[Bug translator/13842] New: aggressive cast accessor function merging gives confusing error messages

[Bug translator/13842] New: aggressive cast accessor function merging gives confusing error messages

[mjw at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=13842

             Bug #: 13842
           Summary: aggressive cast accessor function merging gives
                    confusing error messages
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
        AssignedTo: systemtap@sourceware.org
        ReportedBy: mjw@redhat.com
    Classification: Unclassified


There are two (bad) @casts in the following script:

$ stap -e 'global v=0; probe process("/bin/ls").function("main") { if (v == 1)
{ v = @cast(v, "timespec")->tv_sec } else { v = @cast(v + 1,
"timespec")->tv_sec } }' -c '/bin/ls /dev/zero'
/dev/zero
ERROR: kernel read fault at 0x0000000000000001 (addr) near identifier '@cast'
at <input>:1:75
WARNING: Number of errors: 1, skipped probes: 0
WARNING: /usr/bin/staprun exited with status: 1
Pass 5: run failed.  Try again with another '--vp 00001' option.

Note that the error message points to the wrong @cast (the first, while the
second triggered the bad read).

When using -u the error message is correct:

$ stap -u -e 'global v=0; probe process("/bin/ls").function("main") { if (v ==
1) { v = @cast(v, "timespec")->tv_sec } else { v = @cast(v + 1,
"timespec")->tv_sec } }' -c '/bin/ls /dev/zero'
/dev/zero
ERROR: kernel read fault at 0x0000000000000001 (addr) near identifier '@cast'
at <input>:1:117
WARNING: Number of errors: 1, skipped probes: 0
WARNING: /usr/bin/staprun exited with status: 1
Pass 5: run failed.  Try again with another '--vp 00001' option.

Also note that this can also happen with different structures where the field
accessed is at the same offset in each.

Things especially get confusing if one of these @casts is wrapped in a try {
... } catch { ... }. Then the user might get an error about a location (inside
the try_block) where no such error can occur.

Three small other observations about this error message:
- It isn't a "kernel read" really, but a "user space read".
- Why does the error message say (addr)?
- If you switch the v == 1 to v == 0 (or remove the + 1 from v + 1) the error
message becomes "read fault at 0x          (null) (addr)". weird...

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug translator/13842] aggressive cast accessor function merging gives confusing error messages

[jistone at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=13842

Josh Stone <jistone at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jistone at redhat dot com

--- Comment #1 from Josh Stone <jistone at redhat dot com> 2012-03-14 01:14:52 UTC ---
(In reply to comment #0)
> - It isn't a "kernel read" really, but a "user space read".

This is because kderef and uderef are sharing the same DEREF_FAULT macro in
runtime/loc2c-runtime.h (and ditto for STORE_DEREF_FAULT).  The actual strings
are subject to localization, found in translate.cxx:translate_runtime().

> - Why does the error message say (addr)?

That's the macro string passed to deref, so embedded-C authors can better tell
which attempt exactly led to failure.  It just happens that loc2c always calls
its pointers "addr", so it's not as useful there.

> - If you switch the v == 1 to v == 0 (or remove the + 1 from v + 1) the error
> message becomes "read fault at 0x          (null) (addr)". weird...

DEREF_FAULT is using the kernel's snprintf, which has this behavior for %p.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug translator/13842] aggressive function merging gives confusing error messages

[jistone at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=13842

Josh Stone <jistone at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|aggressive cast accessor    |aggressive function merging
                   |function merging gives      |gives confusing error
                   |confusing error messages    |messages

--- Comment #2 from Josh Stone <jistone at redhat dot com> 2012-03-14 01:32:16 UTC ---
(In reply to comment #0)
> Also note that this can also happen with different structures where the field
> accessed is at the same offset in each.

Well, really this can happen with *any* functions that look the same to the
translator, and probably any probe bodies too.  For example:

$ cat pr13842.stp 
global v = $1
function foo() { return 1/0 }
function bar() { return 1/0 }
probe begin { v = v ? foo() : bar() }

$ stap -c true pr13842.stp 0
ERROR: division by 0 near operator '/' at pr13842.stp:3:26
WARNING: Number of errors: 1, skipped probes: 0
WARNING: /usr/bin/staprun exited with status: 1
Pass 5: run failed.  Try again with another '--vp 00001' option.

$ stap -c true pr13842.stp 1
ERROR: division by 0 near operator '/' at pr13842.stp:3:26
WARNING: Number of errors: 1, skipped probes: 0
WARNING: /usr/bin/staprun exited with status: 1
Pass 5: run failed.  Try again with another '--vp 00001' option.

Despite changing the argument, I got the error string pointing to the same
place.  From this I can infer that foo() was collapsed into bar(), confirmed by
inspecting pass2 or pass3 output.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.