This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [RFC][PR 67336][PING^6] Verify pointers during stack unwind

From: Yury Gribov <tetra2005 dot patches at gmail dot com>
To: Jeff Law <law at redhat dot com>, Jakub Jelinek <jakub at redhat dot com>
Cc: Yuri Gribov <tetra2005 at gmail dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Ian Lance Taylor <ian at airs dot com>, Andrew Pinski <pinskia at gmail dot com>
Date: Wed, 2 Aug 2017 21:39:02 +0100
Subject: Re: [RFC][PR 67336][PING^6] Verify pointers during stack unwind
Authentication-results: sourceware.org; auth=none
References: <CAJOtW+4_FR+1zBiTvL_EBN7NGj-S9=7cR5Qsm560P7XsyLfFzA@mail.gmail.com> <96fda4ab-0c92-96ea-1993-5c235b1a8b03@redhat.com> <20170802184706.GO2123@tucnak> <0145b4fc-c15e-be6d-164d-d3a284e82079@redhat.com>

On 02.08.2017 20:02, Jeff Law wrote:

On 08/02/2017 12:47 PM, Jakub Jelinek wrote:

On Wed, Aug 02, 2017 at 12:38:13PM -0600, Jeff Law wrote:

On 07/17/2017 01:23 AM, Yuri Gribov wrote:

I've rebased the previous patch to trunk per Andrew's suggestion.
Original patch description/motivation/questions are in
https://gcc.gnu.org/ml/gcc-patches/2017-06/msg01869.html

Is his stuff used for exception handling?  If so, doesn't that make the
performance a significant concern (ie that msync call?)


For the performance issue, I wonder if it wouldn't be better to just
compile the unwinder twice, basically include everything needed for the
verification backtrace in a single *.c file with special defines, and
not export anything from that *.o file except the single entrypoint.
That would also handle the ABI problems.

Yea.

Given that the vast majority of the time the addresses are valid, I
wonder if we could take advantage of that property to keep the overhead
lower in the most common cases.

For the concurrent calls of other threads unmapping stacks of running
threads (that is where most of the verification goes against), I'm afraid
that is simply non-solveable, even if you don't cache anything, it will
still be racy.

Absolutely -- I think solving this stuff 100% reliably without races
isn't possible.  I think the question is can we make this significantly
better.


All,

First of all, thanks for the feedback. This is indeed not a 100% robustsolution, just something to allow tools like Asan to produce more sanebacktraces on crash (currently when stack is corrupted they would crashin the unwinder without printing at least partial backtrace).

I probly put this aside for now given that people in community don'tfind it too useful. Should I close PR 67336 then?


> Something like setup a signal handler when we first start unwinding that
> flags the error and tear it down when we're done unwinding?    Obviously
> we can't do setup/tear down each time for each address.  Anyway, just
> thinking outloud here...

Hm, I think I could sigsetjmp for SIGSEGV/SIGBUS before calling unwinderand then

* siglongjmp back on error (if signal is caught in unwinding thread)
* call users handler (for all other threads)

It's not clear how this is going to work in presense of nested signalsthough. I could clear sigprocmask during execution of safe unwinding toprevent them but this sounds too gross...

-Y

Follow-Ups:
- Re: [RFC][PR 67336][PING^6] Verify pointers during stack unwind
  - From: H.J. Lu

References:
- Re: [RFC][PR 67336][PING^6] Verify pointers during stack unwind
  - From: Jeff Law
- Re: [RFC][PR 67336][PING^6] Verify pointers during stack unwind
  - From: Jakub Jelinek
- Re: [RFC][PR 67336][PING^6] Verify pointers during stack unwind
  - From: Jeff Law

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]