[Bug backtrace/29374] New: Internal-error when printing exception backtrace

[Bug backtrace/29374] New: Internal-error when printing exception backtrace

[ks132 at yandex dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=29374

            Bug ID: 29374
           Summary: Internal-error when printing exception backtrace
           Product: gdb
           Version: 12.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: backtrace
          Assignee: unassigned at sourceware dot org
          Reporter: ks132 at yandex dot ru
  Target Milestone: ---

For this code:

#include <map>
#include <stdexcept>
#include <sstream>

class Handler
{
public:
   typedef int key_type;
   typedef std::map<key_type, int> map_type;

public:
   void operator()(const key_type& key) const
   {
      find(key);
   }

private:
   int find( const key_type& key ) const
   {
      typename map_type::const_iterator it = data.find(key);
      if(it == data.end())
      {
         std::ostringstream ost;
         throw std::runtime_error(ost.str());
      }

      return it->second;
   }

private:
   map_type data;
};

class State
{
public:
   void find( int type )
   {
      handlers( type );
   }

private:
   Handler  handlers;
};

int main()
{
   State state;
   state.find( 0 );
}

built with GCC 12.1.1 with optimization:
g++ -O1 -g repro.cpp

GDB crashes with internal-error:
$ gdb -batch -ex "catch throw" -ex r -ex bt a.out 
Catchpoint 1 (throw)
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Catchpoint 1 (exception thrown), 0x00007ffff7e256d1 in __cxa_throw () from
/lib64/libstdc++.so.6
#0  0x00007ffff7e256d1 in __cxa_throw () from /lib64/libstdc++.so.6
#1  0x0000000000401430 in Handler::find (this=this@entry=0x7fffffffde90,
../../gdb/../gdbsupport/array-view.h:217: internal-error: copy: Assertion
`dest.size () == src.size ()' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
----- Backtrace -----
0x55895414fe3f ???
0x558954589ab4 ???
0x558954589d50 ???
0x55895472cbf4 ???
0x5589541f729d ???
0x55895420f912 ???
0x558954214239 ???
0x55895421434a ???
0x55895421446a ???
0x5589544b2e88 ???
0x5589544b36d0 ???
0x5589544b80cc ???
0x5589544b9277 ???
0x558954187074 ???
0x5589545205b7 ???
0x55895433c5b1 ???
0x55895433c681 ???
0x55895433e613 ???
0x55895433f13e ???
0x55895407de6d ???
0x7f1fbff9754f ???
0x7f1fbff97608 ???
0x558954086744 ???
0xffffffffffffffff ???
---------------------

This is a bug, please report it.  For instructions, see:
<https://www.gnu.org/software/gdb/bugs/>.

Aborted (core dumped)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug backtrace/29374] Internal-error when printing exception backtrace

[ks132 at yandex dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=29374

--- Comment #1 from ks132 <ks132 at yandex dot ru> ---
Also reproduced in master

$ ~/build-gdb/gdb/gdb -batch -ex "catch throw" -ex r -ex bt a.out 
Catchpoint 1 (throw)
warning: Cannot parse .gnu_debugdata section; LZMA support was disabled at
compile time
warning: Cannot parse .gnu_debugdata section; LZMA support was disabled at
compile time
warning: Cannot parse .gnu_debugdata section; LZMA support was disabled at
compile time
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Catchpoint 1 (exception thrown), 0x00007ffff7e256d1 in __cxa_throw () from
/lib64/libstdc++.so.6
#0  0x00007ffff7e256d1 in __cxa_throw () from /lib64/libstdc++.so.6
#1  0x0000000000401430 in Handler::find (this=this@entry=0x7fffffffde90,
../../binutils-gdb/gdb/../gdbsupport/array-view.h:217: internal-error: copy:
Assertion `dest.size () == src.size ()' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
----- Backtrace -----
0x4b9b62 gdb_internal_backtrace_1
        ../../binutils-gdb/gdb/bt-utils.c:122
0x4b9b62 _Z22gdb_internal_backtracev
        ../../binutils-gdb/gdb/bt-utils.c:168
0x7db474 internal_vproblem
        ../../binutils-gdb/gdb/utils.c:396
0x7db6b8 _Z15internal_verrorPKciS0_P13__va_list_tag
        ../../binutils-gdb/gdb/utils.c:476
0x8ef221 _Z14internal_errorPKciS0_z
        ../../binutils-gdb/gdbsupport/errors.cc:55
0x54d2e1 _ZN3gdb4copyIKhhEEvNS_10array_viewIT_EENS2_IT0_EE
        ../../binutils-gdb/gdb/../gdbsupport/array-view.h:217
0x54d2e1 _ZN3gdb4copyIKhhEEvNS_10array_viewIT_EENS2_IT0_EE
        ../../binutils-gdb/gdb/../gdbsupport/array-view.h:215
0x54d2e1 _ZN18dwarf_expr_context12fetch_resultEP4typeS1_lb
        ../../binutils-gdb/gdb/dwarf2/expr.c:1039
0x56398c dwarf2_evaluate_loc_desc_full
        ../../binutils-gdb/gdb/dwarf2/loc.c:1519
0x56603e
_Z24dwarf2_evaluate_loc_descP4typeP10frame_infoPKhmP18dwarf2_per_cu_dataP18dwarf2_per_objfileb
        ../../binutils-gdb/gdb/dwarf2/loc.c:1563
0x56603e dwarf_entry_parameter_to_value
        ../../binutils-gdb/gdb/dwarf2/loc.c:1269
0x56603e value_of_dwarf_reg_entry
        ../../binutils-gdb/gdb/dwarf2/loc.c:1366
0x56612c value_of_dwarf_block_entry
        ../../binutils-gdb/gdb/dwarf2/loc.c:1399
0x566217 loclist_read_variable_at_entry
        ../../binutils-gdb/gdb/dwarf2/loc.c:3920
0x736648
_Z14read_frame_argRK19frame_print_optionsP6symbolP10frame_infoP9frame_argS7_
        ../../binutils-gdb/gdb/stack.c:560
0x736dee print_frame_args
        ../../binutils-gdb/gdb/stack.c:888
0x738611 print_frame
        ../../binutils-gdb/gdb/stack.c:1391
0x738611
_Z16print_frame_infoRK19frame_print_optionsP10frame_infoi10print_whatii
        ../../binutils-gdb/gdb/stack.c:1117
0x739dcf backtrace_command_1
        ../../binutils-gdb/gdb/stack.c:2070
0x739dcf backtrace_command
        ../../binutils-gdb/gdb/stack.c:2189
0x4e9514 _Z8cmd_funcP16cmd_list_elementPKci
        ../../binutils-gdb/gdb/cli/cli-decode.c:2516
0x795b7a _Z15execute_commandPKci
        ../../binutils-gdb/gdb/top.c:699
0x667de1 catch_command_errors
        ../../binutils-gdb/gdb/main.c:513
0x667eaf execute_cmdargs
        ../../binutils-gdb/gdb/main.c:608
0x669c4c captured_main_1
        ../../binutils-gdb/gdb/main.c:1298
0x66a73a captured_main
        ../../binutils-gdb/gdb/main.c:1319
0x66a73a _Z8gdb_mainP18captured_main_args
        ../../binutils-gdb/gdb/main.c:1344
0x428bf4 main
        ../../binutils-gdb/gdb/gdb.c:32
---------------------

This is a bug, please report it.  For instructions, see:
<https://www.gnu.org/software/gdb/bugs/>.

Aborted (core dumped)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug backtrace/29374] Internal-error when printing exception backtrace

[ks132 at yandex dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=29374

--- Comment #2 from ks132 <ks132 at yandex dot ru> ---
Found the first bad commit with git bisect
# first bad commit: [4bce7cdaf481901edbc5ee47d953ea7e8efb56ca] gdbsupport: add
array_view copy function

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug backtrace/29374] Internal-error when printing exception backtrace

[simark at simark dot ca]

https://sourceware.org/bugzilla/show_bug.cgi?id=29374

Simon Marchi <simark at simark dot ca> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2022-07-24
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
                 CC|                            |simark at simark dot ca

--- Comment #3 from Simon Marchi <simark at simark dot ca> ---
Thanks for the reproducer, I am able to reproduce.  And thanks for the
bisection.  The patch you found added some additional checks, and it looks like
it caught a pre-existing problem.

Here:

https://gitlab.com/gnutools/binutils-gdb/-/blob/6577f365ebdee7dda71cb996efa29d3714cbccd0/gdb/dwarf2/expr.c#L1027

We try to get the length of subobj_type, but it is a typedef whose actual size
hasn't been computed yet:

(top-gdb) p subobj_type.main_type.name
$1 = 0x6210001ef820 "Handler::key_type"
(top-gdb) p subobj_type.main_type.code
$2 = TYPE_CODE_TYPEDEF
(top-gdb) p subobj_type.length 
$3 = 0

If I add a check_typedef at the beginning of fetch_result, it looks like it
works:

>From 13d2d8b935f22ac2345c76a69ba009e583f9dc50 Mon Sep 17 00:00:00 2001
From: Simon Marchi <simon.marchi@polymtl.ca>
Date: Sat, 23 Jul 2022 21:41:55 -0400
Subject: [PATCH] patch

Change-Id: I182733ad08e34df40d8bcc47af72c482fabf4900
---
 gdb/dwarf2/expr.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gdb/dwarf2/expr.c b/gdb/dwarf2/expr.c
index 592dbe19d562..d2b7a131de33 100644
--- a/gdb/dwarf2/expr.c
+++ b/gdb/dwarf2/expr.c
@@ -930,6 +930,11 @@ dwarf_expr_context::fetch_result (struct type *type,
struct type *subobj_type,
   if (subobj_type == nullptr)
     subobj_type = type;

+  /* Ensure that, if TYPE or SUBOBJ_TYPE are typedefs, their length is filled
+     in instead of being zero.  */
+  check_typedef (type);
+  check_typedef (subobj_type);
+
   if (this->m_pieces.size () > 0)
     {
       ULONGEST bit_size = 0;

base-commit: 4bce7cdaf481901edbc5ee47d953ea7e8efb56ca
-- 
2.37.1

$./gdb -nx --data-directory=data-directory -q -batch -ex "catch throw" -ex r
-ex bt a.out 
Catchpoint 1 (throw)

This GDB supports auto-downloading debuginfo from the following URLs:
https://debuginfod.archlinux.org
Enable debuginfod for this session? (y or [n]) [answered N; input not from
terminal]
Debuginfod has been disabled.
To make this setting permanent, add 'set debuginfod enabled off' to .gdbinit.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/../lib/libthread_db.so.1".

Catchpoint 1 (exception thrown), 0x00007ffff7ca5e91 in __cxxabiv1::__cxa_throw
(obj=0x55555556af30, tinfo=0x555555557d20 <typeinfo for
std::runtime_error@GLIBCXX_3.4>, dest=0x7ffff7cbd370
<std::runtime_error::~runtime_error()>) at
/usr/src/debug/gcc/libstdc++-v3/libsupc++/eh_throw.cc:81
81      /usr/src/debug/gcc/libstdc++-v3/libsupc++/eh_throw.cc: No such file or
directory.
#0  0x00007ffff7ca5e91 in __cxxabiv1::__cxa_throw (obj=0x55555556af30,
tinfo=0x555555557d20 <typeinfo for std::runtime_error@GLIBCXX_3.4>,
dest=0x7ffff7cbd370 <std::runtime_error::~runtime_error()>) at
/usr/src/debug/gcc/libstdc++-v3/libsupc++/eh_throw.cc:81
#1  0x00005555555554a9 in Handler::find (this=this@entry=0x7fffffffdb20,
key=key@entry=@0x7fffffffdb1c: 0) at
/usr/include/c++/12.1.0/bits/new_allocator.h:90
#2  0x000055555555526e in Handler::operator() (key=@0x7fffffffdb1c: 0,
this=0x7fffffffdb20) at repro.cpp:14
#3  State::find (type=<optimized out>, this=0x7fffffffdb20) at repro.cpp:39
#4  main () at repro.cpp:49

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug backtrace/29374] Internal-error when printing exception backtrace

[simark at simark dot ca]

https://sourceware.org/bugzilla/show_bug.cgi?id=29374

--- Comment #4 from Simon Marchi <simark at simark dot ca> ---
Sent patch here:
https://sourceware.org/pipermail/gdb-patches/2022-July/191035.html

I don't have a test though.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug backtrace/29374] Internal-error when printing exception backtrace

[simark at simark dot ca]

https://sourceware.org/bugzilla/show_bug.cgi?id=29374

--- Comment #5 from Simon Marchi <simark at simark dot ca> ---
New version with a test:
https://sourceware.org/pipermail/gdb-patches/2022-July/191117.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.