If we constify value_cstring, we might as well constify this one.
gdb/ChangeLog:
* valops.c (value_string): Constify 'ptr' parameter.
* value.h (value_string): Constify 'ptr' parameter.
Hi,
I build GDB with -fsanitize=address, and run testsuite. In
gdb.base/callfuncs.exp, I see the following error,
p t_float_values(0.0,0.0)
=================================================================
==8088==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000cb650 at pc 0x6e195c bp 0x7fff164f9770 sp 0x7fff164f9768
READ of size 16 at 0x6020000cb650 thread T0^
#0 0x6e195b in regcache_raw_write /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:912
#1 0x6e1e52 in regcache_cooked_write /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:945
#2 0x466d69 in pass_in_v /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1101
#3 0x467512 in pass_in_v_or_stack /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1196
#4 0x467d7d in aarch64_push_dummy_call /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1335
The code in pass_in_v read contents from V registers (128 bit), but the
data passed through V registers can be less than 128 bit. In this case,
float is passed. So writing V registers contents into contents buff
will cause overflow. In this patch, we add an array reg[V_REGISTER_SIZE],
which is to hold the contents from V registers, and then copy useful
bits to buf.
gdb:
2015-11-18 Yao Qi <yao.qi@linaro.org>
* aarch64-tdep.c (pass_in_v): Add argument len. Add local array
reg. Callers updated.
Hi,
Some tests in gdb.threads/multiple-step-overs.exp fail on arm target
when the displaced stepping on, but they pass when displaced stepping
is off.
FAIL: gdb.threads/multiple-step-overs.exp: displaced=on: step: step
FAIL: gdb.threads/multiple-step-overs.exp: displaced=on: next: next
FAIL: gdb.threads/multiple-step-overs.exp: displaced=on: continue: continue
FAIL: gdb.threads/multiple-step-overs.exp: displaced=on: signal thr1: continue to sigusr1_handler
when displaced stepping is on,
Sending packet: $vCont;c#a8...infrun: infrun_async(1)^M <--- [1]
infrun: prepare_to_wait^M
infrun: target_wait (-1.0.0, status) =^M
infrun: -1.0.0 [Thread 0],^M
infrun: status->kind = ignore^M
infrun: TARGET_WAITKIND_IGNORE^M
infrun: prepare_to_wait^M
Packet received: T05swbreak:;0b:f8faffbe;0d:409ee7b6;0f:d0880000;thread:p635.636;core:0;^M
infrun: target_wait (-1.0.0, status) =^M
infrun: 1589.1590.0 [Thread 1590],^M
infrun: status->kind = stopped, signal = GDB_SIGNAL_TRAP^M
infrun: TARGET_WAITKIND_STOPPED^M
infrun: stop_pc = 0x88d0^M
infrun: context switch^M
infrun: Switching context from Thread 1591 to Thread 1590^
GDB resumes the whole process (all threads) rather than the specific
thread for which GDB wants to step over the breakpoint (as shown in [1]).
That is wrong because we resume a single thread and leave others stopped
when doing a normal step over where we temporarily remove the breakpoint,
single-step, reinsert the breakpoint, is that if we let other threads run
in the period while the breakpoint is removed, then these other threads
could miss the breakpoint. Since with displaced stepping, we don't ever
remove the breakpoint, it should be fine to let other threads run. However,
there's another reason that we should not let other threads run: that is
the case where some of those threads are also stopped for a breakpoint that
itself needs to be stepped over. If we just let those threads run, then
they immediately re-trap their breakpoint again.
when displaced stepping is off, GDB behaves correctly, only resumes
the specific thread (as shown in [2]).
Sending packet: $vCont;c:p611.613#b2...infrun: infrun_async(1)^M <-- [2]
infrun: prepare_to_wait^M
infrun: target_wait (-1.0.0, status) =^M
infrun: -1.0.0 [Thread 0],^M
infrun: status->kind = ignore^M
infrun: TARGET_WAITKIND_IGNORE^M
infrun: prepare_to_wait^M
Packet received: T05swbreak:;0b:f8faffbe;0d:409e67b6;0f:48880000;thread:p611.613;core:1;^M
infrun: target_wait (-1.0.0, status) =^M
infrun: 1553.1555.0 [Thread 1555],^M
infrun: status->kind = stopped, signal = GDB_SIGNAL_TRAP^M
infrun: TARGET_WAITKIND_STOPPED^M
infrun: clear_step_over_info^M
infrun: stop_pc = 0x8848
The current logic in GDB on deciding the set of threads to resume is:
/* Decide the set of threads to ask the target to resume. */
if ((step || thread_has_single_step_breakpoints_set (tp))
&& tp->control.trap_expected)
{
/* We're allowing a thread to run past a breakpoint it has
hit, by single-stepping the thread with the breakpoint
removed. In which case, we need to single-step only this
thread, and keep others stopped, as they can miss this
breakpoint if allowed to run. */
resume_ptid = inferior_ptid;
}
else
resume_ptid = internal_resume_ptid (user_step);
it doesn't handle the case correctly that GDB continue (instead of
single step) the thread for displaced stepping.
I also update the comment below to reflect the code. I remove the
"with the breakpoint removed" comment, because GDB doesn't remove
breakpoints in displaced stepping, so we don't have to worry that
other threads may miss the breakpoint.
Patch is regression tested on both x86_64-linux and arm-linux.
gdb:
2015-11-17 Yao Qi <yao.qi@linaro.org>
* infrun.c (resume): Check control.trap_expected only
when deciding the set of threads to resume.
We currently throw exceptions from signal handlers (e.g., for
Quit/ctrl-c). But throwing C++ exceptions from signal handlers is
undefined. (That doesn't restore signal masks, like siglongjmp does,
and, because asynchronous signals can arrive at any instruction, we'd
have to build _everything_ with -fasync-unwind-tables to make it
reliable.) It happens to work on x86_64 GNU/Linux at least, but it's
likely broken on other ports.
Until we stop throwing from signal handlers, use setjmp/longjmp based
exceptions in C++ mode as well.
gdb/ChangeLog:
2015-11-17 Pedro Alves <palves@redhat.com>
* common/common-exceptions.h (GDB_XCPT_SJMP, GDB_XCPT_TRY)
(GDB_XCPT_RAW_TRY, GDB_XCPT): Define.
Replace __cplusplus checks with GDB_XCPT checks throughout.
* common/common-exceptions.c: Replace __cplusplus checks with
GDB_XCPT checks throughout.
Cross building gdbserver for --host=x86_64-w64-mingw32 with gcc 4.8.4
20141219 (Fedora MinGW 4.8.4-1.fc20), I get:
src/gdb/gdbserver/tracepoint.c: In function 'cmd_qtdp':
src/gdb/gdbserver/tracepoint.c:2577:7: error: unknown conversion type character 'l' in format [-Werror=format=]
trace_debug ("Defined %stracepoint %d at 0x%s, "
^
src/gdb/gdbserver/tracepoint.c:2577:7: error: unknown conversion type character 'l' in format [-Werror=format=]
src/gdb/gdbserver/tracepoint.c:2577:7: error: too many arguments for format [-Werror=format-extra-args]
src/gdb/gdbserver/tracepoint.c: In function 'stop_tracing':
src/gdb/gdbserver/tracepoint.c:3447:7: error: unknown conversion type character 'l' in format [-Werror=format=]
trace_debug ("Stopping the trace because "
^
src/gdb/gdbserver/tracepoint.c:3447:7: error: too many arguments for format [-Werror=format-extra-args]
src/gdb/gdbserver/tracepoint.c: In function 'collect_data_at_tracepoint':
src/gdb/gdbserver/tracepoint.c:4651:3: error: unknown conversion type character 'l' in format [-Werror=format=]
trace_debug ("Making new traceframe for tracepoint %d at 0x%s, hit %" PRIu64,
^
src/gdb/gdbserver/tracepoint.c:4651:3: error: too many arguments for format [-Werror=format-extra-args]
src/gdb/gdbserver/tracepoint.c: In function 'collect_data_at_step':
src/gdb/gdbserver/tracepoint.c:4687:3: error: unknown conversion type character 'l' in format [-Werror=format=]
trace_debug ("Making new step traceframe for "
^
trace_debug is a macro that calls:
static void trace_vdebug (const char *, ...) ATTRIBUTE_PRINTF (1, 2);
The calls that fail checking use PRIu64, etc., like:
trace_debug ("Defined %stracepoint %d at 0x%s, "
"enabled %d step %" PRIu64 " pass %" PRIu64,
tpoint->type == fast_tracepoint ? "fast "
: tpoint->type == static_tracepoint ? "static " : "",
tpoint->number, paddress (tpoint->address), tpoint->enabled,
tpoint->step_count, tpoint->pass_count);
gnulib's stdio/printf module replacements may make %llu, etc. work on
mingw, instead of the MS-specific %I64u, and thus may make PRIu64
expand to %llu. However, gcc isn't aware of that, because libiberty's
ansidecl.h defines ATTRIBUTE_PRINTF as using attribute format(printf).
But, with that format, gcc checks for MS-style format strings (%I64u).
In order to have gcc expect gnu/standard formats, we need to use
gnu_printf format instead. Which version to use (printf/gnu_printf)
depends on msvcrt and mingw version, and so gnulib has a
configure-time check, and defines _GL_ATTRIBUTE_FORMAT_PRINTF
accordingly.
Since _GL_ATTRIBUTE_FORMAT_PRINTF is compatible with ATTRIBUTE_PRINTF,
the fix is simply to make use of the former.
gdb/ChangeLog:
2015-11-17 Pedro Alves <palves@redhat.com>
* common/common-defs.h (ATTRIBUTE_PRINTF): Redefine in terms of
_GL_ATTRIBUTE_FORMAT_PRINTF after including ansidecl.h.
With some toolchains, building in C++ mode stumbles on many instances
of:
In file included from ../../src/gdb/../include/splay-tree.h:43:0,
from ../../src/gdb/dcache.c:26:
build-gnulib/import/inttypes.h:61:3: error: #error "This file assumes that 'int' has exactly 32 bits. Please report your platform and compiler to <bug-gnulib@gnu.org>."
# error "This file assumes that 'int' has exactly 32 bits. Please report your platform and compiler to <bug-gnulib@gnu.org>."
^
make: *** [dcache.o] Error 1
That's:
#if !(INT_MIN == INT32_MIN && INT_MAX == INT32_MAX)
# error "This file assumes that 'int' has exactly 32 bits. Please report your platform and compiler to <bug-gnulib@gnu.org>."
#endif
I see it when cross building for --host=x86_64-w64-mingw32 using
Fedora 20's g++ (gcc version 4.8.4 20141219 (Fedora MinGW
4.8.4-1.fc20)), Simon reports seeing this on several cross compilers
too.
The issue is that on some hosts that predate C++11, when using C++ one
must define __STDC_CONSTANT_MACROS/__STDC_LIMIT_MACROS to make visible
the definitions of INTMAX_C / INTMAX_MAX etc.
This was a C99 requirement that later C++11 -- the first to define
stdint.h -- removed, and then C11 removed it as well.
https://www.gnu.org/software/gnulib/manual/html_node/stdint_002eh.html
says that gnulib's stdint.h fixes this, but because we run gnulib's
configure tests with a C compiler, gnulib determines that mingw's
stdint.h is C99-compliant, and doesn't actually replace it. Actually,
even though configuring gnulib with a C++ compiler does result in
gnulib replacing stdint.h, the resulting replacement is broken for
mingw, because it defines uintptr_t incorrectly. I sent a gnulib
patch upstream to fix that, here:
https://lists.gnu.org/archive/html/bug-gnulib/2015-11/msg00004.html
but then even with that, gnulib still stumbles on other
configured-with-C++-compiler problems.
So for now, until gnulib + C++ is fixed upstream and then gdb's copy
is updated, which may take a while, I think it's best to keep
configuring gnulib in C, and define
__STDC_LIMIT_MACROS/__STDC_CONSTANT_MACROS ourselves, just like C99
intended.
gdb/ChangeLog:
2015-11-17 Pedro Alves <palves@redhat.com>
* common/common-defs.h (__STDC_CONSTANT_MACROS)
(__STDC_LIMIT_MACROS): Define before including stdint.h.
Building in C++ errors out with:
../../src/gdb/windows-nat.c: In function 'int get_windows_debug_event(target_ops*, int, target_waitstatus*)':
../../src/gdb/windows-nat.c:1503:13: warning: invalid conversion from 'int' to 'gdb_signal' [-fpermissive]
last_sig = 1;
^
../../src/gdb/windows-nat.c:1533:43: warning: invalid conversion from 'int' to 'gdb_signal' [-fpermissive]
windows_resume (ops, minus_one_ptid, 0, 1);
^
../../src/gdb/windows-nat.c:1228:1: warning: initializing argument 4 of 'void windows_resume(target_ops*, ptid_t, int, gdb_signal)' [-fpermissive]
windows_resume (struct target_ops *ops,
^
Looking at the code, I can't figure out why we treat first chance
exceptions any different here.
AFAICS, we set last_sig to 1, and then call windows_resume passing
signal==1, so the DBG_EXCEPTION_NOT_HANDLED code path in win32_resume
is taken:
~~~
if (sig != GDB_SIGNAL_0)
{
if (current_event.dwDebugEventCode != EXCEPTION_DEBUG_EVENT)
{
OUTMSG (("Cannot continue with signal %d here.\n", sig));
}
else if (sig == last_sig)
continue_status = DBG_EXCEPTION_NOT_HANDLED;
else
OUTMSG (("Can only continue with recieved signal %d.\n", last_sig));
}
~~~
Fix this by removing this special casing. gdbserver also goes
straight to continuing with DBG_EXCEPTION_NOT_HANDLED, AFAICS.
gdb/ChangeLog:
2015-11-17 Pedro Alves <palves@redhat.com>
* windows-nat.c (handle_exception): Return 0 for first chance
exceptions.
(get_windows_debug_event): Adjust.
Fixes:
../../src/gdb/windows-nat.c:287:11: error: invalid conversion from 'int' to 'gdb_signal' [-fpermissive]
{-1, -1}};
^
The signal number here doesn't really matter.
gdb/ChangeLog:
2015-11-17 Pedro Alves <palves@redhat.com>
* windows-nat.c (xslate): Use GDB_SIGNAL_UNKNOWN instead of -1 as
signal number for terminator.
Fixes a set of errors like:
../../src/gdb/windows-nat.c: In function 'void _initialize_loadable()':
../../src/gdb/windows-nat.c:2778:30: error: invalid conversion from 'void*' to 'BOOL (*)(DWORD) {aka int (*)(long unsigned int)}' [-fpermissive]
DebugActiveProcessStop = (void *)
^
gdb/ChangeLog:
2015-11-17 Pedro Alves <palves@redhat.com>
* windows-nat.c (AdjustTokenPrivileges_ftype)
(DebugActiveProcessStop_ftype, DebugBreakProcess_ftype)
(DebugSetProcessKillOnExit_ftype, EnumProcessModules_ftype)
(GetCurrentConsoleFont_ftype, GetModuleInformation_ftype)
(LookupPrivilegeValueA_ftype, OpenProcessToken_ftype)
(GetConsoleFontSize_ftype): New typedefs.
(AdjustTokenPrivileges, DebugActiveProcessStop)
(DebugBreakProcess, DebugSetProcessKillOnExit, EnumProcessModules)
(GetConsoleFontSize, GetCurrentConsoleFont, GetModuleInformation)
(LookupPrivilegeValueA, OpenProcessToken, GetConsoleFontSize):
Adjust.
(GetModuleFileNameEx_ftype): New typedef.
(GetModuleFileNameEx): Use it.
(_initialize_loadable): Define GPA macro and use it.
c_string_type contains values meant to be OR'ed together (even though
some bits are mutually exclusive), so it makes sense to make it an
enum flags type.
gdb/ChangeLog:
2015-11-17 Simon Marchi <simon.marchi@ericsson.com>
* c-exp.y (exp): Adjust, change enum c_string_type to
c_string_type.
(parse_string_or_char): Likewise.
* c-lang.c (charset_for_string_type): Likewise.
(classify_type): Likewise.
(c_printchar): Likewise.
(c_printstr): Likewise.
(evaluate_subexp_c): Likewise. And change cast to enum
c_string_type_values.
* c-lang.h: Include "common/enum_flags.h".
(enum c_string_type): Rename to...
(enum c_string_type_values): ...this.
(c_string_type): Define new enum flags type.
This patch fixes C++ build errors like this:
/home/pedro/gdb/mygit/cxx-convertion/src/gdb/linux-tdep.c:1126:35: error: invalid conversion from ‘int’ to ‘filterflags’ [-fpermissive]
| COREFILTER_HUGETLB_PRIVATE);
^
This is a case of enums used as bit flags. Unlike "regular" enums,
these values are supposed to be or'ed together. However, in C++, the
type of "(ENUM1 | ENUM2)" is int, and you then can't assign an int to
an enum variable without a cast. That means that this:
enum foo_flags flags = 0;
if (...)
flags |= FOO_FLAG1;
if (...)
flags |= FOO_FLAG2;
... would have to be written as:
enum foo_flags flags = (enum foo_flags) 0;
if (...)
flags = (enum foo_flags) (flags | FOO_FLAG1);
if (...)
flags = (enum foo_flags) (flags | FOO_FLAG2);
which is ... ugly. Alternatively, we'd have to use an int for the
variable's type, which isn't ideal either.
This patch instead adds an "enum flags" class. "enum flags" are
exactly the enums where the values are bits that are meant to be ORed
together.
This allows writing code like the below, while with raw enums this
would fail to compile without casts to enum type at the assignments to
'f':
enum some_flag
{
flag_val1 = 1 << 1,
flag_val2 = 1 << 2,
flag_val3 = 1 << 3,
flag_val4 = 1 << 4,
};
DEF_ENUM_FLAGS_TYPE(enum some_flag, some_flags)
some_flags f = flag_val1 | flag_val2;
f |= flag_val3;
It's also possible to assign literal zero to an enum flags variable
(meaning, no flags), dispensing either adding an awkward explicit "no
value" value to the enumeration or the cast to assignments from 0.
For example:
some_flags f = 0;
f |= flag_val3 | flag_val4;
Note that literal integers other than zero do fail to compile:
some_flags f = 1; // error
C is still supported -- DEF_ENUM_FLAGS_TYPE is just a typedef in that
case.
gdb/ChangeLog:
2015-11-17 Pedro Alves <palves@redhat.com>
* btrace.h: Include common/enum-flags.h.
(btrace_insn_flags): Define.
(struct btrace_insn) <flags>: Change type.
(btrace_function_flags): Define.
(struct btrace_function) <flags>: Change type.
(btrace_thread_flags): Define.
(struct btrace_thread_info) <flags>: Change type.
* c-exp.y (token_flags): Rename to ...
(token_flag): ... this.
(token_flags): Define.
(struct token) <flags>: Change type.
* common/enum-flags.h: New file.
* compile/compile-c-types.c (convert_qualified): Change type of
'quals' local.
* compile/compile-internal.h: Include "common/enum-flags.h".
(gcc_qualifiers_flags): Define.
* completer.c (enum reg_completer_targets): Rename to ...
(enum reg_completer_target): ... this.
(reg_completer_targets): Define.
(reg_or_group_completer_1): Change type of 'targets' parameter.
* disasm.c (do_mixed_source_and_assembly_deprecated): Change type
of 'psl_flags' local.
(do_mixed_source_and_assembly): Change type of 'psl_flags' local.
* infrun.c: Include "common/enum-flags.h".
(enum step_over_what): Rename to ...
(enum step_over_what_flag): ... this.
(step_over_what): Change type.
(start_step_over): Change type of 'step_what' local.
(thread_still_needs_step_over): Now returns a step_over_what.
Adjust.
(keep_going_pass_signal): Change type of 'step_what' local.
* linux-tdep.c: Include "common/enum-flags.h".
(enum filterflags): Rename to ...
(enum filter_flag): ... this.
(filter_flags): Define.
(dump_mapping_p): Change type of 'filterflags' parameter.
(linux_find_memory_regions_full): Change type of 'filterflags'
local.
(linux_find_memory_regions_full): Pass the address of an unsigned
int to sscanf instead of the address of an enum.
* record-btrace.c (btrace_print_lines): Change type of local
'psl_flags'.
(btrace_call_history): Replace 'flags' parameter
with 'int_flags' parameter. Adjust.
(record_btrace_call_history, record_btrace_call_history_range)
(record_btrace_call_history_from): Rename 'flags' parameter to
'int_flags'. Use record_print_flags.
* record.h: Include "common/enum-flags.h".
(record_print_flags): Define.
* source.c: Include "common/enum-flags.h".
(print_source_lines_base, print_source_lines): Change type of
flags parameter.
* symtab.h: Include "common/enum-flags.h".
(enum print_source_lines_flags): Rename to ...
(enum print_source_lines_flag): ... this.
(print_source_lines_flags): Define.
(print_source_lines): Change prototype.
Instead of adding a cast at the memory_error call, as needed for C++,
and have the reader understand the indirection, make it simple and
hardcode the generic memory error at the memory_error call site.
gdb/ChangeLog:
2015-11-17 Pedro Alves <palves@redhat.com>
* guile/scm-disasm.c (gdbscm_disasm_read_memory): Return -1 on
error instead of TARGET_XFER_E_IO.
(gdbscm_disasm_memory_error): Always pass TARGET_XFER_E_IO to
memory_error.
This patch fixes all occurences of left-shifting negative constants in C cod
which is undefined by the C standard.
gdb/ChangeLog:
* hppa-tdep.c (hppa_sign_extend, hppa_low_hppa_sign_extend)
(prologue_inst_adjust_sp, hppa_frame_cache): Fix left shift of negative
value.
* dwarf2read.c (read_subrange_type): Likewise.
Hi,
I build GDB with -fsanitize=address, and run testsuite. In
gdb.base/callfuncs.exp, I see the following error,
p/c fun1()
=================================================================^M
==9601==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffee858530 at pc 0x6df079 bp 0x7fffee8583a0 sp 0x7fffee858398
WRITE of size 16 at 0x7fffee858530 thread T0
#0 0x6df078 in regcache_raw_read /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:673
#1 0x6dfe1e in regcache_cooked_read /home/yao/SourceCode/gnu/gdb/git/gdb/regcache.c:751
#2 0x4696a3 in aarch64_extract_return_value /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1708
#3 0x46ae57 in aarch64_return_value /home/yao/SourceCode/gnu/gdb/git/gdb/aarch64-tdep.c:1918
We are extracting return value from V registers (128 bit), but only
allocate X_REGISTER_SIZE-byte array, which isn't sufficient. This
patch changes the array to V_REGISTER_SIZE.
gdb:
2015-11-16 Yao Qi <yao.qi@linaro.org>
* aarch64-tdep.c (aarch64_extract_return_value): Change array
buf's length to V_REGISTER_SIZE.
This patch changes the last argument of functions pass_in_x_or_stack,
pass_in_v_or_stack, pass_on_stack, and pass_in_x to type value *.
gdb:
2015-11-16 Yao Qi <yao.qi@linaro.org>
* aarch64-tdep.c (pass_in_x_or_stack): Change argument type
from bfd_byte * to value *. Caller updated.
(pass_in_x): Likewise.
(pass_in_v_or_stack): Likewise.
(pass_on_stack): Likewise.
Both aarch64_push_dummy_call and bfin_push_dummy_call only use args[i]
contents but then never write to them, so that we can use
value_contents instead.
gdb:
2015-11-16 Yao Qi <yao.qi@linaro.org>
* aarch64-tdep.c (aarch64_push_dummy_call): Call value_contents instead
of value_contents_writeable.
* bfin-tdep.c (bfin_push_dummy_call): Likewise.
When I build GDB with -fsanitize=address, and run testsuite,
some gdb.base/*.exp test triggers the ERROR below,
=================================================================
==7646==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000242810 at pc 0x487844 bp 0x7fffe32e84e0 sp 0x7fffe32e84d8
READ of size 4 at 0x603000242810 thread T0
#0 0x487843 in push_stack_item /home/yao/SourceCode/gnu/gdb/git/gdb/arm-tdep.c:3405
#1 0x48998a in arm_push_dummy_call /home/yao/SourceCode/gnu/gdb/git/gdb/arm-tdep.c:3960
In that path, GDB passes value on stack, in an INT_REGISTER_SIZE slot,
but the value contents' length can be less than INT_REGISTER_SIZE, so
the contents will be accessed out of the bound. This patch adds an
array buf[INT_REGISTER_SIZE], and copy val to buf before writing them
to stack.
gdb:
2015-11-16 Yao Qi <yao.qi@linaro.org>
* arm-tdep.c (arm_push_dummy_call): New array buf. Store regval
to buf. Pass buf instead of val to push_stack_item.
This patch teaches GDB to support gnu vector in inferior calls. As a
result, fails in gdb.base/gnu_vector.exp are fixed. The calling
convention of gnu vector isn't documented in the AAPCS, because it
is the GCC extension. I checked the gcc/config/arm/arm.c, understand
how GCC pass arguments and return values, and do the same in GDB side.
The patch is tested with both hard float and soft float on arm-linux.
gdb:
2015-11-13 Yao Qi <yao.qi@linaro.org>
PR tdep/19051
* arm-tdep.c (arm_type_align): Return the right alignment
value for vector.
(arm_vfp_cprc_sub_candidate): Return true for 64-bit and
128-bit vector types.
(arm_return_in_memory): Handel vector type.
Current arm_return_in_memory isn't friendly to adding new things in it.
Moreover, a lot of stuff are about APCS, which is not used nowadays (AAPCS
is being used). This patch is to refactor arm_return_in_memory, so that
some code can be shared for both APCS and AAPCS at the beginning of
arm_return_in_memory, and then each ABI (APCS and AAPCS) are processed
separately.
gdb:
2015-11-13 Yao Qi <yao.qi@linaro.org>
* arm-tdep.c (arm_return_in_memory): Rewrite it.
(arm_return_value): Call arm_return_in_memory for
TYPE_CODE_COMPLEX.
These casts uses the typedef target type (long int *) instead of the
typedef name. This was a little mistake in one of the big C++ cast
patches.
gdb/ChangeLog:
* inf-ptrace.c (inf_ptrace_fetch_register): Change long int *
cast to PTRACE_TYPE_RET *.
(inf_ptrace_store_register): Likewise.
Switch to using 'add_info' function for creating basic info
sub-commands.
gdb/ChangeLog:
* avr-tdep.c (_initialize_avr_tdep): Switch to 'add_info' for creating
info sub-commands.
* gnu-nat.c (add_task_commands): Likewise.
* macrocmd.c (_initialize_macrocmd): Likewise.
The 'add_info' function is used for creating info commands, these
commands should be created as 'class_info' rather than 'no_class'.
gdb/ChangeLog:
* cli/cli-decode.c (add_info): Switch to class_info.
Consider a function with the following signature...
function F (R : out Rec_Type) return Enum_Type;
... where Rec_Type is a simple record:
type Rec_Type is record
Cur : Integer;
end record;
Trying to "finish" from that function causes GDB to SEGV:
(gdb) fin
Run till exit from #0 bar.f (r=...) at bar.adb:5
0x00000000004022fe in foo () at foo.adb:5
5 I : Enum_Type := F (R);
[1] 18949 segmentation fault (core dumped) /[..]/gdb
This is related to the fact that funtion F has a parameter (R)
which is an "out" parameter being passed by copy. For those,
GNAT transforms the return value to be a record with multiple
fields: The first one is called "RETVAL" and contains the return
value shown in the source, and the remaining fields have the same
name as the "out" or "in out" parameters which are passed by copy.
So, in the example above, function F returns a struct that has
one field who name is "r".
Because "RETVAL" starts with "R", GDB thinks it's a wrapper field,
because it looks like the encoding used for variant records:
-- member_name ::= {choice} | others_choice
-- choice ::= simple_choice | range_choice
-- simple_choice ::= S number
-- range_choice ::= R number T number <<<<<----- here
-- number ::= {decimal_digit} [m]
-- others_choice ::= O (upper case letter O)
See ada_is_wrapper_field:
return (name != NULL
&& (startswith (name, "PARENT")
|| strcmp (name, "REP") == 0
|| startswith (name, "_parent")
|| name[0] == 'S' || name[0] == 'R' || name[0] == 'O'));
As a result of this, when trying to print the RETURN value,
we think that RETVAL is a wrapper, and thus recurse into
print_field_values...
if (ada_is_wrapper_field (type, i))
{
comma_needed =
print_field_values (TYPE_FIELD_TYPE (type, i),
valaddr,
(offset
+ TYPE_FIELD_BITPOS (type, i) / HOST_CHAR_BIT),
stream, recurse, val, options,
comma_needed, type, offset, language);
... which is a problem since print_field_values assumes that
the type it is given ("TYPE_FIELD_TYPE (type, i)" here), is also
a record type. However, that's not the case, since RETVAL is
an enum. That eventually leads GDB to a NULL type when trying to
extract fields out of the enum, which then leads to a SEGV when
trying to dereference it.
Ideally, we'd want to be a little more careful in identifying
wrapper fields, by enhancing ada_is_wrapper_field to be a little
more complete in its analysis of the field name before declaring
it a variant record wrapper. However, it's not super easy to do
so, considering that the choices can be combined together when
complex choices are used. Eg:
-- [...] the choice 1 .. 4 | 7 | -10 would be represented by
-- R1T4S7S10m
Given that we are working towards getting rid of GNAT encodings,
which means that the above will eventually disappear, we took
the more pragmatic approach is just treating RETVAL as a special
case.
gdb/ChangeLog:
* ada-lang.c (ada_is_wrapper_field): Add special handling
for fields called "RETVAL".
gdb/testsuite/ChangeLog:
* gdb.ada/fin_fun_out: New testcase.
We've already has the definition like this,
#define ELF_STRING_ARM_unwind ".ARM.exidx"
so it is better to use the macro rather than the string.
gdb:
2015-11-09 Yao Qi <yao.qi@linaro.org>
* arm-tdep.c (arm_exidx_new_objfile): Use
ELF_STRING_ARM_unwind.
This patch adds a new function displaced_step_in_progress_thread,
which returns whether the thread is in progress of displaced
stepping.
gdb:
2015-11-09 Yao Qi <yao.qi@linaro.org>
* infrun.c (displaced_step_in_progress_thread): New function.
(handle_inferior_event_1): Call it.
gdb:
2015-11-05 Yao Qi <yao.qi@linaro.org>
* aarch64-tdep.c (aarch64_displaced_step_copy_insn): Call
aarch64_decode_insn and decode instruction by aarch64_inst.
This patch convert aarch64_analyze_prologue to using aarch64_decode_insn
to decode instructions. After this change, aarch64_analyze_prologue
looks much simple, and some aarch64_decode_* functions are removed
accordingly.
gdb:
2015-11-05 Yao Qi <yao.qi@linaro.org>
* aarch64-tdep.c (extract_signed_bitfield): Remove.
(decode_masked_match): Remove.
(aarch64_decode_add_sub_imm): Remove.
(aarch64_decode_br): Remove.
(aarch64_decode_eret): Remove.
(aarch64_decode_movz): Remove.
(aarch64_decode_orr_shifted_register_x): Remove.
(aarch64_decode_ret): Remove.
(aarch64_decode_stp_offset): Remove.
(aarch64_decode_stur): Remove.
(aarch64_analyze_prologue): Call aarch64_decode_insn
and use aarch64_inst to decode instructions.
This patch combines both aarch64_decode_stp_offset_wb and
aarch64_decode_stp_offset together.
gdb:
2015-11-05 Yao Qi <yao.qi@linaro.org>
* aarch64-tdep.c (aarch64_decode_stp_offset): New argument
wback.
(aarch64_decode_stp_offset_wb): Removed.
(aarch64_analyze_prologue): Don't use
aarch64_decode_stp_offset_wb.
This is needed to avoid O(n**2) complexity when recording MVCLE and other
partial execution instructions.
gdb/ChangeLog:
PR/18376
* gdb/s390-linux-tdep.c (s390_is_partial_instruction): New function.
(s390_software_single_step): New function.
(s390_displaced_step_hw_singlestep): New function.
(s390_gdbarch_init): Fill gdbarch slots with the above.
gdb/ChangeLog:
PR/18376
* gdb/configure.tgt: Add linux-record.o to s390*-linux.
* gdb/s390-linux-tdep.c: #include "linux-record.h", "record-full.h"
(s390_linux_record_tdep): New static global variable.
(s390x_linux_record_tdep): New static global variable.
(s390_all_but_pc_registers_record): New function.
(s390_canonicalize_syscall): New function.
(s390_linux_syscall_record): New function.
(s390_linux_record_signal): New function.
(s390_record_calc_disp_common): New function.
(s390_record_calc_disp): New function.
(s390_record_calc_disp_vsce): New function.
(s390_record_calc_rl): New function.
(s390_record_gpr_g): New function.
(s390_record_gpr_h): New function.
(s390_record_vr): New function.
(s390_process_record): New function.
(s390_init_linux_record_tdep): New function.
(s390_gdbarch_init): Fill record function slots.
gdb/testsuite/ChangeLog:
* gdb.reverse/s390-mvcle.c: New test.
* gdb.reverse/s390-mvcle.exp: New file.
* lib/gdb.exp: Enable reverse tests on s390*-linux.
On the newly added s390 target, it's possible for a single instruction
to write practically unbounded amount of memory (eg. MVCLE). This caused
a stack overflow when alloca was used.
gdb/ChangeLog:
* record-full.c (record_full_exec_insn): Use xmalloc for temporary
memory storage.
Add support for the /s modifier of the "record instruction-history" command. It
behaves exactly like /m and prints disassembled instructions in the order in
which they were recorded with interleaved sources. We accept /s in addition
to /m to align with the "disassemble" command.
The "record instruction-history" modifiers were not documented. Document
all of them.
gdb/
* record.c (get_insn_history_modifiers): Set DISASSEMBLY_SOURCE
instead of DISASSEMBLY_SOURCE_DEPRECATED. Also accept /s.
(_initialize_record): Document the /s modifier.
* NEWS: Announce record instruction-history's new /s modifier.
doc/
* gdb.texinfo (Process Record and Replay): Document "record
instruction-history" modifiers.
The /m modifier interleaves source lines with the disassembly of recorded
instructions. This calls disasm.c's gdb_disassembly once for each recorded
instruction to be printed.
This doesn't really work because gdb_disassembly may choose not to print
anything in some situations. And if it does print something, the output
interferes with btrace_insn_history's output around it.
It further results in a separate asm_insns list for each instruction in MI.
Even though there is no MI support for target record, yet, we fix this obvious
issue.
Change record instruction-history /m to use the new gdb_pretty_print_insn
function for printing a single instruction and interleave source lines as
appropriate.
We cannot reuse the new disasm.c do_mixed_source_and_assembly function without
significant changes to it.
gdb/
* record-btrace.c (struct btrace_line_range): New.
(btrace_mk_line_range, btrace_line_range_add)
(btrace_line_range_is_empty, btrace_line_range_contains_range)
(btrace_find_line_range, btrace_print_lines): New.
(btrace_insn_history): Add source interleaving algorithm.
The "record instruction-history" command prints for each instruction in
addition to the instruction's disassembly:
- the instruction number in the recorded execution trace
- a '?' before the instruction if it was executed speculatively
To allow the "record instruction-history" command to use GDB's disassembly
infrastructure, we extend gdb_pretty_print_insn to optionally print those
additional fields and export the function.
Add a new struct disasm_insn to add additional fields describing the
to-be-disassembled instruction. The additional fields are:
number an optional instruction number, zero if omitted.
is_speculative a predicate saying whether the instruction was
executed speculatively.
If non-zero, the instruction number is printed first. It will also appear
as a new optional field "insn-number" in MI. The field will be present if
insn_num is non-zero.
If is_speculative is set, speculative execution will be indicated by a "?"
following the new instruction number field. Unless the PC is omitted, it
will overwrite the first byte of the PC prefix. It will appear as a new
optional field "is-speculative" in MI. The field will contain "?" and will
be present if is_speculative is set.
The speculative execution indication is guarded by a new flag
DISASSEMBLY_SPECULATION.
Replace the PC parameter of gdb_pretty_print_insn with a pointer to the above
struct. GDB's "disassemble" command does not use the new fields.
gdb/
* disasm.h (DISASSEMBLY_SPECULATION): New.
(struct disasm_insn): New.
(gdb_pretty_print_insn): New.
* disasm.c (gdb_pretty_print_insn): Replace parameter PC with INSN.
Update users. Print instruction number and indicate speculative
execution, if requested.
Split disasm.c's dump_insn into two parts:
- print a single instruction
- loop over the specified address range
The first part will be refined in subsequent patches so it can be reused.
gdb/
* disasm.c (dump_insns): Split into this and ...
(gdb_pretty_print_insn): ... this.
This actually fixes the build in C:
/home/simark/src/binutils-gdb/gdb/xtensa-linux-nat.c💯1: error: no previous prototype for ‘supply_gregset_reg’ [-Werror=missing-prototypes]
supply_gregset_reg (struct regcache *regcache,
^
/home/simark/src/binutils-gdb/gdb/xtensa-linux-nat.c:257:1: error: no previous prototype for ‘xtensa_linux_fetch_inferior_registers’ [-Werror=missing-prototypes]
xtensa_linux_fetch_inferior_registers (struct target_ops *ops,
^
/home/simark/src/binutils-gdb/gdb/xtensa-linux-nat.c:272:1: error: no previous prototype for ‘xtensa_linux_store_inferior_registers’ [-Werror=missing-prototypes]
xtensa_linux_store_inferior_registers (struct target_ops *ops,
^
cc1: all warnings being treated as errors
These functions are local to this file, so they should be static.
gdb/ChangeLog:
* xtensa-linux-nat.c (supply_gregset_reg): Make static.
(xtensa_linux_fetch_inferior_registers): Likewise.
(xtensa_linux_store_inferior_registers): Likewise.
Mostly some casts from "generic arg" void* to the actual type.
There are two (enum gdb_signal) casts. I tried to see if it would have
been better to change the type of sigrc, but it has a double role, as an
enum and as an integer, so I left it as is.
gdb/ChangeLog:
* remote-sim.c (check_for_duplicate_sim_descriptor): Add casts.
(get_sim_inferior_data): Likewise.
(sim_inferior_data_cleanup): Likewise.
(gdbsim_close_inferior): Likewise.
(gdbsim_resume_inferior): Likewise.
(gdbsim_wait): Likewise.
(simulator_command): Likewise.
(sim_command_completer): Likewise.
Assuming displaced stepping is enabled, and a breakpoint is set in the
memory region of the scratch pad, things break. One of two cases can
happen:
#1 - The breakpoint wasn't inserted yet (all threads were stopped), so
after setting up the displaced stepping scratch pad with the
adjusted copy of the instruction we're trying to single-step, we
insert the breakpoint, which corrupts the scratch pad, and the
inferior executes the wrong instruction. (Example below.)
This is clearly unacceptable.
#2 - The breakpoint was already inserted, so setting up the displaced
stepping scratch pad overwrites the breakpoint. This is OK in
the sense that we already assume that no thread is going to
executes the code in the scratch pad range (after initial
startup) anyway.
This commit addresses both cases by simply punting on displaced
stepping if we have a breakpoint in the scratch pad range.
The #1 case above explains a few regressions exposed by the AS/NS
series on x86:
Running ./gdb.dwarf2/callframecfa.exp ...
FAIL: gdb.dwarf2/callframecfa.exp: set display for call-frame-cfa
FAIL: gdb.dwarf2/callframecfa.exp: step 1 for call-frame-cfa
FAIL: gdb.dwarf2/callframecfa.exp: step 2 for call-frame-cfa
FAIL: gdb.dwarf2/callframecfa.exp: step 3 for call-frame-cfa
FAIL: gdb.dwarf2/callframecfa.exp: step 4 for call-frame-cfa
Running ./gdb.dwarf2/typeddwarf.exp ...
FAIL: gdb.dwarf2/typeddwarf.exp: continue to breakpoint: continue to typeddwarf.c:53
FAIL: gdb.dwarf2/typeddwarf.exp: check value of x at typeddwarf.c:53
FAIL: gdb.dwarf2/typeddwarf.exp: check value of y at typeddwarf.c:53
FAIL: gdb.dwarf2/typeddwarf.exp: check value of z at typeddwarf.c:53
FAIL: gdb.dwarf2/typeddwarf.exp: continue to breakpoint: continue to typeddwarf.c:73
FAIL: gdb.dwarf2/typeddwarf.exp: check value of w at typeddwarf.c:73
FAIL: gdb.dwarf2/typeddwarf.exp: check value of x at typeddwarf.c:73
FAIL: gdb.dwarf2/typeddwarf.exp: check value of y at typeddwarf.c:73
FAIL: gdb.dwarf2/typeddwarf.exp: check value of z at typeddwarf.c:73
Enabling "maint set target-non-stop on" implies displaced stepping
enabled as well, and it's the latter that's to blame here. We can see
the same failures with "maint set target-non-stop off + set displaced
on".
Diffing (good/bad) gdb.log for callframecfa.exp shows:
@@ -99,29 +99,29 @@ Breakpoint 2 at 0x80481b0: file q.c, lin
continue
Continuing.
-Breakpoint 2, func (arg=77) at q.c:2
+Breakpoint 2, func (arg=52301) at q.c:2
2 in q.c
(gdb) PASS: gdb.dwarf2/callframecfa.exp: continue to breakpoint: continue to breakpoint for call-frame-cfa
display arg
-1: arg = 77
-(gdb) PASS: gdb.dwarf2/callframecfa.exp: set display for call-frame-cfa
+1: arg = 52301
+(gdb) FAIL: gdb.dwarf2/callframecfa.exp: set display for call-frame-cfa
The problem is here, when setting up the func call:
Breakpoint 1, main (argc=-13345, argv=0x0) at q.c:7
7 in q.c
(gdb) disassemble
Dump of assembler code for function main:
0x080481bb <+0>: push %ebp
0x080481bc <+1>: mov %esp,%ebp
0x080481be <+3>: sub $0x4,%esp
=> 0x080481c1 <+6>: movl $0x4d,(%esp)
0x080481c8 <+13>: call 0x80481b0 <func>
0x080481cd <+18>: leave
0x080481ce <+19>: ret
End of assembler dump.
(gdb) disassemble /r
Dump of assembler code for function main:
0x080481bb <+0>: 55 push %ebp
0x080481bc <+1>: 89 e5 mov %esp,%ebp
0x080481be <+3>: 83 ec 04 sub $0x4,%esp
=> 0x080481c1 <+6>: c7 04 24 4d 00 00 00 movl $0x4d,(%esp)
0x080481c8 <+13>: e8 e3 ff ff ff call 0x80481b0 <func>
0x080481cd <+18>: c9 leave
0x080481ce <+19>: c3 ret
End of assembler dump.
Note the breakpoint at main is set at 0x080481c1. Right at the
instruction that sets up func's argument. Executing that instruction
should write 0x4d to the address pointed at by $esp. However, if we
stepi, the program manages to write 52301/0xcc4d there instead (0xcc
is int3, the x86 breakpoint instruction), because the breakpoint
address is 4 bytes inside the scratch pad location, which is
0x080481bd:
(gdb) p 0x080481c1 - 0x080481bd
$1 = 4
IOW, instead of executing:
"c7 04 24 4d 00 00 00" [ movl $0x4d,(%esp) ]
the inferior executes:
"c7 04 24 4d cc 00 00" [ movl $0xcc4d,(%esp) ]
gdb/ChangeLog:
2015-10-30 Pedro Alves <palves@redhat.com>
* breakpoint.c (breakpoint_in_range_p)
(breakpoint_location_address_range_overlap): New functions.
* breakpoint.h (breakpoint_in_range_p): New declaration.
* infrun.c (displaced_step_prepare_throw): If there's a breakpoint
in the scratch pad range, don't displaced step.
