This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 0/2] Demangler crash handler


>>>>> "Pedro" == Pedro Alves <palves@redhat.com> writes:

Pedro> I have to admit I'm not super keen on using signals for this either.

Pedro> For one, not all bugs trigger segmentation faults.

That is true, but the goal of the patch is to cheaply improve gdb's
behavior in some failure modes, not to solve every problem.

I think this is warranted due to known properties of the demangler.
First, it is complicated.  Second, it is hard to test well.  Third,
there's been a history of new demangler features being rolled out with
insufficient testing, and we can reasonably expect that to continue.
Fourth, the bugs in question have a very severe effect on gdb users --
you simply cannot debug -- whereas the effect on other users of the
demangler is slight (this is why I think we can expect to see more
demangler bugs of a similar nature).

Pedro> Then stealing a signal handler always has multi-threading
Pedro> considerations.  E.g., gdb Python code could well spawn a thread
Pedro> that happens to call something that wants its own SIGSEGV
Pedro> handler...  Signal handlers are per-process, not per-thread.

That is true in theory but I think it is unlikely in practice.  And,
should it happen -- well, the onus is on folks writing extensions not to
mess things up.  That's the nature of the beast.  And, sure, it is
messy, particularly if we ever upstream "import gdb", but even so,
signals are just fraught and this is not an ordinary enough usage to
justify preventing gdb from doing it.

Pedro> Then we'd add a demangle_assert macro to the demangler, similar to
Pedro> gdb_assert, that calls that hook if the assertion fails.  And then
Pedro> we could sprinkle the demangler with assertions.

Pedro> I think that'd be easy to do, and I'd think it's much cleaner
Pedro> and robust.

This would be an improvement but it isn't really under consideration.
The demangler isn't the most important thing we're working on, and
nobody is going to spend the time adding assertions to it.  And, even if
they did, the crash handler would still useful, just hopefully used
somewhat less.  This is because bugs happen even when there are many
assertions in place.

The choice is really between SEGV catching and "somebody else down the
road fixes more demangler bugs".

Tom


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]