Closed Bug 1151957 Opened 7 years ago Closed 7 years ago

js-gdb.gdb should not free $sigaction

Categories

(Core :: JavaScript Engine, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla40
Tracking Status
firefox40 --- fixed

People

(Reporter: tromey, Assigned: jorendorff)

Details

Attachments

(1 file)

js-gdb.gdb does this:

define hookpost-run
    if ($sigaction)
        call free($sigaction)
        set $sigaction = 0
    end
end

However, as run creates a new process, this will result in an invalid
free in the new process.

hookpost-run is a bit tricky to use anyway, since it is invoked after the
"run" command completes.  This may not be when you expect, as it depends on
gdb internals (specifically I think it will run early on async-capable targets
and late on targets that are not).

I think it would be more robust to set $sigaction=0 via Python, using
gdb.events.exited.  Something like (untested):

python
import gdb
def clear_sigaction(e):
  gdb.parse_and_eval('$sigaction = 0')

gdb.events.exited.connect(clear_sigaction)
end


This isn't robust in the multi-inferior case, but I assume nobody is using
that anyway, as it is still pretty buggy.  Perhaps it's worth a comment though.
(In reply to Tom Tromey :tromey from comment #0)
> This isn't robust in the multi-inferior case, but I assume nobody is using
> that anyway, as it is still pretty buggy.  Perhaps it's worth a comment
> though.

The existing code already isn't robust with multiple inferior processes, though, so that's all right.

----

I wrote a patch for this, but then discovered that this GDB extension isn't working for me anyway!

    Catchpoint 1 (signal SIGSEGV), 0x000000000044667a in JSObject::getClass (this=0x0)
        at /home/jorendorff/dev/gecko/js/src/shell/../jsobj.h:128
    128	        return group_->clasp();
    There is no member named __sigaction_handler.

The last line here is an error coming from js-gdb.gdb, which contains this line:

    set $handler = ((struct sigaction *)$sigaction)->__sigaction_handler.sa_handler

So let's try that at the prompt:

    (gdb) p ((struct sigaction *)$sigaction)->__sigaction_handler.sa_handler
    There is no member named __sigaction_handler.

That's because:

    (gdb) macro expand sa_handler
    expands to: __sigaction_handler.sa_handler

I guess we need different code depending on whether or not the user has debug symbols with macros or not...
Or perhaps I can rewrite it in Python and bypass macro expansion.
The GDB code being rewritten here did not work for users who build with -ggdb3
on Linux, because sa_handler is a macro; see bug 1151957 comment 1. Also, it
caused GDB to perform an invalid free in the JS shell debuggee process, on
startup, if the previous run received SIGSEGV.
Attachment #8591805 - Flags: review?(jimb)
Assignee: nobody → jorendorff
Status: NEW → ASSIGNED
Comment on attachment 8591805 [details] [diff] [review]
Rewrite GDB extension for ignoring asm.js segmentation faults in Python, fixing some bugs and bringing it under test

Review of attachment 8591805 [details] [diff] [review]:
-----------------------------------------------------------------

Wow.
Attachment #8591805 - Flags: review?(jimb) → review+
https://hg.mozilla.org/mozilla-central/rev/2b31c1372c51
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
You need to log in before you can comment on or make changes to this bug.