Propagate GDB/C++ exceptions across readline using sj/lj-based TRY/CATCH

If we map GDB'S TRY/CATCH macros to C++ try/catch, GDB breaks on
systems where readline isn't built with exceptions support.  The
problem is that readline calls into GDB through the callback
interface, and if GDB's callback throws a C++ exception/error, the
system unwinder won't manage to unwind past the readline frame, and
ends up calling std::terminate(), which aborts the process:

 (gdb) whatever-command-that-causes-an-error
 terminate called after throwing an instance of 'gdb_exception_RETURN_MASK_ERROR'
 Aborted
 $

This went unnoticed for so long because:

- the x86-64 ABI requires -fasynchronous-unwind-tables, making it
  possible for exceptions to cross readline with no special handling.
  But e.g., on ARM or AIX, unless you build readline with
  -fexceptions, you trip on the problem.

- TRY/CATCH was mapped to setjmp/longjmp, even in C++ mode, until
  quite recently.

The fix is to catch and save any GDB exception that is thrown inside
the GDB readline callback, and then once the callback returns back to
the GDB code that called into readline in the first place, rethrow the
saved GDB exception.

This is similar in spirit to how we catch/map GDB exceptions at the
GDB/Python and GDB/Guile API boundaries.

The next question is then: if we intercept all exceptions within GDB's
readline callback, should we simply return normally to readline?  The
callback prototype has no way to signal an error back to readline (*).
The answer is no -- if we return normally, we'll be returning to a
loop inside rl_callback_read_char that continues processing pending
input, calling into GDB again, redisplaying the prompt, etc.  Thus if
we want to error out of rl_callback_read_char, we need to long jump
across it, just like we always did before TRY/CATCH were ever mapped
to C++ exceptions.

My first approach built a specialized API to handle this, with a
couple macros to hide the setjmp/longjmp and the struct gdb_exception
saving/rethrowing.

However, I realized that we need to:

 - Handle multiple active rl_callback_read_char invocations.  If,
   while processing input something triggers a secondary prompt, we
   end up in a nested rl_callback_read_char call, through
   gdb_readline_wrapper.

 - Propagate a struct gdb_exception along with the longjmp.

... and that this is exactly what the setjmp/longjmp-based TRY/CATCH
does.

So the fix makes the setjmp/longjmp TRY/CATCH always available under
new TRY_SJLJ/CATCH_SJLJ aliases, even when TRY/CATCH is mapped to C++
try/catch, and then uses TRY_SJLJ/CATCH_SJLJ to propagate GDB
exceptions across the readline callback.

This turns out to be a much better looking fix than my bespoke API
attempt, even.  We'll probably be able to simplify TRY_SJLJ/CATCH_SJLJ
when we finally get rid of TRY/CATCH all over the tree, but until
then, this reuse seems quite nice for avoiding a second parallel
setjmp/longjmp mechanism.

(*) - maybe we could propose a readline API change, but we still need
      to handle current readline, anyway.

gdb/ChangeLog:
2016-04-22  Pedro Alves  <palves@redhat.com>

	* common/common-exceptions.c (enum catcher_state, struct catcher)
	(current_catcher): Define in C++ mode too.
	(exceptions_state_mc_catch): Call throw_exception_sjlj instead of
	throw_exception.
	(throw_exception_sjlj, throw_exception_cxx): New functions,
	factored out from throw_exception.
	(throw_exception): Reimplement.
	* common/common-exceptions.h (exceptions_state_mc_init)
	(exceptions_state_mc_action_iter)
	(exceptions_state_mc_action_iter_1, exceptions_state_mc_catch):
	Declare in C++ mode too.
	(TRY): Rename to ...
	(TRY_SJLJ): ... this.
	(CATCH): Rename to ...
	(CATCH_SJLJ): ... this.
	(END_CATCH): Rename to ...
	(END_CATCH_SJLJ): ... this.
	[GDB_XCPT == GDB_XCPT_SJMP] (TRY, CATCH, END_CATCH): Map to SJLJ
	equivalents.
	(throw_exception): Update comments.
	(throw_exception_sjlj): Declare.
	* event-top.c (gdb_rl_callback_read_char_wrapper): Extend intro
	comment.  Wrap body in TRY_SJLJ/CATCH_SJLJ and rethrow any
	intercepted exception.
	(gdb_rl_callback_handler): New function.
	(gdb_rl_callback_handler_install): Always install
	gdb_rl_callback_handler as readline callback.

2 files changed, 71 insertions, 31 deletions

diff --git a/gdb/common/common-exceptions.c b/gdb/common/common-exceptions.c
index 2e63862..33fff21 100644
--- a/gdb/common/common-exceptions.c
+++ b/gdb/common/common-exceptions.c
@@ -22,8 +22,6 @@
 
 const struct gdb_exception exception_none = { (enum return_reason) 0, GDB_NO_ERROR, NULL };
 
-#if GDB_XCPT == GDB_XCPT_SJMP
-
 /* Possible catcher states.  */
 enum catcher_state {
   /* Initial state, a new catcher has just been created.  */
@@ -57,6 +55,8 @@ struct catcher
 /* Where to go for throw_exception().  */
 static struct catcher *current_catcher;
 
+#if GDB_XCPT == GDB_XCPT_SJMP
+
 /* Return length of current_catcher list.  */
 
 static int
@@ -73,6 +73,8 @@ catcher_list_size (void)
   return size;
 }
 
+#endif
+
 jmp_buf *
 exceptions_state_mc_init (void)
 {
@@ -193,8 +195,8 @@ exceptions_state_mc_catch (struct gdb_exception *exception,
 	}
 
       /* The caller didn't request that the event be caught, relay the
-	 event to the next exception_catch/CATCH.  */
-      throw_exception (*exception);
+	 event to the next exception_catch/CATCH_SJLJ.  */
+      throw_exception_sjlj (*exception);
     }
 
   /* No exception was thrown.  */
@@ -213,7 +215,7 @@ exceptions_state_mc_action_iter_1 (void)
   return exceptions_state_mc (CATCH_ITER_1);
 }
 
-#else /* !GDB_XCPT_SJMP */
+#if GDB_XCPT != GDB_XCPT_SJMP
 
 /* How many nested TRY blocks we have.  See exception_messages and
    throw_it.  */
@@ -265,18 +267,27 @@ gdb_exception_sliced_copy (struct gdb_exception *to, const struct gdb_exception
 /* Return EXCEPTION to the nearest containing catch_errors().  */
 
 void
-throw_exception (struct gdb_exception exception)
+throw_exception_sjlj (struct gdb_exception exception)
 {
   do_cleanups (all_cleanups ());
 
-#if GDB_XCPT == GDB_XCPT_SJMP
   /* Jump to the containing catch_errors() call, communicating REASON
      to that call via setjmp's return value.  Note that REASON can't
      be zero, by definition in defs.h.  */
   exceptions_state_mc (CATCH_THROWING);
   current_catcher->exception = exception;
   longjmp (current_catcher->buf, exception.reason);
-#else
+}
+
+#if GDB_XCPT != GDB_XCPT_SJMP
+
+/* Implementation of throw_exception that uses C++ try/catch.  */
+
+static ATTRIBUTE_NORETURN void
+throw_exception_cxx (struct gdb_exception exception)
+{
+  do_cleanups (all_cleanups ());
+
   if (exception.reason == RETURN_QUIT)
     {
       gdb_exception_RETURN_MASK_QUIT ex;
@@ -293,6 +304,17 @@ throw_exception (struct gdb_exception exception)
     }
   else
     gdb_assert_not_reached ("invalid return reason");
+}
+
+#endif
+
+void
+throw_exception (struct gdb_exception exception)
+{
+#if GDB_XCPT == GDB_XCPT_SJMP
+  throw_exception_sjlj (exception);
+#else
+  throw_exception_cxx (exception);
 #endif
 }
 
diff --git a/gdb/common/common-exceptions.h b/gdb/common/common-exceptions.h
index 1ef3db3..84abcae 100644
--- a/gdb/common/common-exceptions.h
+++ b/gdb/common/common-exceptions.h
@@ -136,17 +136,19 @@ struct gdb_exception
 /* Always use setjmp/longmp, even in C++ mode.  */
 #define GDB_XCPT GDB_XCPT_SJMP
 
-/* Functions to drive the exceptions state machine.  Though declared
-   here by necessity, these functions should be considered internal to
-   the exceptions subsystem and not used other than via the TRY/CATCH
-   macros defined below.  */
+/* Functions to drive the sjlj-based exceptions state machine.  Though
+   declared here by necessity, these functions should be considered
+   internal to the exceptions subsystem and not used other than via
+   the TRY/CATCH (or TRY_SJLJ/CATCH_SJLJ) macros defined below.  */
 
-#if GDB_XCPT == GDB_XCPT_SJMP
 extern jmp_buf *exceptions_state_mc_init (void);
 extern int exceptions_state_mc_action_iter (void);
 extern int exceptions_state_mc_action_iter_1 (void);
 extern int exceptions_state_mc_catch (struct gdb_exception *, int);
-#else
+
+/* Same, but for the C++ try/catch-based TRY/CATCH mechanism.  */
+
+#if GDB_XCPT != GDB_XCPT_SJMP
 extern void *exception_try_scope_entry (void);
 extern void exception_try_scope_exit (void *saved_state);
 extern void exception_rethrow (void);
@@ -175,11 +177,14 @@ extern void exception_rethrow (void);
      }
    END_CATCH
 
-  */
+  Note that the SJLJ version of the macros are actually named
+  TRY_SJLJ/CATCH_SJLJ in order to make it possible to call them even
+  when TRY/CATCH are mapped to C++ try/catch.  The SJLJ variants are
+  needed in some cases where gdb exceptions need to cross third-party
+  library code compiled without exceptions support (e.g.,
+  readline).  */
 
-#if GDB_XCPT == GDB_XCPT_SJMP
-
-#define TRY \
+#define TRY_SJLJ \
      { \
        jmp_buf *buf = \
 	 exceptions_state_mc_init (); \
@@ -188,14 +193,23 @@ extern void exception_rethrow (void);
      while (exceptions_state_mc_action_iter ()) \
        while (exceptions_state_mc_action_iter_1 ())
 
-#define CATCH(EXCEPTION, MASK)				\
+#define CATCH_SJLJ(EXCEPTION, MASK)				\
   {							\
     struct gdb_exception EXCEPTION;				\
     if (exceptions_state_mc_catch (&(EXCEPTION), MASK))
 
-#define END_CATCH				\
+#define END_CATCH_SJLJ				\
   }
 
+#if GDB_XCPT == GDB_XCPT_SJMP
+
+/* If using SJLJ-based exceptions for all exceptions, then provide
+   standard aliases.  */
+
+#define TRY TRY_SJLJ
+#define CATCH CATCH_SJLJ
+#define END_CATCH END_CATCH_SJLJ
+
 #endif /* GDB_XCPT_SJMP */
 
 #if GDB_XCPT == GDB_XCPT_TRY || GDB_XCPT == GDB_XCPT_RAW_TRY
@@ -270,19 +284,23 @@ struct gdb_exception_RETURN_MASK_QUIT : public gdb_exception_RETURN_MASK_ALL
 
 /* *INDENT-ON* */
 
-/* Throw an exception (as described by "struct gdb_exception").  Will
-   execute a LONG JUMP to the inner most containing exception handler
-   established using catch_exceptions() (or similar).
-
-   Code normally throws an exception using error() et.al.  For various
-   reaons, GDB also contains code that throws an exception directly.
-   For instance, the remote*.c targets contain CNTRL-C signal handlers
-   that propogate the QUIT event up the exception chain.  ``This could
-   be a good thing or a dangerous thing.'' -- the Existential
-   Wombat.  */
-
+/* Throw an exception (as described by "struct gdb_exception").  When
+   GDB is built as a C program, executes a LONG JUMP to the inner most
+   containing exception handler established using TRY/CATCH.  When
+   built as a C++ program, throws a C++ exception, using "throw".  */
 extern void throw_exception (struct gdb_exception exception)
      ATTRIBUTE_NORETURN;
+
+/* Throw an exception by executing a LONG JUMP to the inner most
+   containing exception handler established using TRY_SJLJ.  Works the
+   same regardless of whether GDB is built as a C program or a C++
+   program.  Necessary in some cases where we need to throw GDB
+   exceptions across third-party library code (e.g., readline).  */
+extern void throw_exception_sjlj (struct gdb_exception exception)
+     ATTRIBUTE_NORETURN;
+
+/* Convenience wrappers around throw_exception that throw GDB
+   errors.  */
 extern void throw_verror (enum errors, const char *fmt, va_list ap)
      ATTRIBUTE_NORETURN ATTRIBUTE_PRINTF (2, 0);
 extern void throw_vquit (const char *fmt, va_list ap)