some questions about ranged breakpoints

some questions about ranged breakpoints

[Tom Tromey]

While implementing the ambiguous linespec proposal, I've tripped across
an oddity involving ranged breakpoints.  I don't think I have access to
a machine that implements these, so I thought I'd ask here.

update_breakpoint_locations has:

  /* Ranged breakpoints have only one start location and one end location.  */
  gdb_assert (sals_end.nelts == 0 || (sals.nelts == 1 && sals_end.nelts == 1));

But breakpoint_re_set_default has:

	  expanded_end = expand_line_sal_maybe (sals_end.sals[0]);

expand_line_sal_maybe can return a symtabs_and_lines that has multiple
results.  This will crash gdb.

I think you could construct a case using a function which is inlined.
Then set a breakpoint like "break-range foo.h:7, +5".
If breakpoint re-setting discovers multiple locations for the function
(e.g., the inferior loads a .so that has inlined it), then it should
crash.

What should actually happen here?

I think the simplest approach would be to make such breakpoints not be
resettable.  Failing that I suppose they could deactivate if resetting
introduces ambiguity.  Any other ideas?  Any preferences?

Also if someone has a use-case for ranged breakpoints I would like to
know what it is.  I couldn't think of a situation where I'd use them.

Tom

Re: some questions about ranged breakpoints

[Pedro Alves]

On Monday 10 October 2011 21:03:47, Tom Tromey wrote:
> While implementing the ambiguous linespec proposal, I've tripped across
> an oddity involving ranged breakpoints.  I don't think I have access to
> a machine that implements these, so I thought I'd ask here.

You can always hack the backend to report support.

> update_breakpoint_locations has:
> 
>   /* Ranged breakpoints have only one start location and one end location.  */
>   gdb_assert (sals_end.nelts == 0 || (sals.nelts == 1 && sals_end.nelts == 1));
> 
> But breakpoint_re_set_default has:
> 
> 	  expanded_end = expand_line_sal_maybe (sals_end.sals[0]);
> 
> expand_line_sal_maybe can return a symtabs_and_lines that has multiple
> results.  This will crash gdb.
> 
> I think you could construct a case using a function which is inlined.
> Then set a breakpoint like "break-range foo.h:7, +5".
> If breakpoint re-setting discovers multiple locations for the function
> (e.g., the inferior loads a .so that has inlined it), then it should
> crash.
> 
> What should actually happen here?

I think we should remove the assertion, and have each location map to a
hardware accelerated ranged breakpoint, instead of assuming there can
be only one.  This isn't much different from creating a regular
(non-range) hardware breakpoint that ends up mapping to more than
one location.

> I think the simplest approach would be to make such breakpoints not be
> resettable.  Failing that I suppose they could deactivate if resetting
> introduces ambiguity.  Any other ideas?  Any preferences?
> 
> Also if someone has a use-case for ranged breakpoints I would like to
> know what it is.  I couldn't think of a situation where I'd use them.

Maybe Thiago's original submission casts some more light.  I think this
is more useful for systems programming than regular app development.
E.g., it could be used toe.g., break if anything calls into anywhere
within the shared library mapped at "FOO, +BAR", or if anything does
a wild jump into this memory mapped area, cause I can't figure out
where the wild pointer is.

-- 
Pedro Alves

Re: some questions about ranged breakpoints

[Tom Tromey]

>>>>> "Pedro" == Pedro Alves <pedro@codesourcery.com> writes:

Tom> What should actually happen here?

Pedro> I think we should remove the assertion, and have each location map to a
Pedro> hardware accelerated ranged breakpoint, instead of assuming there can
Pedro> be only one.  This isn't much different from creating a regular
Pedro> (non-range) hardware breakpoint that ends up mapping to more than
Pedro> one location.

Ok, that makes sense, but unfortunately I think it yields other weird
behavior.  The problem is that you must somehow pair start and end
locations; you might even see more of one than the other.

I thought that pairing could perhaps be done by sorting the addresses
and, for each address in the first list, choose the nearest greater
address from the second list.  However, my worry with any heuristic like
this is that a re-set could cause the breakpoint to change in an
unforseen way, yielding wrong results for the user.

Also the parsing is a pain when you have multiple matches.
Consider the difference between a relative linespec (break-range
file.c:73, +5) and an absolute one (break-range file.c:73, file.c:78).
We don't know before parsing whether a linespec is relative.
So, I think we have to reparse the second linespec in the context of
each result from the first linespec, then eliminate dups... gross, but I
guess doable.

Tom

Re: some questions about ranged breakpoints

[Pedro Alves]

On Tuesday 11 October 2011 15:50:21, Tom Tromey wrote:
> >>>>> "Pedro" == Pedro Alves <pedro@codesourcery.com> writes:
> 
> Tom> What should actually happen here?
> 
> Pedro> I think we should remove the assertion, and have each location map to a
> Pedro> hardware accelerated ranged breakpoint, instead of assuming there can
> Pedro> be only one.  This isn't much different from creating a regular
> Pedro> (non-range) hardware breakpoint that ends up mapping to more than
> Pedro> one location.
> 
> Ok, that makes sense, but unfortunately I think it yields other weird
> behavior.  The problem is that you must somehow pair start and end
> locations; you might even see more of one than the other.

Gross, you're right.

> I thought that pairing could perhaps be done by sorting the addresses
> and, for each address in the first list, choose the nearest greater
> address from the second list.  However, my worry with any heuristic like
> this is that a re-set could cause the breakpoint to change in an
> unforseen way, yielding wrong results for the user.
> 
> Also the parsing is a pain when you have multiple matches.
> Consider the difference between a relative linespec (break-range
> file.c:73, +5) and an absolute one (break-range file.c:73, file.c:78).
> We don't know before parsing whether a linespec is relative.
> So, I think we have to reparse the second linespec in the context of
> each result from the first linespec, then eliminate dups... gross, but I
> guess doable.

Hmm, that's sounding too complicated and hard to both explain
and understand, and probably ends up not being useful...
I'm liking your "deactivate if resetting introduces ambiguity"
idea more.

I think we'll still need to handle multiple locations though,
though I'm not familiar with your code enough to be know how to
express it in a way that makes the ambiguity a different kind
of ambiguity (or if it's expressable even) from the inline cases.
E.g., if you're debugging two inferiors, "file.c:73, +5", may mean
different addresses for each inferior, just because they loaded the
code at different addresses.  But for each inferior, or
each objfile, "file.c:73, +5" was not ambiguous, so I'd
expect to end with two range locations, one for each
inferior or objfile.

-- 
Pedro Alves