public inbox for gdb-prs@sourceware.org help / color / mirror / Atom feed
* [Bug exp/28980] New: GDB crashes when using GDB/MI and python pretty printers in some cases @ 2022-03-19 13:06 ssbssa at sourceware dot org 2022-03-19 13:09 ` [Bug exp/28980] " ssbssa at sourceware dot org ` (5 more replies) 0 siblings, 6 replies; 7+ messages in thread From: ssbssa at sourceware dot org @ 2022-03-19 13:06 UTC (permalink / raw) To: gdb-prs https://sourceware.org/bugzilla/show_bug.cgi?id=28980 Bug ID: 28980 Summary: GDB crashes when using GDB/MI and python pretty printers in some cases Product: gdb Version: HEAD Status: NEW Severity: normal Priority: P2 Component: exp Assignee: unassigned at sourceware dot org Reporter: ssbssa at sourceware dot org Target Milestone: --- Originally reported by Jan Vrany on the mailing list: https://sourceware.org/pipermail/gdb/2022-March/049966.html TL;DR: I'm experiencing GDB crashes with recent GDB which seem to be caused by commit 5f8ab46. Why is that I do not know (yet). Some details below. Full story: After updating my every-day-use GDB to commit commit c9178f285acf19e066be8367185d52837161b0a2 (HEAD -> master, origin/master) Author: Alan Modra <amodra@gmail.com> Date: Thu Mar 17 20:05:39 2022 +1030 I'm experiencing GDB to crash on assertion failure in value_copy (value.c:1731). This is triggered when I single-step through code while having (my, custom) GDB/MI frontent displaying local variables with python pretty printers enabled. For example: doing this in frontend triggers the assertion failure: file gdb/testsuite/outputs/gdb.python/py-prettyprint/py-prettyprint-cxx source gdb/testsuite/outputs/gdb.python/py-prettyprint/py-prettyprint.py b add_item(container*, int) r dis 1 fin n n (few more times until it crashes) This is the backtrace when it crashes: /home/jv/Proj...atches/gdb/gdb [stopped] Thread 1 [stopped] "gdb" 0 0x0000556077ADABD0 internal_error (errors.cc:51) 1 0x00005560776148A7 value_copy (value.c:1731) 2 0x0000556077360028 gdbpy_get_varobj_pretty_printer (py-prettyprint.c:655) 3 0x0000556077620E60 install_default_visualizer (varobj.c:1056) 4 0x00005560776210E9 install_new_value_visualizer (varobj.c:1127) 5 0x00005560776218B2 install_new_value (varobj.c:1339) 6 0x000055607761F6FB varobj_create (varobj.c:378) 7 0x0000556077245C05 mi_cmd_var_create (mi-cmd-var.c:132) 8 0x0000556077249F2B mi_command_mi::invoke (mi-cmds.c:58) 9 0x0000556077264F15 mi_cmd_execute (mi-main.c:2091) 10 0x000055607726450C captured_mi_execute_command (mi-main.c:1823) 11 0x000055607726498A mi_execute_command (mi-main.c:1947) 12 0x000055607724D21B mi_execute_command_wrapper (mi-interp.c:285) 13 0x000055607724D2A4 mi_execute_command_input_handler (mi-interp.c:314) 14 0x00005560770D7149 gdb_readline_no_editing_callback (event-top.c:878) 15 0x00005560770D6948 stdin_event_handler (event-top.c:524) 16 0x0000556077ADB57E gdb_wait_for_event (event-loop.cc:700) 17 0x0000556077ADB7FB gdb_wait_for_event (event-loop.cc:596) 18 0x0000556077ADB7FB gdb_do_one_event (event-loop.cc:237) 19 0x000055607721BA1B start_event_loop (main.c:421) 20 0x000055607721BB3F captured_command_loop (main.c:481) 21 0x000055607721D535 captured_main (main.c:1351) 22 0x000055607721D59B gdb_main (main.c:1366) 23 0x0000556076DA7E93 main (gdb.c:32) Thread 2 [stopped] "gdb worker" Thread 3 [stopped] "gdb worker" Thread 4 [stopped] "gdb worker" Thread 5 [stopped] "gdb worker" Unfortunately, so far I was unable to reproduce this outside my frontend. I tried to simulate what the frontend does (see attached file), but running GDB like gdb -i mi < crash-in-value_copy-reproducer.txt does not trigger it (arguably, the frontend issues silly / unnecessary MI commands, but still it should not crash GDB - I would think :-). If I revert commit commit 5f8ab46bc6918efb678deb5956c033e466afe301 Author: Simon Marchi <simon.marchi@polymtl.ca> Date: Mon Jan 31 15:57:58 2022 -0500 gdb: constify parameter of value_copy Everything seems to work just fine for me. I'm not at all familiar with this part of the GDB code so I do not know whether this change is the real culprit or not, let alone to explain why. I'll try to investigate further when I find more time, but in case someone brave enough to read through this post has an idea, I'll appreciate it! Thanks, Jan -------------- next part -------------- file /home/jv/Projects/gdb/users_jv_patches/gdb/testsuite/outputs/gdb.python/py-prettyprint/py-prettyprint-cxx source /home/jv/Projects/gdb/users_jv_patches/gdb/testsuite/outputs/gdb.python/py-prettyprint/py-prettyprint.py b add_item(container*, int) r 23-data-list-register-names --thread 1 --frame 0 24-stack-info-depth --thread 1 100 25-data-list-register-values --thread 1 --frame 0 r 26-stack-list-frames --thread 1 0 1 27-stack-list-variables --thread 1 --frame 0 --simple-values 28-thread-info 1 29-var-create --thread 1 --frame 0 - * c 30-var-update --all-values var1 31-var-create --thread 1 --frame 0 - * val 32-var-update --all-values var2 dis 1 fin 33-data-list-register-values --thread 1 --frame 0 r 34-stack-info-depth --thread 1 100 35-stack-list-variables --thread 1 --frame 0 --simple-values 36-stack-list-frames --thread 1 0 0 37-var-create --thread 1 --frame 0 - * ss 38-var-update --all-values var3 39-var-create --thread 1 --frame 0 - * ssa 40-var-update --all-values var4 41-var-create --thread 1 --frame 0 - * arraystruct 42-var-update --all-values var5 43-var-create --thread 1 --frame 0 - * x 44-var-update --all-values var6 45-var-create --thread 1 --frame 0 - * c 46-var-update --all-values var7 47-var-create --thread 1 --frame 0 - * c2 48-var-update --all-values var8 49-var-create --thread 1 --frame 0 - * cstring 50-var-update --all-values var9 51-var-create --thread 1 --frame 0 - * nullstr 52-var-update --all-values var10 53-var-create --thread 1 --frame 0 - * nstype 54-var-update --all-values var11 55-var-create --thread 1 --frame 0 - * nstype2 56-var-update --all-values var12 57-var-create --thread 1 --frame 0 - * me 58-var-update --all-values var13 59-var-create --thread 1 --frame 0 - * ns 60-var-update --all-values var14 61-var-create --thread 1 --frame 0 - * ns2 62-var-update --all-values var15 63-var-create --thread 1 --frame 0 - * estring 64-var-update --all-values var16 65-var-create --thread 1 --frame 0 - * estring2 66-var-update --all-values var17 67-var-create --thread 1 --frame 0 - * estring3 68-var-update --all-values var18 69-exec-next 70-stack-list-variables --thread 1 --frame 0 --simple-values 71-stack-info-depth --thread 1 100 72-stack-list-frames --thread 1 0 0 73-var-create --thread 1 --frame 0 - * ss 74-var-update --all-values var19 75-var-create --thread 1 --frame 0 - * ssa 76-var-update --all-values var20 77-var-create --thread 1 --frame 0 - * arraystruct 78-var-update --all-values var21 79-var-create --thread 1 --frame 0 - * x 80-var-update --all-values var22 81-var-create --thread 1 --frame 0 - * c 82-var-update --all-values var23 83-var-create --thread 1 --frame 0 - * c2 84-var-update --all-values var24 85-var-create --thread 1 --frame 0 - * cstring 86-var-update --all-values var25 87-var-create --thread 1 --frame 0 - * nullstr 88-var-update --all-values var26 89-var-create --thread 1 --frame 0 - * nstype 90-var-update --all-values var27 91-var-create --thread 1 --frame 0 - * nstype2 92-var-update --all-values var28 93-var-create --thread 1 --frame 0 - * me 94-var-update --all-values var29 95-var-create --thread 1 --frame 0 - * ns 96-var-update --all-values var30 97-var-create --thread 1 --frame 0 - * ns2 98-var-update --all-values var31 99-var-create --thread 1 --frame 0 - * estring 100-var-update --all-values var32 101-var-create --thread 1 --frame 0 - * estring2 102-var-update --all-values var33 103-var-create --thread 1 --frame 0 - * estring3 104-var-update --all-values var34 105-exec-next 106-stack-list-variables --thread 1 --frame 0 --simple-values 107-stack-info-depth --thread 1 100 108-stack-list-frames --thread 1 0 0 109-var-create --thread 1 --frame 0 - * ss 110-var-update --all-values var35 111-var-create --thread 1 --frame 0 - * ssa 112-var-update --all-values var36 113-var-create --thread 1 --frame 0 - * arraystruct 114-var-update --all-values var37 115-var-create --thread 1 --frame 0 - * x 116-var-update --all-values var38 117-var-create --thread 1 --frame 0 - * c 118-var-update --all-values var39 119-var-create --thread 1 --frame 0 - * c2 120-var-update --all-values var40 121-var-create --thread 1 --frame 0 - * cstring 122-var-update --all-values var41 123-var-create --thread 1 --frame 0 - * nullstr 124-var-update --all-values var42 125-var-create --thread 1 --frame 0 - * nstype 126-var-update --all-values var43 127-var-create --thread 1 --frame 0 - * nstype2 128-var-update --all-values var44 129-var-create --thread 1 --frame 0 - * me 130-var-update --all-values var45 131-var-create --thread 1 --frame 0 - * ns 132-var-update --all-values var46 133-var-create --thread 1 --frame 0 - * ns2 134-var-update --all-values var47 135-var-create --thread 1 --frame 0 - * estring 136-var-update --all-values var48 137-var-create --thread 1 --frame 0 - * estring2 138-var-update --all-values var49 139-var-create --thread 1 --frame 0 - * estring3 140-var-update --all-values var50 141-exec-next 142-stack-list-variables --thread 1 --frame 0 --simple-values 143-stack-info-depth --thread 1 100 144-stack-list-frames --thread 1 0 0 145-var-create --thread 1 --frame 0 - * ss 146-var-update --all-values var51 147-var-create --thread 1 --frame 0 - * ssa 148-var-update --all-values var52 149-var-create --thread 1 --frame 0 - * arraystruct 150-var-update --all-values var53 151-var-create --thread 1 --frame 0 - * x 152-var-update --all-values var54 153-var-create --thread 1 --frame 0 - * c 154-var-update --all-values var55 155-var-create --thread 1 --frame 0 - * c2 156-var-update --all-values var56 157-var-create --thread 1 --frame 0 - * cstring 158-var-update --all-values var57 159-var-create --thread 1 --frame 0 - * nullstr 160-var-update --all-values var58 161-var-create --thread 1 --frame 0 - * nstype 162-var-update --all-values var59 163-var-create --thread 1 --frame 0 - * nstype2 164-var-update --all-values var60 165-var-create --thread 1 --frame 0 - * me 166-var-update --all-values var61 167-var-create --thread 1 --frame 0 - * ns 168-var-update --all-values var62 169-var-create --thread 1 --frame 0 - * ns2 170-var-update --all-values var63 171-var-create --thread 1 --frame 0 - * estring 172-var-update --all-values var64 173-var-create --thread 1 --frame 0 - * estring2 174-var-update --all-values var65 175-var-create --thread 1 --frame 0 - * estring3 176-var-update --all-values var66 177-exec-next 178-stack-list-variables --thread 1 --frame 0 --simple-values 179-stack-info-depth --thread 1 100 180-stack-list-frames --thread 1 0 0 181-var-create --thread 1 --frame 0 - * ss 182-var-update --all-values var67 183-var-create --thread 1 --frame 0 - * ssa 184-var-update --all-values var68 185-var-create --thread 1 --frame 0 - * arraystruct 186-var-update --all-values var69 187-var-create --thread 1 --frame 0 - * x 188-var-update --all-values var70 189-var-create --thread 1 --frame 0 - * c 190-var-update --all-values var71 191-var-create --thread 1 --frame 0 - * c2 192-var-update --all-values var72 193-var-create --thread 1 --frame 0 - * cstring 194-var-update --all-values var73 195-var-create --thread 1 --frame 0 - * nullstr 196-var-update --all-values var74 197-var-create --thread 1 --frame 0 - * nstype 198-var-update --all-values var75 199-var-create --thread 1 --frame 0 - * nstype2 200-var-update --all-values var76 201-var-create --thread 1 --frame 0 - * me 202-var-update --all-values var77 203-var-create --thread 1 --frame 0 - * ns 204-var-update --all-values var78 205-var-create --thread 1 --frame 0 - * ns2 206-var-update --all-values var79 207-var-create --thread 1 --frame 0 - * estring 208-var-update --all-values var80 209-var-create --thread 1 --frame 0 - * estring2 210-var-update --all-values var81 211-var-create --thread 1 --frame 0 - * estring3 212-var-update --all-values var82 213-exec-next 214-stack-list-variables --thread 1 --frame 0 --simple-values 215-stack-info-depth --thread 1 100 216-stack-list-frames --thread 1 0 0 217-var-create --thread 1 --frame 0 - * ss 218-var-update --all-values var83 219-var-create --thread 1 --frame 0 - * ssa 220-var-update --all-values var84 221-var-create --thread 1 --frame 0 - * arraystruct 222-var-update --all-values var85 223-var-create --thread 1 --frame 0 - * x 224-var-update --all-values var86 225-var-create --thread 1 --frame 0 - * c 226-var-update --all-values var87 227-var-create --thread 1 --frame 0 - * c2 228-var-update --all-values var88 229-var-create --thread 1 --frame 0 - * cstring 230-var-update --all-values var89 231-var-create --thread 1 --frame 0 - * nullstr 232-var-update --all-values var90 233-var-create --thread 1 --frame 0 - * nstype 234-var-update --all-values var91 235-var-create --thread 1 --frame 0 - * nstype2 236-var-update --all-values var92 237-var-create --thread 1 --frame 0 - * me 238-var-update --all-values var93 239-var-create --thread 1 --frame 0 - * ns 240-var-update --all-values var94 241-var-create --thread 1 --frame 0 - * ns2 242-var-update --all-values var95 243-var-create --thread 1 --frame 0 - * estring 244-var-update --all-values var96 245-var-create --thread 1 --frame 0 - * estring2 246-var-update --all-values var97 247-var-create --thread 1 --frame 0 - * estring3 248-var-update --all-values var98 249-exec-next 250-stack-list-variables --thread 1 --frame 0 --simple-values 251-stack-info-depth --thread 1 100 252-stack-list-frames --thread 1 0 0 253-var-create --thread 1 --frame 0 - * ss 254-var-update --all-values var99 255-var-create --thread 1 --frame 0 - * ssa 256-var-update --all-values var100 257-var-create --thread 1 --frame 0 - * arraystruct 258-var-update --all-values var101 259-var-create --thread 1 --frame 0 - * x 260-var-update --all-values var102 261-var-create --thread 1 --frame 0 - * c 262-var-update --all-values var103 263-var-create --thread 1 --frame 0 - * c2 264-var-update --all-values var104 265-var-create --thread 1 --frame 0 - * cstring 266-var-update --all-values var105 267-var-create --thread 1 --frame 0 - * nullstr 268-var-update --all-values var106 269-var-create --thread 1 --frame 0 - * nstype 270-var-update --all-values var107 271-var-create --thread 1 --frame 0 - * nstype2 272-var-update --all-values var108 273-var-create --thread 1 --frame 0 - * me 274-var-update --all-values var109 275-var-create --thread 1 --frame 0 - * ns 276-var-update --all-values var110 277-var-create --thread 1 --frame 0 - * ns2 278-var-update --all-values var111 279-var-create --thread 1 --frame 0 - * estring 280-var-update --all-values var112 281-var-create --thread 1 --frame 0 - * estring2 282-var-update --all-values var113 283-var-create --thread 1 --frame 0 - * estring3 284-var-update --all-values var114 285-exec-next 286-stack-list-variables --thread 1 --frame 0 --simple-values 287-stack-info-depth --thread 1 100 288-stack-list-frames --thread 1 0 0 289-var-create --thread 1 --frame 0 - * ss 290-var-update --all-values var115 291-var-create --thread 1 --frame 0 - * ssa 292-var-update --all-values var116 293-var-create --thread 1 --frame 0 - * arraystruct 294-var-update --all-values var117 295-var-create --thread 1 --frame 0 - * x 296-var-update --all-values var118 297-var-create --thread 1 --frame 0 - * c 298-var-update --all-values var119 299-var-create --thread 1 --frame 0 - * c2 300-var-update --all-values var120 301-var-create --thread 1 --frame 0 - * cstring 302-var-update --all-values var121 303-var-create --thread 1 --frame 0 - * nullstr 304-var-update --all-values var122 305-var-create --thread 1 --frame 0 - * nstype 306-var-update --all-values var123 307-var-create --thread 1 --frame 0 - * nstype2 308-var-update --all-values var124 309-var-create --thread 1 --frame 0 - * me 310-var-update --all-values var125 311-var-create --thread 1 --frame 0 - * ns 312-var-update --all-values var126 313-var-create --thread 1 --frame 0 - * ns2 314-var-update --all-values var127 315-var-create --thread 1 --frame 0 - * estring 316-var-update --all-values var128 317-var-create --thread 1 --frame 0 - * estring2 318-var-update --all-values var129 319-var-create --thread 1 --frame 0 - * estring3 320-var-update --all-values var130 321-exec-next 322-stack-list-variables --thread 1 --frame 0 --simple-values 323-stack-info-depth --thread 1 100 324-stack-list-frames --thread 1 0 0 325-var-create --thread 1 --frame 0 - * ss 326-var-update --all-values var131 327-var-create --thread 1 --frame 0 - * ssa 328-var-update --all-values var132 329-var-create --thread 1 --frame 0 - * arraystruct 330-var-update --all-values var133 331-var-create --thread 1 --frame 0 - * x 332-var-update --all-values var134 333-var-create --thread 1 --frame 0 - * c 334-var-update --all-values var135 335-var-create --thread 1 --frame 0 - * c2 336-var-update --all-values var136 337-var-create --thread 1 --frame 0 - * cstring 338-var-update --all-values var137 339-var-create --thread 1 --frame 0 - * nullstr 340-var-update --all-values var138 341-var-create --thread 1 --frame 0 - * nstype 342-var-update --all-values var139 343-var-create --thread 1 --frame 0 - * nstype2 344-var-update --all-values var140 345-var-create --thread 1 --frame 0 - * me 346-var-update --all-values var141 347-var-create --thread 1 --frame 0 - * ns 348-var-update --all-values var142 349-var-create --thread 1 --frame 0 - * ns2 350-var-update --all-values var143 351-var-create --thread 1 --frame 0 - * estring 352-var-update --all-values var144 353-var-create --thread 1 --frame 0 - * estring2 354-var-update --all-values var145 355-var-create --thread 1 --frame 0 - * estring3 356-var-update --all-values var146 357-exec-next 358-data-list-register-values --thread 1 --frame 0 r 359-gdb-show directories 360-stack-info-depth --thread 1 100 361-stack-list-variables --thread 1 --frame 0 --simple-values 362-stack-list-frames --thread 1 0 1 363-var-create --thread 1 --frame 0 - * main 364-var-update --all-values var147 365-var-create --thread 1 --frame 0 - * argc 366-var-update --all-values var148 367-var-create --thread 1 --frame 0 - * argv 368-var-update --all-values var149 369-var-create --thread 1 --frame 0 - * init -exec-next -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug exp/28980] GDB crashes when using GDB/MI and python pretty printers in some cases 2022-03-19 13:06 [Bug exp/28980] New: GDB crashes when using GDB/MI and python pretty printers in some cases ssbssa at sourceware dot org @ 2022-03-19 13:09 ` ssbssa at sourceware dot org 2022-03-19 13:10 ` ssbssa at sourceware dot org ` (4 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: ssbssa at sourceware dot org @ 2022-03-19 13:09 UTC (permalink / raw) To: gdb-prs https://sourceware.org/bugzilla/show_bug.cgi?id=28980 Hannes Domani <ssbssa at sourceware dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |12.1 --- Comment #1 from Hannes Domani <ssbssa at sourceware dot org> --- Can be easily reproduced with python when copying an optimized-out value: (gdb) py print(gdb.Value(gdb.Value(5).type.optimized_out())) C:/src/repos/binutils-gdb.git/gdb/value.c:1731: internal-error: value* value_copy(value*): Assertion `arg->contents != nullptr' failed. A problem internal to GDB has been detected, further debugging may prove unreliable. Quit this debugging session? (y or n) n -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug exp/28980] GDB crashes when using GDB/MI and python pretty printers in some cases 2022-03-19 13:06 [Bug exp/28980] New: GDB crashes when using GDB/MI and python pretty printers in some cases ssbssa at sourceware dot org 2022-03-19 13:09 ` [Bug exp/28980] " ssbssa at sourceware dot org @ 2022-03-19 13:10 ` ssbssa at sourceware dot org 2022-03-22 13:37 ` jan at vrany dot io ` (3 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: ssbssa at sourceware dot org @ 2022-03-19 13:10 UTC (permalink / raw) To: gdb-prs https://sourceware.org/bugzilla/show_bug.cgi?id=28980 Hannes Domani <ssbssa at sourceware dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ssbssa at sourceware dot org -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug exp/28980] GDB crashes when using GDB/MI and python pretty printers in some cases 2022-03-19 13:06 [Bug exp/28980] New: GDB crashes when using GDB/MI and python pretty printers in some cases ssbssa at sourceware dot org 2022-03-19 13:09 ` [Bug exp/28980] " ssbssa at sourceware dot org 2022-03-19 13:10 ` ssbssa at sourceware dot org @ 2022-03-22 13:37 ` jan at vrany dot io 2022-04-06 20:11 ` cvs-commit at gcc dot gnu.org ` (2 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: jan at vrany dot io @ 2022-03-22 13:37 UTC (permalink / raw) To: gdb-prs https://sourceware.org/bugzilla/show_bug.cgi?id=28980 Jan Vrany <jan at vrany dot io> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jan at vrany dot io --- Comment #2 from Jan Vrany <jan at vrany dot io> --- *** Bug 28988 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug exp/28980] GDB crashes when using GDB/MI and python pretty printers in some cases 2022-03-19 13:06 [Bug exp/28980] New: GDB crashes when using GDB/MI and python pretty printers in some cases ssbssa at sourceware dot org ` (2 preceding siblings ...) 2022-03-22 13:37 ` jan at vrany dot io @ 2022-04-06 20:11 ` cvs-commit at gcc dot gnu.org 2022-04-06 21:02 ` cvs-commit at gcc dot gnu.org 2022-04-06 21:02 ` simark at simark dot ca 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2022-04-06 20:11 UTC (permalink / raw) To: gdb-prs https://sourceware.org/bugzilla/show_bug.cgi?id=28980 --- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Simon Marchi <simark@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6d088eb92ee42e05a4fbe797515229cf2acd0d99 commit 6d088eb92ee42e05a4fbe797515229cf2acd0d99 Author: Simon Marchi <simon.marchi@efficios.com> Date: Mon Apr 4 17:45:59 2022 -0400 gdb: don't copy entirely optimized out values in value_copy Bug 28980 shows that trying to value_copy an entirely optimized out value causes an internal error. The original bug report involves MI and some Python pretty printer, and is quite difficult to reproduce, but another easy way to reproduce (that is believed to be equivalent) was proposed: $ ./gdb -q -nx --data-directory=data-directory -ex "py print(gdb.Value(gdb.Value(5).type.optimized_out()))" /home/smarchi/src/binutils-gdb/gdb/value.c:1731: internal-error: value_copy: Assertion `arg->contents != nullptr' failed. This is caused by 5f8ab46bc691 ("gdb: constify parameter of value_copy"). It added an assertion that the contents buffer is allocated if the value is not lazy: if (!value_lazy (val)) { gdb_assert (arg->contents != nullptr); This was based on the comment on value::contents, which suggest that this is the case: /* Actual contents of the value. Target byte-order. NULL or not valid if lazy is nonzero. */ gdb::unique_xmalloc_ptr<gdb_byte> contents; However, it turns out that it can also be nullptr also if the value is entirely optimized out, for example on exit of allocate_optimized_out_value. That function creates a lazy value, marks the entire value as optimized out, and then clears the lazy flag. But contents remains nullptr. This wasn't a problem for value_copy before, because it was calling value_contents_all_raw on the input value, which caused contents to be allocated before doing the copy. This means that the input value to value_copy did not have its contents allocated on entry, but had it allocated on exit. The result value had it allocated on exit. And that we copied bytes for an entirely optimized out value (i.e. meaningless bytes). From here I see two choices: 1. respect the documented invariant that contents is nullptr only and only if the value is lazy, which means making allocate_optimized_out_value allocate contents 2. extend the cases where contents can be nullptr to also include values that are entirely optimized out (note that you could still have some entirely optimized out values that do have contents allocated, it depends on how they were created) and adjust value_copy accordingly Choice #1 is safe, but less efficient: it's not very useful to allocate a buffer for an entirely optimized out value. It's even a bit less efficient than what we had initially, because values coming out of allocate_optimized_out_value would now always get their contents allocated. Choice #2 would be more efficient than what we had before: giving an optimized out value without allocated contents to value_copy would result in an optimized out value without allocated contents (and the input value would still be without allocated contents on exit). But it's more risky, since it's difficult to ensure that all users of the contents (through the various_contents* accessors) are all fine with that new invariant. In this patch, I opt for choice #2, since I think it is a better direction than choice #1. #1 would be a pessimization, and if we go this way, I doubt that it will ever be revisited, it will just stay that way forever. Add a selftest to test this. I initially started to write it as a Python test (since the reproducer is in Python), but a selftest is more straightforward. Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=28980 Change-Id: I6e2f5c0ea804fafa041fcc4345d47064b5900ed7 -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug exp/28980] GDB crashes when using GDB/MI and python pretty printers in some cases 2022-03-19 13:06 [Bug exp/28980] New: GDB crashes when using GDB/MI and python pretty printers in some cases ssbssa at sourceware dot org ` (3 preceding siblings ...) 2022-04-06 20:11 ` cvs-commit at gcc dot gnu.org @ 2022-04-06 21:02 ` cvs-commit at gcc dot gnu.org 2022-04-06 21:02 ` simark at simark dot ca 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2022-04-06 21:02 UTC (permalink / raw) To: gdb-prs https://sourceware.org/bugzilla/show_bug.cgi?id=28980 --- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- The gdb-12-branch branch has been updated by Simon Marchi <simark@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=439385561588f12c1df670aaa92af9babd98f2ac commit 439385561588f12c1df670aaa92af9babd98f2ac Author: Simon Marchi <simon.marchi@efficios.com> Date: Mon Apr 4 17:45:59 2022 -0400 gdb: don't copy entirely optimized out values in value_copy Bug 28980 shows that trying to value_copy an entirely optimized out value causes an internal error. The original bug report involves MI and some Python pretty printer, and is quite difficult to reproduce, but another easy way to reproduce (that is believed to be equivalent) was proposed: $ ./gdb -q -nx --data-directory=data-directory -ex "py print(gdb.Value(gdb.Value(5).type.optimized_out()))" /home/smarchi/src/binutils-gdb/gdb/value.c:1731: internal-error: value_copy: Assertion `arg->contents != nullptr' failed. This is caused by 5f8ab46bc691 ("gdb: constify parameter of value_copy"). It added an assertion that the contents buffer is allocated if the value is not lazy: if (!value_lazy (val)) { gdb_assert (arg->contents != nullptr); This was based on the comment on value::contents, which suggest that this is the case: /* Actual contents of the value. Target byte-order. NULL or not valid if lazy is nonzero. */ gdb::unique_xmalloc_ptr<gdb_byte> contents; However, it turns out that it can also be nullptr also if the value is entirely optimized out, for example on exit of allocate_optimized_out_value. That function creates a lazy value, marks the entire value as optimized out, and then clears the lazy flag. But contents remains nullptr. This wasn't a problem for value_copy before, because it was calling value_contents_all_raw on the input value, which caused contents to be allocated before doing the copy. This means that the input value to value_copy did not have its contents allocated on entry, but had it allocated on exit. The result value had it allocated on exit. And that we copied bytes for an entirely optimized out value (i.e. meaningless bytes). From here I see two choices: 1. respect the documented invariant that contents is nullptr only and only if the value is lazy, which means making allocate_optimized_out_value allocate contents 2. extend the cases where contents can be nullptr to also include values that are entirely optimized out (note that you could still have some entirely optimized out values that do have contents allocated, it depends on how they were created) and adjust value_copy accordingly Choice #1 is safe, but less efficient: it's not very useful to allocate a buffer for an entirely optimized out value. It's even a bit less efficient than what we had initially, because values coming out of allocate_optimized_out_value would now always get their contents allocated. Choice #2 would be more efficient than what we had before: giving an optimized out value without allocated contents to value_copy would result in an optimized out value without allocated contents (and the input value would still be without allocated contents on exit). But it's more risky, since it's difficult to ensure that all users of the contents (through the various_contents* accessors) are all fine with that new invariant. In this patch, I opt for choice #2, since I think it is a better direction than choice #1. #1 would be a pessimization, and if we go this way, I doubt that it will ever be revisited, it will just stay that way forever. Add a selftest to test this. I initially started to write it as a Python test (since the reproducer is in Python), but a selftest is more straightforward. Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=28980 Change-Id: I6e2f5c0ea804fafa041fcc4345d47064b5900ed7 -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug exp/28980] GDB crashes when using GDB/MI and python pretty printers in some cases 2022-03-19 13:06 [Bug exp/28980] New: GDB crashes when using GDB/MI and python pretty printers in some cases ssbssa at sourceware dot org ` (4 preceding siblings ...) 2022-04-06 21:02 ` cvs-commit at gcc dot gnu.org @ 2022-04-06 21:02 ` simark at simark dot ca 5 siblings, 0 replies; 7+ messages in thread From: simark at simark dot ca @ 2022-04-06 21:02 UTC (permalink / raw) To: gdb-prs https://sourceware.org/bugzilla/show_bug.cgi?id=28980 Simon Marchi <simark at simark dot ca> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |simark at simark dot ca Resolution|--- |FIXED --- Comment #5 from Simon Marchi <simark at simark dot ca> --- Pushed to master and gdb-12-branch. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-04-06 21:02 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-03-19 13:06 [Bug exp/28980] New: GDB crashes when using GDB/MI and python pretty printers in some cases ssbssa at sourceware dot org 2022-03-19 13:09 ` [Bug exp/28980] " ssbssa at sourceware dot org 2022-03-19 13:10 ` ssbssa at sourceware dot org 2022-03-22 13:37 ` jan at vrany dot io 2022-04-06 20:11 ` cvs-commit at gcc dot gnu.org 2022-04-06 21:02 ` cvs-commit at gcc dot gnu.org 2022-04-06 21:02 ` simark at simark dot ca
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).