From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 63340 invoked by alias); 4 Feb 2016 16:01:55 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 63329 invoked by uid 89); 4 Feb 2016 16:01:54 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=reverse-finish, reversefinish, metzger, consists X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Thu, 04 Feb 2016 16:01:53 +0000 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (Postfix) with ESMTPS id 9E4E1C0A8469; Thu, 4 Feb 2016 16:01:52 +0000 (UTC) Received: from [127.0.0.1] (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u14G1p8o029000; Thu, 4 Feb 2016 11:01:51 -0500 Message-ID: <56B375EE.7020407@redhat.com> Date: Thu, 04 Feb 2016 16:01:00 -0000 From: Pedro Alves User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Markus Metzger CC: gdb-patches@sourceware.org Subject: Re: [PATCH] btrace, frame: fix crash in get_frame_type References: <1453828132-2319-1-git-send-email-markus.t.metzger@intel.com> In-Reply-To: <1453828132-2319-1-git-send-email-markus.t.metzger@intel.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-SW-Source: 2016-02/txt/msg00116.txt.bz2 On 01/26/2016 05:08 PM, Markus Metzger wrote: > In skip_artificial_frames we repeatedly call get_prev_frame_always until we get > a non-inline and non-tailcall frame assuming that there must be such a frame > eventually. > > For record targets, however, we may have a frame chain that consists only of > inline or tailcall frames. > > This leads to a crash in get_frame_type when we dereference a NULL frame > pointer. > > The comment on skip_artificial_frames says > > /* Given FRAME, return the enclosing frame as found in real frames read-in from > inferior memory. Skip any previous frames which were made up by GDB. > Return the original frame if no immediate previous frames exist. */ > > That last part, "return the original frame if no immediate previous frames > exist", is missing. I added that. Not sure about this. Why does it make sense to return the original frame? It sounds arbitrary -- could just as well be the outermost? What does the caller in question do with it, and why is it correct? > I found two other places where get_frame_type is called in a similar setup to > skip tailcall frames: > > - in infcmd.c to implement the "finish" command > - in frame.c's pop_frame which is used by the "return" command > > In both cases I added a NULL pointer check for the frame and throw an error in > case we don't find a non-tailcall frame. > /* Ignore TAILCALL_FRAME type frames, they were executed already before > entering THISFRAME. */ > - while (get_frame_type (prev_frame) == TAILCALL_FRAME) > + while (prev_frame != NULL && get_frame_type (prev_frame) == TAILCALL_FRAME) > prev_frame = get_prev_frame (prev_frame); > > + /* We cannot pop tailcall frames. */ > + if (prev_frame == NULL) > + error (_("Cannot pop tailcall frame(s).")); > + How about factoring that out to a skip_tailcall_frames function, similar to skip_artificial_frames, and then do: prev_frame = skip_tailcall_frames (prev_frame); if (prev_frame == NULL) error (_("Cannot pop tailcall frame(s).")); here and similarly in the other case. And I wonder whether we should be using get_prev_frame_always for this too, like skip_artificial_frames uses. > > In infcmd I further moved the tailcall-frame-chasing loop to the > forward-stepping case since we don't need a frame for reverse execution and we > don't want to fail because of that. Reverse-finish does make sense for a > tailcall frame. Thanks, Pedro Alves