Post on 19-May-2015
description
SIGSEGVSIGSEGV
Sune VuorelaSune Vuorela
Debugging | København | Oktober 2013
2013-10-26 sune.vuorela.dk 2
Ego - job
2013-10-26 sune.vuorela.dk 3
Ego
2013-10-26 sune.vuorela.dk 4
Ego
● C++● Java● Shell● Make● C#
● KDevelop● Gdb● Valgrind● Git● Eclipse
2013-10-26 sune.vuorela.dk 5
SIGSEGV
● $ ./kode ● Segmentation fault●
2013-10-26 sune.vuorela.dk 6
SIGSEGV
2013-10-26 sune.vuorela.dk 7
App
2013-10-26 sune.vuorela.dk 8
App
● git://anongit.kde.org/scratch/sune/sigsegv.git● http://quickgit.kde.org/?
p=scratch/sune/sigsegv.git●
2013-10-26 sune.vuorela.dk 9
Få fat i backtrace
● gdb ./app● gdb ./app corefile● gdb –args ./app -foo -bar
2013-10-26 sune.vuorela.dk 10
Corefiler
● Ulimit -c unlimited● Lander i PWD med mindre ...● mkdir /cores● chmod 777 /cores● echo /cores/core.%e.%p >
/proc/sys/kernel/core_pattern
2013-10-26 sune.vuorela.dk 11
gdb
● Program received signal SIGSEGV, Segmentation fault.
● ....● 109 Q_ASSERT(d);● (gdb) backtrace● (gdb) bt●
2013-10-26 sune.vuorela.dk 12
Backtrace● #0 0x0000000000406b66 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::operator-> (this=0x8) at /usr/include/qt5/QtCore/qscopedpointer.h:109● #1 0x0000000000406b50 in QObject::parent (this=0x0) at /usr/include/qt5/QtCore/qobject.h:386● #2 0x0000000000406b28 in DereferenceNullPointer::execute (this=0x6adeb0) at /home/sune/projects/sigsegv/kode/dereferencenullpointer.cpp:38● #3 0x00000000004080b8 in QtPrivate::FunctionPointer<void (TestCase::*)()>::call<void, void> (f=&virtual table offset 96, o=0x6adeb0, arg=0x7fffffffd390) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:142● #4 0x0000000000408005 in QtPrivate::QSlotObject<void (TestCase::*)(), void, void>::impl (which=1, this_=0x667960, r=0x6adeb0, a=0x7fffffffd390, ret=0x0) at /usr/include/qt5/QtCore/qobject_impl.h:147● #5 0x00007ffff6baedd3 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #6 0x00007ffff7a60da2 in QAbstractButton::clicked(bool) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #7 0x00007ffff77fa756 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #8 0x00007ffff77fb26e in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #9 0x00007ffff77fb3e4 in QAbstractButton::mouseReleaseEvent(QMouseEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #10 0x00007ffff7740b99 in QWidget::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #11 0x00007ffff7706f1c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #12 0x00007ffff770c879 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #13 0x00007ffff6b8974d in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #14 0x00007ffff770aba1 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #15 0x00007ffff775c8cf in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #16 0x00007ffff775e5e3 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #17 0x00007ffff7706f1c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #18 0x00007ffff770c006 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5● #19 0x00007ffff6b8974d in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #20 0x00007ffff70887a7 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5● #21 0x00007ffff708a2a5 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5● #22 0x00007ffff70749e8 in QWindowSystemInterface::sendWindowSystemEventsImplementation(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5● #23 0x00007ffff105a4a0 in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so● #24 0x00007ffff5662f25 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0● #25 0x00007ffff5663268 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0● #26 0x00007ffff5663324 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0● #27 0x00007ffff6bd05fc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #28 0x00007ffff6b8849b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #29 0x00007ffff6b8ea21 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5● #30 0x0000000000406cee in main (argc=1, argv=0x7fffffffe188) at /home/sune/projects/sigsegv/kode/main.cpp:15●
2013-10-26 sune.vuorela.dk 13
Backtrace
● (gdb) bt● #0 0x0000000000406b66 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData>
>::operator-> (this=0x8) at /usr/include/qt5/QtCore/qscopedpointer.h:109● #1 0x0000000000406b50 in QObject::parent (this=0x0) at /usr/include/qt5/QtCore/qobject.h:386● #2 0x0000000000406b28 in DereferenceNullPointer::execute (this=0x6adeb0) at
/home/sune/projects/sigsegv/kode/dereferencenullpointer.cpp:38● #3 0x00000000004080b8 in QtPrivate::FunctionPointer<void (TestCase::*)()>::call<void, void> (f=&virtual
table offset 96, o=0x6adeb0, arg=0x7fffffffd390) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:142●
2013-10-26 sune.vuorela.dk 14
Backtrace
● #2 0x0000000000406b28 in DereferenceNullPointer::execute (this=0x6adeb0) at /home/sune/projects/sigsegv/kode/dereferencenullpointer.cpp:38
2013-10-26 sune.vuorela.dk 15
Kode
● 36 while(true) {● 37 if(!tmp); {● 38 tmp = tmp->parent();● 39 continue;● 40 }● 41 break;● 42 }
2013-10-26 sune.vuorela.dk 16
Status
Set gdb
Læst og forstået backtrace
Parret med kode
2013-10-26 sune.vuorela.dk 17
Mere crash
● DereferenceDeletedPointer::execute at /home/sune/projects/sigsegv/kode/dereferencedeletedpointer.cpp:44
●
2013-10-26 sune.vuorela.dk 18
Kode
● 43 if(m_obj) {● 44 m_obj->length();● 45 }
2013-10-26 sune.vuorela.dk 19
Valgrind
● Use of uninitialised value of size 8● at 0x406A67: QString::length() const
(qstring.h:735)● by 0x406A54:
DereferenceDeletedPointer::execute() (dereferencedeletedpointer.cpp:44)
●
2013-10-26 sune.vuorela.dk 20
Mere valgrind
● Invalid read of size 4● at 0x406A67: QString::length() const (qstring.h:735)● by 0x406A54: DereferenceDeletedPointer::execute() (dereferencedeletedpointer.cpp:44)●
● Address 0x10c7b044 is 4 bytes inside a block of size 34 free'd● at 0x4C2AADC: free (vg_replace_malloc.c:446)● by 0x406909: QTypedArrayData<unsigned short>::deallocate(QArrayData*) (qarraydata.h:230)● by 0x4068B2: QString::~QString() (in /home/sune/projects/sigsegv/kode/build/kode)● by 0x406A12: DereferenceDeletedPointer::putDataIn() (dereferencedeletedpointer.cpp:37)● by 0x406A37: DereferenceDeletedPointer::execute() (dereferencedeletedpointer.cpp:42)●
2013-10-26 sune.vuorela.dk 21
Mere kode
● 35 void DereferenceDeletedPointer::putDataIn() {● 36 QString tmp("foo");● 37 m_obj = &tmp;● 38 } ● 41 void DereferenceDeletedPointer::execute() {● 42 putDataIn();● 43 if(m_obj) {● 44 m_obj->length();● 45 }● 46 }
2013-10-26 sune.vuorela.dk 22
Simple crash 3
● #0 0x0000000000000000 in ?? ()● #1 0x0000000000406805 in DeletePointer::execute
(this=0x665160) at /home/sune/projects/sigsegv/kode/deletepointer.cpp:36
● #2 0x00000000004080c4 in QtPrivate::FunctionPointer<void (TestCase::*)()>::call<void, void> (f=&virtual table offset 96, o=0x665160, arg=0x7fffffffd390) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:142
2013-10-26 sune.vuorela.dk 23
Kode 3
● 34 void DeletePointer::execute() {● 35 if ( m_pointer ) {● 36 delete m_pointer;● 37 }● 38 }
2013-10-26 sune.vuorela.dk 24
Mere valgrind
● ==26581== Invalid read of size 8● ==26581== at 0x4067EE: DeletePointer::execute()
(deletepointer.cpp:36)● ==26581== Address 0x10e240a0 is 0 bytes inside a
block of size 16 free'd● ==26581== at 0x4C2A60C: operator delete(void*)
(vg_replace_malloc.c:480)● ==26581== by 0x406804: DeletePointer::execute()
(deletepointer.cpp:36)●
2013-10-26 sune.vuorela.dk 25
Status
Set gdb
Læst og forstået backtrace
Parret med kode
Set valgrind
2013-10-26 sune.vuorela.dk 26
List
● BrokenList::execute (this=0x6ced20) at /home/sune/projects/sigsegv/kode/brokenlist.cpp:57
2013-10-26 sune.vuorela.dk 27
Kode
● 54 MyList* first = generateList(10);● 55 MyList* current = first;● 56 while(current->next) {● 57 current = current->next;● 58 }
2013-10-26 sune.vuorela.dk 28
Breakpoints
● (gdb) break file.c:27● (gdb) break myfunction● (gdb) break MyClass::myFunction(int)●
● (gdb) print variablenavn●
● (gdb) continue
2013-10-26 sune.vuorela.dk 29
Debugger
(gdb) b brokenlist.cpp:57Breakpoint 1, BrokenList::execute (this=0x6d18d0) at /home/sune/projects/sigsegv/kode/brokenlist.cpp:5757 current = current->next;(gdb) p current$1 = (MyList *) 0x6f8ea0(gdb) p current->next$2 = (MyList *) 0x8000b0(gdb) cContinuing.
Breakpoint 1, BrokenList::execute (this=0x6d18d0) at /home/sune/projects/sigsegv/kode/brokenlist.cpp:5757 current = current->next;
2013-10-26 sune.vuorela.dk 30
Status
Set gdb
Læst og forstået backtrace
Parret med kode
Set valgrind
Breakpoints og print i gdb
2013-10-26 sune.vuorela.dk 31
Gdb ignore
● (gdb) b brokenlist.cpp:57● Breakpoint 1 at 0x406fa8: file
/home/sune/projects/sigsegv/kode/brokenlist.cpp, line 57.
● (gdb) ignore 1 8● Will ignore next 8 crossings of breakpoint 1.
2013-10-26 sune.vuorela.dk 32
Locals
● (gdb) info locals● first = 0x7ff2c0● current = 0xfeeefeee●
● (gdb) up 4● (gdb) down 4
2013-10-26 sune.vuorela.dk 33
GDB conditions
● gdb) b brokenlist.cpp:57● Breakpoint 1 at 0x406fa8: file
/home/sune/projects/sigsegv/kode/brokenlist.cpp, line 57.● (gdb) condition 1 current->next == (MyList *)0xfeeefeee● (gdb) c● Continuing.● Breakpoint 1, BrokenList::execute (this=0x6ced20) at
/home/sune/projects/sigsegv/kode/brokenlist.cpp:57● 57 current = current->next;● (gdb) p current->next● $2 = (MyList *) 0xfeeefeee
2013-10-26 sune.vuorela.dk 34
Status
Set gdb
Læst og forstået backtrace
Parret med kode
Set valgrind
Breakpoints og print i gdb
Conditional breakpoints, locals
2013-10-26 sune.vuorela.dk 35
Gdb stepping
● (gdb) next -- kører til næste linje i filen●
● (gdb) step – træder ind i funktionenn●
● (gdb) finish – kører funktionen færdig
2013-10-26 sune.vuorela.dk 36
Minisegfault
● $ echo -n "main;" > fil.c● $ gcc fil.c● fil.c:1:1: warning: data definition has no type
or storage class [enabled by default]● $ ./a.out● Segmentation fault
2013-10-26 sune.vuorela.dk 37
Mere
● Valgrind –db-attach=yes ./kode●
● Gdb: tbreak – temporary breakpoint●
● Gdb: record - reverse-next
Tak
Spørgsmål?
sune@{vuorela.dk,debian.org,kde.org}