This is the mail archive of the gdb@sources.redhat.com mailing list for the GDB project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [mi] watchpoint-scope exec async command

On Tue, Mar 29, 2005 at 11:29:48PM +0200, Eli Zaretskii wrote:
> > how did we fail to delete the watchpoint too?
> > 
> > The answer seems to be that we use disp_del_at_next_stop if we hit the
> > _watchpoint_, but not if we hit the related breakpoint.  When we delete
> > it we ought to be deleting its related breakpoint too (they point to
> > each other).  But we don't.  The only things we ever do with
> > related_breakpoints are set their dispositions.
> 
> Sorry, I'm not sure I understand correctly what you are saying,
> because of the ambiguous use of "it" and "its".  This sentence is the
> most ambiguous for me:
> 
> > When we delete it we ought to be deleting its related breakpoint too
> > (they point to each other).
> 
> Who is "it" here?  If it's the watchpoint, then I don't understand
> your reasoning, because if the scope breakpoint rather than the
> watchpoint itself triggered, we don't delete anything.

"it" was intended to be the scope breakpoint.  Sorry, I had to read
that three times to work out what I meant, and it was only yesterday.

If the scope breakpoint triggers, we delete it.  From watch_command_1:
          /* Automatically delete the breakpoint when it hits.  */
          scope_breakpoint->disposition = disp_del;

That's what's happening in this case.  Then, shortly thereafter, the
watchpoint triggers.  That's when we detect that it has gone out of
scope, and set it to delete at next stop; and we crash, because we
already deleted the scope breakpoint when it was hit.

> > > Please look at the comments at breakpoint.c:6723 and breakpoint.c:1325.
> > 
> > The comment at 6723 doesn't apply to this case, because that's bpstats
> > dangling a pointer; the breakpoint chain should never do this.
> 
> ??? My interpretation of that comment is that a breakpoint/watchpoint
> that was already deleted should have its type set to bp_none, and in
> that case we don't delete it again.  What am I missing?

Generally, when we delete a breakpoint, we free it; so it doesn't
matter what its type gets set to.

  /* On the chance that someone will soon try again to delete this same
     bp, we mark it as deleted before freeing its storage. */
  bpt->type = bp_none;

  xfree (bpt->loc);
  xfree (bpt);

All the code surrounding bp_none is horribly bogus; we're walking freed
memory if we hit it.  I don't know if it still triggers today; probably
it does in some cases, and no one's been brave enough to fix them.

-- 
Daniel Jacobowitz
CodeSourcery, LLC
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]