Discussion:
[Bug guile/23429] New: GCC plugin to automatically detect live non-trivially-destructible objects when guile exceptions are thrown
palves at redhat dot com
2018-07-18 23:52:48 UTC
Permalink
https://sourceware.org/bugzilla/show_bug.cgi?id=23429

Bug ID: 23429
Summary: GCC plugin to automatically detect live
non-trivially-destructible objects when guile
exceptions are thrown
Product: gdb
Version: unknown
Status: NEW
Severity: normal
Priority: P2
Component: guile
Assignee: unassigned at sourceware dot org
Reporter: palves at redhat dot com
Target Milestone: ---

A complication with the Guile code is that we have two types of exceptions to
consider: GDB/C++ exceptions, and Guile/SJLJ exceptions.

Because Guile exceptions are SJLJ based, we must make sure to not have live
local variables of types with non-trivial dtors when a Guile exception is
thrown, because the dtors won't be run when a Guile exceptions is thrown.

We currently have code in the tree that violates this. E.g.:

void
gdbscm_parse_function_args (const char *func_name,
int beginning_arg_pos,
const SCM *keywords,
const char *format, ...)
{
...
/* Keep track of malloc'd strings. We need to free them upon error. */
std::vector<char *> allocated_strings;
...
for (char *ptr : allocated_strings)
xfree (ptr);
gdbscm_throw (status); /// dtor of "allocated_strings" is not run!
}

It would be nice if we had a way to make it impossible to write such code.

One idea would be to annotate the functions that may throw a Scheme exception
with some attribute that would be recognized by a custom GCC plugin that would
them detect the violations.

We could probably borrow much of the Python checker plugins for this?
--
You are receiving this mail because:
You are on the CC list for the bug.
cvs-commit at gcc dot gnu.org
2018-08-21 16:36:34 UTC
Permalink
https://sourceware.org/bugzilla/show_bug.cgi?id=23429

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Pedro Alves <***@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4895f384b47628c8c354dccbb0bfab45b8c33984

commit 4895f384b47628c8c354dccbb0bfab45b8c33984
Author: Pedro Alves <***@redhat.com>
Date: Tue Aug 21 16:48:30 2018 +0100

Don't throw Scheme exceptions with live std::vector objects

A complication with the Guile code is that we have two types of
exceptions to consider: GDB/C++ exceptions, and Guile/SJLJ exceptions.

Because Guile exceptions are SJLJ based, we must make sure to not have
live local variables of types with non-trivial dtors when a Guile
exception is thrown, because the dtors won't be run when a Guile
exceptions is thrown.

gdbscm_parse_function_args currently violates this:

void
gdbscm_parse_function_args (const char *func_name,
int beginning_arg_pos,
const SCM *keywords,
const char *format, ...)
{
...
/* Keep track of malloc'd strings. We need to free them upon error. */
std::vector<char *> allocated_strings;
...
for (char *ptr : allocated_strings)
xfree (ptr);
gdbscm_throw (status); /// dtor of "allocated_strings" is not run!
}

This commit fixes the above making using of gdbscm_wrap.

It would be nice if we had a way to make it impossible to write such
code. PR guile/23429 has an idea for that, if someone's interested.

gdb/ChangeLog:
2018-08-21 Pedro Alves <***@redhat.com>

* guile/scm-utils.c (gdbscm_parse_function_args_1): New, factored
out from gdbscm_parse_function_args.
(gdbscm_parse_function_args): Rework to use gdbscm_wrap and
gdbscm_parse_function_args_1.
--
You are receiving this mail because:
You are on the CC list for the bug.
Loading...