From: Daniel Jacobowitz <drow@false.org>
To: GDB <gdb@sources.redhat.com>
Cc: Eli Zaretskii <eliz@gnu.org>
Subject: Re: [mi] watchpoint-scope exec async command
Date: Tue, 29 Mar 2005 02:00:00 -0000 [thread overview]
Message-ID: <20050329020123.GA7266@nevyn.them.org> (raw)
In-Reply-To: <20050329024945.GC3957@white>
On Mon, Mar 28, 2005 at 09:49:45PM -0500, Bob Rossi wrote:
> > > breakpoint.c:5761 is where the related_breakpoint is allocated
> > > breakpoint.c:6721 is where the related_breakpoint is deleted
> > > breakpoint.c:1022 is where the problem occurs (just the next sucker to
> > > read/write the free'd related_breakpoint field)
> > >
> > > So, at breakpoint.c:5761 I do,
> > > (tgdb) p b
> > > $1 = (struct breakpoint *) 0x83b4878
> > > (tgdb) p b->related_breakpoint
> > > $2 = (struct breakpoint *) 0x83b49d0
> > >
> > > Then at breakpoint.c:6721, I print the breakpoint to be deleted
> > > (tgdb) p bpt
> > > $3 = (struct breakpoint *) 0x83b49d0
> > >
> > > This is the related_breakpoint!
> > >
> > > at the end of breakpoint_delete I do
> > > (tgdb) p breakpoint_chain->next->next->next->next->next->next
> > > $30 = (struct breakpoint *) 0x83b4878
> > >
> > > (tgdb) p breakpoint_chain->next->next->next->next->next->next->related_breakpoint
> > > $32 = (struct breakpoint *) 0x83b49d0
> >
> > So far, actually, so good - but is this still true when
> > breakpoint_auto_delete returns? Why isn't the other one deleted too?
> > What's its "disposition" at this point?
>
> Yes,
>
> (tgdb) p breakpoint_chain->next->next->next->next->next->next
> $47 = (struct breakpoint *) 0x83b4878
> (tgdb) p breakpoint_chain->next->next->next->next->next->next->disposition
> $51 = disp_donttouch
> (tgdb) p breakpoint_chain->next->next->next->next->next->next->related_breakpoint
> $48 = (struct breakpoint *) 0x83b49d0
> (tgdb) p breakpoint_chain->next->next->next->next->next->next->related_breakpoint->disposition
> $49 = disp_del
>
> I don't know why this seems OK to you. I must be missing something.
> breakpoint_chain->next->next->next->next->next->next->related_breakpoint
> was a pointer to a breakpoint that was deleted. Thus, the pointer is
> invalid. The reference to the deleted breakpoint (related_breakpoint
> field) must be set to NULL somehow.
Both of them should have the same disposition at this point. That's
why it's OK. They should always be deleted together; they should have
had disp_del_at_next_stop. We are deleting the scope breakpoint
because the watchpoint has gone out of scope; how did we fail to delete
the watchpoint too?
The answer seems to be that we use disp_del_at_next_stop if we hit the
_watchpoint_, but not if we hit the related breakpoint. When we delete
it we ought to be deleting its related breakpoint too (they point to
each other). But we don't. The only things we ever do with
related_breakpoints are set their dispositions.
That's presumably the bug. Why it never hit before, I have no clue.
Eli, you know a lot about the watchpoint mechanism; do you know how
this is supposed to work?
> It seems that whenever a breakpoint is deleted, all other
> breakpoints related_breakpoint field needs to be checked, to see if they
> pointed to the data that was just deleted.
>
> Please look at the comments at breakpoint.c:6723 and breakpoint.c:1325.
The comment at 6723 doesn't apply to this case, because that's bpstats
dangling a pointer; the breakpoint chain should never do this.
--
Daniel Jacobowitz
CodeSourcery, LLC
next prev parent reply other threads:[~2005-03-29 2:00 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-25 16:12 Bob Rossi
2005-03-25 16:25 ` gdbserver question james osburn
2005-03-25 16:33 ` Daniel Jacobowitz
2005-03-26 13:27 ` [mi] watchpoint-scope exec async command Eli Zaretskii
2005-03-26 13:44 ` Bob Rossi
2005-03-27 14:10 ` Bob Rossi
2005-03-28 21:57 ` Bob Rossi
2005-03-28 22:40 ` Daniel Jacobowitz
2005-03-28 22:54 ` Bob Rossi
2005-03-28 22:59 ` Daniel Jacobowitz
2005-03-29 0:43 ` Bob Rossi
2005-03-29 1:35 ` Daniel Jacobowitz
2005-03-29 1:51 ` Bob Rossi
2005-03-29 2:00 ` Daniel Jacobowitz [this message]
2005-03-29 21:33 ` Eli Zaretskii
2005-03-29 21:39 ` Mark Kettenis
2005-03-29 21:47 ` Bob Rossi
2005-03-30 5:15 ` Eli Zaretskii
2005-03-29 21:43 ` Daniel Jacobowitz
2005-03-30 20:10 ` Eli Zaretskii
2005-03-31 0:49 ` Bob Rossi
2005-03-31 4:43 ` Eli Zaretskii
2005-03-31 19:59 ` Bob Rossi
2005-04-01 8:10 ` Eli Zaretskii
2005-04-01 14:09 ` Daniel Jacobowitz
2005-04-02 9:54 ` Eli Zaretskii
2005-04-06 2:13 ` Bob Rossi
2005-04-06 3:51 ` Eli Zaretskii
2005-03-31 2:32 ` Daniel Jacobowitz
2005-03-31 4:48 ` Eli Zaretskii
2005-03-31 6:00 ` Daniel Jacobowitz
2005-03-31 19:49 ` Eli Zaretskii
2005-03-29 23:29 ` Bob Rossi
2005-03-30 5:12 ` Eli Zaretskii
2005-03-30 0:29 ` Bob Rossi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050329020123.GA7266@nevyn.them.org \
--to=drow@false.org \
--cc=eliz@gnu.org \
--cc=gdb@sources.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox