[rpms/gdb] gdb-17.2-rebase-f44: Workaround crashes from stale frame_info pointer (BZ 804256).

[Jan Kratochvil <jan.kratochvil@redhat.com>]

A new commit has been pushed.

Repo   : rpms/gdb
Branch : gdb-17.2-rebase-f44
Commit : fbf39fd05fd4700fcc6c578fa84efe4a26c0f339
Author : Jan Kratochvil <jan.kratochvil@redhat.com>
Date   : 2012-04-04T21:56:56+02:00
Stats  : +182/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/gdb/c/fbf39fd05fd4700fcc6c578fa84efe4a26c0f339?branch=gdb-17.2-rebase-f44

Log:
Workaround crashes from stale frame_info pointer (BZ 804256).

---
diff --git a/gdb-stale-frame_info.patch b/gdb-stale-frame_info.patch
new file mode 100644
index 0000000..59f8ea1
--- /dev/null
+++ b/gdb-stale-frame_info.patch
@@ -0,0 +1,174 @@
+http://sourceware.org/ml/gdb-patches/2012-04/msg00058.html
+Subject: [downstream patch FYI] workaround stale frame_info * (PR 13866)
+
+Hi,
+
+I did not look at which commit caused this regression but apparently it was
+introduced at least with multi-inferiors.
+
+I understand this fix is not right fix of the crash; but in most GDB cases one
+does not use multi-inferior so why to regress single-inferior by it.
+Some more simple solutions still fix the single-inferior mode but they
+regressed the multi-inferior mode
+	gdb.threads/no-unwaited-for-left.exp
+	gdb.multi/base.exp
+so I had to put there that sorting magic.
+
+With proper C++ sanity check of stale live frame_info references the testcase
+would be simple without the "frame_garbage_collection" reproducer below.
+It is also reproducible just with valgrind but regularly running the whole
+testsuite under valgrind I did not find feasible.
+
+No regressions on {x86_64,x86_64-m32,i686}-fedora17-linux-gnu.
+
+
+Thanks,
+Jan
+
+
+gdb/
+2012-04-04  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	Workaround PR backtrace/13866.
+	* progspace.c (switch_to_program_space_and_thread): Try not to call
+	switch_to_thread.
+
+--- a/gdb/progspace.c
++++ b/gdb/progspace.c
+@@ -481,17 +481,28 @@ save_current_space_and_thread (void)
+ void
+ switch_to_program_space_and_thread (struct program_space *pspace)
+ {
+-  struct inferior *inf;
++  struct inferior *inf = current_inferior ();
+ 
+-  inf = find_inferior_for_program_space (pspace);
++  if (inf->pspace != pspace)
++    inf = find_inferior_for_program_space (pspace);
+   if (inf != NULL)
+     {
+-      struct thread_info *tp;
++      struct thread_info *tp, *current_tp = NULL;
++
++      if (ptid_get_pid (inferior_ptid) == inf->pid)
++	current_tp = find_thread_ptid (inferior_ptid);
+ 
+       tp = any_live_thread_of_process (inf->pid);
+       if (tp != NULL)
+ 	{
+-	  switch_to_thread (tp->ptid);
++	  /* Prefer primarily thread not THREAD_EXITED and secondarily thread
++	     not EXECUTING.  */
++	  if (current_tp == NULL
++	      || (tp->state != THREAD_EXITED
++		  && current_tp->state == THREAD_EXITED)
++	      || (!tp->executing && current_tp->executing))
++	    switch_to_thread (tp->ptid);
++
+ 	  /* Switching thread switches pspace implicitly.  We're
+ 	     done.  */
+ 	  return;
+
+
+Reproducer with:
+./gdb -nx ~/t/thread -ex 'b 24' -ex r -ex 'until 25'
+Breakpoint 1, main () at /home/jkratoch/t/thread.c:24
+24	  v++;
+Segmentation fault (core dumped)
+
+#include <pthread.h>
+#include <assert.h>
+#include <unistd.h>
+
+static int v;
+
+static void *start (void *arg)
+{
+  v++;
+  v++;
+  v++;
+  v++;
+  sleep (100);
+  return arg;
+}
+
+int main (void)
+{
+  pthread_t thread1;
+  int i;
+
+  i = pthread_create (&thread1, NULL, start, NULL);
+  assert (i == 0);
+  v++;
+  v++;
+  v++;
+  v++;
+  i = pthread_join (thread1, NULL);
+  assert (i == 0);
+
+  return 0;
+}
+### --- a/gdb/frame.c
+### +++ b/gdb/frame.c
+### @@ -1522,12 +1522,30 @@ frame_observer_target_changed (struct target_ops *target)
+###    reinit_frame_cache ();
+###  }
+###  
+### +typedef struct obstack obstack_s;
+### +DEF_VEC_O (obstack_s);
+### +static VEC (obstack_s) *frame_poison_vec;
+### +
+### +void frame_garbage_collection (void);
+### +void
+### +frame_garbage_collection (void)
+### +{
+### +  struct obstack *obstack_p;
+### +  int ix;
+### +
+### +  for (ix = 0; VEC_iterate (obstack_s, frame_poison_vec, ix, obstack_p); ix++)
+### +    obstack_free (obstack_p, 0);
+### +
+### +  VEC_free (obstack_s, frame_poison_vec);
+### +  frame_poison_vec = NULL;
+### +}
+### +
+###  /* Flush the entire frame cache.  */
+###  
+###  void
+###  reinit_frame_cache (void)
+###  {
+### -  struct frame_info *fi;
+### +  struct frame_info *fi, *fi_prev;
+###  
+###    /* Tear down all frame caches.  */
+###    for (fi = current_frame; fi != NULL; fi = fi->prev)
+### @@ -1538,8 +1556,14 @@ reinit_frame_cache (void)
+###  	fi->base->unwind->dealloc_cache (fi, fi->base_cache);
+###      }
+###  
+### +  for (fi = current_frame; fi != NULL; fi = fi_prev)
+### +    {
+### +      fi_prev = fi->prev;
+### +      memset (fi, 0, sizeof (*fi));
+### +    }
+### +  VEC_safe_push (obstack_s, frame_poison_vec, &frame_cache_obstack);
+### +
+###    /* Since we can't really be sure what the first object allocated was.  */
+### -  obstack_free (&frame_cache_obstack, 0);
+###    obstack_init (&frame_cache_obstack);
+###  
+###    if (current_frame != NULL)
+### --- a/gdb/top.c
+### +++ b/gdb/top.c
+### @@ -359,6 +359,11 @@ prepare_execute_command (void)
+###    if (non_stop)
+###      target_dcache_invalidate ();
+###  
+### +  {
+### +    extern void frame_garbage_collection (void);
+### +    frame_garbage_collection ();
+### +  }
+### +
+###    return cleanup;
+###  }
+###  

diff --git a/gdb.spec b/gdb.spec
index bc470aa..faad53e 100644
--- a/gdb.spec
+++ b/gdb.spec
@@ -33,7 +33,7 @@ Version: 7.4.50.%{snap}
 
 # The release always contains a leading reserved number, start it at 1.
 # `upstream' is not a part of `name' to stay fully rpm dependencies compatible for the testing.
-Release: 37%{?dist}
+Release: 38%{?dist}
 
 License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and BSD and Public Domain
 Group: Development/Debuggers
@@ -579,6 +579,9 @@ Patch656: gdb-die-cu-offset-2of2.patch
 # [vla] Fix regression on no type for subrange from IBM XLF Fortran (BZ 806920).
 Patch660: gdb-subrange-no-type.patch
 
+# Workaround crashes from stale frame_info pointer (BZ 804256).
+Patch661: gdb-stale-frame_info.patch
+
 %if 0%{!?rhel:1} || 0%{?rhel} > 6
 # RL_STATE_FEDORA_GDB would not be found for:
 # Patch642: gdb-readline62-ask-more-rh.patch
@@ -869,6 +872,7 @@ rm -f gdb/jv-exp.c gdb/m2-exp.c gdb/objc-exp.c gdb/p-exp.c
 %patch655 -p1
 %patch656 -p1
 %patch660 -p1
+%patch661 -p1
 
 %patch393 -p1
 %if 0%{!?el5:1} || 0%{?scl:1}
@@ -1348,6 +1352,9 @@ fi
 %endif # 0%{!?el5:1} || "%{_target_cpu}" == "noarch"
 
 %changelog
+* Wed Apr  4 2012 Jan Kratochvil <jan.kratochvil@redhat.com> - 7.4.50.20120120-38.fc17
+- Workaround crashes from stale frame_info pointer (BZ 804256).
+
 * Wed Apr  4 2012 Jan Kratochvil <jan.kratochvil@redhat.com> - 7.4.50.20120120-37.fc17
 - testsuite: Fix break-interp.exp expections for updated glibc (BZ 752834).