[Bug ada/31648] New: [gdb/ada] segfault in coerce_ref

[Bug ada/31648] New: [gdb/ada] segfault in coerce_ref

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31648

            Bug ID: 31648
           Summary: [gdb/ada] segfault in coerce_ref
           Product: gdb
           Version: 13.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ada
          Assignee: unassigned at sourceware dot org
          Reporter: vries at gcc dot gnu.org
  Target Milestone: ---

On SLE-11 (using gcc 4.8.5), with a gdb 13.2-based package, I ran into:
...
(gdb) PASS: gdb.ada/tick_length_array_enum_idx.exp: print cold'length
print vars'length^M
^M
^M
Fatal signal: Segmentation fault^M
----- Backtrace -----^M
0x4fff92 gdb_internal_backtrace_1^M
        ../../gdb/bt-utils.c:122^M
0x4fff92 _Z22gdb_internal_backtracev^M
        ../../gdb/bt-utils.c:168^M
0x613677 handle_fatal_signal^M
        ../../gdb/event-top.c:971^M
0x6136ff handle_sigsegv^M
        ../../gdb/event-top.c:1044^M
0x154aae20f84f ???^M
0x8f6bad _Z10coerce_refP5value^M
        ../../gdb/value.c:3904^M
0x8f6c55 _Z12coerce_arrayP5value^M
        ../../gdb/value.c:3930^M
0x8e9484
_Z16value_struct_eltPP5valueN3gdb8optionalINS2_10array_viewIS0_EEEEPKcPiS8_^M
        ../../gdb/valops.c:2342^M
0x451674 desc_one_bound^M
        ../../gdb/ada-lang.c:1965^M
0x4545fc ada_array_length^M
        ../../gdb/ada-lang.c:3373^M
0x4545fc ada_unop_atr^M
        ../../gdb/ada-lang.c:10440^M
0x4545fc _ZN4expr22ada_unop_atr_operation8evaluateEP4typeP10expression6noside^M
        ../../gdb/ada-lang.c:10849^M
0x61182e _ZN10expression8evaluateEP4type6noside^M
        ../../gdb/eval.c:101^M
0x77b89c process_print_command_args^M
        ../../gdb/printcmd.c:1310^M
0x77c26d print_command_1^M
        ../../gdb/printcmd.c:1323^M
0x5330f5 _Z8cmd_funcP16cmd_list_elementPKci^M
        ../../gdb/cli/cli-decode.c:2543^M
0x8a1446 _Z15execute_commandPKci^M
        ../../gdb/top.c:690^M
0x6143a3 _Z15command_handlerPKc^M
        ../../gdb/event-top.c:628^M
0x61536d _Z20command_line_handlerOSt10unique_ptrIcN3gdb13xfree_deleterIcEEE^M
        ../../gdb/event-top.c:864^M
0x61392b gdb_rl_callback_handler^M
        ../../gdb/event-top.c:256^M
0x91f7ff rl_callback_read_char^M
        ../../../readline/readline/callback.c:290^M
0x613b3d gdb_rl_callback_read_char_wrapper_noexcept^M
        ../../gdb/event-top.c:192^M
0x613d0f gdb_rl_callback_read_char_wrapper^M
        ../../gdb/event-top.c:231^M
0x61379f stdin_event_handler^M
        ../../gdb/event-top.c:553^M
0xac453c gdb_wait_for_event^M
        ../../gdbsupport/event-loop.cc:694^M
0xac4cd1 _Z16gdb_do_one_eventi^M
        ../../gdbsupport/event-loop.cc:264^M
0x6f1699 start_event_loop^M
        ../../gdb/main.c:411^M
0x6f1699 captured_command_loop^M
        ../../gdb/main.c:471^M
0x6f2ea4 captured_main^M
        ../../gdb/main.c:1330^M
0x6f2ea4 _Z8gdb_mainP18captured_main_args^M
        ../../gdb/main.c:1345^M
0x414c54 main^M
        ../../gdb/gdb.c:32^M
---------------------^M
A fatal error internal to GDB has been detected, further^M
debugging is not possible.  GDB will now terminate.^M
^M
This is a bug, please report it.  For instructions, see:^M
<http://bugs.opensuse.org/>.^M
^M
ERROR: GDB process no longer exists
GDB process exited with wait status 32036 exp7 0 0 CHILDKILLED SIGSEGV
{segmentation violation}
UNRESOLVED: gdb.ada/tick_length_array_enum_idx.exp: print vars'length
...

At gdb/value.c:3904 we have:
...
struct value *
coerce_ref (struct value *arg)
{
  struct type *value_type_arg_tmp = check_typedef (value_type (arg));
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ada/31648] [gdb/ada] segfault in coerce_ref

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31648

--- Comment #1 from Tom de Vries <vries at gcc dot gnu.org> ---
Backtrace in gdb:
...
(gdb) bt
#0  0x0000000000d0e5cc in value_type (value=0x0) at
/data/vries/gdb/src/gdb/value.c:1111
#1  0x0000000000d13fc6 in coerce_ref (arg=0x0) at
/data/vries/gdb/src/gdb/value.c:3904
#2  0x0000000000d140f8 in coerce_array (arg=0x0) at
/data/vries/gdb/src/gdb/value.c:3930
#3  0x0000000000cfbab4 in value_struct_elt (argp=0x7fffffffcea8, args=...,
name=0x7fffffffceb0 "LB0", 
    static_memfuncp=0x0, err=0x14b5508 "Bad GNAT array descriptor bounds") at
/data/vries/gdb/src/gdb/valops.c:2342
#4  0x000000000045b93b in desc_one_bound (bounds=0x0, i=1, which=0) at
/data/vries/gdb/src/gdb/ada-lang.c:1965
#5  0x000000000045ee7e in ada_array_length (arr=0x2bd0820, n=1) at
/data/vries/gdb/src/gdb/ada-lang.c:3373
#6  0x000000000046e6ad in ada_unop_atr (exp=0x36bb650, noside=EVAL_NORMAL,
op=OP_ATR_LENGTH, arg1=0x2bd0820, 
    type_arg=0x0, tem=1) at /data/vries/gdb/src/gdb/ada-lang.c:10440
#7  0x000000000046fb77 in expr::ada_unop_atr_operation::evaluate
(this=0x35313f0, expect_type=0x0, exp=0x36bb650, 
    noside=EVAL_NORMAL) at /data/vries/gdb/src/gdb/ada-lang.c:10849
#8  0x000000000076fbcb in expression::evaluate (this=0x36bb650,
expect_type=0x0, noside=EVAL_NORMAL)
    at /data/vries/gdb/src/gdb/eval.c:101
#9  0x000000000076fc78 in evaluate_expression (exp=0x36bb650, expect_type=0x0)
at /data/vries/gdb/src/gdb/eval.c:115
#10 0x00000000009f3fb6 in process_print_command_args (args=0x35b8cd6
"vars'length", print_opts=0x7fffffffd190, 
    voidprint=true) at /data/vries/gdb/src/gdb/printcmd.c:1306
#11 0x00000000009f4038 in print_command_1 (args=0x35b8cd6 "vars'length",
voidprint=1)
    at /data/vries/gdb/src/gdb/printcmd.c:1319
#12 0x00000000009f4480 in print_command (exp=0x35b8cd6 "vars'length",
from_tty=0)
    at /data/vries/gdb/src/gdb/printcmd.c:1452
#13 0x00000000005e7672 in do_simple_func (args=0x35b8cd6 "vars'length",
from_tty=0, c=0x2a23e40)
    at /data/vries/gdb/src/gdb/cli/cli-decode.c:95
#14 0x00000000005ec422 in cmd_func (cmd=0x2a23e40, args=0x35b8cd6
"vars'length", from_tty=0)
    at /data/vries/gdb/src/gdb/cli/cli-decode.c:2543
#15 0x0000000000c3cb4b in execute_command (p=0x35b8ce0 "h", from_tty=0) at
/data/vries/gdb/src/gdb/top.c:690
#16 0x0000000000779fc8 in command_handler (command=0x35b8cd0 "print
vars'length")
    at /data/vries/gdb/src/gdb/event-top.c:616
#17 0x0000000000c3c26b in read_command_file (stream=0x2bcd610) at
/data/vries/gdb/src/gdb/top.c:457
--Type <RET> for more, q to quit, c to continue without paging--
#18 0x0000000000600ad8 in script_from_file (stream=0x2bcd610,
file=0x7fffffffe1ee "gdb.in")
    at /data/vries/gdb/src/gdb/cli/cli-script.c:1641
#19 0x00000000005ded44 in source_script_from_stream (stream=0x2bcd610,
file=0x7fffffffe1ee "gdb.in", 
    file_to_open=0x7fffffffd6e0 "gdb.in") at
/data/vries/gdb/src/gdb/cli/cli-cmds.c:728
#20 0x00000000005dee99 in source_script_with_search (file=0x7fffffffe1ee
"gdb.in", from_tty=0, search_path=0)
    at /data/vries/gdb/src/gdb/cli/cli-cmds.c:773
#21 0x00000000005def15 in source_script (file=0x7fffffffe1ee "gdb.in",
from_tty=0)
    at /data/vries/gdb/src/gdb/cli/cli-cmds.c:782
#22 0x00000000008fab4a in catch_command_errors (command=0x5deef0
<source_script(char const*, int)>, 
    arg=0x7fffffffe1ee "gdb.in", from_tty=0, do_bp_actions=false) at
/data/vries/gdb/src/gdb/main.c:513
#23 0x00000000008face5 in execute_cmdargs (cmdarg_vec=0x7fffffffd970,
file_type=CMDARG_FILE, 
    cmd_type=CMDARG_COMMAND, ret=0x7fffffffd94c) at
/data/vries/gdb/src/gdb/main.c:605
#24 0x00000000008fc0b2 in captured_main_1 (context=0x7fffffffdbb0) at
/data/vries/gdb/src/gdb/main.c:1299
#25 0x00000000008fc2b5 in captured_main (data=0x7fffffffdbb0) at
/data/vries/gdb/src/gdb/main.c:1320
#26 0x00000000008fc320 in gdb_main (args=0x7fffffffdbb0) at
/data/vries/gdb/src/gdb/main.c:1345
#27 0x000000000041909e in main (argc=7, argv=0x7fffffffdcc8) at
/data/vries/gdb/src/gdb/gdb.c:32
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ada/31648] [gdb/ada] segfault in coerce_ref

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31648

--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #0)
> On SLE-11 (using gcc 4.8.5), with a gdb 13.2-based package, I ran into:

Minor precision: the package is build using gdb 4.8.5, but the test-case is
compiled using gcc 4.3.4.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ada/31648] [gdb/ada] segfault in coerce_ref

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31648

Tom de Vries <vries at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|13.1                        |HEAD

--- Comment #3 from Tom de Vries <vries at gcc dot gnu.org> ---
Reproduced with trunk.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ada/31648] [gdb/ada] segfault in coerce_ref

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31648

--- Comment #4 from Tom de Vries <vries at gcc dot gnu.org> ---
With this:
...
diff --git a/gdb/valops.c b/gdb/valops.c
index a17b937a963..90be1c0a86b 100644
--- a/gdb/valops.c
+++ b/gdb/valops.c
@@ -2330,6 +2330,9 @@ value_struct_elt (struct value **argp,
   struct type *t;
   struct value *v;

+  if (*argp == nullptr)
+    error (_("%s"), err);
+
   *argp = coerce_array (*argp);

   t = check_typedef ((*argp)->type ());
...
we have instead:
...
$ gdb -q -batch -ex "set trace-commands on" -x gdb.in
+file foo_n207_004
+break foo_n207_004.adb:25
Breakpoint 1 at 0x401cc0: file
/usr/src/packages/BUILD/gdb-13.2/gdb/testsuite/gdb.ada/tick_length_array_enum_idx/foo_n207_004.adb,
line 25.
+run 

Breakpoint 1, foo_n207_004 () at
/usr/src/packages/BUILD/gdb-13.2/gdb/testsuite/gdb.ada/tick_length_array_enum_idx/foo_n207_004.adb:25
warning: 25    
/usr/src/packages/BUILD/gdb-13.2/gdb/testsuite/gdb.ada/tick_length_array_enum_idx/foo_n207_004.adb:
No such file or directory
+print vars'length
gdb.in:4: Error in sourced command file:
Bad GNAT array descriptor bounds
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ada/31648] [gdb/ada] segfault in coerce_ref

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31648

--- Comment #5 from Tom de Vries <vries at gcc dot gnu.org> ---
Created attachment 15470
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15470&action=edit
gzipped exec

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ada/31648] [gdb/ada] segfault in coerce_ref

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31648

Tom de Vries <vries at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tromey at sourceware dot org

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ada/31648] [gdb/ada] segfault in coerce_ref

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31648

--- Comment #6 from Tom Tromey <tromey at sourceware dot org> ---
Something is going wrong much earlier.

In ada_var_value_operation::evaluate:

(top-gdb) print sym.m_name
$7 = 0x7fffdc0b22be "R11b"

That is, we're finding the wrong symbol entirely.

Also in the inferior gdb:

(gdb) whatis vars
type = int
(gdb) print vars
$1 = 256

This should be an array, not an integer -- this is what
led me to inspect the symbol.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ada/31648] [gdb/ada] segfault in coerce_ref

[tromey at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31648

--- Comment #7 from Tom Tromey <tromey at sourceware dot org> ---
A newer compiler, even with -fgnat-encodings=all, doesn't
emit this renaming:

 <3><1cf8>: Abbrev Number: 25 (DW_TAG_variable)
    <1cf9>   DW_AT_name        : (indirect string, offset: 0x1439):
vars___XR_R11b___XEXA
    <1cfd>   DW_AT_type        : <0x1af8>
    <1d01>   DW_AT_artificial  : 1
    <1d02>   DW_AT_location    : 2 byte block: 77 0     (DW_OP_breg7 (rsp): 0)


Offhand I'm not sure if renaming this is correct or not.

-- 
You are receiving this mail because:
You are on the CC list for the bug.