This is the mail archive of the gdb-cvs@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[binutils-gdb] Add missing incref when creating Inferior Python object


https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72bc1d246686ff38ef01f5a35769ebdbe39f023c

commit 72bc1d246686ff38ef01f5a35769ebdbe39f023c
Author: Simon Marchi <simon.marchi@ericsson.com>
Date:   Thu Apr 27 17:03:20 2017 -0400

    Add missing incref when creating Inferior Python object
    
    The test py-inferior.exp fails when using a debug build of Python 3.6.  I don't
    see it failing with my system's default Python, but it might be related to the
    different memory allocation scheme used when doing a build with pydebug.
    
    The issue is that we are missing a Py_INCREF in
    inferior_to_inferior_object.  The PyObject_New function initializes the
    object with a refcount of 1.  If we assume that this refcount
    corresponds to the reference we are returning, then we are missing an
    incref for the reference in the inferior data.
    
    The counterpart for the incref that corresponds to the reference in the
    inferior data is in py_free_inferior, in the form the gdbpy_ref instance.
    
    Here's how I can get it to crash (with some debug output):
    
      $ ./gdb -nx -ex "set debug python 1"
      (gdb) add-inferior
      Added inferior 2
      (gdb) python infs = gdb.inferiors()
      Creating Python Inferior object inf = 1
      Creating Python Inferior object inf = 2
      (gdb) remove-inferiors 2
      py_free_inferior inf = 2
      infpy_dealloc inf = <unknown>
      (gdb) python infs = None
      Fatal Python error: Objects/tupleobject.c:243 object at 0x7f9cf1a568d8 has negative ref count -1
    
      Current thread 0x00007f9cf1b68780 (most recent call first):
        File "<string>", line 1 in <module>
      [1]    408 abort (core dumped)  ./gdb -nx -ex "set debug python 1"
    
    After having created the inferiors object, their refcount is 1 (which
    comes from PyObject_New), but it should be two.  The gdb inferior object
    has a reference and the "infs" list has a reference.
    
    When invoking remove-inferiors, py_free_inferior gets called.  It does
    the decref that corresponds to the reference that the gdb inferior
    object kept.  At this moment, the refcount drops to 0 and the object
    gets deallocated, even though the "infs" list still has a reference.
    When we set "infs" to None, Python tries to decref the already zero
    refcount and the assert triggers.
    
    With this patch, it looks better:
    
      (gdb) add-inferior
      Added inferior 2
      (gdb) python infs = gdb.inferiors()
      Creating Python Inferior object inf = 1
      Creating Python Inferior object inf = 2
      (gdb) remove-inferiors 2
      py_free_inferior inf = 2
      (gdb) python infs = None
      infpy_dealloc inf = <unknown>
    
    gdb/ChangeLog:
    
    	* python/py-inferior.c (inferior_to_inferior_object): Increment reference
    	count when creating the object.

Diff:
---
 gdb/ChangeLog            | 5 +++++
 gdb/python/py-inferior.c | 7 +++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 8381b8e..9179abf 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2017-04-27  Simon Marchi  <simon.marchi@ericsson.com>
+
+	* python/py-inferior.c (inferior_to_inferior_object): Increment reference
+	count when creating the object.
+
 2017-04-27  Sangamesh Mallayya  <sangamesh.swamy@in.ibm.com>
 	    Ulrich Weigand  <uweigand@de.ibm.com>
 
diff --git a/gdb/python/py-inferior.c b/gdb/python/py-inferior.c
index 3d2cb1d..f6a24a0 100644
--- a/gdb/python/py-inferior.c
+++ b/gdb/python/py-inferior.c
@@ -223,11 +223,14 @@ inferior_to_inferior_object (struct inferior *inferior)
       inf_obj->threads = NULL;
       inf_obj->nthreads = 0;
 
+      /* PyObject_New initializes the new object with a refcount of 1.  This
+	 counts for the reference we are keeping in the inferior data.  */
       set_inferior_data (inferior, infpy_inf_data_key, inf_obj);
 
     }
-  else
-    Py_INCREF ((PyObject *)inf_obj);
+
+  /* We are returning a new reference.  */
+  Py_INCREF ((PyObject *)inf_obj);
 
   return (PyObject *) inf_obj;
 }


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]