This is the mail archive of the
insight@sourceware.org
mailing list for the Insight project.
Unwinding TCL stack
- From: "Doug Graham" <dgraham at nortel dot com>
- To: insight at sourceware dot org
- Date: Wed, 11 Jul 2007 23:38:29 -0400
- Subject: Unwinding TCL stack
I've run across a bug in Insight 6.5 and I'm wondering whether it's a
known bug, one that has been fixed in 6.6, or one for which a simple fix
applies (I can't think of one). I haven't yet upgraded to 6.6 because
that'll be a fair amount of work applying patches for a threads package
not supported by GDB.
The problem is that the TCL stack is not (always?) being unwound when
a GDB exception is thrown via throw_exception(). The TCL stack is
maintained via calls to Tcl_PushCallFrame() and Tcl_PopCallFrame(), the
first of which usually pushes a pointer to a CallFrame struct allocated
from the C stack. If GDB throws an exception that skips over a call to
Tcl_PopCallFrame(), the TCL interp struct can be left with its framePtr
and varFramePtr fields pointing at a CallFrame struct that no longer
exists. When that CallFrame is later used, the garbage data in it can
cause Insight to segfault. I am seeing a segault in Tcl_FindCommand()
when it tries to use a bogus Namespace point that was obtained from
Tcl_GetCurrentNamespace(), which got the bad pointer via:
nsPtr = iPtr->varFramePtr->nsPtr;
The value of iPtr->varFramePtr at this point was a stack address,
but one below the actual C stack pointer (on a Linux x86 machine
for which the C stack pointer obviously grows downwards):
(gdb) p ((Interp *) interp)->varFramePtr->nsPtr
$11 = (Namespace *) 0x17a
(gdb) p ((Interp *) interp)->varFramePtr
$12 = (CallFrame *) 0xbfffbd64
(gdb) p $fp
$13 = (void *) 0xbfffd988
(gdb) p/x $sp
$14 = 0xbfffd950
The complete trap backtrace was:
(gdb) bt
#0 0x0830fb82 in Tcl_FindCommand (interp=0x845ab20, name=0x9877b88 "gdbtk_tcl_fputs", contextNsPtr=0x0,
flags=Variable "flags" is not available.
) at ../../../insight-6.5/tcl/unix/../generic/tclNamesp.c:1990
#1 0x08313f6d in SetCmdNameFromAny (interp=0x845ab20, objPtr=0x940ca30)
at ../../../insight-6.5/tcl/unix/../generic/tclObj.c:3138
#2 0x08313d45 in Tcl_GetCommandFromObj (interp=0x845ab20, objPtr=0x940ca30)
at ../../../insight-6.5/tcl/unix/../generic/tclObj.c:2883
#3 0x082ce267 in TclEvalObjvInternal (interp=0x845ab20, objc=2, objv=0xbfffda70,
command=0x96c6ca0 "gdbtk_tcl_fputs {\n}", length=19, flags=0)
at ../../../insight-6.5/tcl/unix/../generic/tclBasic.c:2980
#4 0x082cf916 in Tcl_EvalEx (interp=0x845ab20, script=0x96c6ca0 "gdbtk_tcl_fputs {\n}", numBytes=19,
flags=0) at ../../../insight-6.5/tcl/unix/../generic/tclBasic.c:3646
#5 0x082cfd61 in Tcl_Eval (interp=0x845ab20, string=0x96c6ca0 "gdbtk_tcl_fputs {\n}")
at ../../../insight-6.5/tcl/unix/../generic/tclBasic.c:3811
#6 0x080d3914 in gdbtk_two_elem_cmd (cmd_name=0x8351c18 "gdbtk_tcl_fputs", argv1=0x94632e8 "\n")
at ../../insight-6.5/gdb/gdbtk/generic/gdbtk-hooks.c:216
#7 0x080d39f6 in gdbtk_fputs (ptr=0x94632e8 "\n", stream=0x844f480)
at ../../insight-6.5/gdb/gdbtk/generic/gdbtk-hooks.c:336
#8 0x0809a628 in fputs_maybe_filtered (linebuffer=0x17a "", stream=0x844f480, filter=1)
at ../../insight-6.5/gdb/utils.c:1912
#9 0x08099a0a in vfprintf_maybe_filtered (stream=0x844f480, format=Variable "format" is not available.
)
at ../../insight-6.5/gdb/utils.c:2150
#10 0x08099a69 in fprintf_filtered (stream=0x844f480, format=0x83675f6 "\n")
at ../../insight-6.5/gdb/utils.c:2190
#11 0x08121d79 in print_exception (file=0x844f480, e=
{reason = RETURN_ERROR, error = GENERIC_ERROR, message = 0x9877950 "Cannot access memory at address 0xffff
ff46"}) at ../../insight-6.5/gdb/exceptions.c:312
#12 0x08121ead in print_any_exception (file=0x844f480, prefix=0x834618b "", e=
{reason = RETURN_ERROR, error = GENERIC_ERROR, message = 0x9877950 "Cannot access memory at address 0xffff
ff46"}) at ../../insight-6.5/gdb/exceptions.c:372
#13 0x08122158 in catch_errors (func=0x80931e4 <captured_command_loop>, func_args=0x0,
errstring=0x834618b "", mask=6) at ../../insight-6.5/gdb/exceptions.c:517
#14 0x08093873 in captured_main (data=0xbfffdfb0) at ../../insight-6.5/gdb/main.c:834
#15 0x08122133 in catch_errors (func=0x809321c <captured_main>, func_args=0xbfffdfb0,
errstring=0x834618b "", mask=6) at ../../insight-6.5/gdb/exceptions.c:515
#16 0x0809405b in gdb_main (args=0x845ab20) at ../../insight-6.5/gdb/main.c:843
#17 0x080931dd in main (argc=378, argv=0x17a) at ../../insight-6.5/gdb/gdbtk/generic/gdbtk-main.c:36
Thanks,
Doug.