From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1454 invoked by alias); 22 Jan 2010 01:02:01 -0000 Received: (qmail 1044 invoked by uid 22791); 22 Jan 2010 01:01:57 -0000 X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 22 Jan 2010 01:01:48 +0000 Received: from int-mx08.intmail.prod.int.phx2.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o0M11jLn030162 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 21 Jan 2010 20:01:46 -0500 Received: from host0.dyn.jankratochvil.net (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx08.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o0M11hnW025666 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 21 Jan 2010 20:01:45 -0500 Received: from host0.dyn.jankratochvil.net (localhost [127.0.0.1]) by host0.dyn.jankratochvil.net (8.14.3/8.14.3) with ESMTP id o0M11hHL028246; Fri, 22 Jan 2010 02:01:43 +0100 Received: (from jkratoch@localhost) by host0.dyn.jankratochvil.net (8.14.3/8.14.3/Submit) id o0M11gkH028245; Fri, 22 Jan 2010 02:01:43 +0100 Date: Fri, 22 Jan 2010 01:02:00 -0000 From: Jan Kratochvil To: gdb-patches@sourceware.org Cc: Tom Tromey Subject: [patch] Fix crash on DWARF C++ forward reference Message-ID: <20100122010142.GA28072@host0.dyn.jankratochvil.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-08-17) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2010-01/txt/msg00541.txt.bz2 Hi, the problem is based on the testcase contained in GCC PR debug/28767 by Daniel J. with specially crafted forward-reference resulting in a double-entry to quirk_gcc_member_function_pointer for the same DIE which crashes GDB. Problem has been seen in practice. I understand the solution is not nice but I hope the DWARF reading functions do not access much the content of referenced TYPEs. No regressions on {x86_64,x86_64-m32}-fedora12-linux-gnu. Thanks, Jan gdb/ 2010-01-22 Jan Kratochvil * dwarf2read.c (quirk_gcc_member_function_pointer): New variables type2, main_type_local, instance_flags_local and length_local. Provide temporary memory for TYPE. Exchange the TYPE and TYPE2 content. gdb/testsuite/ 2010-01-22 Jan Kratochvil * gdb.dwarf2/member-ptr-forwardref.exp, gdb.dwarf2/member-ptr-forwardref.S: New. --- a/gdb/dwarf2read.c +++ b/gdb/dwarf2read.c @@ -4903,7 +4903,10 @@ static struct type * quirk_gcc_member_function_pointer (struct die_info *die, struct dwarf2_cu *cu) { struct objfile *objfile = cu->objfile; - struct type *type; + struct type *type, *type2; + struct main_type main_type_local; + int instance_flags_local; + unsigned length_local; struct die_info *pfn_die, *delta_die; struct attribute *pfn_name, *delta_name; struct type *pfn_type, *domain_type; @@ -4934,6 +4937,11 @@ quirk_gcc_member_function_pointer (struct die_info *die, struct dwarf2_cu *cu) || strcmp ("__delta", DW_STRING (delta_name)) != 0) return NULL; + /* Provide TYPE as a dummy memory for referencing from DIE during the + die_type call as we can deadlock otherwise. */ + type = alloc_type (objfile); + set_die_type (die, type, cu); + /* Find the type of the method. */ pfn_type = die_type (pfn_die, cu); if (pfn_type == NULL @@ -4948,12 +4956,28 @@ quirk_gcc_member_function_pointer (struct die_info *die, struct dwarf2_cu *cu) return NULL; domain_type = TYPE_TARGET_TYPE (TYPE_FIELD_TYPE (pfn_type, 0)); - type = alloc_type (objfile); smash_to_method_type (type, domain_type, TYPE_TARGET_TYPE (pfn_type), TYPE_FIELDS (pfn_type), TYPE_NFIELDS (pfn_type), TYPE_VARARGS (pfn_type)); - type = lookup_methodptr_type (type); - return set_die_type (die, type, cu); + type2 = lookup_methodptr_type (type); + + /* Exchange TYPE and TYPE2 memory content as there may exist now references + to the dummy memory TYPE but they are meant to point to + TYPE_CODE_METHODPTR (and not TYPE_CODE_METHOD as they do right now). */ + + main_type_local = *TYPE_MAIN_TYPE (type); + *TYPE_MAIN_TYPE (type) = *TYPE_MAIN_TYPE (type2); + *TYPE_MAIN_TYPE (type2) = main_type_local; + instance_flags_local = TYPE_INSTANCE_FLAGS (type); + TYPE_INSTANCE_FLAGS (type) = TYPE_INSTANCE_FLAGS (type2); + TYPE_INSTANCE_FLAGS (type2) = instance_flags_local; + length_local = TYPE_LENGTH (type); + TYPE_LENGTH (type) = TYPE_LENGTH (type2); + TYPE_LENGTH (type2) = length_local; + + TYPE_TARGET_TYPE (type) = type2; + + return type; } /* Called when we find the DIE that starts a structure or union scope --- /dev/null +++ b/gdb/testsuite/gdb.dwarf2/member-ptr-forwardref.S @@ -0,0 +1,327 @@ +/* This testcase is part of GDB, the GNU debugger. + + Copyright 2010 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +/* The goal of this test is to provide anonymous DW_TAG_structure_type + containing __pfn + __delta (read in by quirk_gcc_member_function_pointer) + before DW_TAG_structure_type of "class C" to exploit the forward reference + through "__pfn" and back from DW_TAG_member "fp" of "class C". As the + compiler may place the DIEs in arbitrary order they are rather prepared as + a .S file. + + class C; + typedef int (C::*fp_t) (); + fp_t fp; + class C + { + int (C::*fp) (); + } c; */ + + .file "member-ptr-forwardref.cc" + .section .debug_abbrev,"",@progbits +.Ldebug_abbrev0: + .section .debug_info,"",@progbits +.Ldebug_info0: + .section .debug_line,"",@progbits +.Ldebug_line0: + .text +.Ltext0: +.globl fp + .bss + .align 4 + .type fp, @object + .size fp, 8 +fp: + .zero 8 +.globl c + .align 4 + .type c, @object + .size c, 8 +c: + .zero 8 + .text +.Letext0: + .file 1 "gdb.dwarf2/member-ptr-forwardref.cc" + .section .debug_info + .long 0xa9 # Length of Compilation Unit Info + .value 0x3 # DWARF version number + .long .Ldebug_abbrev0 # Offset Into Abbrev. Section + .byte 0x4 # Pointer Size (in bytes) + .uleb128 0x1 # (DIE (0xb) DW_TAG_compile_unit) + .long .LASF2 # DW_AT_producer: "GNU C++ 4.4.2 20091222 (Red Hat 4.4.2-20)" + .byte 0x4 # DW_AT_language + .long .LASF3 # DW_AT_name: "gdb.dwarf2/member-ptr-forwardref.cc" + .long .LASF4 # DW_AT_comp_dir: "gdb/testsuite" + .long .Ltext0 # DW_AT_low_pc + .long .Letext0 # DW_AT_high_pc + .long .Ldebug_line0 # DW_AT_stmt_list + .uleb128 0x2 # (DIE (0x25) DW_TAG_typedef) + .long .LASF5 # DW_AT_name: "fp_t" + .byte 0x1 # DW_AT_decl_file (gdb.dwarf2/member-ptr-forwardref.cc) + .byte 0x13 # DW_AT_decl_line + .long 0x30 # DW_AT_type + .uleb128 0x3 # (DIE (0x30) DW_TAG_structure_type) + .byte 0x8 # DW_AT_byte_size + .byte 0x1 # DW_AT_decl_file (gdb.dwarf2/member-ptr-forwardref.cc) + .byte 0x13 # DW_AT_decl_line + .long 0x51 # DW_AT_sibling + .uleb128 0x4 # (DIE (0x38) DW_TAG_member) + .long .LASF0 # DW_AT_name: "__pfn" + .byte 0x1 # DW_AT_decl_file (gdb.dwarf2/member-ptr-forwardref.cc) + .byte 0x13 # DW_AT_decl_line + .long 0x85 # DW_AT_type + .sleb128 0 # DW_AT_data_member_location + .uleb128 0x4 # (DIE (0x44) DW_TAG_member) + .long .LASF1 # DW_AT_name: "__delta" + .byte 0x1 # DW_AT_decl_file (gdb.dwarf2/member-ptr-forwardref.cc) + .byte 0x13 # DW_AT_decl_line + .long 0x61 # DW_AT_type + .sleb128 4 # DW_AT_data_member_location + .byte 0x0 # end of children of DIE 0x30 + .uleb128 0x5 # (DIE (0x51) DW_TAG_subroutine_type) + .long 0x61 # DW_AT_type + .long 0x61 # DW_AT_sibling + .uleb128 0x6 # (DIE (0x5a) DW_TAG_formal_parameter) + .long 0x68 # DW_AT_type + .byte 0x1 # DW_AT_artificial + .byte 0x0 # end of children of DIE 0x51 + .uleb128 0x7 # (DIE (0x61) DW_TAG_base_type) + .byte 0x4 # DW_AT_byte_size + .byte 0x5 # DW_AT_encoding + .ascii "int\0" # DW_AT_name + .uleb128 0x8 # (DIE (0x68) DW_TAG_pointer_type) + .byte 0x4 # DW_AT_byte_size + .long 0x6e # DW_AT_type + .uleb128 0x9 # (DIE (0x6e) DW_TAG_structure_type) + .ascii "C\0" # DW_AT_name + .byte 0x8 # DW_AT_byte_size + .byte 0x1 # DW_AT_decl_file (gdb.dwarf2/member-ptr-forwardref.cc) + .byte 0x16 # DW_AT_decl_line + .long 0x85 # DW_AT_sibling + .uleb128 0xa # (DIE (0x78) DW_TAG_member) + .ascii "fp\0" # DW_AT_name + .byte 0x1 # DW_AT_decl_file (gdb.dwarf2/member-ptr-forwardref.cc) + .byte 0x17 # DW_AT_decl_line + .long 0x30 # DW_AT_type + .sleb128 0 # DW_AT_data_member_location + .byte 0x3 # DW_AT_accessibility + .byte 0x0 # end of children of DIE 0x6e + .uleb128 0x8 # (DIE (0x85) DW_TAG_pointer_type) + .byte 0x4 # DW_AT_byte_size + .long 0x51 # DW_AT_type + .uleb128 0xb # (DIE (0x8b) DW_TAG_variable) + .ascii "fp\0" # DW_AT_name + .byte 0x1 # DW_AT_decl_file (gdb.dwarf2/member-ptr-forwardref.cc) + .byte 0x14 # DW_AT_decl_line + .long 0x25 # DW_AT_type + .byte 0x1 # DW_AT_external + .byte 0x5 # DW_AT_location + .byte 0x3 # DW_OP_addr + .long fp + .uleb128 0xb # (DIE (0x9c) DW_TAG_variable) + .ascii "c\0" # DW_AT_name + .byte 0x1 # DW_AT_decl_file (gdb.dwarf2/member-ptr-forwardref.cc) + .byte 0x18 # DW_AT_decl_line + .long 0x6e # DW_AT_type + .byte 0x1 # DW_AT_external + .byte 0x5 # DW_AT_location + .byte 0x3 # DW_OP_addr + .long c + .byte 0x0 # end of children of DIE 0xb + .section .debug_abbrev + .uleb128 0x1 # (abbrev code) + .uleb128 0x11 # (TAG: DW_TAG_compile_unit) + .byte 0x1 # DW_children_yes + .uleb128 0x25 # (DW_AT_producer) + .uleb128 0xe # (DW_FORM_strp) + .uleb128 0x13 # (DW_AT_language) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3 # (DW_AT_name) + .uleb128 0xe # (DW_FORM_strp) + .uleb128 0x1b # (DW_AT_comp_dir) + .uleb128 0xe # (DW_FORM_strp) + .uleb128 0x11 # (DW_AT_low_pc) + .uleb128 0x1 # (DW_FORM_addr) + .uleb128 0x12 # (DW_AT_high_pc) + .uleb128 0x1 # (DW_FORM_addr) + .uleb128 0x10 # (DW_AT_stmt_list) + .uleb128 0x6 # (DW_FORM_data4) + .byte 0x0 + .byte 0x0 + .uleb128 0x2 # (abbrev code) + .uleb128 0x16 # (TAG: DW_TAG_typedef) + .byte 0x0 # DW_children_no + .uleb128 0x3 # (DW_AT_name) + .uleb128 0xe # (DW_FORM_strp) + .uleb128 0x3a # (DW_AT_decl_file) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3b # (DW_AT_decl_line) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x49 # (DW_AT_type) + .uleb128 0x13 # (DW_FORM_ref4) + .byte 0x0 + .byte 0x0 + .uleb128 0x3 # (abbrev code) + .uleb128 0x13 # (TAG: DW_TAG_structure_type) + .byte 0x1 # DW_children_yes + .uleb128 0xb # (DW_AT_byte_size) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3a # (DW_AT_decl_file) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3b # (DW_AT_decl_line) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x1 # (DW_AT_sibling) + .uleb128 0x13 # (DW_FORM_ref4) + .byte 0x0 + .byte 0x0 + .uleb128 0x4 # (abbrev code) + .uleb128 0xd # (TAG: DW_TAG_member) + .byte 0x0 # DW_children_no + .uleb128 0x3 # (DW_AT_name) + .uleb128 0xe # (DW_FORM_strp) + .uleb128 0x3a # (DW_AT_decl_file) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3b # (DW_AT_decl_line) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x49 # (DW_AT_type) + .uleb128 0x13 # (DW_FORM_ref4) + .uleb128 0x38 # (DW_AT_data_member_location) + .uleb128 0xd # (DW_FORM_sdata) + .byte 0x0 + .byte 0x0 + .uleb128 0x5 # (abbrev code) + .uleb128 0x15 # (TAG: DW_TAG_subroutine_type) + .byte 0x1 # DW_children_yes + .uleb128 0x49 # (DW_AT_type) + .uleb128 0x13 # (DW_FORM_ref4) + .uleb128 0x1 # (DW_AT_sibling) + .uleb128 0x13 # (DW_FORM_ref4) + .byte 0x0 + .byte 0x0 + .uleb128 0x6 # (abbrev code) + .uleb128 0x5 # (TAG: DW_TAG_formal_parameter) + .byte 0x0 # DW_children_no + .uleb128 0x49 # (DW_AT_type) + .uleb128 0x13 # (DW_FORM_ref4) + .uleb128 0x34 # (DW_AT_artificial) + .uleb128 0xc # (DW_FORM_flag) + .byte 0x0 + .byte 0x0 + .uleb128 0x7 # (abbrev code) + .uleb128 0x24 # (TAG: DW_TAG_base_type) + .byte 0x0 # DW_children_no + .uleb128 0xb # (DW_AT_byte_size) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3e # (DW_AT_encoding) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3 # (DW_AT_name) + .uleb128 0x8 # (DW_FORM_string) + .byte 0x0 + .byte 0x0 + .uleb128 0x8 # (abbrev code) + .uleb128 0xf # (TAG: DW_TAG_pointer_type) + .byte 0x0 # DW_children_no + .uleb128 0xb # (DW_AT_byte_size) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x49 # (DW_AT_type) + .uleb128 0x13 # (DW_FORM_ref4) + .byte 0x0 + .byte 0x0 + .uleb128 0x9 # (abbrev code) + .uleb128 0x13 # (TAG: DW_TAG_structure_type) + .byte 0x1 # DW_children_yes + .uleb128 0x3 # (DW_AT_name) + .uleb128 0x8 # (DW_FORM_string) + .uleb128 0xb # (DW_AT_byte_size) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3a # (DW_AT_decl_file) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3b # (DW_AT_decl_line) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x1 # (DW_AT_sibling) + .uleb128 0x13 # (DW_FORM_ref4) + .byte 0x0 + .byte 0x0 + .uleb128 0xa # (abbrev code) + .uleb128 0xd # (TAG: DW_TAG_member) + .byte 0x0 # DW_children_no + .uleb128 0x3 # (DW_AT_name) + .uleb128 0x8 # (DW_FORM_string) + .uleb128 0x3a # (DW_AT_decl_file) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3b # (DW_AT_decl_line) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x49 # (DW_AT_type) + .uleb128 0x13 # (DW_FORM_ref4) + .uleb128 0x38 # (DW_AT_data_member_location) + .uleb128 0xd # (DW_FORM_sdata) + .uleb128 0x32 # (DW_AT_accessibility) + .uleb128 0xb # (DW_FORM_data1) + .byte 0x0 + .byte 0x0 + .uleb128 0xb # (abbrev code) + .uleb128 0x34 # (TAG: DW_TAG_variable) + .byte 0x0 # DW_children_no + .uleb128 0x3 # (DW_AT_name) + .uleb128 0x8 # (DW_FORM_string) + .uleb128 0x3a # (DW_AT_decl_file) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x3b # (DW_AT_decl_line) + .uleb128 0xb # (DW_FORM_data1) + .uleb128 0x49 # (DW_AT_type) + .uleb128 0x13 # (DW_FORM_ref4) + .uleb128 0x3f # (DW_AT_external) + .uleb128 0xc # (DW_FORM_flag) + .uleb128 0x2 # (DW_AT_location) + .uleb128 0xa # (DW_FORM_block1) + .byte 0x0 + .byte 0x0 + .byte 0x0 + .section .debug_pubnames,"",@progbits + .long 0x1b # Length of Public Names Info + .value 0x2 # DWARF Version + .long .Ldebug_info0 # Offset of Compilation Unit Info + .long 0xad # Compilation Unit Length + .long 0x8b # DIE offset + .ascii "fp\0" # external name + .long 0x9c # DIE offset + .ascii "c\0" # external name + .long 0x0 + .section .debug_pubtypes,"",@progbits + .long 0x1d # Length of Public Type Names Info + .value 0x2 # DWARF Version + .long .Ldebug_info0 # Offset of Compilation Unit Info + .long 0xad # Compilation Unit Length + .long 0x25 # DIE offset + .ascii "fp_t\0" # external name + .long 0x6e # DIE offset + .ascii "C\0" # external name + .long 0x0 + .section .debug_str,"MS",@progbits,1 +.LASF5: + .string "fp_t" +.LASF2: + .string "GNU C++ 4.4.2 20091222 (Red Hat 4.4.2-20)" +.LASF0: + .string "__pfn" +.LASF4: + .string "gdb/testsuite" +.LASF3: + .string "gdb.dwarf2/member-ptr-forwardref.cc" +.LASF1: + .string "__delta" + .ident "GCC: (GNU) 4.4.2 20091222 (Red Hat 4.4.2-20)" + .section .note.GNU-stack,"",@progbits --- /dev/null +++ b/gdb/testsuite/gdb.dwarf2/member-ptr-forwardref.exp @@ -0,0 +1,48 @@ +# Copyright 2010 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# This test can only be run on targets which support DWARF-2 and use gas. +# For now pick a sampling of likely targets. +if {![istarget *-*-linux*] + && ![istarget *-*-gnu*] + && ![istarget *-*-elf*] + && ![istarget *-*-openbsd*] + && ![istarget arm-*-eabi*] + && ![istarget powerpc-*-eabi*]} { + return 0 +} + +if { [skip_cplus_tests] } { continue } + +set testfile member-ptr-forwardref +set executable ${testfile} +set binfile ${objdir}/${subdir}/${executable}.x + +if { [gdb_compile "${srcdir}/${subdir}/${testfile}.S" ${binfile} object {debug}] != "" } { + untested ${testfile}.exp + return -1 +} + +gdb_exit +gdb_start +gdb_reinitialize_dir $srcdir/$subdir + +# Be sure to set cp-abi before ${binfile} gets loaded +gdb_test "set cp-abi gnu-v3" +gdb_test "show cp-abi" {The currently selected C\+\+ ABI is "gnu-v3".*} + +gdb_load ${binfile} + +gdb_test "ptype c" "type = class C {\[\r\n \t\]*int \\(C::\\*fp\\)\\(C \\*\\);\[\r\n \t\]*}"