW_FORM_data1]   (0x00)
                        DW_AT_upper_bound [DW_FORM_data16]  (ffffffffffffffff3f00000000000000)
                        DW_AT_name [DW_FORM_strp]   ("foo__packed_array___XP7___XDLU_0__1180591620717411303423")
                        DW_AT_type [DW_FORM_ref4]   (0x0000153f "long_long_long_unsigned")
                        DW_AT_GNAT_descriptive_type [DW_FORM_ref4]  (0x0000147e)
                        DW_AT_artificial [DW_FORM_flag_present]     (true)

    0x0000153f:   DW_TAG_base_type
                    DW_AT_byte_size [DW_FORM_data1] (0x10)
                    DW_AT_encoding [DW_FORM_data1]  (DW_ATE_unsigned)
                    DW_AT_name [DW_FORM_strp]       ("long_long_long_unsigned")
                    DW_AT_artificial [DW_FORM_flag_present] (true)

When processed by this code:

    negative_mask =
      -((ULONGEST) 1 << (base_type->length () * TARGET_CHAR_BIT - 1));
    if (low.kind () == PROP_CONST
        && !base_type->is_unsigned () && (low.const_val () & negative_mask))
      low.set_const_val (low.const_val () | negative_mask);

When the base type's length (16 bytes in this case) is larger than a
ULONGEST (typically 8 bytes), the bit shift is too large.

My obvious fix is just to skip the fixup for base types larger than a
ULONGEST (8 bytes).  I don't think we really handle constant attribute
values larger than 8 bytes anyway, so this is part of a much larger
problem.

Add a test that replicates this situation, but uses bounds that fit in a
signed 64 bit, so we get a sensible result.

Change-Id: I8d0a24f3edd83b44e0761a0ce38922d3e2e112fb
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29386
---
 gdb/dwarf2/read.c                     | 29 ++++++++++++++++++---------
 gdb/testsuite/gdb.dwarf2/subrange.exp | 22 ++++++++++++++++++++
 2 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/gdb/dwarf2/read.c b/gdb/dwarf2/read.c
index 44b54f77de9..87846788604 100644
--- a/gdb/dwarf2/read.c
+++ b/gdb/dwarf2/read.c
@@ -17588,7 +17588,6 @@ read_subrange_type (struct die_info *die, struct dwarf2_cu *cu)
   int low_default_is_valid;
   int high_bound_is_count = 0;
   const char *name;
-  ULONGEST negative_mask;
 
   orig_base_type = read_subrange_index_type (die, cu);
 
@@ -17684,15 +17683,25 @@ read_subrange_type (struct die_info *die, struct dwarf2_cu *cu)
      with GCC, for instance, where the ambiguous DW_FORM_dataN form
      is used instead.  To work around that ambiguity, we treat
      the bounds as signed, and thus sign-extend their values, when
-     the base type is signed.  */
-  negative_mask =
-    -((ULONGEST) 1 << (base_type->length () * TARGET_CHAR_BIT - 1));
-  if (low.kind () == PROP_CONST
-      && !base_type->is_unsigned () && (low.const_val () & negative_mask))
-    low.set_const_val (low.const_val () | negative_mask);
-  if (high.kind () == PROP_CONST
-      && !base_type->is_unsigned () && (high.const_val () & negative_mask))
-    high.set_const_val (high.const_val () | negative_mask);
+     the base type is signed.
+
+     Skip it if the base type's length is largest than ULONGEST, to avoid
+     the undefined behavior of a too large left shift.  We don't really handle
+     constants larger than 8 bytes anyway, at the moment.  */
+
+  if (base_type->length () <= sizeof (ULONGEST))
+    {
+      ULONGEST negative_mask
+	= -((ULONGEST) 1 << (base_type->length () * TARGET_CHAR_BIT - 1));
+
+      if (low.kind () == PROP_CONST
+	  && !base_type->is_unsigned () && (low.const_val () & negative_mask))
+	low.set_const_val (low.const_val () | negative_mask);
+
+      if (high.kind () == PROP_CONST
+	  && !base_type->is_unsigned () && (high.const_val () & negative_mask))
+	high.set_const_val (high.const_val () | negative_mask);
+    }
 
   /* Check for bit and byte strides.  */
   struct dynamic_prop byte_stride_prop;
diff --git a/gdb/testsuite/gdb.dwarf2/subrange.exp b/gdb/testsuite/gdb.dwarf2/subrange.exp
index 8a8443f31a8..556422629a3 100644
--- a/gdb/testsuite/gdb.dwarf2/subrange.exp
+++ b/gdb/testsuite/gdb.dwarf2/subrange.exp
@@ -77,6 +77,26 @@ Dwarf::assemble $asm_file {
 		{name subrange_with_buggy_negative_bounds_variable}
 		{type :$subrange_with_buggy_negative_bounds_label}
 	    }
+
+	    # This subrange's base type is 16-bytes long (although the bounds fit in
+	    # signed 64-bit).  This is to test the fix for PR 29386.
+	    declare_labels a_16_byte_integer_label a_16_byte_subrange_label
+
+	    a_16_byte_integer_label: base_type {
+		{byte_size 16 udata}
+		{encoding @DW_ATE_signed}
+	    }
+
+	    a_16_byte_subrange_label: subrange_type {
+		{lower_bound -9223372036854775808 DW_FORM_sdata}
+		{upper_bound 9223372036854775807 DW_FORM_sdata}
+		{type :$a_16_byte_integer_label}
+	    }
+
+	    DW_TAG_variable {
+		{name a_16_byte_subrange_variable}
+		{type :$a_16_byte_subrange_label}
+	    }
 	}
     }
 }
@@ -92,3 +112,5 @@ gdb_test "ptype TByteArray" \
     "type = array \\\[0\\.\\.191\\\] of byte"
 gdb_test "ptype subrange_with_buggy_negative_bounds_variable" \
     "type = -16..-12"
+gdb_test "ptype a_16_byte_subrange_variable" \
+    "type = -9223372036854775808..9223372036854775807"
-- 
2.39.1

Re: [PATCH 1/2] gdb/testsuite: add test for negative subrange bounds with unsigned form

[Andrew Burgess]

Simon Marchi via Gdb-patches <gdb-patches@sourceware.org> writes:

> I am looking at this code [1]:
>
>   /* Normally, the DWARF producers are expected to use a signed
>      constant form (Eg. DW_FORM_sdata) to express negative bounds.
>      But this is unfortunately not always the case, as witnessed
>      with GCC, for instance, where the ambiguous DW_FORM_dataN form
>      is used instead.  To work around that ambiguity, we treat
>      the bounds as signed, and thus sign-extend their values, when
>      the base type is signed.  */
>   negative_mask =
>     -((ULONGEST) 1 << (base_type->length () * TARGET_CHAR_BIT - 1));
>   if (low.kind () == PROP_CONST
>       && !base_type->is_unsigned () && (low.const_val () & negative_mask))
>     low.set_const_val (low.const_val () | negative_mask);
>   if (high.kind () == PROP_CONST
>       && !base_type->is_unsigned () && (high.const_val () & negative_mask))
>     high.set_const_val (high.const_val () | negative_mask);
>
> Nothing in the testsuite seems to exercise it, as when I remove it, all
> of gdb.dwarf2 still passes.  And tests in other directories would be
> compiler-dependent, so would rely on having a buggy compiler.
>
> Update gdb.dwarf2/subrange.exp to have a test for it.  When removing the
> code above, the new test fails with:
>
>   ptype array_with_buggy_negative_bounds_type^M
>   type = array [240..244] of signed_byte^M
>   (gdb) FAIL: gdb.dwarf2/subrange.exp: ptype array_with_buggy_negative_bounds_type
>
> instead of the expected:
>
>   ptype array_with_buggy_negative_bounds_type^M
>   type = array [-16..-12] of signed_byte^M
>   (gdb) PASS: gdb.dwarf2/subrange.exp: ptype array_with_buggy_negative_bounds_type
>
> [1] https://gitlab.com/gnutools/binutils-gdb/-/blob/5ea14aa4e53fa37f4ba4517497ed2c1e4c60dee2/gdb/dwarf2/read.c#L17681-17695
>
> Change-Id: I1992a3ff0cb1e90fa8a9114dae6c591792f059c2
> ---
>  gdb/testsuite/gdb.dwarf2/subrange.exp | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
>
> diff --git a/gdb/testsuite/gdb.dwarf2/subrange.exp b/gdb/testsuite/gdb.dwarf2/subrange.exp
> index 72d7babc88e..8a8443f31a8 100644
> --- a/gdb/testsuite/gdb.dwarf2/subrange.exp
> +++ b/gdb/testsuite/gdb.dwarf2/subrange.exp
> @@ -28,6 +28,7 @@ Dwarf::assemble $asm_file {
>   	compile_unit {{language @DW_LANG_Pascal83}} {
>  	    declare_labels byte_label typedef_label array_label
>  
> +	    # A subrange's underlying type that is a typedef.
>  	    byte_label: base_type {
>  		{name byte}
>  		{encoding @DW_ATE_unsigned}
> @@ -54,6 +55,28 @@ Dwarf::assemble $asm_file {
>  		{name TByteArray}
>  		{type :$array_label}
>  	    }
> +
> +	    # This subrange's underlying type is signed, but the bounds are
> +	    # specified using a non-signed form.
> +	    declare_labels signed_byte_label subrange_with_buggy_negative_bounds_label
> +
> +	    signed_byte_label: base_type {
> +		{name signed_byte}
> +		{encoding @DW_ATE_signed}
> +		{byte_size 1 DW_FORM_sdata}
> +	    }
> +
> +	    # The bounds mean -16 to -12.
> +	    subrange_with_buggy_negative_bounds_label: subrange_type {
> +		{lower_bound 0xf0 DW_FORM_udata}
> +		{upper_bound 0xf4 DW_FORM_udata}
> +		{type :$signed_byte_label}
> +	    }
> +
> +	    DW_TAG_variable {
> +		{name subrange_with_buggy_negative_bounds_variable}
> +		{type :$subrange_with_buggy_negative_bounds_label}
> +	    }
>  	}
>      }
>  }
> @@ -67,3 +90,5 @@ gdb_test_no_output "set language pascal"
>  
>  gdb_test "ptype TByteArray" \
>      "type = array \\\[0\\.\\.191\\\] of byte"
> +gdb_test "ptype subrange_with_buggy_negative_bounds_variable" \
> +    "type = -16..-12"

Should be "type = -16\\.\\.-12"

Otherwise, looks good.

Thanks,
Andrew

> -- 
> 2.39.1

Re: [PATCH 2/2] gdb/dwarf: fix UBsan crash in read_subrange_type

[Andrew Burgess]

Simon Marchi via Gdb-patches <gdb-patches@sourceware.org> writes:

> When running gdb.ada/arrayptr.exp (and others) on Ubuntu 22.04, with the
> `gnat-11` package installed (not `gnat`), with UBSan activated, I get:
>
>     (gdb) break foo.adb:40
>     /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:17689:20: runtime error: shift exponent 127 is too large for 64-bit type 'long unsigned int'
>
> The problematic DIEs are:
>
>     0x00001460:       DW_TAG_subrange_type
>                         DW_AT_lower_bound [DW_FORM_data1]   (0x00)
>                         DW_AT_upper_bound [DW_FORM_data16]  (ffffffffffffffff3f00000000000000)
>                         DW_AT_name [DW_FORM_strp]   ("foo__packed_array___XP7___XDLU_0__1180591620717411303423")
>                         DW_AT_type [DW_FORM_ref4]   (0x0000153f "long_long_long_unsigned")
>                         DW_AT_GNAT_descriptive_type [DW_FORM_ref4]  (0x0000147e)
>                         DW_AT_artificial [DW_FORM_flag_present]     (true)
>
>     0x0000153f:   DW_TAG_base_type
>                     DW_AT_byte_size [DW_FORM_data1] (0x10)
>                     DW_AT_encoding [DW_FORM_data1]  (DW_ATE_unsigned)
>                     DW_AT_name [DW_FORM_strp]       ("long_long_long_unsigned")
>                     DW_AT_artificial [DW_FORM_flag_present] (true)
>
> When processed by this code:
>
>     negative_mask =
>       -((ULONGEST) 1 << (base_type->length () * TARGET_CHAR_BIT - 1));
>     if (low.kind () == PROP_CONST
>         && !base_type->is_unsigned () && (low.const_val () & negative_mask))
>       low.set_const_val (low.const_val () | negative_mask);
>
> When the base type's length (16 bytes in this case) is larger than a
> ULONGEST (typically 8 bytes), the bit shift is too large.
>
> My obvious fix is just to skip the fixup for base types larger than a
> ULONGEST (8 bytes).  I don't think we really handle constant attribute
> values larger than 8 bytes anyway, so this is part of a much larger
> problem.
>
> Add a test that replicates this situation, but uses bounds that fit in a
> signed 64 bit, so we get a sensible result.
>
> Change-Id: I8d0a24f3edd83b44e0761a0ce38922d3e2e112fb
> Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29386
> ---
>  gdb/dwarf2/read.c                     | 29 ++++++++++++++++++---------
>  gdb/testsuite/gdb.dwarf2/subrange.exp | 22 ++++++++++++++++++++
>  2 files changed, 41 insertions(+), 10 deletions(-)
>
> diff --git a/gdb/dwarf2/read.c b/gdb/dwarf2/read.c
> index 44b54f77de9..87846788604 100644
> --- a/gdb/dwarf2/read.c
> +++ b/gdb/dwarf2/read.c
> @@ -17588,7 +17588,6 @@ read_subrange_type (struct die_info *die, struct dwarf2_cu *cu)
>    int low_default_is_valid;
>    int high_bound_is_count = 0;
>    const char *name;
> -  ULONGEST negative_mask;
>  
>    orig_base_type = read_subrange_index_type (die, cu);
>  
> @@ -17684,15 +17683,25 @@ read_subrange_type (struct die_info *die, struct dwarf2_cu *cu)
>       with GCC, for instance, where the ambiguous DW_FORM_dataN form
>       is used instead.  To work around that ambiguity, we treat
>       the bounds as signed, and thus sign-extend their values, when
> -     the base type is signed.  */
> -  negative_mask =
> -    -((ULONGEST) 1 << (base_type->length () * TARGET_CHAR_BIT - 1));
> -  if (low.kind () == PROP_CONST
> -      && !base_type->is_unsigned () && (low.const_val () & negative_mask))
> -    low.set_const_val (low.const_val () | negative_mask);
> -  if (high.kind () == PROP_CONST
> -      && !base_type->is_unsigned () && (high.const_val () & negative_mask))
> -    high.set_const_val (high.const_val () | negative_mask);
> +     the base type is signed.
> +
> +     Skip it if the base type's length is largest than ULONGEST, to avoid

s/largest/larger/

> +     the undefined behavior of a too large left shift.  We don't really handle
> +     constants larger than 8 bytes anyway, at the moment.  */
> +
> +  if (base_type->length () <= sizeof (ULONGEST))
> +    {
> +      ULONGEST negative_mask
> +	= -((ULONGEST) 1 << (base_type->length () * TARGET_CHAR_BIT - 1));
> +
> +      if (low.kind () == PROP_CONST
> +	  && !base_type->is_unsigned () && (low.const_val () & negative_mask))
> +	low.set_const_val (low.const_val () | negative_mask);
> +
> +      if (high.kind () == PROP_CONST
> +	  && !base_type->is_unsigned () && (high.const_val () & negative_mask))
> +	high.set_const_val (high.const_val () | negative_mask);
> +    }
>  
>    /* Check for bit and byte strides.  */
>    struct dynamic_prop byte_stride_prop;
> diff --git a/gdb/testsuite/gdb.dwarf2/subrange.exp b/gdb/testsuite/gdb.dwarf2/subrange.exp
> index 8a8443f31a8..556422629a3 100644
> --- a/gdb/testsuite/gdb.dwarf2/subrange.exp
> +++ b/gdb/testsuite/gdb.dwarf2/subrange.exp
> @@ -77,6 +77,26 @@ Dwarf::assemble $asm_file {
>  		{name subrange_with_buggy_negative_bounds_variable}
>  		{type :$subrange_with_buggy_negative_bounds_label}
>  	    }
> +
> +	    # This subrange's base type is 16-bytes long (although the bounds fit in
> +	    # signed 64-bit).  This is to test the fix for PR 29386.
> +	    declare_labels a_16_byte_integer_label a_16_byte_subrange_label
> +
> +	    a_16_byte_integer_label: base_type {
> +		{byte_size 16 udata}
> +		{encoding @DW_ATE_signed}
> +	    }
> +
> +	    a_16_byte_subrange_label: subrange_type {
> +		{lower_bound -9223372036854775808 DW_FORM_sdata}
> +		{upper_bound 9223372036854775807 DW_FORM_sdata}
> +		{type :$a_16_byte_integer_label}
> +	    }
> +
> +	    DW_TAG_variable {
> +		{name a_16_byte_subrange_variable}
> +		{type :$a_16_byte_subrange_label}
> +	    }
>  	}
>      }
>  }
> @@ -92,3 +112,5 @@ gdb_test "ptype TByteArray" \
>      "type = array \\\[0\\.\\.191\\\] of byte"
>  gdb_test "ptype subrange_with_buggy_negative_bounds_variable" \
>      "type = -16..-12"
> +gdb_test "ptype a_16_byte_subrange_variable" \
> +    "type = -9223372036854775808..9223372036854775807"

As before, I'd use "\\.\\." here.

Looks good with those nits fixed.

Thanks,
Andrew

> -- 
> 2.39.1

Re: [PATCH 1/2] gdb/testsuite: add test for negative subrange bounds with unsigned form

[Simon Marchi]

>> @@ -67,3 +90,5 @@ gdb_test_no_output "set language pascal"
>>  
>>  gdb_test "ptype TByteArray" \
>>      "type = array \\\[0\\.\\.191\\\] of byte"
>> +gdb_test "ptype subrange_with_buggy_negative_bounds_variable" \
>> +    "type = -16..-12"
> 
> Should be "type = -16\\.\\.-12"

Indeed, fixed.

> Otherwise, looks good.

Thanks, will push.

Simon

Re: [PATCH 2/2] gdb/dwarf: fix UBsan crash in read_subrange_type

[Simon Marchi]

>> @@ -17684,15 +17683,25 @@ read_subrange_type (struct die_info *die, struct dwarf2_cu *cu)
>>       with GCC, for instance, where the ambiguous DW_FORM_dataN form
>>       is used instead.  To work around that ambiguity, we treat
>>       the bounds as signed, and thus sign-extend their values, when
>> -     the base type is signed.  */
>> -  negative_mask =
>> -    -((ULONGEST) 1 << (base_type->length () * TARGET_CHAR_BIT - 1));
>> -  if (low.kind () == PROP_CONST
>> -      && !base_type->is_unsigned () && (low.const_val () & negative_mask))
>> -    low.set_const_val (low.const_val () | negative_mask);
>> -  if (high.kind () == PROP_CONST
>> -      && !base_type->is_unsigned () && (high.const_val () & negative_mask))
>> -    high.set_const_val (high.const_val () | negative_mask);
>> +     the base type is signed.
>> +
>> +     Skip it if the base type's length is largest than ULONGEST, to avoid
> 
> s/largest/larger/

Fixed.

>> @@ -92,3 +112,5 @@ gdb_test "ptype TByteArray" \
>>      "type = array \\\[0\\.\\.191\\\] of byte"
>>  gdb_test "ptype subrange_with_buggy_negative_bounds_variable" \
>>      "type = -16..-12"
>> +gdb_test "ptype a_16_byte_subrange_variable" \
>> +    "type = -9223372036854775808..9223372036854775807"
> 
> As before, I'd use "\\.\\." here.

Fixed.

> Looks good with those nits fixed.

Thanks, will push.

Simon