This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [PATCH 0/2] Demangler crash handler
- From: Gary Benson <gbenson at redhat dot com>
- To: Pedro Alves <palves at redhat dot com>
- Cc: Joel Brobecker <brobecker at adacore dot com>, Tom Tromey <tromey at redhat dot com>, Stan Shebs <stanshebs at earthlink dot net>, gdb-patches at sourceware dot org, Florian Weimer <fw at deneb dot enyo dot de>, Mark Kettenis <mark dot kettenis at xs4all dot nl>
- Date: Thu, 22 May 2014 16:57:16 +0100
- Subject: Re: [PATCH 0/2] Demangler crash handler
- Authentication-results: sourceware.org; auth=none
- References: <20140509100656 dot GA4760 at blade dot nx> <201405091120 dot s49BKO1f010622 at glazunov dot sibelius dot xs4all dot nl> <87fvkhjqvs dot fsf at mid dot deneb dot enyo dot de> <53737737 dot 2030901 at redhat dot com> <87ppj8s7my dot fsf at fleche dot redhat dot com> <537BA194 dot 904 at earthlink dot net> <87tx8kqm3o dot fsf at fleche dot redhat dot com> <20140520202311 dot GK22822 at adacore dot com> <20140522125617 dot GB15598 at blade dot nx> <537E05EB dot 7090807 at redhat dot com>
Pedro Alves wrote:
> I don't believe anyone here likes that GDB crashes. But this
> demangler is being turned into a scarecrow, for no good reason,
> IMO. This is not how we handle all others sorts of crashes,
> even for other libraries in the tree (libbfd, libopcodes, etc.).
>
> Here:
>
> https://sourceware.org/bugzilla/buglist.cgi?bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=SUSPENDED&bug_status=WAITING&bug_status=REOPENED&list_id=14858&product=gdb&query_format=advanced&short_desc=crash&short_desc_type=allwordssubstr
>
> That shows 68 open GDB bugs with "crash" in the summary. Some of
> them are likewise crashes that make GDB not even start. Are you
> going to propose wrapping all of GDB's modules for those? E.g.,
> some are (and I'm sure there are more) in the dwarf reader code.
> Are we wrapping that to dump the dwarf?
Mark Kettenis raised a similar point earlier in the thread [1] and
I replied [2]. This is a straw man. It's irrelevant whether other
subsystems of GDB also have crash bugs filed against them or not.
I'm not proposing to wrap all or even any other subsystems of GDB.
I'm proposing to wrap this one specific subsystem which regularly has
bugs filed against it, bugs which completely prevent users from being
able to debug their programs with GDB.
> Seems like only one, maybe two are still relevant demangler crashes,
> even.
This is because I fixed all the open ones before proposing the wrapper.
> And I don't see a huge number of users adding themselves to CC on
> those bugs.
Every user matters.
> Looking at Tom's example crash from gcc 61233, the crash is due to
> stack exhaustion due to seemingly infinite recursion. Even if the
> main bug is not fixed, I'd think it'd be easy to add a recursion
> limit to the demangler, and thus prevent the crash, until whatever
> c++11 feature that's still not well developed is handled properly.
A recursion-limiter would catch 61233, and some of the others, but
certainly not all of the bugs that were filed. One failure was
because the demangler was trying to dereference 0x3. And OTOH only
one of the bugs the fuzzer caught was an infinite recursion, the
others look like reading the wrong entry from a union.
> I just can't/won't believe there are that many unindentified
> bugs in the demangler. If that were true, we'd hear _much_ more
> about them.
We _are_ hearing about them. There's not been much traffic here, on
this list, because Keith has been quietly triaging every segfault and
I've been quietly fixing the bugs. That all happens in GCC land.
> It's clear to me that we need to do something
> demangler-development-process-wise to prevent these sorts of bugs
> from manifesting only late in GDB, and I think we should definitely
> get in contact with the GCC folks about it.
Sure, but what do we say? "Hey, you guys, it'd be great if you all
did some more testing on your code." I can imagine the response. I
don't have the expertise to write the kind of tests that are needed.
> I had another idea to aid demangler testing with g++.
> I had suggested before to run the demangler through the binaries
> produced by g++'s testsuite. The whole point here is to validate
> the mangling as close as possible to the generator.
> The alternative idea is to teach g++ itself to try to demangle any
> symbol it generates/mangles (off by default, under a --param switch
> or some such). A sort of making-it-very-easy-to-eat-your-own-dog-
> food methodology.
> We could then just run g++'s testsuite with that enabled. No other
> infrastructure would be necessary. And, we could ask g++
> maintainers to do that once in a while, and perhaps run it through
> whatever usual set of complicated C++ codebases they usually test
> g++ with.
That is a good idea (and something I could do myself) but you of all
people know I'm not free to spend the time it would take, so it will
remain a good idea indefinitely unless someone steps up to do the
work.
In any event, whatever future testing and/or bugfixing is performed,
the crash catcher still has merit. I never plan on crashing my car,
but I still wear a seatbelt.
Cheers,
Gary
--
[1] https://sourceware.org/ml/gdb-patches/2014-05/msg00129.html
[2] https://sourceware.org/ml/gdb-patches/2014-05/msg00152.html