This is an archive of the discontinued LLVM Phabricator instance.

Differential D117065

[lldb/Plugins] Fix ScriptedInterface object ptr use-after-free
AbandonedPublic

Authored by mib on Jan 11 2022, 4:41 PM.

Details

Reviewers
JDevlieghere
labath
Summary

This patch replaces all the ScriptedInterface object instance shared
pointer by a raw pointer. The reason behind the change is that when the
smart pointer gets re-assigned, that triggers calling the default
deleter to the previously pointer object.

However, in this case, the pointed memory was allocated in Python, so
when another object tries to read it, it causes a heap-use-after-free.

By switching to a raw pointer, it prevents lldb from decrementing the
reference counting to 0 and calling the deleter for that object.

rdar://87425859

Signed-off-by: Med Ismail Bennani <medismail.bennani@gmail.com>

Diff Detail

Event Timeline

mib requested review of this revision.Jan 11 2022, 4:41 PM
mib created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptJan 11 2022, 4:41 PM
Herald added a subscriber: lldb-commits. · View Herald Transcript
mib added a parent revision: D115654: [lldb/plugin] Fix heap-use-after-free in ScriptedProcess::ReadMemory.Jan 11 2022, 4:44 PM
Harbormaster completed remote builds in B142775: Diff 399124.Jan 11 2022, 4:44 PM
mib added a child revision: D117068: [lldb/Plugins] Add ScriptedProcess::GetThreadsInfo interface.Jan 11 2022, 5:06 PM
labath requested changes to this revision.Jan 12 2022, 3:32 AM
labath added a subscriber: labath.
labath added inline comments.
lldb/source/Plugins/ScriptInterpreter/Python/ScriptedThreadPythonInterface.cpp
54

This doesn't sound right. This object (StructuredPythonObject instance) is definitely not created by python and will now be leaked. If I correctly understand the problem, the issue is that the this object gets a non-owning reference (the ret_val argument) to the underlying python object, and then frees it as if it was owning it. If that's the case, then the solution is to INCREF it in the constructor (or switch to using a PythonObject wrapper, which will then handle the lifetime management.

You may also be interested in D114722 (which I hope to update soon). It's not _directly_ related to this, but it touches the same parts of the code.

This revision now requires changes to proceed.Jan 12 2022, 3:32 AM
labath added inline comments.Jan 12 2022, 5:52 AM
lldb/source/Plugins/ScriptInterpreter/Python/ScriptedThreadPythonInterface.cpp
54

So, as far as I can tell ret_val is an owned reference (in LLDBSwigPythonCreateScriptedThread, it comes from PythonObject.release()). Could it be that something else is freeing (decreffing) the object more times than it should (thereby releasing the references that are supposed to be held here) and this code gets blamed/crashes just because it happens to run last?

mib mentioned this in D117071: [lldb/Plugins] Add support of multiple ScriptedThreads in a ScriptedProcess.Jan 12 2022, 7:57 AM
JDevlieghere added inline comments.Jan 12 2022, 11:31 AM
lldb/source/Plugins/ScriptInterpreter/Python/ScriptedThreadPythonInterface.cpp
54

Pavel said it better than I would have :-)

mib abandoned this revision.Jan 12 2022, 12:00 PM

Abandoning this in favor of D117139.

mib removed a parent revision: D115654: [lldb/plugin] Fix heap-use-after-free in ScriptedProcess::ReadMemory.Jan 12 2022, 12:01 PM

Revision Contents

Diff 399124

lldb/include/lldb/Interpreter/ScriptedInterface.h

Show All 19 Lines
#include <string> #include <string>
namespace lldb_private { namespace lldb_private {
class ScriptedInterface { class ScriptedInterface {
public: public:
ScriptedInterface() = default; ScriptedInterface() = default;
virtual ~ScriptedInterface() = default; virtual ~ScriptedInterface() = default;
virtual StructuredData::GenericSP virtual StructuredData::Generic *
CreatePluginObject(llvm::StringRef class_name, ExecutionContext &exe_ctx, CreatePluginObject(llvm::StringRef class_name, ExecutionContext &exe_ctx,
StructuredData::DictionarySP args_sp) = 0; StructuredData::DictionarySP args_sp) = 0;
template <typename Ret> template <typename Ret>
Ret ErrorWithMessage(llvm::StringRef caller_name, llvm::StringRef error_msg, Ret ErrorWithMessage(llvm::StringRef caller_name, llvm::StringRef error_msg,
Status &error, Status &error,
uint32_t log_caterogy = LIBLLDB_LOG_PROCESS) { uint32_t log_caterogy = LIBLLDB_LOG_PROCESS) {
LLDB_LOGF(GetLogIfAllCategoriesSet(log_caterogy), "%s ERROR = %s", LLDB_LOGF(GetLogIfAllCategoriesSet(log_caterogy), "%s ERROR = %s",
Show All 25 Lines bool CheckStructuredDataObject(llvm::StringRef caller, T obj, Status &error) {
} }
if (error.Fail()) if (error.Fail())
return ErrorWithMessage<bool>(caller, error.AsCString(), error); return ErrorWithMessage<bool>(caller, error.AsCString(), error);
return true; return true;
} }
void SetPluginObject(StructuredData::Generic *object_instance) {
m_object_instance = object_instance;
}
protected: protected:
StructuredData::GenericSP m_object_instance_sp; StructuredData::Generic *m_object_instance;
}; };
} // namespace lldb_private } // namespace lldb_private
#endif // LLDB_INTERPRETER_SCRIPTEDINTERFACE_H #endif // LLDB_INTERPRETER_SCRIPTEDINTERFACE_H

lldb/include/lldb/Interpreter/ScriptedProcessInterface.h

Show All 15 Lines
#include "lldb/lldb-private.h" #include "lldb/lldb-private.h"
#include <string> #include <string>
namespace lldb_private { namespace lldb_private {
class ScriptedProcessInterface : virtual public ScriptedInterface { class ScriptedProcessInterface : virtual public ScriptedInterface {
public: public:
StructuredData::GenericSP StructuredData::Generic *
CreatePluginObject(llvm::StringRef class_name, ExecutionContext &exe_ctx, CreatePluginObject(llvm::StringRef class_name, ExecutionContext &exe_ctx,
StructuredData::DictionarySP args_sp) override { StructuredData::DictionarySP args_sp) override {
return nullptr; return nullptr;
} }
virtual Status Launch() { return Status("ScriptedProcess did not launch"); } virtual Status Launch() { return Status("ScriptedProcess did not launch"); }
virtual Status Resume() { return Status("ScriptedProcess did not resume"); } virtual Status Resume() { return Status("ScriptedProcess did not resume"); }
Show All 37 Lines virtual lldb::ScriptedThreadInterfaceSP GetScriptedThreadInterface() {
return nullptr; return nullptr;
} }
lldb::ScriptedThreadInterfaceSP m_scripted_thread_interface_sp = nullptr; lldb::ScriptedThreadInterfaceSP m_scripted_thread_interface_sp = nullptr;
}; };
class ScriptedThreadInterface : virtual public ScriptedInterface { class ScriptedThreadInterface : virtual public ScriptedInterface {
public: public:
StructuredData::GenericSP StructuredData::Generic *
CreatePluginObject(llvm::StringRef class_name, ExecutionContext &exe_ctx, CreatePluginObject(llvm::StringRef class_name, ExecutionContext &exe_ctx,
StructuredData::DictionarySP args_sp) override { StructuredData::DictionarySP args_sp) override {
return nullptr; return nullptr;
} }
virtual lldb::tid_t GetThreadID() { return LLDB_INVALID_THREAD_ID; } virtual lldb::tid_t GetThreadID() { return LLDB_INVALID_THREAD_ID; }
virtual llvm::Optional<std::string> GetName() { return llvm::None; } virtual llvm::Optional<std::string> GetName() { return llvm::None; }
Show All 18 Lines

lldb/source/Plugins/Process/scripted/ScriptedProcess.h

Show First 20 LinesShow All 104 Lines▼ Show 20 Linesprivate:
void CheckInterpreterAndScriptObject() const; void CheckInterpreterAndScriptObject() const;
ScriptedProcessInterface &GetInterface() const; ScriptedProcessInterface &GetInterface() const;
static bool IsScriptLanguageSupported(lldb::ScriptLanguage language); static bool IsScriptLanguageSupported(lldb::ScriptLanguage language);
// Member variables. // Member variables.
const ScriptedProcessInfo m_scripted_process_info; const ScriptedProcessInfo m_scripted_process_info;
lldb_private::ScriptInterpreter *m_interpreter = nullptr; lldb_private::ScriptInterpreter *m_interpreter = nullptr;
lldb_private::StructuredData::ObjectSP m_script_object_sp = nullptr; lldb_private::StructuredData::Generic *m_script_object = nullptr;
//@}
}; };
} // namespace lldb_private } // namespace lldb_private
#endif // LLDB_SOURCE_PLUGINS_SCRIPTED_PROCESS_H #endif // LLDB_SOURCE_PLUGINS_SCRIPTED_PROCESS_H

lldb/source/Plugins/Process/scripted/ScriptedProcess.cpp

Show All 40 Linesbool ScriptedProcess::IsScriptLanguageSupported(lldb::ScriptLanguage language) {
llvm::ArrayRef<lldb::ScriptLanguage> supported_languages = llvm::ArrayRef<lldb::ScriptLanguage> supported_languages =
llvm::makeArrayRef(g_supported_script_languages); llvm::makeArrayRef(g_supported_script_languages);
return llvm::is_contained(supported_languages, language); return llvm::is_contained(supported_languages, language);
} }
void ScriptedProcess::CheckInterpreterAndScriptObject() const { void ScriptedProcess::CheckInterpreterAndScriptObject() const {
lldbassert(m_interpreter && "Invalid Script Interpreter."); lldbassert(m_interpreter && "Invalid Script Interpreter.");
lldbassert(m_script_object_sp && "Invalid Script Object."); lldbassert(m_script_object && "Invalid Script Object.");
} }
lldb::ProcessSP ScriptedProcess::CreateInstance(lldb::TargetSP target_sp, lldb::ProcessSP ScriptedProcess::CreateInstance(lldb::TargetSP target_sp,
lldb::ListenerSP listener_sp, lldb::ListenerSP listener_sp,
const FileSpec *file, const FileSpec *file,
bool can_connect) { bool can_connect) {
if (!target_sp || if (!target_sp ||
!IsScriptLanguageSupported(target_sp->GetDebugger().GetScriptLanguage())) !IsScriptLanguageSupported(target_sp->GetDebugger().GetScriptLanguage()))
return nullptr; return nullptr;
Status error; Status error;
ScriptedProcess::ScriptedProcessInfo scripted_process_info( ScriptedProcess::ScriptedProcessInfo scripted_process_info(
target_sp->GetProcessLaunchInfo()); target_sp->GetProcessLaunchInfo());
auto process_sp = std::make_shared<ScriptedProcess>( auto process_sp = std::make_shared<ScriptedProcess>(
target_sp, listener_sp, scripted_process_info, error); target_sp, listener_sp, scripted_process_info, error);
if (error.Fail() || !process_sp || !process_sp->m_script_object_sp || if (error.Fail() || !process_sp || !process_sp->m_script_object ||
!process_sp->m_script_object_sp->IsValid()) { !process_sp->m_script_object->IsValid()) {
LLDB_LOGF(GetLogIfAllCategoriesSet(LIBLLDB_LOG_PROCESS), "%s", LLDB_LOGF(GetLogIfAllCategoriesSet(LIBLLDB_LOG_PROCESS), "%s",
error.AsCString()); error.AsCString());
return nullptr; return nullptr;
} }
return process_sp; return process_sp;
} }
Show All 21 Lines if (!m_interpreter) {
error.SetErrorStringWithFormat("ScriptedProcess::%s () - ERROR: %s", error.SetErrorStringWithFormat("ScriptedProcess::%s () - ERROR: %s",
__FUNCTION__, __FUNCTION__,
"Debugger has no Script Interpreter"); "Debugger has no Script Interpreter");
return; return;
} }
ExecutionContext exe_ctx(target_sp, /*get_process=*/false); ExecutionContext exe_ctx(target_sp, /*get_process=*/false);
StructuredData::GenericSP object_sp = GetInterface().CreatePluginObject( StructuredData::Generic *script_object = GetInterface().CreatePluginObject(
m_scripted_process_info.GetClassName().c_str(), exe_ctx, m_scripted_process_info.GetClassName().c_str(), exe_ctx,
m_scripted_process_info.GetArgsSP()); m_scripted_process_info.GetArgsSP());
if (!object_sp || !object_sp->IsValid()) { if (!script_object || !script_object->IsValid()) {
error.SetErrorStringWithFormat("ScriptedProcess::%s () - ERROR: %s", error.SetErrorStringWithFormat("ScriptedProcess::%s () - ERROR: %s",
__FUNCTION__, __FUNCTION__,
"Failed to create valid script object"); "Failed to create valid script object");
return; return;
} }
m_script_object_sp = object_sp; m_script_object = script_object;
} }
ScriptedProcess::~ScriptedProcess() { ScriptedProcess::~ScriptedProcess() {
Clear(); Clear();
// We need to call finalize on the process before destroying ourselves to // We need to call finalize on the process before destroying ourselves to
// make sure all of the broadcaster cleanup goes as planned. If we destruct // make sure all of the broadcaster cleanup goes as planned. If we destruct
// this class, then Process::~Process() might have problems trying to fully // this class, then Process::~Process() might have problems trying to fully
// destroy the broadcaster. // destroy the broadcaster.
▲ Show 20 LinesShow All 86 Lines▼ Show 20 LinesStatus ScriptedProcess::DoStop() {
LLDB_LOGF(log, "ScriptedProcess::%s Delayed stop", __FUNCTION__); LLDB_LOGF(log, "ScriptedProcess::%s Delayed stop", __FUNCTION__);
return GetInterface().Stop(); return GetInterface().Stop();
} }
Status ScriptedProcess::DoDestroy() { return Status(); } Status ScriptedProcess::DoDestroy() { return Status(); }
bool ScriptedProcess::IsAlive() { bool ScriptedProcess::IsAlive() {
if (m_interpreter && m_script_object_sp) if (m_interpreter && m_script_object)
return GetInterface().IsAlive(); return GetInterface().IsAlive();
return false; return false;
} }
size_t ScriptedProcess::DoReadMemory(lldb::addr_t addr, void *buf, size_t size, size_t ScriptedProcess::DoReadMemory(lldb::addr_t addr, void *buf, size_t size,
Status &error) { Status &error) {
if (!m_interpreter) if (!m_interpreter)
return GetInterface().ErrorWithMessage<size_t>(LLVM_PRETTY_FUNCTION, return GetInterface().ErrorWithMessage<size_t>(LLVM_PRETTY_FUNCTION,
▲ Show 20 LinesShow All 117 LinesShow Last 20 Lines

lldb/source/Plugins/Process/scripted/ScriptedThread.h

Show First 20 LinesShow All 54 Lines▼ Show 20 Linesprivate:
ScriptedThread(const ScriptedThread &) = delete; ScriptedThread(const ScriptedThread &) = delete;
const ScriptedThread &operator=(const ScriptedThread &) = delete; const ScriptedThread &operator=(const ScriptedThread &) = delete;
std::shared_ptr<DynamicRegisterInfo> GetDynamicRegisterInfo(); std::shared_ptr<DynamicRegisterInfo> GetDynamicRegisterInfo();
const ScriptedProcess &m_scripted_process; const ScriptedProcess &m_scripted_process;
std::shared_ptr<DynamicRegisterInfo> m_register_info_sp = nullptr; std::shared_ptr<DynamicRegisterInfo> m_register_info_sp = nullptr;
lldb_private::StructuredData::ObjectSP m_script_object_sp = nullptr; lldb_private::StructuredData::Generic *m_script_object = nullptr;
}; };
} // namespace lldb_private } // namespace lldb_private
#endif // LLDB_SOURCE_PLUGINS_SCRIPTED_THREAD_H #endif // LLDB_SOURCE_PLUGINS_SCRIPTED_THREAD_H

lldb/source/Plugins/Process/scripted/ScriptedThread.cpp

Show All 18 Lines
#include "lldb/Utility/Logging.h" #include "lldb/Utility/Logging.h"
#include <memory> #include <memory>
using namespace lldb; using namespace lldb;
using namespace lldb_private; using namespace lldb_private;
void ScriptedThread::CheckInterpreterAndScriptObject() const { void ScriptedThread::CheckInterpreterAndScriptObject() const {
lldbassert(m_script_object_sp && "Invalid Script Object."); lldbassert(m_script_object && "Invalid Script Object.");
lldbassert(GetInterface() && "Invalid Scripted Thread Interface."); lldbassert(GetInterface() && "Invalid Scripted Thread Interface.");
} }
ScriptedThread::ScriptedThread(ScriptedProcess &process, Status &error) ScriptedThread::ScriptedThread(ScriptedProcess &process, Status &error)
: Thread(process, LLDB_INVALID_THREAD_ID), m_scripted_process(process) { : Thread(process, LLDB_INVALID_THREAD_ID), m_scripted_process(process) {
if (!process.IsValid()) { if (!process.IsValid()) {
error.SetErrorString("Invalid scripted process"); error.SetErrorString("Invalid scripted process");
return; return;
Show All 11 Lines llvm::Optional<std::string> class_name =
process.GetInterface().GetScriptedThreadPluginName(); process.GetInterface().GetScriptedThreadPluginName();
if (!class_name || class_name->empty()) { if (!class_name || class_name->empty()) {
error.SetErrorString("Failed to get scripted thread class name."); error.SetErrorString("Failed to get scripted thread class name.");
return; return;
} }
ExecutionContext exe_ctx(process); ExecutionContext exe_ctx(process);
StructuredData::GenericSP object_sp = StructuredData::Generic *script_object =
scripted_thread_interface->CreatePluginObject( scripted_thread_interface->CreatePluginObject(
class_name->c_str(), exe_ctx, class_name->c_str(), exe_ctx,
process.m_scripted_process_info.GetArgsSP()); process.m_scripted_process_info.GetArgsSP());
if (!object_sp || !object_sp->IsValid()) { if (!script_object || !script_object->IsValid()) {
error.SetErrorString("Failed to create valid script object"); error.SetErrorString("Failed to create valid script object");
return; return;
} }
m_script_object_sp = object_sp; m_script_object = script_object;
SetID(scripted_thread_interface->GetThreadID()); SetID(scripted_thread_interface->GetThreadID());
} }
ScriptedThread::~ScriptedThread() { DestroyThread(); } ScriptedThread::~ScriptedThread() { DestroyThread(); }
const char *ScriptedThread::GetName() { const char *ScriptedThread::GetName() {
CheckInterpreterAndScriptObject(); CheckInterpreterAndScriptObject();
▲ Show 20 LinesShow All 143 LinesShow Last 20 Lines

lldb/source/Plugins/ScriptInterpreter/Python/ScriptedProcessPythonInterface.h

Show All 16 Lines
#include "lldb/Interpreter/ScriptedProcessInterface.h" #include "lldb/Interpreter/ScriptedProcessInterface.h"
namespace lldb_private { namespace lldb_private {
class ScriptedProcessPythonInterface : public ScriptedProcessInterface, class ScriptedProcessPythonInterface : public ScriptedProcessInterface,
public ScriptedPythonInterface { public ScriptedPythonInterface {
public: public:
ScriptedProcessPythonInterface(ScriptInterpreterPythonImpl &interpreter); ScriptedProcessPythonInterface(ScriptInterpreterPythonImpl &interpreter);
StructuredData::GenericSP StructuredData::Generic *
CreatePluginObject(const llvm::StringRef class_name, CreatePluginObject(const llvm::StringRef class_name,
ExecutionContext &exe_ctx, ExecutionContext &exe_ctx,
StructuredData::DictionarySP args_sp) override; StructuredData::DictionarySP args_sp) override;
Status Launch() override; Status Launch() override;
Status Resume() override; Status Resume() override;
Show All 30 Lines

lldb/source/Plugins/ScriptInterpreter/Python/ScriptedProcessPythonInterface.cpp

Show All 24 Lines
using namespace lldb_private; using namespace lldb_private;
using namespace lldb_private::python; using namespace lldb_private::python;
using Locker = ScriptInterpreterPythonImpl::Locker; using Locker = ScriptInterpreterPythonImpl::Locker;
ScriptedProcessPythonInterface::ScriptedProcessPythonInterface( ScriptedProcessPythonInterface::ScriptedProcessPythonInterface(
ScriptInterpreterPythonImpl &interpreter) ScriptInterpreterPythonImpl &interpreter)
: ScriptedProcessInterface(), ScriptedPythonInterface(interpreter) {} : ScriptedProcessInterface(), ScriptedPythonInterface(interpreter) {}
StructuredData::GenericSP ScriptedProcessPythonInterface::CreatePluginObject( StructuredData::Generic *ScriptedProcessPythonInterface::CreatePluginObject(
llvm::StringRef class_name, ExecutionContext &exe_ctx, llvm::StringRef class_name, ExecutionContext &exe_ctx,
StructuredData::DictionarySP args_sp) { StructuredData::DictionarySP args_sp) {
if (class_name.empty()) if (class_name.empty())
return {}; return {};
TargetSP target_sp = exe_ctx.GetTargetSP(); TargetSP target_sp = exe_ctx.GetTargetSP();
StructuredDataImpl args_impl(args_sp); StructuredDataImpl args_impl(args_sp);
std::string error_string; std::string error_string;
Locker py_lock(&m_interpreter, Locker::AcquireLock | Locker::NoSTDIN, Locker py_lock(&m_interpreter, Locker::AcquireLock | Locker::NoSTDIN,
Locker::FreeLock); Locker::FreeLock);
void *ret_val = LLDBSwigPythonCreateScriptedProcess( void *ret_val = LLDBSwigPythonCreateScriptedProcess(
class_name.str().c_str(), m_interpreter.GetDictionaryName(), target_sp, class_name.str().c_str(), m_interpreter.GetDictionaryName(), target_sp,
args_impl, error_string); args_impl, error_string);
if (!ret_val) if (!ret_val)
return {}; return {};
m_object_instance_sp = m_object_instance = static_cast<StructuredData::Generic *>(
StructuredData::GenericSP(new StructuredPythonObject(ret_val)); new StructuredPythonObject(ret_val));
return m_object_instance_sp; return m_object_instance;
} }
Status ScriptedProcessPythonInterface::Launch() { Status ScriptedProcessPythonInterface::Launch() {
return GetStatusFromMethod("launch"); return GetStatusFromMethod("launch");
} }
Status ScriptedProcessPythonInterface::Resume() { Status ScriptedProcessPythonInterface::Resume() {
return GetStatusFromMethod("resume"); return GetStatusFromMethod("resume");
▲ Show 20 LinesShow All 101 LinesShow Last 20 Lines

lldb/source/Plugins/ScriptInterpreter/Python/ScriptedPythonInterface.h

Show All 36 Linesprotected:
T Dispatch(llvm::StringRef method_name, Status &error, Args... args) { T Dispatch(llvm::StringRef method_name, Status &error, Args... args) {
using namespace python; using namespace python;
using Locker = ScriptInterpreterPythonImpl::Locker; using Locker = ScriptInterpreterPythonImpl::Locker;
std::string caller_signature = std::string caller_signature =
llvm::Twine(LLVM_PRETTY_FUNCTION + llvm::Twine(" (") + llvm::Twine(LLVM_PRETTY_FUNCTION + llvm::Twine(" (") +
llvm::Twine(method_name) + llvm::Twine(")")) llvm::Twine(method_name) + llvm::Twine(")"))
.str(); .str();
if (!m_object_instance_sp)
return ErrorWithMessage<T>(caller_signature, "Python object ill-formed",
error);
Locker py_lock(&m_interpreter, Locker::AcquireLock | Locker::NoSTDIN, Locker py_lock(&m_interpreter, Locker::AcquireLock | Locker::NoSTDIN,
Locker::FreeLock); Locker::FreeLock);
if (!m_object_instance && m_object_instance->IsValid())
return ErrorWithMessage<T>(caller_signature, "Python object ill-formed",
error);
PythonObject implementor(PyRefType::Borrowed, PythonObject implementor(PyRefType::Borrowed,
(PyObject *)m_object_instance_sp->GetValue()); (PyObject *)m_object_instance->GetValue());
if (!implementor.IsAllocated()) if (!implementor.IsAllocated())
return ErrorWithMessage<T>(caller_signature, return ErrorWithMessage<T>(caller_signature,
"Python implementor not allocated.", error); "Python implementor not allocated.", error);
PythonObject pmeth( PythonObject pmeth(
PyRefType::Owned, PyRefType::Owned,
PyObject_GetAttrString(implementor.get(), method_name.str().c_str())); PyObject_GetAttrString(implementor.get(), method_name.str().c_str()));
▲ Show 20 LinesShow All 90 LinesShow Last 20 Lines

lldb/source/Plugins/ScriptInterpreter/Python/ScriptedThreadPythonInterface.h

Show All 16 Lines
#include "lldb/Interpreter/ScriptedProcessInterface.h" #include "lldb/Interpreter/ScriptedProcessInterface.h"
namespace lldb_private { namespace lldb_private {
class ScriptedThreadPythonInterface : public ScriptedThreadInterface, class ScriptedThreadPythonInterface : public ScriptedThreadInterface,
public ScriptedPythonInterface { public ScriptedPythonInterface {
public: public:
ScriptedThreadPythonInterface(ScriptInterpreterPythonImpl &interpreter); ScriptedThreadPythonInterface(ScriptInterpreterPythonImpl &interpreter);
StructuredData::GenericSP StructuredData::Generic *
CreatePluginObject(llvm::StringRef class_name, ExecutionContext &exe_ctx, CreatePluginObject(llvm::StringRef class_name, ExecutionContext &exe_ctx,
StructuredData::DictionarySP args_sp) override; StructuredData::DictionarySP args_sp) override;
lldb::tid_t GetThreadID() override; lldb::tid_t GetThreadID() override;
llvm::Optional<std::string> GetName() override; llvm::Optional<std::string> GetName() override;
lldb::StateType GetState() override; lldb::StateType GetState() override;
Show All 15 Lines

lldb/source/Plugins/ScriptInterpreter/Python/ScriptedThreadPythonInterface.cpp

Show All 23 Lines
using namespace lldb_private; using namespace lldb_private;
using namespace lldb_private::python; using namespace lldb_private::python;
using Locker = ScriptInterpreterPythonImpl::Locker; using Locker = ScriptInterpreterPythonImpl::Locker;
ScriptedThreadPythonInterface::ScriptedThreadPythonInterface( ScriptedThreadPythonInterface::ScriptedThreadPythonInterface(
ScriptInterpreterPythonImpl &interpreter) ScriptInterpreterPythonImpl &interpreter)
: ScriptedThreadInterface(), ScriptedPythonInterface(interpreter) {} : ScriptedThreadInterface(), ScriptedPythonInterface(interpreter) {}
StructuredData::GenericSP ScriptedThreadPythonInterface::CreatePluginObject( StructuredData::Generic *ScriptedThreadPythonInterface::CreatePluginObject(
const llvm::StringRef class_name, ExecutionContext &exe_ctx, const llvm::StringRef class_name, ExecutionContext &exe_ctx,
StructuredData::DictionarySP args_sp) { StructuredData::DictionarySP args_sp) {
if (class_name.empty()) if (class_name.empty())
return {}; return {};
ProcessSP process_sp = exe_ctx.GetProcessSP(); ProcessSP process_sp = exe_ctx.GetProcessSP();
StructuredDataImpl args_impl(args_sp); StructuredDataImpl args_impl(args_sp);
std::string error_string; std::string error_string;
Locker py_lock(&m_interpreter, Locker::AcquireLock | Locker::NoSTDIN, Locker py_lock(&m_interpreter, Locker::AcquireLock | Locker::NoSTDIN,
Locker::FreeLock); Locker::FreeLock);
void *ret_val = LLDBSwigPythonCreateScriptedThread( void *ret_val = LLDBSwigPythonCreateScriptedThread(
class_name.str().c_str(), m_interpreter.GetDictionaryName(), process_sp, class_name.str().c_str(), m_interpreter.GetDictionaryName(), process_sp,
args_impl, error_string); args_impl, error_string);
if (!ret_val) if (!ret_val)
return {}; return {};
m_object_instance_sp = m_object_instance = static_cast<StructuredData::Generic *>(
StructuredData::GenericSP(new StructuredPythonObject(ret_val)); new StructuredPythonObject(ret_val));
labathUnsubmitted
Not Done
ReplyInline Actions

This doesn't sound right. This object (StructuredPythonObject instance) is definitely not created by python and will now be leaked. If I correctly understand the problem, the issue is that the this object gets a non-owning reference (the ret_val argument) to the underlying python object, and then frees it as if it was owning it. If that's the case, then the solution is to INCREF it in the constructor (or switch to using a PythonObject wrapper, which will then handle the lifetime management.

You may also be interested in D114722 (which I hope to update soon). It's not _directly_ related to this, but it touches the same parts of the code.

labath: This doesn't sound right. This object (`StructuredPythonObject` instance) is definitely not…
labathUnsubmitted
Not Done
ReplyInline Actions

So, as far as I can tell ret_val is an owned reference (in LLDBSwigPythonCreateScriptedThread, it comes from PythonObject.release()). Could it be that something else is freeing (decreffing) the object more times than it should (thereby releasing the references that are supposed to be held here) and this code gets blamed/crashes just because it happens to run last?

labath: So, as far as I can tell `ret_val` is an owned reference (in…
JDevlieghereUnsubmitted
Done
ReplyInline Actions

Pavel said it better than I would have :-)

JDevlieghere: Pavel said it better than I would have :-)
return m_object_instance_sp; return m_object_instance;
} }
lldb::tid_t ScriptedThreadPythonInterface::GetThreadID() { lldb::tid_t ScriptedThreadPythonInterface::GetThreadID() {
Status error; Status error;
StructuredData::ObjectSP obj = Dispatch("get_thread_id", error); StructuredData::ObjectSP obj = Dispatch("get_thread_id", error);
if (!CheckStructuredDataObject(LLVM_PRETTY_FUNCTION, obj, error)) if (!CheckStructuredDataObject(LLVM_PRETTY_FUNCTION, obj, error))
return LLDB_INVALID_THREAD_ID; return LLDB_INVALID_THREAD_ID;
▲ Show 20 LinesShow All 72 LinesShow Last 20 Lines