[Bug tdep/28527] New: [gdb/tdep] powerpc skip_prologue walks past system call

[Bug tdep/28527] New: [gdb/tdep] powerpc skip_prologue walks past system call

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28527

            Bug ID: 28527
           Summary: [gdb/tdep] powerpc skip_prologue walks past system
                    call
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: tdep
          Assignee: unassigned at sourceware dot org
          Reporter: vries at gcc dot gnu.org
  Target Milestone: ---

[ As reported here:
https://sourceware.org/pipermail/gdb-patches/2021-October/182919.html ]

On powerpc64le-linux, I run into:
...
[Inferior 1 (process 5156) exited normally]^M
(gdb) FAIL: gdb.threads/process-dies-while-detaching.exp: single-process: \
  detach: detach: continue to breakpoint: _exit (the program exited)
...

What happens is the following:
- a breakpoint is set on _exit,
- a continue is issued
- the continue is supposed to hit the breakpoint, but instead
  the program exits.

I traced this down to the breakpoint on _exit being set too far from function
entry.  This is caused by the skip_prologue function (in rs6000-tdep.c)
optimistically ignoring insns it doesn't recognize.  In particular, it walks
past the system call instruction "sc" which initiates the actual exit.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug tdep/28527] [gdb/tdep] powerpc skip_prologue walks past system call

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28527

--- Comment #1 from Tom de Vries <vries at gcc dot gnu.org> ---
Minimal reproducer:
...
$ cat test.c
#include <unistd.h>

int
main (void)
{
  _exit (0);

  return 0;
}
...

Compile as:
...
$ gcc test.c
...

GDB session setup:
...
$ gdb -q a.out -ex "b _exit" -ex "b *_exit" -ex run -ex "layout asm"
...

The run command stops at the "*_exit" breakpoint, at 0x7ffff7e42ea0:
...
┌─────────────────────────────────────────────────────────────────────────────────────────────────┐
│B+>0x7ffff7e42ea0 <_exit>          addis   r2,r12,18                          
                  │
│   0x7ffff7e42ea4 <_exit+4>        addi    r2,r2,17248                        
                  │
│   0x7ffff7e42ea8 <_exit+8>        nop                                        
                  │
│   0x7ffff7e42eac <_exit+12>       std     r31,-8(r1)                         
                  │
│   0x7ffff7e42eb0 <_exit+16>       mr      r31,r3                             
                  │
│   0x7ffff7e42eb4 <_exit+20>       std     r30,-16(r1)                        
                  │
│   0x7ffff7e42eb8 <_exit+24>       li      r0,234                             
                  │
│   0x7ffff7e42ebc <_exit+28>       ld      r9,-29792(r2)                      
                  │
│   0x7ffff7e42ec0 <_exit+32>       mr      r3,r31                             
                  │
│   0x7ffff7e42ec4 <_exit+36>       add     r30,r9,r13                         
                  │
│   0x7ffff7e42ec8 <_exit+40>       sc                                         
                  │
│   0x7ffff7e42ecc <_exit+44>       mfcr    r0                                 
                  │
│b+ 0x7ffff7e42ed0 <_exit+48>       andis.  r9,r0,4096                         
                  │
└─────────────────────────────────────────────────────────────────────────────────────────────────┘
native process 29312 In: _exit                                            L??  
PC: 0x7ffff7e42ea0 
...

The "_exit" breakpoint is set at 0x7ffff7e42ed0.

If we stepi through the rest of the function, the sc insn at 0x7ffff7e42ec8 is
the last insn executed, and the inferior exits (which AFAIU is according to
spec), obviously not hitting the breakpoint.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug tdep/28527] [gdb/tdep] powerpc skip_prologue walks past system call

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28527

--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
Output of disassemble /r:
...
Dump of assembler code for function _exit:
   0x00007ffff7e42ea0 <+0>:     12 00 4c 3c     addis   r2,r12,18
   0x00007ffff7e42ea4 <+4>:     60 43 42 38     addi    r2,r2,17248
   0x00007ffff7e42ea8 <+8>:     00 00 00 60     nop
   0x00007ffff7e42eac <+12>:    f8 ff e1 fb     std     r31,-8(r1)
   0x00007ffff7e42eb0 <+16>:    78 1b 7f 7c     mr      r31,r3
   0x00007ffff7e42eb4 <+20>:    f0 ff c1 fb     std     r30,-16(r1)
   0x00007ffff7e42eb8 <+24>:    ea 00 00 38     li      r0,234
   0x00007ffff7e42ebc <+28>:    a0 8b 22 e9     ld      r9,-29792(r2)
   0x00007ffff7e42ec0 <+32>:    78 fb e3 7f     mr      r3,r31
   0x00007ffff7e42ec4 <+36>:    14 6a c9 7f     add     r30,r9,r13
   0x00007ffff7e42ec8 <+40>:    02 00 00 44     sc
   0x00007ffff7e42ecc <+44>:    26 00 00 7c     mfcr    r0
   0x00007ffff7e42ed0 <+48>:    00 10 09 74     andis.  r9,r0,4096
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug tdep/28527] [gdb/tdep] powerpc skip_prologue walks past system call

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28527

--- Comment #3 from Tom de Vries <vries at gcc dot gnu.org> ---
In opcodes/ppc-opc.c we have:
...
{"svc",         SC(17,0,0),     SC_MASK,     POWER,     PPCVLE,        
{SVC_LEV, FL1, FL2}},
{"scv",         SC(17,0,1),     SC_MASK,     POWER9,    PPCVLE,        
{SVC_LEV}},
{"svcl",        SC(17,0,1),     SC_MASK,     POWER,     PPCVLE,        
{SVC_LEV, FL1, FL2}},
{"sc",          SC(17,1,0),     SC_MASK,     PPC,       PPCVLE,         {LEV}},
{"svca",        SC(17,1,0),     SC_MASK,     PWRCOM,    PPCVLE,         {SV}},
{"svcla",       SC(17,1,1),     SC_MASK,     POWER,     PPCVLE,         {SV}},
...

Located here:
...
(gdb) p powerpc_opcodes[1258 + 0].name
$30 = 0x10fcd4e "svc"
(gdb) p powerpc_opcodes[1258 + 5].name
$31 = 0x10fcd63 "svcla"
...

With values:
...
(gdb) p /x powerpc_opcodes[1258 + 0]
$32 = {name = 0x10fcd4e, opcode = 0x44000000, mask = 0xffff0003, flags = 0x2, 
  deprecated = 0x800000000, operands = {0x51, 0x3f, 0x40, 0x0, 0x0, 0x0, 0x0,
0x0}}
(gdb) p /x powerpc_opcodes[1258 + 1]
$33 = {name = 0x10fcd52, opcode = 0x44000001, mask = 0xffff0003, flags =
0x10000000000, 
  deprecated = 0x800000000, operands = {0x51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
(gdb) p /x powerpc_opcodes[1258 + 2]
$34 = {name = 0x10fcd56, opcode = 0x44000001, mask = 0xffff0003, flags = 0x2, 
  deprecated = 0x800000000, operands = {0x51, 0x3f, 0x40, 0x0, 0x0, 0x0, 0x0,
0x0}}
(gdb) p /x powerpc_opcodes[1258 + 3]
$35 = {name = 0x10fcd5b, opcode = 0x44000002, mask = 0xffff0003, flags = 0x1, 
  deprecated = 0x800000000, operands = {0x52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
(gdb) p /x powerpc_opcodes[1258 + 4]
$36 = {name = 0x10fcd5e, opcode = 0x44000002, mask = 0xffff0003, flags = 0x32, 
  deprecated = 0x800000000, operands = {0x8b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
(gdb) p /x powerpc_opcodes[1258 + 5]
$37 = {name = 0x10fcd63, opcode = 0x44000003, mask = 0xffff0003, flags = 0x2, 
  deprecated = 0x800000000, operands = {0x8b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug tdep/28527] [gdb/tdep] powerpc skip_prologue walks past system call

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28527

--- Comment #4 from Tom de Vries <vries at gcc dot gnu.org> ---
Tentative fix:
...
diff --git a/gdb/rs6000-tdep.c b/gdb/rs6000-tdep.c
index 78b4fd1a913..4830ed22593 100644
--- a/gdb/rs6000-tdep.c
+++ b/gdb/rs6000-tdep.c
@@ -2137,6 +2137,12 @@ skip_prologue (struct gdbarch *gdbarch, CORE_ADDR pc,
CORE_ADDR lim_
pc,
            /* Never skip branches.  */
            break;

+         /* Test based on opcode and mask values of
+            powerpc_opcodes[svc..svcla] in opcodes/ppc-opc.c.  */
+         if ((op & 0xffff0000) == 0x44000000)
+           /* Never skip system calls.  */
+           break;
+
          if (num_skip_non_prologue_insns++ > max_skip_non_prologue_insns)
            /* Do not scan too many insns, scanning insns is expensive with
               remote targets.  */
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug tdep/28527] [gdb/tdep] powerpc skip_prologue walks past system call

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28527

--- Comment #5 from Tom de Vries <vries at gcc dot gnu.org> ---
https://sourceware.org/pipermail/gdb-patches/2021-November/183016.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug tdep/28527] [gdb/tdep] powerpc skip_prologue walks past system call

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28527

Tom de Vries <vries at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED
   Target Milestone|---                         |12.1

--- Comment #6 from Tom de Vries <vries at gcc dot gnu.org> ---
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=a50bdb99afe3ce2374407cbe7ddc625c1a0b74f7

-- 
You are receiving this mail because:
You are on the CC list for the bug.