debugging 2013- sune vuorela

SIGSEGVSIGSEGV

Sune VuorelaSune Vuorela

Debugging | København | Oktober 2013

2013-10-26 sune.vuorela.dk 2

Ego - job


Ego


Ego

● C++● Java● Shell● Make● C#

● KDevelop● Gdb● Valgrind● Git● Eclipse


SIGSEGV

● $ ./kode ● Segmentation fault●


SIGSEGV


App


App

● git://anongit.kde.org/scratch/sune/sigsegv.git● http://quickgit.kde.org/?

p=scratch/sune/sigsegv.git●


Få fat i backtrace

● gdb ./app● gdb ./app corefile● gdb –args ./app -foo -bar


Corefiler

● Ulimit -c unlimited● Lander i PWD med mindre ...● mkdir /cores● chmod 777 /cores● echo /cores/core.%e.%p >

/proc/sys/kernel/core_pattern


gdb

● Program received signal SIGSEGV, Segmentation fault.

● ....● 109 Q_ASSERT(d);● (gdb) backtrace● (gdb) bt●


Backtrace● #0 0x0000000000406b66 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::operator-> (this=0x8) at /usr/include/qt5/QtCore/qscopedpointer.h:109● #1 0x0000000000406b50 in QObject::parent (this=0x0) at /usr/include/qt5/QtCore/qobject.h:386● #2 0x0000000000406b28 in DereferenceNullPointer::execute (this=0x6adeb0) at /home/sune/projects/sigsegv/kode/dereferencenullpointer.cpp:38● #3 0x00000000004080b8 in QtPrivate::FunctionPointer<void (TestCase::*)()>::call<void, void> (f=&virtual table offset 96, o=0x6adeb0, arg=0x7fffffffd390) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:142● #4 0x0000000000408005 in QtPrivate::QSlotObject<void (TestCase::*)(), void, void>::impl (which=1, this_=0x667960, r=0x6adeb0, a=0x7fffffffd390, ret=0x0) at /usr/include/qt5/QtCore/qobject_impl.h:147● #5 0x00007ffff6baedd3 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #6 0x00007ffff7a60da2 in QAbstractButton::clicked(bool) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #7 0x00007ffff77fa756 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #8 0x00007ffff77fb26e in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #9 0x00007ffff77fb3e4 in QAbstractButton::mouseReleaseEvent(QMouseEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #10 0x00007ffff7740b99 in QWidget::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #11 0x00007ffff7706f1c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #12 0x00007ffff770c879 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #13 0x00007ffff6b8974d in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #14 0x00007ffff770aba1 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #15 0x00007ffff775c8cf in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #16 0x00007ffff775e5e3 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #17 0x00007ffff7706f1c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #18 0x00007ffff770c006 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #19 0x00007ffff6b8974d in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #20 0x00007ffff70887a7 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5● #21 0x00007ffff708a2a5 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5● #22 0x00007ffff70749e8 in QWindowSystemInterface::sendWindowSystemEventsImplementation(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5● #23 0x00007ffff105a4a0 in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so● #24 0x00007ffff5662f25 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0● #25 0x00007ffff5663268 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0● #26 0x00007ffff5663324 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0● #27 0x00007ffff6bd05fc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #28 0x00007ffff6b8849b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #29 0x00007ffff6b8ea21 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #30 0x0000000000406cee in main (argc=1, argv=0x7fffffffe188) at /home/sune/projects/sigsegv/kode/main.cpp:15●


Backtrace

● (gdb) bt● #0 0x0000000000406b66 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData>

>::operator-> (this=0x8) at /usr/include/qt5/QtCore/qscopedpointer.h:109● #1 0x0000000000406b50 in QObject::parent (this=0x0) at /usr/include/qt5/QtCore/qobject.h:386● #2 0x0000000000406b28 in DereferenceNullPointer::execute (this=0x6adeb0) at

/home/sune/projects/sigsegv/kode/dereferencenullpointer.cpp:38● #3 0x00000000004080b8 in QtPrivate::FunctionPointer<void (TestCase::*)()>::call<void, void> (f=&virtual

table offset 96, o=0x6adeb0, arg=0x7fffffffd390) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:142●


Backtrace

● #2 0x0000000000406b28 in DereferenceNullPointer::execute (this=0x6adeb0) at /home/sune/projects/sigsegv/kode/dereferencenullpointer.cpp:38


Kode

● 36 while(true) {● 37 if(!tmp); {● 38 tmp = tmp->parent();● 39 continue;● 40 }● 41 break;● 42 }


Status

Set gdb

Læst og forstået backtrace

Parret med kode


Mere crash

● DereferenceDeletedPointer::execute at /home/sune/projects/sigsegv/kode/dereferencedeletedpointer.cpp:44

●


Kode

● 43 if(m_obj) {● 44 m_obj->length();● 45 }


Valgrind

● Use of uninitialised value of size 8● at 0x406A67: QString::length() const

(qstring.h:735)● by 0x406A54:

DereferenceDeletedPointer::execute() (dereferencedeletedpointer.cpp:44)

●


Mere valgrind

● Invalid read of size 4● at 0x406A67: QString::length() const (qstring.h:735)● by 0x406A54: DereferenceDeletedPointer::execute() (dereferencedeletedpointer.cpp:44)●

● Address 0x10c7b044 is 4 bytes inside a block of size 34 free'd● at 0x4C2AADC: free (vg_replace_malloc.c:446)● by 0x406909: QTypedArrayData<unsigned short>::deallocate(QArrayData*) (qarraydata.h:230)● by 0x4068B2: QString::~QString() (in /home/sune/projects/sigsegv/kode/build/kode)● by 0x406A12: DereferenceDeletedPointer::putDataIn() (dereferencedeletedpointer.cpp:37)● by 0x406A37: DereferenceDeletedPointer::execute() (dereferencedeletedpointer.cpp:42)●


Mere kode

● 35 void DereferenceDeletedPointer::putDataIn() {● 36 QString tmp("foo");● 37 m_obj = &tmp;● 38 } ● 41 void DereferenceDeletedPointer::execute() {● 42 putDataIn();● 43 if(m_obj) {● 44 m_obj->length();● 45 }● 46 }


Simple crash 3

● #0 0x0000000000000000 in ?? ()● #1 0x0000000000406805 in DeletePointer::execute

(this=0x665160) at /home/sune/projects/sigsegv/kode/deletepointer.cpp:36

● #2 0x00000000004080c4 in QtPrivate::FunctionPointer<void (TestCase::*)()>::call<void, void> (f=&virtual table offset 96, o=0x665160, arg=0x7fffffffd390) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:142


Kode 3

● 34 void DeletePointer::execute() {● 35 if ( m_pointer ) {● 36 delete m_pointer;● 37 }● 38 }


Mere valgrind

● ==26581== Invalid read of size 8● ==26581== at 0x4067EE: DeletePointer::execute()

(deletepointer.cpp:36)● ==26581== Address 0x10e240a0 is 0 bytes inside a

block of size 16 free'd● ==26581== at 0x4C2A60C: operator delete(void*)

(vg_replace_malloc.c:480)● ==26581== by 0x406804: DeletePointer::execute()

(deletepointer.cpp:36)●


Status

Set gdb


Parret med kode

Set valgrind


List

● BrokenList::execute (this=0x6ced20) at /home/sune/projects/sigsegv/kode/brokenlist.cpp:57


Kode

● 54 MyList* first = generateList(10);● 55 MyList* current = first;● 56 while(current->next) {● 57 current = current->next;● 58 }


Breakpoints

● (gdb) break file.c:27● (gdb) break myfunction● (gdb) break MyClass::myFunction(int)●

● (gdb) print variablenavn●

● (gdb) continue


Debugger

(gdb) b brokenlist.cpp:57Breakpoint 1, BrokenList::execute (this=0x6d18d0) at /home/sune/projects/sigsegv/kode/brokenlist.cpp:5757 current = current->next;(gdb) p current$1 = (MyList *) 0x6f8ea0(gdb) p current->next$2 = (MyList *) 0x8000b0(gdb) cContinuing.

Breakpoint 1, BrokenList::execute (this=0x6d18d0) at /home/sune/projects/sigsegv/kode/brokenlist.cpp:5757 current = current->next;


Status

Set gdb


Parret med kode

Set valgrind

Breakpoints og print i gdb


Gdb ignore

● (gdb) b brokenlist.cpp:57● Breakpoint 1 at 0x406fa8: file

/home/sune/projects/sigsegv/kode/brokenlist.cpp, line 57.

● (gdb) ignore 1 8● Will ignore next 8 crossings of breakpoint 1.


Locals

● (gdb) info locals● first = 0x7ff2c0● current = 0xfeeefeee●

● (gdb) up 4● (gdb) down 4


GDB conditions

● gdb) b brokenlist.cpp:57● Breakpoint 1 at 0x406fa8: file

/home/sune/projects/sigsegv/kode/brokenlist.cpp, line 57.● (gdb) condition 1 current->next == (MyList *)0xfeeefeee● (gdb) c● Continuing.● Breakpoint 1, BrokenList::execute (this=0x6ced20) at

/home/sune/projects/sigsegv/kode/brokenlist.cpp:57● 57 current = current->next;● (gdb) p current->next● $2 = (MyList *) 0xfeeefeee


Status

Set gdb


Parret med kode

Set valgrind

Breakpoints og print i gdb

Conditional breakpoints, locals


Gdb stepping

● (gdb) next -- kører til næste linje i filen●

● (gdb) step – træder ind i funktionenn●

● (gdb) finish – kører funktionen færdig


Minisegfault

● $ echo -n "main;" > fil.c● $ gcc fil.c● fil.c:1:1: warning: data definition has no type

or storage class [enabled by default]● $ ./a.out● Segmentation fault


Mere

● Valgrind –db-attach=yes ./kode●

● Gdb: tbreak – temporary breakpoint●

● Gdb: record - reverse-next

Tak

Spørgsmål?

sune@{vuorela.dk,debian.org,kde.org}

debugging 2013- sune vuorela

Technology