rust-gdb segfaults when tab completing.

[VorpalBlade]

I tried to debug this code (created with cargo new dummy) using rust-gdb:

fn main() {
    println!("Hello, world!");
}

I expected to see this happen: Rust-gdb to not crash

Instead, this happened:

❯ rust-gdb --nh target/debug/dummy
GNU gdb (GDB) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from target/debug/dummy...
(gdb) break i<tab>

This results in gdb crashing as follows:

terminate called after throwing an instance of 'std::length_error'
  what():  basic_string::_M_replace


Fatal signal: Aborted
----- Backtrace -----
0x564f2970dd7b ???
0x564f2981c218 ???
0x7fd5dd051f4f ???
0x7fd5dd0a08ec ???
0x7fd5dd051ea7 ???
0x7fd5dd03b53c ???
0x7fd5dd29a832 _ZN9__gnu_cxx27__verbose_terminate_handlerEv
	/usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/vterminate.cc:95
0x7fd5dd2a6d0b _ZN10__cxxabiv111__terminateEPFvvE
	/usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:48
0x7fd5dd2a5cc9 __cxa_call_terminate
	/usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_call.cc:54
0x7fd5dd2a6449 __gxx_personality_v0
	/usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_personality.cc:688
0x7fd5dd9da6e3 _Unwind_RaiseException_Phase2
	/usr/src/debug/gcc/gcc/libgcc/unwind.inc:64
0x7fd5dd9db15c _Unwind_Resume
	/usr/src/debug/gcc/gcc/libgcc/unwind.inc:242
0x564f29655fa5 ???
0x564f29769239 ???
0x564f2976c189 ???
0x564f2976e9ab ???
0x7fd5ddc931a9 ???
0x7fd5ddc98f9c ???
0x7fd5ddc9042f ???
0x7fd5ddc91247 ???
0x7fd5ddcb1405 ???
0x564f2981f183 ???
0x564f2981f303 ???
0x564f2982092f ???
0x564f29ba1e2d ???
0x564f29bf35c9 ???
0x564f2991e4d4 ???
0x564f29679654 ???
0x7fd5dd03c78f ???
0x7fd5dd03c849 ???
0x564f29680ab4 ???
0xffffffffffffffff ???
---------------------
A fatal error internal to GDB has been detected, further
debugging is not possible.  GDB will now terminate.

This is a bug, please report it.  For instructions, see:
<https://www.gnu.org/software/gdb/bugs/>.

zsh: IOT instruction (core dumped)  rust-gdb --nh target/debug/dummy

This happens on any rust project. C/C++ code works fine.

Meta

rustc --version --verbose:

rustc 1.67.1 (d5a82bbd2 2023-02-07)
binary: rustc
commit-hash: d5a82bbd26e1ad8b7401f6a718a9c57c96905483
commit-date: 2023-02-07
host: x86_64-unknown-linux-gnu
release: 1.67.1
LLVM version: 15.0.6

The exact same thing happens with +nightly:

rustc 1.70.0-nightly (f63ccaf25 2023-03-06)
binary: rustc
commit-hash: f63ccaf25f74151a5d8ce057904cd944074b01d2
commit-date: 2023-03-06
host: x86_64-unknown-linux-gnu
release: 1.70.0-nightly
LLVM version: 15.0.7

Rust-gdb appears to be wrapping the system gdb:

$ rust-gdb --version                                                                                
GNU gdb (GDB) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

OS: Arch Linux.

[VorpalBlade]

I ran gdb on itself and got this backtrace in the end:

#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007ffff70a0953 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007ffff7051ea8 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff703b53d in __GI_abort () at abort.c:79
#4  0x00007ffff729a833 in __gnu_cxx::__verbose_terminate_handler () at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/vterminate.cc:95
#5  0x00007ffff72a6d0c in __cxxabiv1::__terminate (handler=<optimized out>) at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:48
#6  0x00007ffff72a5cca in __cxa_call_terminate (ue_header=0x55555616efb0) at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_call.cc:54
#7  0x00007ffff72a644a in __cxxabiv1::__gxx_personality_v0 (version=<optimized out>, actions=6, exception_class=5138137972254386944, ue_header=<optimized out>, context=0x7fffffffc910)
    at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_personality.cc:688
#8  0x00007ffff7a216e4 in _Unwind_RaiseException_Phase2 (exc=exc@entry=0x55555616efb0, context=context@entry=0x7fffffffc910, frames_p=frames_p@entry=0x7fffffffc818)
    at /usr/src/debug/gcc/gcc/libgcc/unwind.inc:64
#9  0x00007ffff7a2215d in _Unwind_Resume (exc=exc@entry=0x55555616efb0) at /usr/src/debug/gcc/gcc/libgcc/unwind.inc:242
#10 0x000055555560ffa6 in location_completer (ignore=<optimized out>, tracker=..., text=<optimized out>) at ../../gdb/completer.c:766
#11 0x000055555572323a in complete_line_internal_1 (tracker=..., text=<optimized out>, line_buffer=<optimized out>, point=<optimized out>, reason=<optimized out>)
    at ../../gdb/completer.c:1438
#12 0x000055555572618a in complete_line_internal (tracker=..., text=<optimized out>, line_buffer=<optimized out>, point=<optimized out>, reason=<optimized out>) at ../../gdb/completer.c:1457
#13 0x00005555557289ac in gdb_completion_word_break_characters_throw () at ../../gdb/completer.c:1907
#14 gdb_completion_word_break_characters () at ../../gdb/completer.c:1945
#15 0x00007ffff7d921aa in _rl_find_completion_word (fp=fp@entry=0x7fffffffce18, dp=dp@entry=0x7fffffffce1c) at ../complete.c:1091
#16 0x00007ffff7d97f9d in rl_complete_internal (what_to_do=9) at ../complete.c:2027
#17 0x00007ffff7d8f430 in _rl_dispatch_subseq (key=9, map=<optimized out>, got_subseq=0) at ../readline.c:916
#18 0x00007ffff7d8f9c6 in _rl_dispatch (key=<optimized out>, map=<optimized out>) at ../readline.c:860
#19 0x00007ffff7d90248 in readline_internal_char () at ../readline.c:675
#20 0x00007ffff7db0406 in rl_callback_read_char () at ../callback.c:272
#21 0x00005555557d9184 in gdb_rl_callback_read_char_wrapper_noexcept () at ../../gdb/event-top.c:188
#22 0x00005555557d9304 in gdb_rl_callback_read_char_wrapper (client_data=<optimized out>) at ../../gdb/event-top.c:221
#23 0x00005555557da930 in stdin_event_handler (error=<optimized out>, client_data=0x555555f2c2f0) at ../../gdb/event-top.c:541
#24 0x0000555555b5be2e in gdb_wait_for_event (block=<optimized out>) at ../gdbsupport/../../gdbsupport/event-loop.cc:716
#25 0x0000555555bad5ca in gdb_do_one_event(int) [clone .constprop.0] (mstimeout=-1) at ../gdbsupport/../../gdbsupport/event-loop.cc:264
#26 0x00005555558d84d5 in start_event_loop () at ../../gdb/main.c:411
#27 captured_command_loop () at ../../gdb/main.c:471
#28 0x0000555555633655 in captured_main (data=0x7fffffffd070) at ../../gdb/main.c:1330
#29 gdb_main (args=0x7fffffffd070) at ../../gdb/main.c:1345
#30 main (argc=<optimized out>, argv=<optimized out>) at ../../gdb/gdb.c:32

[VorpalBlade]

Seems like this might be a gdb bug (not sure, could be something wrong in the debug info gdb generates), so I created a gdb bug as well: https://sourceware.org/bugzilla/show_bug.cgi?id=30211

Also, it matters which letter I try to tab complete. E.g i<tab> crashes but not m<tab>...

[workingjubilee]

rust-gdb is a thin wrapper around gdb so it is likely this is a gdb bug, however the bug may have been a "trusting user input, and Rust emitted malformed input" issue, so it seems plausible it's a shared responsibility.

( tagging wg-debugging on the assumption they want to be tagged on issues like this. )

[cuviper]

From that issue, note that GDB has been fixed on its master branch.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6e7eef72164c00d6a5a7b0bce9fa01f5481f33cb

My read on the comments is that the only blame on Rust was the decision to use "_Z" in our mangling, which will go away with v0 mangling. I don't think there's any action on our part.