[Python-checkins] bpo-32962: Fix test_gdb failure in debug build with -mcet -fcf-protection -O0 (GH-9656)

Miss Islington (bot) webhook-mailer at python.org
Tue Oct 9 11:20:45 EDT 2018

commit: 25bfb1aa75c8358becdab11142954c8ee9c3607f
branch: 3.6
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2018-10-09T08:20:38-07:00

bpo-32962: Fix test_gdb failure in debug build with -mcet -fcf-protection -O0 (GH-9656)

When Python is built with the intel control-flow protection flags,
-mcet -fcf-protection, gdb is not able to read the stack without
actually jumping inside the function. This means an extra
'next' command is required to make the $pc (program counter)
enter the function and make the stack of the function exposed to gdb.

Co-Authored-By: Marcel Plch <gmarcel.plch at gmail.com>

(cherry picked from commit 9b7c74ca32d1bec7128d550a9ab1b2ddc7046287)
(cherry picked from commit 79d21331e605fdc941f947621846b8563485aab6)

Co-authored-by: Victor Stinner <vstinner at redhat.com>

A Misc/NEWS.d/next/Tests/2018-05-10-16-59-15.bpo-32962.S-rcIN.rst
M Lib/test/test_gdb.py

diff --git a/Lib/test/test_gdb.py b/Lib/test/test_gdb.py
index bedec1fb493a..b33d007acbdf 100644
--- a/Lib/test/test_gdb.py
+++ b/Lib/test/test_gdb.py
@@ -60,6 +60,23 @@ def get_gdb_version():
+def cet_protection():
+    cflags = sysconfig.get_config_var('CFLAGS')
+    if not cflags:
+        return False
+    flags = cflags.split()
+    # True if "-mcet -fcf-protection" options are found, but false
+    # if "-fcf-protection=none" or "-fcf-protection=return" is found.
+    return (('-mcet' in flags)
+            and any((flag.startswith('-fcf-protection')
+                     and not flag.endswith(("=none", "=return")))
+                    for flag in flags))
+# Control-flow enforcement technology
+CET_PROTECTION = cet_protection()
 def run_gdb(*args, **env_vars):
     """Runs gdb in --batch mode with the additional arguments given by *args.
@@ -168,6 +185,12 @@ def get_stack_trace(self, source=None, script=None,
             commands += ['set print entry-values no']
         if cmds_after_breakpoint:
+            if CET_PROTECTION:
+                # bpo-32962: When Python is compiled with -mcet
+                # -fcf-protection, function arguments are unusable before
+                # running the first instruction of the function entry point.
+                # The 'next' command makes the required first step.
+                commands += ['next']
             commands += cmds_after_breakpoint
             commands += ['backtrace']
@@ -868,9 +891,17 @@ def __init__(self):
             id("first break point")
             l = MyList()
+        cmds_after_breakpoint = ['break wrapper_call', 'continue']
+        if CET_PROTECTION:
+            # bpo-32962: same case as in get_stack_trace():
+            # we need an additional 'next' command in order to read
+            # arguments of the innermost function of the call stack.
+            cmds_after_breakpoint.append('next')
+        cmds_after_breakpoint.append('py-bt')
         # Verify with "py-bt":
         gdb_output = self.get_stack_trace(cmd,
-                                          cmds_after_breakpoint=['break wrapper_call', 'continue', 'py-bt'])
+                                          cmds_after_breakpoint=cmds_after_breakpoint)
                          r"<method-wrapper u?'__init__' of MyList object at ")
diff --git a/Misc/NEWS.d/next/Tests/2018-05-10-16-59-15.bpo-32962.S-rcIN.rst b/Misc/NEWS.d/next/Tests/2018-05-10-16-59-15.bpo-32962.S-rcIN.rst
new file mode 100644
index 000000000000..97328ebafe6e
--- /dev/null
+++ b/Misc/NEWS.d/next/Tests/2018-05-10-16-59-15.bpo-32962.S-rcIN.rst
@@ -0,0 +1 @@
+Fixed test_gdb when Python is compiled with flags -mcet -fcf-protection -O0.

More information about the Python-checkins mailing list