[lldb-dev] [Bug 26875] New: LLDB GUI segfaults when selecting a particular stack frame

via lldb-dev lldb-dev at lists.llvm.org
Tue Mar 8 03:44:47 PST 2016


https://llvm.org/bugs/show_bug.cgi?id=26875

            Bug ID: 26875
           Summary: LLDB GUI segfaults when selecting a particular stack
                    frame
           Product: lldb
           Version: 3.8
          Hardware: Macintosh
                OS: MacOS X
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: lldb-dev at lists.llvm.org
          Reporter: kknb1056 at gmail.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

Created attachment 16003
  --> https://llvm.org/bugs/attachment.cgi?id=16003&action=edit
Source file of a program that causes a crash in LLDB

I've found I can consistently make the LLDB GUI crash with a particular series
of steps.  A simple source file is attached with instructions in the comments.

Basically, compile the file and start the program in LLDB; continue to a point
where all the threads have started (e.g. before the notify_all); open the gui
and select frame #11 of any of threads #2-#6. LLDB crashes.
This definitely happens on Mac OS X El Capitan with lldb-340.4.119.1 (which
ships with Xcode 7.2.1) as well as the LLDB head as at 08/Mar/16. All line
numbers here refer to the code as at 08/Mar/16.

This is unrelated to bug 26842 (https://llvm.org/bugs/show_bug.cgi?id=26842),
applying that patch has no effect.

The stack trace says the crash is in libncurses, however I'm fairly sure it's
because of memory corruption before hand. The corruption comes when querying
the frame variables to populate the "Variables" window, and it's one variable
in particular - the first one "void * _vp" in frame 11 which is the function
argument.

** To show it's when populating the Variables window: **
Before the crash, attach another debugger to the original lldb with the
following breakpoint (should be on the "if (value_sp)" line):

    breakpoint set -f IOHandler.cpp -l 3922 -N skipVarAdd
    breakpoint command add skipVarAdd
    expression value_sp=nullptr
    continue
    DONE

This stops any variables being added to the window and there is no crash. You
can also optionally add "--condition i==0" and only enable it before going from
frame 10 to frame 11 to show that it's the first variable in frame 11.

** To show it's a memory corruption unrelated to ncurses **
Again, in a second debugger attached to the first (line 3933 should be "
SetValues(local_values);"):

    breakpoint set -f IOHandler.cpp -l 3933 -N clearVars
    breakpoint command add clearVars
    expression class ValueObjectList $emptyList
    expression local_values=$emptyList
    continue
    DONE

This empties the local list *before* being added to anything that is persisted
beyond the current function. The crash still happens.

It's possible to investigate this further, but I modified the code because I
couldn't figure out how to do it with breakpoints. Just having line 3924
"value_sp->GetSyntheticValue();" is enough to cause the crash (comment out the
"local_value.Append" lines); but also skipping that and adding just value_sp
causes a crash (comment out everything except line 3928
"local_values.Append(value_sp);"). So just using value_sp in any way seems to
be an issue.

** To show it's a problem with the dynamic value **
Again in a second debugger (line should be "if (dynamic_sp)"):

    breakpoint set -f StackFrame.cpp -l 1308 -N refuseDynamic
    breakpoint command add refuseDynamic
    expression dynamic_sp=nullptr
    continue
    DONE

This makes the gui never use the dynamic value, and everything runs fine.

** To show it's probably(?) a GUI initialisation problem **
Selecting one of the problem frames in any of the threads *before* starting the
gui allows the program to run fine. The frame doesn't even need to be active
when the gui starts, just selected at some point before hand.  E.g. in original
debugger attached to executable

    breakpoint set --file main.cpp --line 64
    process launch
    thread select 2
    frame select 11
    thread select 1
    gui

Then navigate to frame 11 as before and there are no problems. Even navigating
to frame 11 of the other threads (3-6) is fine.

I've tried stepping through the gui initialisation with and without a manual
"frame select 11" and I can't find any notable differences.  I've also tried
stepping through the manual "frame select 11" to see what it does differently
and can't find anything there either.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20160308/be947806/attachment-0001.html>


More information about the lldb-dev mailing list