This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [PATCH 0/2] Demangler crash handler
- From: Tom Tromey <tromey at redhat dot com>
- To: Pedro Alves <palves at redhat dot com>
- Cc: Florian Weimer <fw at deneb dot enyo dot de>, Mark Kettenis <mark dot kettenis at xs4all dot nl>, gbenson at redhat dot com, gdb-patches at sourceware dot org
- Date: Tue, 20 May 2014 11:05:25 -0600
- Subject: Re: [PATCH 0/2] Demangler crash handler
- Authentication-results: sourceware.org; auth=none
- References: <20140509100656 dot GA4760 at blade dot nx> <201405091120 dot s49BKO1f010622 at glazunov dot sibelius dot xs4all dot nl> <87fvkhjqvs dot fsf at mid dot deneb dot enyo dot de> <53737737 dot 2030901 at redhat dot com>
>>>>> "Pedro" == Pedro Alves <palves@redhat.com> writes:
Pedro> I have to admit I'm not super keen on using signals for this either.
Pedro> For one, not all bugs trigger segmentation faults.
That is true, but the goal of the patch is to cheaply improve gdb's
behavior in some failure modes, not to solve every problem.
I think this is warranted due to known properties of the demangler.
First, it is complicated. Second, it is hard to test well. Third,
there's been a history of new demangler features being rolled out with
insufficient testing, and we can reasonably expect that to continue.
Fourth, the bugs in question have a very severe effect on gdb users --
you simply cannot debug -- whereas the effect on other users of the
demangler is slight (this is why I think we can expect to see more
demangler bugs of a similar nature).
Pedro> Then stealing a signal handler always has multi-threading
Pedro> considerations. E.g., gdb Python code could well spawn a thread
Pedro> that happens to call something that wants its own SIGSEGV
Pedro> handler... Signal handlers are per-process, not per-thread.
That is true in theory but I think it is unlikely in practice. And,
should it happen -- well, the onus is on folks writing extensions not to
mess things up. That's the nature of the beast. And, sure, it is
messy, particularly if we ever upstream "import gdb", but even so,
signals are just fraught and this is not an ordinary enough usage to
justify preventing gdb from doing it.
Pedro> Then we'd add a demangle_assert macro to the demangler, similar to
Pedro> gdb_assert, that calls that hook if the assertion fails. And then
Pedro> we could sprinkle the demangler with assertions.
Pedro> I think that'd be easy to do, and I'd think it's much cleaner
Pedro> and robust.
This would be an improvement but it isn't really under consideration.
The demangler isn't the most important thing we're working on, and
nobody is going to spend the time adding assertions to it. And, even if
they did, the crash handler would still useful, just hopefully used
somewhat less. This is because bugs happen even when there are many
assertions in place.
The choice is really between SEGV catching and "somebody else down the
road fixes more demangler bugs".
Tom