rpms/gdb/F-12 gdb-bitfield-check_typedef.patch, NONE, 1.1 gdb-stale-related_breakpoint.patch, NONE, 1.1 gdb.spec, 1.410, 1.411 gdb-field-check_typedef-revert.patch, 1.1, NONE
Jan Kratochvil
jkratoch at fedoraproject.org
Sat Jan 2 21:26:55 UTC 2010
Author: jkratoch
Update of /cvs/pkgs/rpms/gdb/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22231
Modified Files:
gdb.spec
Added Files:
gdb-bitfield-check_typedef.patch
gdb-stale-related_breakpoint.patch
Removed Files:
gdb-field-check_typedef-revert.patch
Log Message:
* Sat Jan 2 2010 Jan Kratochvil <jan.kratochvil at redhat.com> - 7.0.1-18.fc12
- Fix regression of gdb-7.0 (from 6.8) crashing on typedefed bitfields.
- Fix related_breakpoint stale ref crash.
gdb-bitfield-check_typedef.patch:
testsuite/gdb.mi/var-cmd.c | 2 +-
value.c | 11 ++++++++---
2 files changed, 9 insertions(+), 4 deletions(-)
--- NEW FILE gdb-bitfield-check_typedef.patch ---
http://sourceware.org/ml/gdb-patches/2010-01/msg00030.html
Subject: [patch] Re: Regression: field type preservation: 7.0 -> 7.0.1+HEAD
On Friday 01 January 2010 21:45:05 Jan Kratochvil wrote:
> -PASS: gdb.mi/mi-var-child.exp: get children of struct_declarations.s2.u2.u1s1
> +FAIL: gdb.mi/mi-var-child.exp: get children of struct_declarations.s2.u2.u1s1
> -PASS: gdb.mi/mi2-var-child.exp: get children of struct_declarations.s2.u2.u1s1
> +FAIL: gdb.mi/mi2-var-child.exp: get children of struct_declarations.s2.u2.u1s1
> -PASS: gdb.python/py-mi.exp: examine container children=0, no pretty-printing
> +FAIL: gdb.python/py-mi.exp: examine container children=0, no pretty-printing
>
> due to:
> Re: RFA: unbreak typedefed bitfield
> http://sourceware.org/ml/gdb-patches/2009-12/msg00295.html
> commit fc85da4ee2a7c32afc53b1b334a4f84e2e9bd84e
> http://sourceware.org/ml/gdb-cvs/2009-12/msg00100.html
attached a fix on top of existing HEAD.
Original PR gdb/10884 was a regression 6.8 -> 7.0 due to:
RFC: Lazy bitfields
http://sourceware.org/ml/gdb-patches/2009-07/msg00437.html
http://sourceware.org/ml/gdb-cvs/2009-07/msg00143.html
07491b3409f6ace0b7a9a707775a56ce10fece1c
No regressions for HEAD on {x86_64,x86_64-m32,i686}-fedora12-linux-gnu. Plus:
-FAIL: gdb.mi/mi-var-child.exp: get children of struct_declarations.s2.u2.u1s1
+PASS: gdb.mi/mi-var-child.exp: get children of struct_declarations.s2.u2.u1s1
-FAIL: gdb.mi/mi2-var-child.exp: get children of struct_declarations.s2.u2.u1s1
+PASS: gdb.mi/mi2-var-child.exp: get children of struct_declarations.s2.u2.u1s1
-FAIL: gdb.python/py-mi.exp: examine container children=0, no pretty-printing
+PASS: gdb.python/py-mi.exp: examine container children=0, no pretty-printing
Going to check it in also for gdb_7_0-branch after an approval.
Thanks,
Jan
gdb/
2010-01-02 Jan Kratochvil <jan.kratochvil at redhat.com>
* value.c (value_primitive_field): Remove one check_typedef call.
Move bitpos and container_bitsize initialization after
allocate_value_lazy. New comment before accessing TYPE_LENGTH.
gdb/testsuite/
2010-01-02 Jan Kratochvil <jan.kratochvil at redhat.com>
* gdb.mi/var-cmd.c (do_bitfield_tests): Change "V.sharable" type to
"uint_for_mi_testing".
--- a/gdb/testsuite/gdb.mi/var-cmd.c
+++ b/gdb/testsuite/gdb.mi/var-cmd.c
@@ -494,7 +494,7 @@ void do_bitfield_tests ()
mi_create_varobj V d "create varobj for Data"
mi_list_varobj_children "V" {
{"V.alloc" "alloc" "0" "int"}
- {"V.sharable" "sharable" "0" "unsigned int"}
+ {"V.sharable" "sharable" "0" "uint_for_mi_testing"}
} "list children of Data"
mi_check_varobj_value V.sharable 3 "access bitfield"
:*/
--- a/gdb/value.c
+++ b/gdb/value.c
@@ -1873,7 +1873,6 @@ value_primitive_field (struct value *arg1, int offset,
CHECK_TYPEDEF (arg_type);
type = TYPE_FIELD_TYPE (arg_type, fieldno);
- type = check_typedef (type);
/* Handle packed fields */
@@ -1885,10 +1884,14 @@ value_primitive_field (struct value *arg1, int offset,
Otherwise, adjust offset to the byte containing the first
bit. Assume that the address, offset, and embedded offset
are sufficiently aligned. */
- int bitpos = TYPE_FIELD_BITPOS (arg_type, fieldno);
- int container_bitsize = TYPE_LENGTH (type) * 8;
+ int bitpos, container_bitsize;
v = allocate_value_lazy (type);
+
+ /* TYPE_LENGTH of TYPE gets initialized by allocate_value_lazy. */
+ bitpos = TYPE_FIELD_BITPOS (arg_type, fieldno);
+ container_bitsize = TYPE_LENGTH (type) * 8;
+
v->bitsize = TYPE_FIELD_BITSIZE (arg_type, fieldno);
if ((bitpos % container_bitsize) + v->bitsize <= container_bitsize
&& TYPE_LENGTH (type) <= (int) sizeof (LONGEST))
@@ -1939,6 +1942,8 @@ value_primitive_field (struct value *arg1, int offset,
else
{
v = allocate_value (type);
+
+ /* TYPE_LENGTH of TYPE gets initialized by allocate_value. */
memcpy (value_contents_raw (v),
value_contents_raw (arg1) + offset,
TYPE_LENGTH (type));
gdb-stale-related_breakpoint.patch:
breakpoint.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- NEW FILE gdb-stale-related_breakpoint.patch ---
http://sourceware.org/ml/gdb-patches/2009-12/msg00364.html
Subject: [patch] related_breakpoint stale ref crash fix
Hi,
getting occasional random:
PASS: gdb.threads/local-watch-wrong-thread.exp: local watchpoint still triggers
PASS: gdb.threads/local-watch-wrong-thread.exp: let thread_function0 return
PASS: gdb.threads/local-watch-wrong-thread.exp: breakpoint on thread_function0's caller
-PASS: gdb.threads/local-watch-wrong-thread.exp: local watchpoint automatically deleted
+ERROR: Process no longer exists
+UNRESOLVED: gdb.threads/local-watch-wrong-thread.exp: local watchpoint automatically deleted
It is even reproducible on HEAD using "input" file below and:
valgrind ../gdb -nx <input
(gdb) (gdb) Breakpoint 6 at 0x400685: file ./gdb.threads/local-watch-wrong-thread.c, line 47.
(gdb) ==31759== Invalid write of size 4
==31759== at 0x601A11: bpstat_check_breakpoint_conditions (breakpoint.c:3482)
==31759== by 0x601C70: bpstat_stop_status (breakpoint.c:3596)
==31759== by 0x65D228: handle_inferior_event (infrun.c:3589)
==31759== by 0x65A563: wait_for_inferior (infrun.c:2281)
==31759== by 0x659AA0: proceed (infrun.c:1883)
==31759== by 0x65300B: continue_1 (infcmd.c:668)
==31759== by 0x653282: continue_command (infcmd.c:760)
==31759== by 0x5C51D8: do_cfunc (cli-decode.c:67)
==31759== by 0x5C824F: cmd_func (cli-decode.c:1738)
==31759== by 0x48335A: execute_command (top.c:450)
==31759== by 0x67273E: command_handler (event-top.c:511)
==31759== by 0x672E53: command_line_handler (event-top.c:736)
==31759== Address 0xbbdc950 is 240 bytes inside a block of size 336 free'd
==31759== at 0x4A04D72: free (vg_replace_malloc.c:325)
==31759== by 0x486E4B: xfree (utils.c:1286)
==31759== by 0x60BC35: delete_breakpoint (breakpoint.c:8708)
==31759== by 0x60BDAF: delete_command (breakpoint.c:8765)
==31759== by 0x5C51D8: do_cfunc (cli-decode.c:67)
==31759== by 0x5C824F: cmd_func (cli-decode.c:1738)
==31759== by 0x48335A: execute_command (top.c:450)
==31759== by 0x67273E: command_handler (event-top.c:511)
==31759== by 0x672E53: command_line_handler (event-top.c:736)
==31759== by 0x672FCF: gdb_readline2 (event-top.c:817)
==31759== by 0x6725F7: stdin_event_handler (event-top.c:433)
==31759== by 0x670CDE: handle_file_event (event-loop.c:812)
==31759==
Watchpoint 4 deleted because the program has left the block in
which its expression is valid.
There is already automatic deletion of RELATED_BREAKPOINT in
map_breakpoint_numbers but "delete breakpoints" (for all the breakpoints)
calls delete_breakpoint from delete_command directly without calling
map_breakpoint_numbers and it does not delete the associated
bp_watchpoint_scope.
I find the attached patch is right for delete_breakpoint itself as such
function should not leave stale references in the leftover data structures.
How well could be other code cleaned up with this patch in place I have not
targeted by this patch.
The existing code expects accessibility of freed memory and discusses the
current stale references problem:
void
delete_breakpoint (struct breakpoint *bpt)
[...]
/* Has this bp already been deleted? This can happen because multiple
lists can hold pointers to bp's. bpstat lists are especial culprits.
One example of this happening is a watchpoint's scope bp. When the
scope bp triggers, we notice that the watchpoint is out of scope, and
delete it. We also delete its scope bp. But the scope bp is marked
"auto-deleting", and is already on a bpstat. That bpstat is then
checked for auto-deleting bp's, which are deleted.
A real solution to this problem might involve reference counts in bp's,
and/or giving them pointers back to their referencing bpstat's, and
teaching delete_breakpoint to only free a bp's storage when no more
references were extent. A cheaper bandaid was chosen. */
if (bpt->type == bp_none)
return;
[...]
bpt->type = bp_none;
xfree (bpt);
}
While fixing this part may be difficult I find the attached patch easy enough
fixing the IMO currently most common crash due to it.
No regressions on {x86_64,x86_64-m32,i686}-fedora12-linux-gnu.
Thanks,
Jan
"input":
set height 0
set width 0
set confirm no
file ../testsuite/gdb.threads/local-watch-wrong-thread
set can-use-hw-watchpoints 1
break main
run
break local-watch-wrong-thread.c:36
continue
delete breakpoints
watch *myp
continue
delete breakpoints
echo MAKE watch\n
watch *myp if trigger != 0
echo MAKE break\n
break local-watch-wrong-thread.c:60
info break
continue
echo DELETE five\n
delete 5
set trigger=1
continue
set *myp=0
break local-watch-wrong-thread.c:47
continue
2009-12-23 Jan Kratochvil <jan.kratochvil at redhat.com>
* breakpoint.c (delete_breakpoint <bpt->related_breakpoint != NULL>):
New.
--- a/gdb/breakpoint.c
+++ b/gdb/breakpoint.c
@@ -8649,6 +8649,16 @@ delete_breakpoint (struct breakpoint *bpt)
if (bpt->type == bp_none)
return;
+ /* At least avoid this stale reference until the reference counting of
+ breakpoints gets resolved. */
+ if (bpt->related_breakpoint != NULL)
+ {
+ gdb_assert (bpt->related_breakpoint->related_breakpoint == bpt);
+ bpt->related_breakpoint->disposition = disp_del_at_next_stop;
+ bpt->related_breakpoint->related_breakpoint = NULL;
+ bpt->related_breakpoint = NULL;
+ }
+
observer_notify_breakpoint_deleted (bpt->number);
if (breakpoint_chain == bpt)
Index: gdb.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gdb/F-12/gdb.spec,v
retrieving revision 1.410
retrieving revision 1.411
diff -u -p -r1.410 -r1.411
--- gdb.spec 1 Jan 2010 19:07:41 -0000 1.410
+++ gdb.spec 2 Jan 2010 21:26:54 -0000 1.411
@@ -36,7 +36,7 @@ Version: 7.0.1
# The release always contains a leading reserved number, start it at 1.
# `upstream' is not a part of `name' to stay fully rpm dependencies compatible for the testing.
-Release: 16%{?_with_upstream:.upstream}%{dist}
+Release: 18%{?_with_upstream:.upstream}%{dist}
License: GPLv3+
Group: Development/Debuggers
@@ -429,7 +429,10 @@ Patch397: gdb-follow-child-stale-parent.
Patch398: gdb-testsuite-unknown-output.patch
# Fix regression of gdb-7.0.1 not preserving typedef of a field.
-Patch399: gdb-field-check_typedef-revert.patch
+Patch399: gdb-bitfield-check_typedef.patch
+
+# Fix related_breakpoint stale ref crash.
+Patch400: gdb-stale-related_breakpoint.patch
BuildRequires: ncurses-devel texinfo gettext flex bison expat-devel
Requires: readline
@@ -681,6 +684,7 @@ rm -f gdb/jv-exp.c gdb/m2-exp.c gdb/objc
%patch397 -p1
%patch398 -p1
%patch399 -p1
+%patch400 -p1
find -name "*.orig" | xargs rm -f
! find -name "*.rej" # Should not happen.
@@ -998,6 +1002,10 @@ fi
%endif
%changelog
+* Sat Jan 2 2010 Jan Kratochvil <jan.kratochvil at redhat.com> - 7.0.1-18.fc12
+- Fix regression of gdb-7.0 (from 6.8) crashing on typedefed bitfields.
+- Fix related_breakpoint stale ref crash.
+
* Fri Jan 1 2010 Jan Kratochvil <jan.kratochvil at redhat.com> - 7.0.1-17.fc12
- Formal upgrade to the FSF GDB release gdb-7.0.1.
- Fix regression of gdb-7.0.1 not preserving typedef of a field.
--- gdb-field-check_typedef-revert.patch DELETED ---
More information about the fedora-extras-commits
mailing list