Re: bfinish writes to random addresses.

[Greg Law <glaw@undo-software.com>]

Daniel Jacobowitz wrote:
> On Tue, Jul 25, 2006 at 05:01:30PM +0100, Greg Law wrote:
> 
>>I guess one option would be to use a hardware breakpoint when setting 
>>breakpoints based on such "derived" addresses.  At least that way it's 
>>non-destructive if gdb gets it wrong.
> 
> 
> Every address where GDB sets any breakpoint is "derived" in that sense.

What I meant was if the address comes from looking up a symbol or some 
such, then it seems reasonable to have more confidence in it being 
correct.  As opposed to an address derived from program state -- namely 
function return addresses.

> And there aren't very many hardware breakpoints, if any.

At least in the cases I've seen on x86, most of the time the hardware 
breakpoints aren't in use.  Of course, on other architectures there may 
be none, and on x86 they may all be used.  But my point was that if a 
hardware breakpoint is used if available, it would fix this at least in 
those cases.

Maybe this is considered sufficiently unusual, or a user trying to do 
such a thing is considered sufficiently stupid that it isn't considered 
worth the effort.  But I alas I was sufficiently stupid, and it did take 
quite a while to track down what was going on here.

> 
> 
>>Having gdb check the return address looks like a sensible code address 
>>might also be worthwhile.  Of course this will not fix all cases, 
>>especially if the calculated return address happens to point into the 
>>middle of an instruction.  But hopefully in reality most things that 
>>look like pointers to code will actually be pointers to code, and so 
>>properly aligned, and the breakpoint will just go to the wrong place, 
>>rather than clobbering random data.
> 
> 
> ... Properly aligned?  You're talking about %ebp so I assume you're
> talking about x86, and instructions have no alignment on this
> architecture.

Sorry, bad terminology from me.  What I meant was that if there is a 
word in memory that is an address in a text segment, then chances are it 
is a pointer to some instruction, so most likely it points at the 
beginning of the instruction, not into the middle of an instruction.

> 
> Warning when returning from something with a symbol to something
> without a symbol is an interesting suggestion.  Does anyone else have
> comments?  Should this warn?
> 
> (gdb) bt
> #0 foo()
> #1 0x4000000 in ???
> (gdb) finish
> 

I was actually suggesting an error rather than a warning.  In this case, 
it seems that writing into 0x40000000 is almost certainly not what the 
user wants gdb to be doing.

Greg

-- 
Greg Law, Undo Software                       http://undo-software.com/