From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5410 invoked by alias); 13 Jun 2012 05:13:22 -0000 Received: (qmail 5397 invoked by uid 22791); 13 Jun 2012 05:13:20 -0000 X-SWARE-Spam-Status: No, hits=-3.6 required=5.0 tests=AWL,BAYES_00,KHOP_RCVD_UNTRUST,RCVD_IN_HOSTKARMA_W,RCVD_IN_HOSTKARMA_WL X-Spam-Check-By: sourceware.org Received: from relay1.mentorg.com (HELO relay1.mentorg.com) (192.94.38.131) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 13 Jun 2012 05:13:07 +0000 Received: from svr-orw-fem-01.mgc.mentorg.com ([147.34.98.93]) by relay1.mentorg.com with esmtp id 1SeftC-0004gn-Bs from Maciej_Rozycki@mentor.com for gdb-patches@sourceware.org; Tue, 12 Jun 2012 22:13:06 -0700 Received: from SVR-IES-FEM-01.mgc.mentorg.com ([137.202.0.104]) by svr-orw-fem-01.mgc.mentorg.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 12 Jun 2012 22:13:05 -0700 Received: from [172.30.0.124] (137.202.0.76) by SVR-IES-FEM-01.mgc.mentorg.com (137.202.0.104) with Microsoft SMTP Server id 14.1.289.1; Wed, 13 Jun 2012 06:13:03 +0100 Date: Wed, 13 Jun 2012 05:13:00 -0000 From: "Maciej W. Rozycki" To: Subject: [RFA] Fix inline frame crash in handle_inferior_event Message-ID: User-Agent: Alpine 1.10 (DEB 962 2008-03-14) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-06/txt/msg00384.txt.bz2 Hi, Jan's recent change to enable mcheck has triggered a segfault in gdb.opt/inline-cmds.exp on mips-sde-elf and mips-linux-gnu targets (any multilibs). I have tracked the problem down to dereferencing a pointer to a frame structure that has been already freed. The cause is in handle_inferior_event, where skip_inline_frames is called and that may invalidate the frame cache. That doesn't stop handle_inferior_event though from trying to use a stale pointer to the current frame structure in the next step. This path is only used for targets that have delay slots (gdbarch_single_step_through_delay_p is true; that applies to CRIS and MIPS targets only), which I infer is why it wasn't caught straight away. This must be a long-standing bug. The change below works for me, the gdbarch_single_step_through_delay_p check that guards the problematic pointer dereference uses gdbarch determined by the invalidated frame too, so I've decided to reinit both frame and gdbarch unconditionally. No regressions in mips-sde-elf, mips-linux-gnu or i686-linux-gnu targets. OK to apply? 2012-06-13 Maciej W. Rozycki gdb/ * infrun.c (handle_inferior_event): Re-fetch frame and gdbarch after hiding inline functions. Maciej gdb-wait-inline-frames.diff Index: gdb-fsf-trunk-quilt/gdb/infrun.c =================================================================== --- gdb-fsf-trunk-quilt.orig/gdb/infrun.c 2012-06-08 23:45:43.000000000 +0100 +++ gdb-fsf-trunk-quilt/gdb/infrun.c 2012-06-12 08:29:31.063547656 +0100 @@ -4084,7 +4084,13 @@ handle_inferior_event (struct execution_ && pc_at_non_inline_function (aspace, ecs->event_thread->prev_pc, &ecs->ws))) - skip_inline_frames (ecs->ptid); + { + skip_inline_frames (ecs->ptid); + /* Re-fetch current thread's frame in case that invalidated + the frame cache. */ + frame = get_current_frame (); + gdbarch = get_frame_arch (frame); + } } if (ecs->event_thread->suspend.stop_signal == GDB_SIGNAL_TRAP