[v2] Harden gdb.base/step-over-syscall.exp

Message ID	20200124163507.32131-1-luis.machado@linaro.org
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of gdb-patches-return-163500-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id:in-reply-to :references; q=dns; s=default; b=duVizXFfW3uAebfay6aNbY2lEVNayFn 3GAINOAopyYEKIb1LAvs0OrlZMJjdbfFo6JPFxyYrPYt6tITesHiqbc1dGj6PD8Z MIvR4u1Dsfw927507TORQrcpoUI8IlR5M4zdiCvScxcHRBBpcHR+0yTLtJmSa4zl dZrCEb80BhfA= Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk Sender: gdb-patches-owner@sourceware.org From: Luis Machado <luis.machado@linaro.org> To: gdb-patches@sourceware.org Cc: Alan.Hayward@arm.com, simark@simark.ca Subject: [PATCH,v2] Harden gdb.base/step-over-syscall.exp Date: Fri, 24 Jan 2020 13:35:07 -0300 Message-Id: <20200124163507.32131-1-luis.machado@linaro.org> In-Reply-To: <20200115203645.26360-1-luis.machado@linaro.org> References: <20200115203645.26360-1-luis.machado@linaro.org>
Series	[v2] Harden gdb.base/step-over-syscall.exp \| expand [v2] Harden gdb.base/step-over-syscall.exp

Message ID

20200124163507.32131-1-luis.machado@linaro.org

State

New

Headers

Received-SPF: pass (google.com: domain of
	gdb-patches-return-163500-patch=linaro.org@sourceware.org
	designates 209.132.180.131 as permitted sender)
	client-ip=209.132.180.131; 
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:cc:subject:date:message-id:in-reply-to
	:references; q=dns; s=default; b=duVizXFfW3uAebfay6aNbY2lEVNayFn
	3GAINOAopyYEKIb1LAvs0OrlZMJjdbfFo6JPFxyYrPYt6tITesHiqbc1dGj6PD8Z
	MIvR4u1Dsfw927507TORQrcpoUI8IlR5M4zdiCvScxcHRBBpcHR+0yTLtJmSa4zl
	dZrCEb80BhfA=
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: gdb-patches-owner@sourceware.org
From: Luis Machado <luis.machado@linaro.org>
To: gdb-patches@sourceware.org
Cc: Alan.Hayward@arm.com,	simark@simark.ca
Subject: [PATCH,v2] Harden gdb.base/step-over-syscall.exp
Date: Fri, 24 Jan 2020 13:35:07 -0300
Message-Id: <20200124163507.32131-1-luis.machado@linaro.org>
In-Reply-To: <20200115203645.26360-1-luis.machado@linaro.org>
References: <20200115203645.26360-1-luis.machado@linaro.org>

Series

[v2] Harden gdb.base/step-over-syscall.exp | expand

Commit Message

Luis Machado Jan. 24, 2020, 4:35 p.m. UTC

New in v2:

- Set initial values to -1 instead of 0.
- Rewrote RE to prevent unexpected matching when parsing one character at a
time.
- Used gdb_assert for an additional check.
- Validated with check-read1

Simon,

I did some research on checking the syscall numbers to make sure we're calling
the right syscall, but there seems to be considerable variation in terms of
what registers are used to pass the syscall number and also the syscall
number itself.

For example, aarch64 seems to use clone for fork/vfork, but arm does not. The
syscall number comes in through w0, but it also gets passed via x8 if it goes
into the kernel.

Given the added complexity and the fact that the test is already breaking into
fork/vfork/clone, i think we can be reasonably sure that we are invoking the
right syscall. What do you think? Any other ideas?

Luis

---

There are a couple problems with this test.

First
--

gdb.base/step-over-syscall.exp records the address of a syscall instruction
within fork/vfork/clone functions and also the address of the instruction
after that syscall instruction.

It uses these couples addresses to make sure we stepped over a syscall
instruction (fork/vfork/clone events) correctly.

The way the test fetches the addresses of the instructions is by stepi-ing
its way through the fork/vfork/clone functions until it finds a match for
a syscall. Then it stepi's once again to get the address of the next
instruction.

This assumes that stepi-ing over a syscall is working correctly and landing
in the right PC. This is not the case for AArch64/Linux, where we're
landing a couple instructions after the syscall in some cases.

The following patch lets the test execute as before, but adds a new instruction
address check using the x command as opposed to stepi.

I didn't want to change how the test works since we may also be
interested in checking if stepi-ing over the syscall under different
conditions (displaced stepping on/off) yields the same results.

Second
--

FAIL: gdb.base/step-over-syscall.exp: vfork: displaced=off: continue to vfork (3rd time) (the program exited)
FAIL: gdb.base/step-over-syscall.exp: vfork: displaced=off: continue to syscall insn vfork (the program is no longer running)
FAIL: gdb.base/step-over-syscall.exp: vfork: displaced=off: single step over vfork (the program is no longer running)

Depending on the glibc version we may have different code generated for the
fork/vfork/clone functions.

I ran into the situation where vfork for newer glibc's on AArch64/Linux is
very short, so "break vfork" will put a breakpoint right at the syscall
instruction, which is something the testcase isn't expecting (a off-by-1
of sorts).

The patch adds extra code to handle this case. If the test detects we're
already sitting at a syscall instruction, it records the address and moves
on to record the address after that particular instruction.

Another measure is to "break *$syscall" instead of "break $syscall". That
guarantees we're stopping at the first instruction of the syscall function,
if it ever happens that the syscall instruction is the first instruction of
those functions.

With these changes i can fix some failures for aarch64-linux-gnu and also
expose the problems i've reported here:

https://sourceware.org/ml/gdb-patches/2019-12/msg01071.html

These tests now fail for aarch64-linux-gnu (patch for this is going through
reviews):

FAIL: gdb.base/step-over-syscall.exp: vfork: displaced=off: pc after stepi matches insn addr after syscall
FAIL: gdb.base/step-over-syscall.exp: vfork: displaced=on: pc after stepi matches insn addr after syscall

gdb/testsuite/ChangeLog:

2020-01-24 Luis Machado <luis.machado@linaro.org>

* gdb.base/step-over-syscall.exp (setup): Check if we're already
sitting at a syscall instruction when we hit the syscall function's
breakpoint.
Check PC against one obtained with the x command.
(step_over_syscall): Don't continue to the syscall instruction if
we're already there.
---
gdb/testsuite/gdb.base/step-over-syscall.exp | 91 ++++++++++++++------
1 file changed, 64 insertions(+), 27 deletions(-)

--
2.17.1

Comments

Simon Marchi Jan. 24, 2020, 5:15 p.m. UTC | #1

On 2020-01-24 11:35 a.m., Luis Machado wrote:
> New in v2:

> 

> - Set initial values to -1 instead of 0.

> - Rewrote RE to prevent unexpected matching when parsing one character at a

>   time.

> - Used gdb_assert for an additional check.

> - Validated with check-read1

> 

> Simon,

> 

> I did some research on checking the syscall numbers to make sure we're calling

> the right syscall, but there seems to be considerable variation in terms of

> what registers are used to pass the syscall number and also the syscall

> number itself.


I would expect it to have exactly one register and one syscall number per architecture.

> For example, aarch64 seems to use clone for fork/vfork, but arm does not. The

> syscall number comes in through w0, but it also gets passed via x8 if it goes

> into the kernel.


So when we are stopped about to execute the svc instruction, the value should
be in x8, that's the one we would care about.

> Given the added complexity and the fact that the test is already breaking into

> fork/vfork/clone, i think we can be reasonably sure that we are invoking the

> right syscall. What do you think? Any other ideas?


Yeah, it's probably overkill, forget about that.

> @@ -75,39 +76,70 @@ proc setup { syscall } {

>      # Hit the breakpoint on $syscall for the second time.  In this time,

>      # the address of syscall insn and next insn of syscall are recorded.

>  

> -    gdb_test "display/i \$pc" ".*"

> -

> -    # Single step until we see a syscall insn or we reach the

> -    # upper bound of loop iterations.

> -    set msg "find syscall insn in $syscall"

> -    set steps 0

> -    set max_steps 1000

> -    gdb_test_multiple "stepi" $msg {

> -	-re ".*$syscall_insn.*$gdb_prompt $" {

> -	    pass $msg

> +    # Check if the first instruction we stopped at is the syscall one.

> +    set syscall_insn_addr -1

> +    set test "fetch first stop pc"

> +    gdb_test_multiple "display/i \$pc" $test {

> +	-re "display/i .*: x/i .*=> ($hex) .*:.*$syscall_insn.*$gdb_prompt $" {

> +	    set syscall_insn_addr $expect_out(1,string)

> +	    pass $test

>  	}

> -	-re "x/i .*=>.*\r\n$gdb_prompt $" {

> -	    incr steps

> -	    if {$steps == $max_steps} {

> -		fail $msg

> -	    } else {

> -		send_gdb "stepi\n"

> -		exp_continue

> +	-re ".*$gdb_prompt $" {

> +	    pass $test

> +	}

> +    }


Instead of setting the test variable, you can now just pass the test name to
gdb_test_multiple and access it inside the callbacks as $gdb_test_name.  See
commit:

gdb/testsuite: Add gdb_test_name variable
3d63690a0316d92cf248542ee12a3fc8b30152ea

The patch LGTM with that fixed.

Simon

diff --git a/gdb/testsuite/gdb.base/step-over-syscall.exp b/gdb/testsuite/gdb.base/step-over-syscall.exp
index b373c169c0..8e75ec92e5 100644
--- a/gdb/testsuite/gdb.base/step-over-syscall.exp
+++ b/gdb/testsuite/gdb.base/step-over-syscall.exp
@@ -46,7 +46,8 @@  proc_with_prefix check_pc_after_cross_syscall { syscall syscall_insn_next_addr }
 
 proc setup { syscall } {
     global gdb_prompt syscall_insn
-
+    global hex
+    set next_insn_addr -1
     set testfile "step-over-$syscall"
 
     clean_restart $testfile
@@ -62,7 +63,7 @@  proc setup { syscall } {
     gdb_test_no_output "set displaced-stepping off" \
 	"set displaced-stepping off during test setup"
 
-    gdb_test "break $syscall" "Breakpoint \[0-9\]* at .*"
+    gdb_test "break \*$syscall" "Breakpoint \[0-9\]* at .*"
 
     gdb_test "continue" "Continuing\\..*Breakpoint \[0-9\]+, (.* in |__libc_|)$syscall \\(\\).*" \
 	"continue to $syscall (1st time)"
@@ -75,39 +76,70 @@  proc setup { syscall } {
     # Hit the breakpoint on $syscall for the second time.  In this time,
     # the address of syscall insn and next insn of syscall are recorded.
 
-    gdb_test "display/i \$pc" ".*"
-
-    # Single step until we see a syscall insn or we reach the
-    # upper bound of loop iterations.
-    set msg "find syscall insn in $syscall"
-    set steps 0
-    set max_steps 1000
-    gdb_test_multiple "stepi" $msg {
-	-re ".*$syscall_insn.*$gdb_prompt $" {
-	    pass $msg
+    # Check if the first instruction we stopped at is the syscall one.
+    set syscall_insn_addr -1
+    set test "fetch first stop pc"
+    gdb_test_multiple "display/i \$pc" $test {
+	-re "display/i .*: x/i .*=> ($hex) .*:.*$syscall_insn.*$gdb_prompt $" {
+	    set syscall_insn_addr $expect_out(1,string)
+	    pass $test
 	}
-	-re "x/i .*=>.*\r\n$gdb_prompt $" {
-	    incr steps
-	    if {$steps == $max_steps} {
-		fail $msg
-	    } else {
-		send_gdb "stepi\n"
-		exp_continue
+	-re ".*$gdb_prompt $" {
+	    pass $test
+	}
+    }
+
+    # If we are not at the syscall instruction yet, keep looking for it with
+    # stepi commands.
+    if {$syscall_insn_addr == -1} {
+	# Single step until we see a syscall insn or we reach the
+	# upper bound of loop iterations.
+	set msg "find syscall insn in $syscall"
+	set steps 0
+	set max_steps 1000
+	gdb_test_multiple "stepi" $msg {
+	    -re ".*$syscall_insn.*$gdb_prompt $" {
+		pass $test
+	    }
+	    -re "x/i .*=>.*\r\n$gdb_prompt $" {
+		incr steps
+		if {$steps == $max_steps} {
+		    fail $msg
+		} else {
+		    send_gdb "stepi\n"
+		    exp_continue
+		}
 	    }
 	}
+
+	if {$steps == $max_steps} {
+	    return { -1, -1 }
+	}
     }
 
-    if {$steps == $max_steps} {
-	return { -1, -1 }
+    # We have found the syscall instruction.  Now record the next instruction.
+    # Use the X command instead of stepi since we can't guarantee
+    # stepi is working properly.
+    set test "pc before/after syscall instruction"
+    gdb_test_multiple "x/2i \$pc" $test {
+	-re "x/2i .*=> ($hex) .*:.*$syscall_insn.* ($hex) .*:.*$gdb_prompt $" {
+	    set syscall_insn_addr $expect_out(1,string)
+	    set next_insn_addr $expect_out(3,string)
+	    pass $test
+	}
     }
 
-    set syscall_insn_addr [get_hexadecimal_valueof "\$pc" "0" \
-			       "pc before stepi"]
     if {[gdb_test "stepi" "x/i .*=>.*" "stepi $syscall insn"] != 0} {
 	return { -1, -1 }
     }
-    return [list $syscall_insn_addr [get_hexadecimal_valueof "\$pc" \
-					 "0" "pc after stepi"]]
+
+    set pc_after_stepi [get_hexadecimal_valueof "\$pc" "0" \
+			    "pc after stepi"]
+
+    gdb_assert {$next_insn_addr == $pc_after_stepi} \
+	"pc after stepi matches insn addr after syscall"
+
+    return [list $syscall_insn_addr $pc_after_stepi]
 }
 
 proc step_over_syscall { syscall } {
@@ -156,8 +188,13 @@  proc step_over_syscall { syscall } {
 		}
 	    }
 
-	    gdb_test "continue" "Continuing\\..*Breakpoint \[0-9\]+, .*" \
-		"continue to syscall insn $syscall"
+	    # Check if the syscall breakpoint is at the syscall instruction
+	    # address.  If so, no need to continue, otherwise we will run the
+	    # inferior to completion.
+	    if {$syscall_insn_addr != [get_hexadecimal_valueof "\$pc" "0"]} {
+		gdb_test "continue" "Continuing\\..*Breakpoint \[0-9\]+, .*" \
+		    "continue to syscall insn $syscall"
+	    }
 
 	    gdb_test_no_output "set displaced-stepping $displaced"

[v2] Harden gdb.base/step-over-syscall.exp

Commit Message

Comments

Patch