Debugging- for rigtige programmører

1. SIGSEGV
Sune Vuorela
Debugging | København | Oktober 2013

2. Ego - job
2013-10-26
sune.vuorela.dk
2

3. Ego
2013-10-26
sune.vuorela.dk
3

4. Ego
●
C++
●
KDevelop
●
Java
●
Gdb
●
Shell
●
Valgrind
●
Make
●
Git
●
C#
●
Eclipse
2013-10-26
sune.vuorela.dk
4

5. SIGSEGV
●
$ ./kode
●
Segmentation fault
●
2013-10-26
sune.vuorela.dk
5

6. SIGSEGV
2013-10-26
sune.vuorela.dk
6

7. App
2013-10-26
sune.vuorela.dk
7

8. App
●
●
git://anongit.kde.org/scratch/sune/sigsegv.git
http://quickgit.kde.org/?
p=scratch/sune/sigsegv.git
●
2013-10-26
sune.vuorela.dk
8

9. Få fat i backtrace
●
gdb ./app
●
gdb ./app corefile
●
gdb –args ./app -foo -bar
2013-10-26
sune.vuorela.dk
9

10. Corefiler
●
Ulimit -c unlimited
●
Lander i PWD med mindre ...
●
mkdir /cores
●
chmod 777 /cores
●
echo /cores/core.%e.%p >
/proc/sys/kernel/core_pattern
2013-10-26
sune.vuorela.dk
10

11. gdb
●
Program received signal SIGSEGV,
Segmentation fault.
●
....
●
109
●
(gdb) backtrace
●
(gdb) bt
Q_ASSERT(d);
●
2013-10-26
sune.vuorela.dk
11

12. Backtrace
●
#0 0x0000000000406b66 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::operator-> (this=0x8) at /usr/include/qt5/QtCore/qscopedpointer.h:109
●
#1 0x0000000000406b50 in QObject::parent (this=0x0) at /usr/include/qt5/QtCore/qobject.h:386
●
#2 0x0000000000406b28 in DereferenceNullPointer::execute (this=0x6adeb0) at /home/sune/projects/sigsegv/kode/dereferencenullpointer.cpp:38
●
#3 0x00000000004080b8 in QtPrivate::FunctionPointer<void (TestCase::*)()>::call<void, void> (f=&virtual table offset 96, o=0x6adeb0, arg=0x7fffffffd390) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:142
●
#4 0x0000000000408005 in QtPrivate::QSlotObject<void (TestCase::*)(), void, void>::impl (which=1, this_=0x667960, r=0x6adeb0, a=0x7fffffffd390, ret=0x0) at /usr/include/qt5/QtCore/qobject_impl.h:147
●
#5 0x00007ffff6baedd3 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
●
#6 0x00007ffff7a60da2 in QAbstractButton::clicked(bool) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#7 0x00007ffff77fa756 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#8 0x00007ffff77fb26e in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#9 0x00007ffff77fb3e4 in QAbstractButton::mouseReleaseEvent(QMouseEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#10 0x00007ffff7740b99 in QWidget::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#11 0x00007ffff7706f1c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#12 0x00007ffff770c879 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#13 0x00007ffff6b8974d in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
●
#14 0x00007ffff770aba1 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#15 0x00007ffff775c8cf in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#16 0x00007ffff775e5e3 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#17 0x00007ffff7706f1c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#18 0x00007ffff770c006 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
●
#19 0x00007ffff6b8974d in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
●
#20 0x00007ffff70887a7 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
●
#21 0x00007ffff708a2a5 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
●
#22 0x00007ffff70749e8 in QWindowSystemInterface::sendWindowSystemEventsImplementation(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
●
#23 0x00007ffff105a4a0 in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so
●
#24 0x00007ffff5662f25 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
●
#25 0x00007ffff5663268 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
●
#26 0x00007ffff5663324 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
●
#27 0x00007ffff6bd05fc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
●
#28 0x00007ffff6b8849b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
●
#29 0x00007ffff6b8ea21 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
●
#30 0x0000000000406cee in main (argc=1, argv=0x7fffffffe188) at /home/sune/projects/sigsegv/kode/main.cpp:15
●
2013-10-26
sune.vuorela.dk
12

13. Backtrace
●
●
●
●
●
(gdb) bt
#0 0x0000000000406b66 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData>
>::operator-> (this=0x8) at /usr/include/qt5/QtCore/qscopedpointer.h:109
#1 0x0000000000406b50 in QObject::parent (this=0x0) at /usr/include/qt5/QtCore/qobject.h:386
#2 0x0000000000406b28 in DereferenceNullPointer::execute (this=0x6adeb0) at
/home/sune/projects/sigsegv/kode/dereferencenullpointer.cpp:38
#3 0x00000000004080b8 in QtPrivate::FunctionPointer<void (TestCase::*)()>::call<void, void> (f=&virtual
table offset 96, o=0x6adeb0, arg=0x7fffffffd390) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:142
●
2013-10-26
sune.vuorela.dk
13

14. Backtrace
●
#2 0x0000000000406b28 in
DereferenceNullPointer::execute
(this=0x6adeb0) at
/home/sune/projects/sigsegv/kode/dereference
nullpointer.cpp:38
2013-10-26
sune.vuorela.dk
14

15. Kode
●
36
while(true) {
●
37
if(!tmp); {
●
38
tmp = tmp->parent();
●
39
continue;
●
40
}
●
41
break;
●
42
2013-10-26
}
sune.vuorela.dk
15

16. Status
Set gdb
Læst og forstået backtrace
Parret med kode
2013-10-26
sune.vuorela.dk
16

17. Mere crash
●
DereferenceDeletedPointer::execute at
/home/sune/projects/sigsegv/kode/dereferenced
eletedpointer.cpp:44
●
2013-10-26
sune.vuorela.dk
17

18. Kode
●
43
●
44
●
45
2013-10-26
if(m_obj) {
m_obj->length();
}
sune.vuorela.dk
18

19. Valgrind
●
●
●
Use of uninitialised value of size 8
at 0x406A67: QString::length() const
(qstring.h:735)
by 0x406A54:
DereferenceDeletedPointer::execute()
(dereferencedeletedpointer.cpp:44)
●
2013-10-26
sune.vuorela.dk
19

20. Mere valgrind
●
Invalid read of size 4
●
at 0x406A67: QString::length() const (qstring.h:735)
●
by 0x406A54: DereferenceDeletedPointer::execute() (dereferencedeletedpointer.cpp:44)
●
●
Address 0x10c7b044 is 4 bytes inside a block of size 34 free'd
●
at 0x4C2AADC: free (vg_replace_malloc.c:446)
●
by 0x406909: QTypedArrayData<unsigned short>::deallocate(QArrayData*) (qarraydata.h:230)
●
by 0x4068B2: QString::~QString() (in /home/sune/projects/sigsegv/kode/build/kode)
●
by 0x406A12: DereferenceDeletedPointer::putDataIn() (dereferencedeletedpointer.cpp:37)
●
by 0x406A37: DereferenceDeletedPointer::execute() (dereferencedeletedpointer.cpp:42)
●
2013-10-26
sune.vuorela.dk
20

21. Mere kode
●
35 void DereferenceDeletedPointer::putDataIn() {
●
36
QString tmp("foo");
●
37
m_obj = &tmp;
●
38 }
●
41 void DereferenceDeletedPointer::execute() {
●
42
putDataIn();
●
43
if(m_obj) {
●
44
●
45
●
46 }
2013-10-26
m_obj->length();
}
sune.vuorela.dk
21

22. Simple crash 3
●
●
●
#0 0x0000000000000000 in ?? ()
#1 0x0000000000406805 in DeletePointer::execute
(this=0x665160) at
/home/sune/projects/sigsegv/kode/deletepointer.cpp:3
6
#2 0x00000000004080c4 in
QtPrivate::FunctionPointer<void (TestCase::*)
()>::call<void, void> (f=&virtual table offset 96,
o=0x665160, arg=0x7fffffffd390) at
/usr/include/qt5/QtCore/qobjectdefs_impl.h:142
2013-10-26
sune.vuorela.dk
22

23. Kode 3
●
34 void DeletePointer::execute() {
●
35
●
36
●
37
●
38 }
2013-10-26
if ( m_pointer ) {
delete m_pointer;
}
sune.vuorela.dk
23

24. Mere valgrind
●
●
●
●
●
●
==26581== Invalid read of size 8
==26581== at 0x4067EE: DeletePointer::execute()
(deletepointer.cpp:36)
==26581== Address 0x10e240a0 is 0 bytes inside a
block of size 16 free'd
==26581== at 0x4C2A60C: operator delete(void*)
(vg_replace_malloc.c:480)
==26581== by 0x406804: DeletePointer::execute()
(deletepointer.cpp:36)
2013-10-26
sune.vuorela.dk
24

25. Status
Set gdb
Læst og forstået backtrace
Parret med kode
Set valgrind
2013-10-26
sune.vuorela.dk
25

26. List
●
BrokenList::execute (this=0x6ced20) at
/home/sune/projects/sigsegv/kode/brokenlist.cp
p:57
2013-10-26
sune.vuorela.dk
26

27. Kode
●
54
MyList* first = generateList(10);
●
55
MyList* current = first;
●
56
while(current->next) {
●
57
●
58
2013-10-26
current = current->next;
}
sune.vuorela.dk
27

28. Breakpoints
●
(gdb) break file.c:27
●
(gdb) break myfunction
●
(gdb) break MyClass::myFunction(int)
●
●
(gdb) print variablenavn
●
●
(gdb) continue
2013-10-26
sune.vuorela.dk
28

29. Debugger
(gdb) b brokenlist.cpp:57
Breakpoint 1, BrokenList::execute (this=0x6d18d0) at
/home/sune/projects/sigsegv/kode/brokenlist.cpp:57
57
current = current->next;
(gdb) p current
$1 = (MyList *) 0x6f8ea0
(gdb) p current->next
$2 = (MyList *) 0x8000b0
(gdb) c
Continuing.
Breakpoint 1, BrokenList::execute (this=0x6d18d0) at
/home/sune/projects/sigsegv/kode/brokenlist.cpp:57
57
current = current->next;
2013-10-26
sune.vuorela.dk
29

30. Status
Set gdb
Læst og forstået backtrace
Parret med kode
Set valgrind
Breakpoints og print i gdb
2013-10-26
sune.vuorela.dk
30

31. Gdb ignore
●
●
(gdb) b brokenlist.cpp:57
Breakpoint 1 at 0x406fa8: file
/home/sune/projects/sigsegv/kode/brokenlist.cp
p, line 57.
●
(gdb) ignore 1 8
●
Will ignore next 8 crossings of breakpoint 1.
2013-10-26
sune.vuorela.dk
31

32. Locals
●
(gdb) info locals
●
first = 0x7ff2c0
●
current = 0xfeeefeee
●
●
(gdb) up 4
●
(gdb) down 4
2013-10-26
sune.vuorela.dk
32

33. GDB conditions
●
●
gdb) b brokenlist.cpp:57
Breakpoint 1 at 0x406fa8: file
/home/sune/projects/sigsegv/kode/brokenlist.cpp, line 57.
●
(gdb) condition 1 current->next == (MyList *)0xfeeefeee
●
(gdb) c
●
Continuing.
●
Breakpoint 1, BrokenList::execute (this=0x6ced20) at
/home/sune/projects/sigsegv/kode/brokenlist.cpp:57
●
57
●
(gdb) p current->next
●
$2 = (MyList *) 0xfeeefeee
2013-10-26
current = current->next;
sune.vuorela.dk
33

34. Status
Set gdb
Læst og forstået backtrace
Parret med kode
Set valgrind
Breakpoints og print i gdb
Conditional breakpoints, locals
2013-10-26
sune.vuorela.dk
34

35. Gdb stepping
●
(gdb) next -- kører til næste linje i filen
●
●
(gdb) step – træder ind i funktionenn
●
●
(gdb) finish – kører funktionen færdig
2013-10-26
sune.vuorela.dk
35

36. Minisegfault
●
$ echo -n "main;" > fil.c
●
$ gcc fil.c
●
fil.c:1:1: warning: data definition has no type
or storage class [enabled by default]
●
$ ./a.out
●
Segmentation fault
2013-10-26
sune.vuorela.dk
36

37. Mere
●
Valgrind –db-attach=yes ./kode
●
●
Gdb: tbreak – temporary breakpoint
●
●
Gdb: record - reverse-next
2013-10-26
sune.vuorela.dk
37

38. Tak
Spørgsmål?
sune@{vuorela.dk,debian.org,kde.org}