[RFAv2] Implement show | set may-call-functions [on|off]
Commit Message
Inferior function calls are powerful but might lead to undesired
results such as crashes when calling nested functions (frequently
used in particular in Ada).
This implements a GDB setting to disable calling inferior functions.
Note: the idea is that if/when the 'slash command' patch is pushed,
that this setting can be changed e.g. by using the shortcut /c.
This is version 2 of the patch. It handles all the received comments,
mostly replace 'can-call' by 'may-call', and avoid using
'inferior function call' in factor of 'calling function in the program'.
2019-04-26 Philippe Waroquiers <philippe.waroquiers@skynet.be>
gdb/ChangeLog
* NEWS: Mention the new set|show may-call-functions.
* infcall.c (may_call_functions_p): New variable.
(show_may_call_functions_p): New function.
(call_function_by_hand_dummy): Throws an error if not
may-call-functions.
(_initialize_infcall): Call add_setshow_boolean_cmd for
may-call-functions.
gdb/testsuite/ChangeLog
* gdb.base/callexit.exp: Test may-call-functions off.
gdb/doc/ChangeLog
* gdb.texinfo (Calling): Document the new
set|show may-call-functions.
---
gdb/NEWS | 12 ++++++++++++
gdb/doc/gdb.texinfo | 22 ++++++++++++++++++++++
gdb/infcall.c | 26 ++++++++++++++++++++++++++
gdb/testsuite/gdb.base/callexit.exp | 7 +++++++
4 files changed, 67 insertions(+)
Comments
> From: Philippe Waroquiers <philippe.waroquiers@skynet.be>
> Cc: Philippe Waroquiers <philippe.waroquiers@skynet.be>
> Date: Fri, 26 Apr 2019 23:34:50 +0200
>
> gdb/ChangeLog
> * NEWS: Mention the new set|show may-call-functions.
> * infcall.c (may_call_functions_p): New variable.
> (show_may_call_functions_p): New function.
> (call_function_by_hand_dummy): Throws an error if not
> may-call-functions.
> (_initialize_infcall): Call add_setshow_boolean_cmd for
> may-call-functions.
>
> gdb/testsuite/ChangeLog
> * gdb.base/callexit.exp: Test may-call-functions off.
>
> gdb/doc/ChangeLog
> * gdb.texinfo (Calling): Document the new
> set|show may-call-functions.
OK for the documentation parts, thanks.
On 4/26/19 10:34 PM, Philippe Waroquiers wrote:
> Inferior function calls are powerful but might lead to undesired
> results such as crashes when calling nested functions (frequently
> used in particular in Ada).
>
> This implements a GDB setting to disable calling inferior functions.
>
> Note: the idea is that if/when the 'slash command' patch is pushed,
> that this setting can be changed e.g. by using the shortcut /c.
>
> This is version 2 of the patch. It handles all the received comments,
> mostly replace 'can-call' by 'may-call', and avoid using
> 'inferior function call' in factor of 'calling function in the program'.
>
Thanks. I like this version a lot better.
Some nits below. LGTM with those fixed.
>
> +* New commands
> +
> +set may-call-functions [on|off]
> +show may-call-functions
> + This controls whether GDB will attempt to call functions in
> + the program, such as with expressions in print command. It
"in print command" doesn't sound right to me.
Either "in print", or "in THE print command" would be good, I think.
> + defaults to on. Calling functions in the program being debugged
> + can have undesired side effects. It is now possible to forbid
> + such function calls. If function calls are forbidden, GDB will throw
> + an error when a command (such as print an expression) calls a function
"such as printING an expression" ? or (such as print EXPRESSION) if you
want to keep it short.
> + in the program.
> +
> *** Changes in GDB 8.3
>
> * GDB and GDBserver now support access to additional registers on
> diff --git a/gdb/doc/gdb.texinfo b/gdb/doc/gdb.texinfo
> index 0733e1acfd..2e4affd6c4 100644
> --- a/gdb/doc/gdb.texinfo
> +++ b/gdb/doc/gdb.texinfo
> @@ -18693,6 +18693,28 @@ the default C@t{++} exception handler and the inferior terminated.
> Show the current setting of stack unwinding in the functions called by
> @value{GDBN}.
>
> +@item set may-call-functions
> +@kindex set may-call-functions
> +@cindex disabling calling functions in the program
> +@cindex calling functions in the program, disabling
> +Set permission to call functions in the program.
> +This controls whether @value{GDBN} will attempt to call functions in
> +the program, such as with expressions in @code{print}. It
in the @code{print} command.
> +defaults to @code{on}.
> +
> +To call a function in the program, @value{GDBN} has to temporarily
> +modify the state of the inferior. This has potentially undesired side
> +effects. Also, having @value{GDBN} call nested functions is likely to
> +be erroneous and may even crash the program being debugged. You can
> +avoid such hazards by forbidding @value{GDBN} from calling functions
> +in the program being debugged. If calling functions in the program
> +are forbidden,
s/are forbidden/is forbidden/
(calling functions ... is forbidden)
> GDB will throw an error when a command (such as print
> +an expression) starts a function call in the program.
"such as printING an expression" ?
Or:
"such as print @var{expression}"
Thanks,
Pedro Alves
On Sat, 2019-04-27 at 11:40 +0100, Pedro Alves wrote:
> On 4/26/19 10:34 PM, Philippe Waroquiers wrote:
> > Inferior function calls are powerful but might lead to undesired
> > results such as crashes when calling nested functions (frequently
> > used in particular in Ada).
> >
> > This implements a GDB setting to disable calling inferior functions.
> >
> > Note: the idea is that if/when the 'slash command' patch is pushed,
> > that this setting can be changed e.g. by using the shortcut /c.
> >
> > This is version 2 of the patch. It handles all the received comments,
> > mostly replace 'can-call' by 'may-call', and avoid using
> > 'inferior function call' in factor of 'calling function in the program'.
> >
>
> Thanks. I like this version a lot better.
>
> Some nits below. LGTM with those fixed.
Thanks for the reviews. Pushed after applying the fixes.
Philippe
@@ -27,6 +27,18 @@
'array_indexes', 'symbols', 'unions', 'deref_refs', 'actual_objects',
'static_members', 'max_elements', 'repeat_threshold', and 'format'.
+* New commands
+
+set may-call-functions [on|off]
+show may-call-functions
+ This controls whether GDB will attempt to call functions in
+ the program, such as with expressions in print command. It
+ defaults to on. Calling functions in the program being debugged
+ can have undesired side effects. It is now possible to forbid
+ such function calls. If function calls are forbidden, GDB will throw
+ an error when a command (such as print an expression) calls a function
+ in the program.
+
*** Changes in GDB 8.3
* GDB and GDBserver now support access to additional registers on
@@ -18693,6 +18693,28 @@ the default C@t{++} exception handler and the inferior terminated.
Show the current setting of stack unwinding in the functions called by
@value{GDBN}.
+@item set may-call-functions
+@kindex set may-call-functions
+@cindex disabling calling functions in the program
+@cindex calling functions in the program, disabling
+Set permission to call functions in the program.
+This controls whether @value{GDBN} will attempt to call functions in
+the program, such as with expressions in @code{print}. It
+defaults to @code{on}.
+
+To call a function in the program, @value{GDBN} has to temporarily
+modify the state of the inferior. This has potentially undesired side
+effects. Also, having @value{GDBN} call nested functions is likely to
+be erroneous and may even crash the program being debugged. You can
+avoid such hazards by forbidding @value{GDBN} from calling functions
+in the program being debugged. If calling functions in the program
+are forbidden, GDB will throw an error when a command (such as print
+an expression) starts a function call in the program.
+
+@item show may-call-functions
+@kindex show may-call-functions
+Show permission to call functions in the program.
+
@end table
@subsection Calling functions with no debug info
@@ -55,6 +55,17 @@
asynchronous inferior function call implementation, and that in
turn means restructuring the code so that it is event driven. */
+static int may_call_functions_p = 1;
+static void
+show_may_call_functions_p (struct ui_file *file, int from_tty,
+ struct cmd_list_element *c,
+ const char *value)
+{
+ fprintf_filtered (file,
+ _("Permission to call functions in the program is %s.\n"),
+ value);
+}
+
/* How you should pass arguments to a function depends on whether it
was defined in K&R style or prototype style. If you define a
function using the K&R syntax that takes a `float' argument, then
@@ -708,6 +719,10 @@ call_function_by_hand_dummy (struct value *function,
struct gdb_exception e;
char name_buf[RAW_FUNCTION_ADDRESS_SIZE];
+ if (!may_call_functions_p)
+ error (_("Cannot call functions in the program: "
+ "may-call-functions is off."));
+
if (!target_has_execution)
noprocess ();
@@ -1359,6 +1374,17 @@ When the function is done executing, GDB will silently stop."),
void
_initialize_infcall (void)
{
+ add_setshow_boolean_cmd ("may-call-functions", no_class,
+ &may_call_functions_p, _("\
+Set permission to call functions in the program."), _("\
+Show permission to call functions in the program."), _("\
+When this permission is on, GDB may call functions in the program.\n\
+Otherwise, any sort of attempt to call a function in the program\n\
+will result in an error."),
+ NULL,
+ show_may_call_functions_p,
+ &setlist, &showlist);
+
add_setshow_boolean_cmd ("coerce-float-to-double", class_obscure,
&coerce_float_to_double_p, _("\
Set coercion of floats to doubles when calling functions."), _("\
@@ -37,6 +37,13 @@ if { ![runto_main] } {
return 0
}
+# Verify set may-call-functions behaviour.
+gdb_test_no_output "set may-call-functions off"
+gdb_test "call callexit()" \
+ "Cannot call functions in the program: may-call-functions is off." \
+ "inferior function call refused in off state"
+gdb_test_no_output "set may-call-functions on"
+
# Call function (causing the program to exit), and see if gdb handles
# it properly.
gdb_test "call callexit()" \