If we map GDB'S TRY/CATCH macros to C++ try/catch, GDB breaks on
systems where readline isn't built with exceptions support. The
problem is that readline calls into GDB through the callback
interface, and if GDB's callback throws a C++ exception/error, the
system unwinder won't manage to unwind past the readline frame, and
ends up calling std::terminate(), which aborts the process:
(gdb) whatever-command-that-causes-an-error
terminate called after throwing an instance of 'gdb_exception_RETURN_MASK_ERROR'
Aborted
$
This went unnoticed for so long because:
- the x86-64 ABI requires -fasynchronous-unwind-tables, making it
possible for exceptions to cross readline with no special handling.
But e.g., on ARM or AIX, unless you build readline with
-fexceptions, you trip on the problem.
- TRY/CATCH was mapped to setjmp/longjmp, even in C++ mode, until
quite recently.
The fix is to catch and save any GDB exception that is thrown inside
the GDB readline callback, and then once the callback returns back to
the GDB code that called into readline in the first place, rethrow the
saved GDB exception.
This is similar in spirit to how we catch/map GDB exceptions at the
GDB/Python and GDB/Guile API boundaries.
The next question is then: if we intercept all exceptions within GDB's
readline callback, should we simply return normally to readline? The
callback prototype has no way to signal an error back to readline (*).
The answer is no -- if we return normally, we'll be returning to a
loop inside rl_callback_read_char that continues processing pending
input, calling into GDB again, redisplaying the prompt, etc. Thus if
we want to error out of rl_callback_read_char, we need to long jump
across it, just like we always did before TRY/CATCH were ever mapped
to C++ exceptions.
My first approach built a specialized API to handle this, with a
couple macros to hide the setjmp/longjmp and the struct gdb_exception
saving/rethrowing.
However, I realized that we need to:
- Handle multiple active rl_callback_read_char invocations. If,
while processing input something triggers a secondary prompt, we
end up in a nested rl_callback_read_char call, through
gdb_readline_wrapper.
- Propagate a struct gdb_exception along with the longjmp.
... and that this is exactly what the setjmp/longjmp-based TRY/CATCH
does.
So the fix makes the setjmp/longjmp TRY/CATCH always available under
new TRY_SJLJ/CATCH_SJLJ aliases, even when TRY/CATCH is mapped to C++
try/catch, and then uses TRY_SJLJ/CATCH_SJLJ to propagate GDB
exceptions across the readline callback.
This turns out to be a much better looking fix than my bespoke API
attempt, even. We'll probably be able to simplify TRY_SJLJ/CATCH_SJLJ
when we finally get rid of TRY/CATCH all over the tree, but until
then, this reuse seems quite nice for avoiding a second parallel
setjmp/longjmp mechanism.
(*) - maybe we could propose a readline API change, but we still need
to handle current readline, anyway.
gdb/ChangeLog:
2016-04-22 Pedro Alves <palves@redhat.com>
* common/common-exceptions.c (enum catcher_state, struct catcher)
(current_catcher): Define in C++ mode too.
(exceptions_state_mc_catch): Call throw_exception_sjlj instead of
throw_exception.
(throw_exception_sjlj, throw_exception_cxx): New functions,
factored out from throw_exception.
(throw_exception): Reimplement.
* common/common-exceptions.h (exceptions_state_mc_init)
(exceptions_state_mc_action_iter)
(exceptions_state_mc_action_iter_1, exceptions_state_mc_catch):
Declare in C++ mode too.
(TRY): Rename to ...
(TRY_SJLJ): ... this.
(CATCH): Rename to ...
(CATCH_SJLJ): ... this.
(END_CATCH): Rename to ...
(END_CATCH_SJLJ): ... this.
[GDB_XCPT == GDB_XCPT_SJMP] (TRY, CATCH, END_CATCH): Map to SJLJ
equivalents.
(throw_exception): Update comments.
(throw_exception_sjlj): Declare.
* event-top.c (gdb_rl_callback_read_char_wrapper): Extend intro
comment. Wrap body in TRY_SJLJ/CATCH_SJLJ and rethrow any
intercepted exception.
(gdb_rl_callback_handler): New function.
(gdb_rl_callback_handler_install): Always install
gdb_rl_callback_handler as readline callback.
Now that we don't ever throw GDB exceptions from signal handlers [1],
we can switch to have TRY/CATCH implemented in terms of plain
setjmp/longjmp instead of sigsetjmp/siglongjmp.
In https://sourceware.org/ml/gdb-patches/2015-02/msg00114.html, Yichun
Zhang mentions a 11%/14%+ speedup in his GDB python scripts with a
patch that did something similar to only a specific set of TRY/CATCH
calls.
[1] - https://sourceware.org/ml/gdb-patches/2016-03/msg00351.html
Tested on x86_64 Fedora 23, native and gdbserver.
gdb/ChangeLog:
2016-04-12 Pedro Alves <palves@redhat.com>
* common/common-exceptions.c (struct catcher) <buf>: Now a
'jmp_buf' instead of SIGJMP_BUF.
(exceptions_state_mc_init): Change return type to 'jmp_buf'.
(throw_exception): Use longjmp instead of SIGLONGJMP.
* common/common-exceptions.h: Include <setjmp.h> instead of
"gdb_setjmp.h".
(exceptions_state_mc_init): Change return type to 'jmp_buf'.
[GDB_XCPT == GDB_XCPT_SJMP] (TRY): Use setjmp instead of
SIGSETJMP.
* cp-support.c: Include "gdb_setjmp.h".
We currently throw exceptions from signal handlers (e.g., for
Quit/ctrl-c). But throwing C++ exceptions from signal handlers is
undefined. (That doesn't restore signal masks, like siglongjmp does,
and, because asynchronous signals can arrive at any instruction, we'd
have to build _everything_ with -fasync-unwind-tables to make it
reliable.) It happens to work on x86_64 GNU/Linux at least, but it's
likely broken on other ports.
Until we stop throwing from signal handlers, use setjmp/longjmp based
exceptions in C++ mode as well.
gdb/ChangeLog:
2015-11-17 Pedro Alves <palves@redhat.com>
* common/common-exceptions.h (GDB_XCPT_SJMP, GDB_XCPT_TRY)
(GDB_XCPT_RAW_TRY, GDB_XCPT): Define.
Replace __cplusplus checks with GDB_XCPT checks throughout.
* common/common-exceptions.c: Replace __cplusplus checks with
GDB_XCPT checks throughout.
Fixes, in C++ mode:
../../src/gdb/common/common-exceptions.c:23:69: error: invalid conversion from ‘int’ to ‘return_reason’ [-fpermissive]
const struct gdb_exception exception_none = { 0, GDB_NO_ERROR, NULL };
^
(I considered adding an enum value for '0', but the code and comments
around return_reason and its uses explain how 0 is special/internal,
so I'm leaving it be.)
gdb/ChangeLog:
2015-10-29 Pedro Alves <palves@redhat.com>
* common/common-exceptions.c (exception_none): Add cast.
Although the current TRY/CATCH implementation works in C++ mode too,
it relies on setjmp/longjmp, and longjmp bypasses calling the
destructors of objects on the stack, which is obviously bad for C++.
This patch fixes this by makes TRY/CATCH use real try/catch in C++
mode behind the scenes. The way this is done allows RAII and cleanups
to coexist while we phase out cleanups, instead of requiring a flag
day.
This patch is not strictly necessary until we require a C++ compiler
and start actually using RAII, though I'm all for baby steps, and it
shows my proposed way forward. Putting it in now, allows for easier
experimentation and exposure of potential problems with real C++
exceptions.
gdb/ChangeLog:
2015-03-07 Pedro Alves <palves@redhat.com>
* common/common-exceptions.c [!__cplusplus] (enum catcher_state)
(exceptions_state_mc_action_iter)
(exceptions_state_mc_action_iter_1, exceptions_state_mc_catch):
Don't define.
[__cplusplus] (try_scope_depth): New global.
[__cplusplus] (exception_try_scope_entry)
(exception_try_scope_exit, gdb_exception_sliced_copy)
(exception_rethrow): New functions.
(throw_exception): In C++ mode, throw
gdb_exception_RETURN_MASK_QUIT for RETURN_QUIT and
gdb_exception_RETURN_MASK_ERROR for RETURN_ERROR.
(throw_it): In C++ mode, use try_scope_depth.
* common/common-exceptions.h [!__cplusplus]
(exceptions_state_mc_action_iter)
(exceptions_state_mc_action_iter_1, exceptions_state_mc_catch):
Don't declare.
[__cplusplus] (exception_try_scope_entry)
(exception_try_scope_exit, exception_rethrow): Declare.
[__cplusplus] (struct exception_try_scope): New struct.
[__cplusplus] (TRY, CATCH, END_CATCH): Reimplement on top of real
C++ exceptions.
(struct gdb_exception_RETURN_MASK_ALL)
(struct gdb_exception_RETURN_MASK_ERROR)
(struct gdb_exception_RETURN_MASK_QUIT): New types.
This patch splits the TRY_CATCH macro into three, so that we go from
this:
~~~
volatile gdb_exception ex;
TRY_CATCH (ex, RETURN_MASK_ERROR)
{
}
if (ex.reason < 0)
{
}
~~~
to this:
~~~
TRY
{
}
CATCH (ex, RETURN_MASK_ERROR)
{
}
END_CATCH
~~~
Thus, we'll be getting rid of the local volatile exception object, and
declaring the caught exception in the catch block.
This allows reimplementing TRY/CATCH in terms of C++ exceptions when
building in C++ mode, while still allowing to build GDB in C mode
(using setjmp/longjmp), as a transition step.
TBC, after this patch, is it _not_ valid to have code between the TRY
and the CATCH blocks, like:
TRY
{
}
// some code here.
CATCH (ex, RETURN_MASK_ERROR)
{
}
END_CATCH
Just like it isn't valid to do that with C++'s native try/catch.
By switching to creating the exception object inside the CATCH block
scope, we can get rid of all the explicitly allocated volatile
exception objects all over the tree, and map the CATCH block more
directly to C++'s catch blocks.
The majority of the TRY_CATCH -> TRY+CATCH+END_CATCH conversion was
done with a script, rerun from scratch at every rebase, no manual
editing involved. After the mechanical conversion, a few places
needed manual intervention, to fix preexisting cases where we were
using the exception object outside of the TRY_CATCH block, and cases
where we were using "else" after a 'if (ex.reason) < 0)' [a CATCH
after this patch]. The result was folded into this patch so that GDB
still builds at each incremental step.
END_CATCH is necessary for two reasons:
First, because we name the exception object in the CATCH block, which
requires creating a scope, which in turn must be closed somewhere.
Declaring the exception variable in the initializer field of a for
block, like:
#define CATCH(EXCEPTION, mask) \
for (struct gdb_exception EXCEPTION; \
exceptions_state_mc_catch (&EXCEPTION, MASK); \
EXCEPTION = exception_none)
would avoid needing END_CATCH, but alas, in C mode, we build with C90,
which doesn't allow mixed declarations and code.
Second, because when TRY/CATCH are wired to real C++ try/catch, as
long as we need to handle cleanup chains, even if there's no CATCH
block that wants to catch the exception, we need for stop at every
frame in the unwind chain and run cleanups, then rethrow. That will
be done in END_CATCH.
After we require C++, we'll still need TRY/CATCH/END_CATCH until
cleanups are completely phased out -- TRY/CATCH in C++ mode will
save/restore the current cleanup chain, like in C mode, and END_CATCH
catches otherwise uncaugh exceptions, runs cleanups and rethrows, so
that C++ cleanups and exceptions can coexist.
IMO, this still makes the TRY/CATCH code look a bit more like a
newcomer would expect, so IMO worth it even if we weren't considering
C++.
gdb/ChangeLog.
2015-03-07 Pedro Alves <palves@redhat.com>
* common/common-exceptions.c (struct catcher) <exception>: No
longer a pointer to volatile exception. Now an exception value.
<mask>: Delete field.
(exceptions_state_mc_init): Remove all parameters. Adjust.
(exceptions_state_mc): No longer pop the catcher here.
(exceptions_state_mc_catch): New function.
(throw_exception): Adjust.
* common/common-exceptions.h (exceptions_state_mc_init): Remove
all parameters.
(exceptions_state_mc_catch): Declare.
(TRY_CATCH): Rename to ...
(TRY): ... this. Remove EXCEPTION and MASK parameters.
(CATCH, END_CATCH): New.
All callers adjusted.
gdb/gdbserver/ChangeLog:
2015-03-07 Pedro Alves <palves@redhat.com>
Adjust all callers of TRY_CATCH to use TRY/CATCH/END_CATCH
instead.
gdb/ChangeLog:
2015-02-27 Pedro Alves <palves@redhat.com>
* common/common-exceptions.h (exception_none): Declare.
* common/common-exceptions.c (exception_none): Moved from
exceptions.c.
(exceptions_state_mc_init): Use exception_none.
* exceptions.c (exception_none): Move to
common/common-exceptions.c.
* exceptions.h (exception_none): Move to
common/common-exceptions.h.
This commit includes cleanups.h in common-defs.h and removes all other
inclusions.
gdb/ChangeLog:
* common/common-defs.h: Include cleanups.h.
* common/common-exceptions.c: Do not include cleanups.h.
* utils.h: Likewise.
gdb/gdbserver/ChangeLog:
* server.h: Do not include cleanups.h.
Pedro Alves