Bug 29503 - check_typedef: Assertion `type' failed when evaluating scoped member dereference of object
Summary: check_typedef: Assertion `type' failed when evaluating scoped member derefere...
Status: RESOLVED FIXED
Alias: None
Product: gdb
Classification: Unclassified
Component: c++ (show other bugs)
Version: HEAD
: P2 normal
Target Milestone: 14.1
Assignee: Tom Tromey
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-17 18:09 UTC by Adam Rosenfield
Modified: 2023-01-09 19:29 UTC (History)
4 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Rosenfield 2022-08-17 18:09:57 UTC
gdb segfaults when evaluating a certain scoped member access.  C++ code example:

```
#include <stdio.h>

struct Base {
  Base() : err(1) {}
  int err;
};

struct Derived : public Base {
  Derived() : err(2) {}
  int err;
};

int main(void)
{
  Derived d;
  printf("%d\n", d.err);
  printf("%d\n", d.Base::err);
  return 0;
}
```

Compile with:

```
g++ a.cc -o a -Wall -Wextra -pedantic -g
```

Then debug with gdb:

```
(gdb) b 16
Breakpoint 1 at 0x40050b: file a.cc, line 16.
(gdb) r
Starting program: /tmp/a 

Breakpoint 1, main () at a.cc:16
16	  printf("%d\n", d.err);
(gdb) p d
$1 = {<Base> = {err = 1}, err = 2}
(gdb) p $1->err
$2 = 2
(gdb) p $1->Base::err
gdbtypes.c:3009: internal-error: check_typedef: Assertion `type' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
----- Backtrace -----
0x4b8801 gdb_internal_backtrace_1
	/tmp/binutils-gdb/gdb/bt-utils.c:122
0x4b8801 _Z22gdb_internal_backtracev
	/tmp/binutils-gdb/gdb/bt-utils.c:168
0x7ddbe6 internal_vproblem
	/tmp/binutils-gdb/gdb/utils.c:396
0x7ddd88 _Z15internal_verrorPKciS0_P13__va_list_tag
	/tmp/binutils-gdb/gdb/utils.c:476
0x8e7fc1 _Z14internal_errorPKciS0_z
	/tmp/binutils-gdb/gdbsupport/errors.cc:58
0x5db99b _Z13check_typedefP4type
	/tmp/binutils-gdb/gdb/gdbtypes.c:3009
0x7f0379 _Z19value_cast_pointersP4typeP5valuei
	/tmp/binutils-gdb/gdb/valops.c:301
0x5ae79d _Z14eval_op_memberP4typeP10expression6nosideP5valueS5_
	/tmp/binutils-gdb/gdb/eval.c:1303
0x5ac518 _ZN10expression8evaluateEP4type6noside
	/tmp/binutils-gdb/gdb/eval.c:101
0x6b9208 process_print_command_args
	/tmp/binutils-gdb/gdb/printcmd.c:1307
0x6b99c5 print_command_1
	/tmp/binutils-gdb/gdb/printcmd.c:1320
0x4e61f8 _Z8cmd_funcP16cmd_list_elementPKci
	cli/cli-decode.c:2516
0x784a0f _Z15execute_commandPKci
	/tmp/binutils-gdb/gdb/top.c:699
0x5b23f3 _Z15command_handlerPKc
	/tmp/binutils-gdb/gdb/event-top.c:598
0x5b278a _Z20command_line_handlerOSt10unique_ptrIcN3gdb13xfree_deleterIcEEE
	/tmp/binutils-gdb/gdb/event-top.c:842
0x5b2e0b gdb_rl_callback_handler
	/tmp/binutils-gdb/gdb/event-top.c:230
0x81fb14 rl_callback_read_char
	/tmp/binutils-gdb/readline/readline/callback.c:290
0x5b19fb gdb_rl_callback_read_char_wrapper_noexcept
	/tmp/binutils-gdb/gdb/event-top.c:188
0x5b2cfc gdb_rl_callback_read_char_wrapper
	/tmp/binutils-gdb/gdb/event-top.c:205
0x5b18d8 _Z19stdin_event_handleriPv
	/tmp/binutils-gdb/gdb/event-top.c:525
0x8e897b gdb_wait_for_event
	/tmp/binutils-gdb/gdbsupport/event-loop.cc:670
0x8e8b24 _Z16gdb_do_one_eventv
	/tmp/binutils-gdb/gdbsupport/event-loop.cc:235
0x66459a start_event_loop
	/tmp/binutils-gdb/gdb/main.c:411
0x66459a captured_command_loop
	/tmp/binutils-gdb/gdb/main.c:471
0x665dff captured_main
	/tmp/binutils-gdb/gdb/main.c:1329
0x665dff _Z8gdb_mainP18captured_main_args
	/tmp/binutils-gdb/gdb/main.c:1344
0x413224 main
	/tmp/binutils-gdb/gdb/gdb.c:32
---------------------
gdbtypes.c:3009: internal-error: check_typedef: Assertion `type' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
Quit this debugging session? (y or n) y

This is a bug, please report it.  For instructions, see:
<https://www.gnu.org/software/gdb/bugs/>.

gdbtypes.c:3009: internal-error: check_typedef: Assertion `type' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
Create a core file of GDB? (y or n) n
```

In this case, the output of line 1 (`$1`) was an object, not a pointer, so the access `$1->err` should likely be an error, but gdb allows it and treats it as if it were written `$1.err` instead.  But, then the scoped access `$1->Base::err` to access the shadowed base member results in this assertion failure.

In older versions of gdb, this resulted in a segfault, as the assertion that `type` was non-null happened after another line of code dereferenced the pointer.
Comment 1 ks132 2022-08-20 20:27:19 UTC
I can reproduce it with shorter code 
```
struct Base {
  Base() : err(1) {}
  int err;
};

int main(void)
{
  Base b;
  return 0;
}
```
and gdb debug steps
```
$ build-gdb/gdb/gdb -n -batch -ex start -ex "p b->Base::err" a
Temporary breakpoint 1 at 0x40110e: file a.cc, line 8.
warning: Cannot parse .gnu_debugdata section; LZMA support was disabled at compile time
warning: Cannot parse .gnu_debugdata section; LZMA support was disabled at compile time
warning: Cannot parse .gnu_debugdata section; LZMA support was disabled at compile time
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Temporary breakpoint 1, main () at a.cc:8
8	  Base b;
../../binutils-gdb/gdb/gdbtypes.c:3009: internal-error: check_typedef: Assertion `type' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
```
Comment 2 Simon Marchi 2022-08-21 02:33:59 UTC
I was able to reproduce.  However, note that printing `b.Base::err` works as expected.
Comment 4 Sourceware Commits 2023-01-09 19:27:20 UTC
The master branch has been updated by Tom Tromey <tromey@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf716a53bd8f725975979397b3c6b9d4bd4434ef

commit bf716a53bd8f725975979397b3c6b9d4bd4434ef
Author: Tom Tromey <tom@tromey.com>
Date:   Fri Dec 23 12:55:10 2022 -0700

    Fix crash with C++ qualified names
    
    PR c++/29503 points out that something like "b->Base::member" will
    crash when 'b' does not have pointer type.  This seems to be a simple
    oversight in eval_op_member.
    
    Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29503
    Reviewed-By: Bruno Larsen <blarsen@redhat.com>
Comment 5 Tom Tromey 2023-01-09 19:29:24 UTC
Fixed.