[lldb-dev] [Bug 21118] New: crash in GetValueAsData for go binary

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Wed Oct 1 11:52:58 PDT 2014 

http://llvm.org/bugs/show_bug.cgi?id=21118

            Bug ID: 21118
           Summary: crash in GetValueAsData for go binary
           Product: lldb
           Version: unspecified
          Hardware: Macintosh
                OS: MacOS X
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: lldb-dev at cs.uiuc.edu
          Reporter: ribrdb at google.com
    Classification: Unclassified

Created attachment 13112
  --> http://llvm.org/bugs/attachment.cgi?id=13112&action=edit
test binary built with tip go compiler

lldb crashes as soon as it tries to print variables in a go binary.

Steps to reproduce:
1) run lldb on the attached binary
2) b main.foo
3) run

Expected results:
lldb should stop at the breakpoint

Actual results:
lldb crashes:

lldb
/Users/ribrdb/Library/Developer/Xcode/DerivedData/lldb-funmtcujvggassgztrxraczdpvcq/Build/Products/Debug/lldb
Current executable set to
'/Users/ribrdb/Library/Developer/Xcode/DerivedData/lldb-funmtcujvggassgztrxraczdpvcq/Build/Products/Debug/lldb'
(x86_64).
(lldb) run test
Process 34221 launched:
'/Users/ribrdb/Library/Developer/Xcode/DerivedData/lldb-funmtcujvggassgztrxraczdpvcq/Build/Products/Debug/lldb'
(x86_64)
(lldb) target create "test"
Current executable set to 'test' (x86_64).
(lldb) b main.foo
Breakpoint 1: where = test`main.foo + 26 at test.go:4, address =
0x000000000000201a
(lldb) run
Process 34239 launched: '/private/tmp/test/test' (x86_64)
Process 34221 stopped
* thread #8: tid = 0xabeb2, 0x00007fff92b4cb9d
libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 157, stop reason =
EXC_BAD_ACCESS (code=1, address=0x2080b7f80)
    frame #0: 0x00007fff92b4cb9d
libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 157
libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 157:
-> 0x7fff92b4cb9d:  movq   (%rsi), %rcx
   0x7fff92b4cba0:  movq   (%rsi,%rdx), %r8
   0x7fff92b4cba4:  movq   %rcx, (%rdi)
   0x7fff92b4cba7:  movq   %r8, (%rdi,%rdx)
(lldb) bt
* thread #8: tid = 0xabeb2, 0x00007fff92b4cb9d
libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 157, stop reason =
EXC_BAD_ACCESS (code=1, address=0x2080b7f80)
  * frame #0: 0x00007fff92b4cb9d
libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 157
    frame #1: 0x0000000101d2cf52
LLDB`lldb_private::Value::GetValueAsData(this=0x0000000105fb9570,
exe_ctx=0x0000000105fb9838, data=0x0000000105c54878, data_offset=0,
module=0x0000000104341a00) + 5762 at Value.cpp:667
    frame #2: 0x0000000101d5efde
LLDB`lldb_private::ValueObjectVariable::UpdateValue(this=0x0000000105c547e0) +
2974 at ValueObjectVariable.cpp:250
    frame #3: 0x0000000101d30069
LLDB`lldb_private::ValueObject::UpdateValueIfNeeded(this=0x0000000105c547e0,
update_format=true) + 1033 at ValueObject.cpp:217
    frame #4: 0x0000000101d38fca
LLDB`lldb_private::ValueObject::GetValueAsCString(this=0x0000000105c547e0) + 42
at ValueObject.cpp:1431
    frame #5: 0x0000000101bdc3a4
LLDB`FormatPromptRecurse(format=0x0000000105c544a8, sc=0x0000000105fbfae8,
exe_ctx=0x0000000105fbfba8, addr=0x0000000000000000, s=0x0000000105fbd0a0,
end=0x0000000105fbd0e0, valobj=0x0000000000000000) + 24244 at Debugger.cpp:2424
    frame #6: 0x0000000101bd66bb
LLDB`FormatPromptRecurse(format=0x0000000105c5448f, sc=0x0000000105fbfae8,
exe_ctx=0x0000000105fbfba8, addr=0x0000000000000000, s=0x0000000105fbee30,
end=0x0000000105fbee70, valobj=0x0000000000000000) + 459 at Debugger.cpp:1600
    frame #7: 0x0000000101bd66bb
LLDB`FormatPromptRecurse(format=0x0000000105c54450, sc=0x0000000105fbfae8,
exe_ctx=0x0000000105fbfba8, addr=0x0000000000000000, s=0x0000000105fc05a0,
end=0x0000000000000000, valobj=0x0000000000000000) + 459 at Debugger.cpp:1600
    frame #8: 0x0000000101bd648e
LLDB`lldb_private::Debugger::FormatPrompt(format=0x0000000105c54450,
sc=0x0000000105fbfae8, exe_ctx=0x0000000105fbfba8, addr=0x0000000000000000,
s=0x0000000105fc05a0, valobj=0x0000000000000000) + 686 at Debugger.cpp:2761
    frame #9: 0x000000010229b851
LLDB`lldb_private::Thread::DumpUsingSettingsFormat(this=0x000000010435f510,
strm=0x0000000105fc05a0, frame_idx=0) + 1297 at Thread.cpp:1943
    frame #10: 0x000000010229c28a
LLDB`lldb_private::Thread::GetStatus(this=0x000000010435f510,
strm=0x0000000105fc05a0, start_frame=0, num_frames=1, num_frames_with_source=1)
+ 970 at Thread.cpp:2065
    frame #11: 0x0000000102212c92
LLDB`lldb_private::Process::GetThreadStatus(this=0x0000000106863600,
strm=0x0000000105fc05a0, only_threads_with_stop_reason=true, start_frame=0,
num_frames=1, num_frames_with_source=1) + 1202 at Process.cpp:5898
    frame #12: 0x0000000101be1342
LLDB`lldb_private::Debugger::HandleProcessEvent(this=0x0000000106819e00,
event_sp=0x0000000105fc0c50) + 5762 at Debugger.cpp:3126
    frame #13: 0x0000000101be215e
LLDB`lldb_private::Debugger::DefaultEventHandler(this=0x0000000106819e00) + 846
at Debugger.cpp:3270
    frame #14: 0x0000000101be2765
LLDB`lldb_private::Debugger::EventHandlerThread(arg=0x0000000106819e00) + 21 at
Debugger.cpp:3332
    frame #15: 0x0000000102190f0b
LLDB`lldb_private::HostNativeThreadBase::ThreadCreateTrampoline(arg=0x00000001040279f0)
+ 427 at HostNativeThreadBase.cpp:81
    frame #16: 0x0000000102335ae3
LLDB`lldb_private::HostThreadMacOSX::ThreadCreateTrampoline(arg=0x00000001040279f0)
+ 163 at HostThreadMacOSX.mm:101
    frame #17: 0x00007fff8b6f6899 libsystem_pthread.dylib`_pthread_body + 138
    frame #18: 0x00007fff8b6f672a libsystem_pthread.dylib`_pthread_start + 137

As far as I can tell, the latest go compiler is generating correct debug info.
Dwarfdump shows:
$ dwarfdump -f main.foo -c test
----------------------------------------------------------------------
 File: test (x86_64)
----------------------------------------------------------------------
Searching .debug_pubnames for 'main.foo'... 1 match:

0x00000024: TAG_subprogram [2] *
             AT_name( "main.foo" )
             AT_low_pc( 0x0000000000002000 )
             AT_high_pc( 0x0000000000002060 )
             AT_external( 0x01 )

0x0000003f:     TAG_formal_parameter [5]
                 AT_name( "x" )
                 AT_location( call-frame-cfa )
                 AT_type( {0x000000000000c903} ( int ) )

0x0000004c:     NULL
$ dwarfdump --debug-frame test |head -n 40
----------------------------------------------------------------------
 File: test (x86_64)
----------------------------------------------------------------------
.debug_frame contents:

0x00000000: CIE
        length: 0x00000010
        CIE_id: 0xffffffff
       version: 0x03
  augmentation: ""
    code_align: 1
    data_align: -4
   ra_register: 0x10
                DW_CFA_def_cfa (rsp, 8)
                DW_CFA_offset (rip, -8)
                DW_CFA_nop
                DW_CFA_nop
  Instructions: Init State: CFA=rsp+8     rip=[rsp]


0x00000014: FDE
        length: 0x00000020
   CIE_pointer: 0x00000000
    start_addr: 0x0000000000002000 main.foo
    range_size: 0x0000000000000060 (end_addr = 0x0000000000002060)
                DW_CFA_def_cfa_offset_sf (rax, 8)
  Instructions: 0x0000000000002000: CFA=rsp+8     rip=[rsp]
                DW_CFA_advance_loc (26)
                DW_CFA_def_cfa_offset_sf (rax, 24)
                0x000000000000201a: CFA=rsp+24    rip=[rsp+16]
                DW_CFA_advance_loc (54)
                DW_CFA_def_cfa_offset_sf (rax, 8)
                0x0000000000002050: CFA=rsp+8     rip=[rsp]
                DW_CFA_advance_loc (15)
                DW_CFA_nop
                DW_CFA_nop
                DW_CFA_nop
                0x000000000000205f: CFA=rsp+8     rip=[rsp]

If I'm reading that correctly the dwarf info says 'x' should be located at
rsp+24 at instruction 0x201a. And sure enough, if I disable argument printing
and print that value, it is correct:

(lldb) settings set thread-format "thread #${thread.index}: tid =
${thread.id%tid}{, ${frame.pc}}{
${module.file.basename}{`${function.name}${function.pc-offset}}}{ at
${line.file.basename}:${line.number}}{, name = '${thread.name}'}{, queue =
'${thread.queue}'}{, stop reason = ${thread.stop-reason}}{\nReturn value:
${thread.return-value}}\n"
(lldb) settings set frame-format "frame #${frame.index}: ${frame.pc}{
${module.file.basename}{`${function.name}${function.pc-offset}}}{ at
${line.file.basename}:${line.number}}\n"
(lldb) run
Process 33734 launched: '/private/tmp/test/test' (x86_64)
1 location added to breakpoint 1
Process 33734 stopped
* thread #1: tid = 0xaa8cd, 0x000000000000201a test`main.foo + 26 at test.go:4,
stop reason = breakpoint 1.2
    frame #0: 0x000000000000201a test`main.foo + 26 at test.go:4
   1       package main
   2
   3       func foo(x int) {
-> 4           println("foo", x)
   5       }
   6
   7       func bar(x *int) {
(lldb) x -count 1 -f hex "$rsp + 24"
0x2080b7f80: 0x00000001


I get the crash both with lldb-310.2.37 and built from source on Sept 25.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20141001/222b73bc/attachment.html>

More information about the lldb-dev mailing list