From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <simark@simark.ca>
Received: from simark.ca (simark.ca [158.69.221.121])
 by sourceware.org (Postfix) with ESMTPS id 358763861884
 for <gdb-patches@sourceware.org>; Fri, 10 Jul 2020 02:56:01 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 358763861884
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=simark.ca
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=simark@simark.ca
Received: from [10.0.0.11] (173-246-6-90.qc.cable.ebox.net [173.246.6.90])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by simark.ca (Postfix) with ESMTPSA id 593621E5F9;
 Thu,  9 Jul 2020 22:56:00 -0400 (EDT)
Subject: Re: [PATCH 3/3] Make scoped_restore_current_thread's cdtors exception
 free (RFC)
To: Pedro Alves <pedro@palves.net>, gdb-patches@sourceware.org
References: <20200708233125.1030-1-pedro@palves.net>
 <20200708233125.1030-4-pedro@palves.net>
 <58a4020f-fbbb-611f-eb23-c1b3fa25d4f2@simark.ca>
 <a33d6994-7be9-60f3-d218-5da7df64600f@palves.net>
 <39ad8351-3f99-1162-4d2f-b5dbee5756f8@simark.ca>
 <47b34393-3833-bb85-84dc-9a8bde3e1a77@palves.net>
From: Simon Marchi <simark@simark.ca>
Message-ID: <3293dbc2-922a-8589-dbc7-75ebd5a26175@simark.ca>
Date: Thu, 9 Jul 2020 22:55:59 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <47b34393-3833-bb85-84dc-9a8bde3e1a77@palves.net>
Content-Type: text/plain; charset=utf-8
Content-Language: fr
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 KAM_SHORT, SPF_HELO_PASS, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: gdb-patches@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-patches mailing list <gdb-patches.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2020 02:56:02 -0000

>> I don't know if it would be worth it, but I'd like if we could assert (abort
>> GDB) if an exception does try to exit the destructor.  The `restore` method
>> is non-trivial and calls into other non-trivial functions, so it would be
>> possible for a change far far away to cause that to happen.
> 
> It will already abort.  Destructors are noexcept by default, so if an exception
> escapes a destructor, std::terminate() is called, and that calls abort by default.

Oh, didn't know that!  I thought it was just "undefined behavior".

>> What do you think of keeping the try/catch, but using `gdb_assert_not_reached`
>> in it?
> 
> Not sure.  If we do that, we do get a nicer error message.  However if the user
> says "n" to "Quit this debugging session" we still abort.
> 
> /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/thread.c:1441: internal-error: scoped_restore_current_thread::~scoped_restore_current_thread(): unexpected exception thrown from destructor: hello
> A problem internal to GDB has been detected,
> further debugging may prove unreliable.
> Quit this debugging session? (y or n) n
> 
> This is a bug, please report it.  For instructions, see:
> <https://www.gnu.org/software/gdb/bugs/>.
> 
> /home/pedro/brno/pedro/gdb/binutils-gdb-2/build/../src/gdb/thread.c:1441: internal-error: scoped_restore_current_thread::~scoped_restore_current_thread(): unexpected exception thrown from destructor: hello
> A problem internal to GDB has been detected,
> further debugging may prove unreliable.
> Create a core file of GDB? (y or n) n
> terminate called after throwing an instance of 'gdb_exception_quit'
> Aborted (core dumped)
> 
> Maybe it would be interesting to add a variant of internal_error that did
> not throw a quit, so the user could swallow the exception...  Maybe consider
> wrapping that as a generic facility to add to all non-trivial RAII destructors
> we have?  Like a function that takes a function_view as parameter, so
> we would write:
> 
> foo::~foo ()
> {
>   safe_dtor (__FILE__, __LINE__, [&] () 
>     {
>       restore ();
>     });
> }
> 
> Even better, add a SAFE_DTOR macro using similar magic SCOPE_EXIT
> macro uses to be able to write:
> 
> foo::~foo ()
> {
>   SAFE_DTOR { restore (); };
> }

That's fancier than what I hoped for :).  My goal was just to make sure
we catch it if we ever make a change that causes an exception to escape.
Although I wouldn't be against what you proposed.

> Here's the current version of the patch.

That looks fine to me.

Simon