This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
source/Expression/
-
Expression/
2
IRExecutionUnit.cpp

Differential D17860

Fix "ninja check-lldb" crash in IRExecutionUnit.cpp
ClosedPublic

Authored by ted on Mar 3 2016, 10:58 AM.

Download Raw Diff

Details

Reviewers

amccarth
spyffe
zturner

Commits

rGeee554d86ed2: Fix "ninja check-lldb" crash in IRExecutionUnit.cpp
rLLDB263066: Fix "ninja check-lldb" crash in IRExecutionUnit.cpp
rL263066: Fix "ninja check-lldb" crash in IRExecutionUnit.cpp

Summary

From Adrian McCarthy:

"Running ninja check-lldb now has one crash in a Python process, due to deferencing a null pointer in IRExecutionUnit.cpp: candidate_sc.symbol is null, which leads to a call with a null this pointer."

Diff Detail

Event Timeline

ted updated this revision to Diff 49759.Mar 3 2016, 10:58 AM

ted retitled this revision from to Fix "ninja check-lldb" crash in IRExecutionUnit.cpp.

ted updated this object.

ted added reviewers: spyffe, zturner, amccarth.

ted added a subscriber: lldb-commits.

Thanks for the fix.

Right now I'm trying to figure out why the test framework didn't detect the crash and reported that all the tests passed.

source/Expression/IRExecutionUnit.cpp
801	I'm OK with this, but I believe the LLDB style is to reverse the logic and use an early-out (a `continue` in this case) rather than increasing the depth of the rest of the code.

This revision is now accepted and ready to land.Mar 8 2016, 10:26 AM

Looks good to me. Thanks for the fix!

source/Expression/IRExecutionUnit.cpp
805–812	Ah yes, I see what's being fixed here. This looks fine. I like Adrian's recommended early-out policy but this isn't a hard-and-fast rule. It seems like doing the logic the way you're doing it is less invasive, so I'm fine with doing it this way for now.

I don't think this is right. It is possible to have a sc.symbol be nullptr, but sc.function be valid. So the check for sc.symbol will reject the valid information in the function. Note, the code in the function is also wrong, since it only gets the address from the symbol.

Greg suggests adding something to SymbolContext to get the start address of the function that handles this possibility. GetAddressRange sort of does this, but only if the SymbolContext doesn't have a block or line entry.

Updated to use early-out as requested

The change is to guard against the case where candidate_sc.symbol is nullptr.

candidate_sc.function is only used when load_address != LLDB_INVALID_ADDRESS, but load_address is set on line 802:

load_address = candidate_sc.symbol->ResolveCallableAddress(*target);

so candidate_sc.symbol must be valid.

The purpose of the function is to get the address of a symbol, so I don't think we care about candidate_sc.function when candidate_sc.symbol is nullptr.

So you'd like to see this function get the address of a function that it
finds in either symbols or debug info?

Which should it prioritize when we have both?

Updated to address Jim's comments.

That seems fine to me. Thanks for putting up with the niggling...

ted closed this revision.Mar 9 2016, 2:10 PM

Revision Contents

Path

Size

source/

Expression/

IRExecutionUnit.cpp

22 lines

Diff 50189

source/Expression/IRExecutionUnit.cpp

Show First 20 Lines • Show All 792 Lines • ▼ Show 20 Lines	for (const SearchSpec &spec : specs)
for (size_t si = 0, se = sc_list.GetSize(); si < se; ++si)		for (size_t si = 0, se = sc_list.GetSize(); si < se; ++si)
{		{
SymbolContext candidate_sc;		SymbolContext candidate_sc;

sc_list.GetContextAtIndex(si, candidate_sc);		sc_list.GetContextAtIndex(si, candidate_sc);

const bool is_external = (candidate_sc.function) \|\|		const bool is_external = (candidate_sc.function) \|\|
(candidate_sc.symbol && candidate_sc.symbol->IsExternal());		(candidate_sc.symbol && candidate_sc.symbol->IsExternal());
		if (candidate_sc.symbol)
		amccarthUnsubmitted Not Done Reply Inline Actions I'm OK with this, but I believe the LLDB style is to reverse the logic and use an early-out (a `continue` in this case) rather than increasing the depth of the rest of the code. amccarth: I'm OK with this, but I believe the LLDB style is to reverse the logic and use an early-out (a…
		{
load_address = candidate_sc.symbol->ResolveCallableAddress(*target);		load_address = candidate_sc.symbol->ResolveCallableAddress(*target);

if (load_address == LLDB_INVALID_ADDRESS)		if (load_address == LLDB_INVALID_ADDRESS)
{		{
if (target->GetProcessSP())		if (target->GetProcessSP())
load_address = candidate_sc.symbol->GetAddress().GetLoadAddress(target);		load_address = candidate_sc.symbol->GetAddress().GetLoadAddress(target);
else		else
load_address = candidate_sc.symbol->GetAddress().GetFileAddress();		load_address = candidate_sc.symbol->GetAddress().GetFileAddress();
}		}
		}
		spyffeUnsubmitted Not Done Reply Inline Actions Ah yes, I see what's being fixed here. This looks fine. I like Adrian's recommended early-out policy but this isn't a hard-and-fast rule. It seems like doing the logic the way you're doing it is less invasive, so I'm fine with doing it this way for now. spyffe: Ah yes, I see what's being fixed here. This looks fine. I like Adrian's recommended early-out…

		if (load_address == LLDB_INVALID_ADDRESS && candidate_sc.function)
		{
		if (target->GetProcessSP())
		load_address = candidate_sc.function->GetAddressRange().GetBaseAddress().GetLoadAddress(target);
		else
		load_address = candidate_sc.function->GetAddressRange().GetBaseAddress().GetFileAddress();
		}

if (load_address != LLDB_INVALID_ADDRESS)		if (load_address != LLDB_INVALID_ADDRESS)
{		{
if (is_external)		if (is_external)
{		{
return true;		return true;
}		}
else if (best_internal_load_address == LLDB_INVALID_ADDRESS)		else if (best_internal_load_address == LLDB_INVALID_ADDRESS)
▲ Show 20 Lines • Show All 405 Lines • Show Last 20 Lines