From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7458 invoked by alias); 18 Nov 2005 08:18:26 -0000 Received: (qmail 6874 invoked by uid 22791); 18 Nov 2005 08:18:20 -0000 Received: from lon-del-03.spheriq.net (HELO lon-del-03.spheriq.net) (195.46.50.99) by sourceware.org (qpsmtpd/0.30-dev) with ESMTP; Fri, 18 Nov 2005 08:18:20 +0000 Received: from lon-out-03.spheriq.net ([195.46.50.131]) by lon-del-03.spheriq.net with ESMTP id jAI8IIQG031149 for ; Fri, 18 Nov 2005 08:18:18 GMT Received: from lon-cus-02.spheriq.net (lon-cus-02.spheriq.net [195.46.50.38]) by lon-out-03.spheriq.net with ESMTP id jAI8IHUU001080 for ; Fri, 18 Nov 2005 08:18:17 GMT Received: from beta.dmz-eu.st.com (beta.dmz-eu.st.com [164.129.1.35]) by lon-cus-02.spheriq.net with ESMTP id jAI8IFMh009225 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Fri, 18 Nov 2005 08:18:16 GMT Received: from zeta.dmz-eu.st.com (ns2.st.com [164.129.230.9]) by beta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 5321BDA47; Fri, 18 Nov 2005 08:18:07 +0000 (GMT) Received: by zeta.dmz-eu.st.com (STMicroelectronics, from userid 60012) id B963847268; Fri, 18 Nov 2005 08:21:06 +0000 (GMT) Received: from zeta.dmz-eu.st.com (localhost [127.0.0.1]) by zeta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 7818575994; Fri, 18 Nov 2005 08:21:06 +0000 (UTC) Received: from mail1.cro.st.com (mail1.cro.st.com [164.129.40.131]) by zeta.dmz-eu.st.com (STMicroelectronics) with ESMTP id EB13D4725B; Fri, 18 Nov 2005 08:21:05 +0000 (GMT) Received: from crx549.cro.st.com (crx549.cro.st.com [164.129.44.49]) by mail1.cro.st.com (MOS 3.5.8-GR) with ESMTP id CGA32792 (AUTH "frederic riss"); Fri, 18 Nov 2005 09:18:02 +0100 (CET) Subject: Re: [RFC] DW_CFA_restore handling causes memory fault From: Frederic RISS To: Jim Blandy Cc: gdb-patches@sources.redhat.com In-Reply-To: <8f2776cb0511171132x17fa4192u6ca5af71201e0be3@mail.gmail.com> References: <1132242850.8685.47.camel@crx549.cro.st.com> <8f2776cb0511171132x17fa4192u6ca5af71201e0be3@mail.gmail.com> Content-Type: multipart/mixed; boundary="=-dPw93TNrWKuyTGa34eA6" Date: Fri, 18 Nov 2005 12:12:00 -0000 Message-Id: <1132301881.8685.63.camel@crx549.cro.st.com> Mime-Version: 1.0 X-O-Spoofed: Not Scanned X-O-General-Status: No X-O-Spam1-Status: Not Scanned X-O-Spam2-Status: Not Scanned X-O-URL-Status: Not Scanned X-O-Virus1-Status: No X-O-Virus2-Status: Not Scanned X-O-Virus3-Status: No X-O-Virus4-Status: No X-O-Virus5-Status: Not Scanned X-O-Image-Status: Not Scanned X-O-Attach-Status: Not Scanned X-SpheriQ-Ver: 4.1.07 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2005-11/txt/msg00313.txt.bz2 --=-dPw93TNrWKuyTGa34eA6 Content-Type: text/plain Content-Transfer-Encoding: 7bit Content-length: 1338 On Thu, 2005-11-17 at 11:32 -0800, Jim Blandy wrote: > On 11/17/05, Frederic RISS wrote: > > The current handling of DW_CFA_restore in dwarf2-frame.c doesn't check > > if the value it tries to restore has actually been allocated. This > > produces strange results (from undeterministic behavour to a GDB crash). > > The attached patch tries to fix that by following the GCC 'convention' > > that an unspecified register implies "same value". > > This replicates what we would have done had that register's slot been > allocated, but its value had been left unspecified --- right? Yes, that's it. DWARF2_FRAME_REG_UNSPECIFIED describes an entry without information, which is the case if we haven't allocated a slot in the initial dwarf2_frame_state_reg_info. It turns out that GDB handles that like DWARF2_FRAME_REG_SAME_VALUE in the unwinder, because that's what GCC expects. > > It's debatable wether the compiler is right to produce DW_CFA_restore > > without specifying all the registers initial state in the CIE, but > > that's another story, isn't it ? > > Right; we're supposed to be prepared for mis-formed input. It would > be nice to have a brief comment explaining that the 'else' half of the > 'if' does constitute questionable behavior on the part of the > compiler. Like in the attached patch ? --=-dPw93TNrWKuyTGa34eA6 Content-Disposition: attachment; filename=dwarf2.patch Content-Type: text/x-patch; name=dwarf2.patch; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-length: 879 2005-11-17 Frédéric Riss * dwarf2-frame.c: (execute_cfa_program): Don't access past the allocated dwarf2_frame_state.initial.regs. Index: dwarf2-frame.c =================================================================== --- dwarf2-frame.c (revision 98) +++ dwarf2-frame.c (working copy) @@ -294,7 +294,13 @@ gdb_assert (fs->initial.reg); reg = insn & 0x3f; dwarf2_frame_state_alloc_regs (&fs->regs, reg + 1); - fs->regs.reg[reg] = fs->initial.reg[reg]; + if (reg < fs->initial.num_regs) + fs->regs.reg[reg] = fs->initial.reg[reg]; + else + /* We certainly shouldn't get here. If we do, then the compiler + generated frame information asking for the restoration + of something that wasn't initialized. */ + fs->regs.reg[reg].how = DWARF2_FRAME_REG_UNSPECIFIED; } else { --=-dPw93TNrWKuyTGa34eA6--