| In short, generating a segment error is access to the wrong memory segment, generally you do not have permissions, or there is no corresponding physical memory, especially the access to 0 address.
In general, a segment error means that the memory being accessed exceeds the memory space given to the program by the system. Usually this value is saved by GDTR, a 48-bit register, where 32 bits are saved by the GDT table it points to, and the last 13 bits hold the subscript corresponding to the GDT. The last 3 bits include whether the program is in memory and the program's level of operation on the CPU, pointing to the GDT by a 64-bit-per-unit table, This table contains information about the code snippet that the program runs and the starting address of the data segment, as well as the corresponding segment and page Exchange, the program run level, and the memory granularity. Once a program has a cross-border access, the CPU will produce the corresponding exception protection, so segmentation fault appeared.
In programming, the following types of practices can easily lead to segment errors, basically by using pointers incorrectly
1 access to the system data area, especially to the system protected memory address write data
The most common is to give a pointer to a 0 address
2 Memory out of bounds (array out of bounds, inconsistent variable types, etc.) access to areas that are not part of your memory
Solving method
When we write programs in C/s + + language, most of the work in memory management needs to be done. In fact, memory management is a relatively cumbersome work, no matter how smart you are, experience rich, will inevitably make small mistakes here, and often these errors are so simple and easy to eliminate. But manual "Bug-Removing" (debug) is often inefficient and annoying, and this article talks about how to quickly locate these "segment errors" statements about "segment error", a memory access error that is out of bounds.
Several debugging methods are described below for a program that has a section error:
1 dummy_function (void)
2 {
3 unsigned char *ptr = 0x00;
4 *ptr = 0x00;
5}
6
7 int main (void)
8 {
9 dummy_function ();
10
return 0;
12} |
The bug in the code above should be very clear as a skilled C + + programmer, because it tries to manipulate the memory area with address 0, which is usually an inaccessible restricted area and, of course, makes a mistake. We try to compile it to run it:
Xiaosuo@gentux test $./a.out
Segment Error |
| As expected, it made a mistake and withdrew.
1. Use GDB to step through a segment error:
This method is well-known and widely used by the public, first of all, we need a executable program with debugging information, so we add "-g-rdynamic" parameters to compile, and then use GDB to debug the new compiled program, the following steps:
Xiaosuo@gentux Test $ gcc-g-rdynamic D.C
Xiaosuo@gentux test $ gdb./a.out
GNU GDB 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
The GDB is free software, covered by the GNU general public License, and your are
Welcome to change it and/or distribute copies of it under certain conditions.
Type ' show copying ' to the conditions.
There is absolutely no warranty for GDB. Type ' show warranty ' for details.
This is GDB was configured as "I686-pc-linux-gnu" ... The Using host libthread_db the Library "/lib/libthread_db.so.1".
(GDB) R
Starting program:/home/xiaosuo/test/a.out
Program received signal SIGSEGV, segmentation fault.
0x08048524 in Dummy_function () at D.c:4
4 *ptr = 0x00;
(GDB) |
Oh.. It's like we don't have to step through it. We found the wrong location. The 4th line of the D.C file is actually so simple.
From here we also found that the process was terminated by the SIGSEGV signal received. Through a further lookup document (man 7 signal), we know that the SIGSEGV default handler action is to print "segment error" error messages and produce core files, which leads us to a method of two.
2. Analysis of core documents:
What is the core file?
The default action of certain signals is to cause a process to terminate and produce a core dump file, a disk file contain ing an image of the process ' s memory in the time of termination. A list of the signals which cause a process to dump core can is found in signal (7). |
The above information is from Man page (Mans 5 Core). Oddly enough, the core file was not found on my system. Later, recalling in order to gradually reduce the number of garbage files on the system (I am a bit of a neat, this is one of the reasons I like Gentoo), the core file is banned from the generation, view the following is true, the system's core file size limited to 512K size, try again:
Xiaosuo@gentux Test $ ulimit-c
0
Xiaosuo@gentux Test $ ulimit-c 1000
Xiaosuo@gentux Test $ ulimit-c
1000
Xiaosuo@gentux test $./a.out
Segment error (Core dumped)
Xiaosuo@gentux Test $ ls
A.out Core D.C F.C g.c pango.c test_iconv.c test_regex.c |
| Core file finally produced, with GDB debugging a look at it:
Xiaosuo@gentux test $ gdb./a.out Core
GNU GDB 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
The GDB is free software, covered by the GNU general public License, and your are
Welcome to change it and/or distribute copies of it under certain conditions.
Type ' show copying ' to the conditions.
There is absolutely no warranty for GDB. Type ' show warranty ' for details.
This is GDB was configured as "I686-pc-linux-gnu" ... The Using host libthread_db the Library "/lib/libthread_db.so.1".
Warning:can ' t read pathname for LOAD map: input/Output error.
Reading symbols From/lib/libc.so.6...done.
Loaded symbols for/lib/libc.so.6
Reading symbols From/lib/ld-linux.so.2...done.
Loaded symbols for/lib/ld-linux.so.2
Core is generated by './a.out '.
Program terminated with signal, segmentation fault.
#0 0x08048524 in Dummy_function () at D.c:4
4 *ptr = 0x00; |
| Wow, good calendar, or a step on the location to the wrong location, admire the Linux/unix system of such design.
Then consider the previous use of IE in Windows system, sometimes open some Web pages, there will be "Run-time error", this time if it happens to your machine with Windows compiler, he will pop up a dialog box, ask you whether to debug, if you choose to be, The compiler will be opened and into the debug state to start debugging.
How do you do this under Linux? My brain is spinning fast, there is, let it call gdb in the SIGSEGV handler, so the third method is born again:
3.Start Debugging When a segment error occurs:
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
void dump (int signo)
{
Char buf[1024];
Char cmd[1024];
FILE *FH;
snprintf (buf, sizeof (BUF), "/proc/%d/cmdline", Getpid ());
if (!) ( FH = fopen (buf, "R")))
Exit (0);
if (!fgets (buf, sizeof (BUF), FH))
Exit (0);
Fclose (FH);
if (Buf[strlen (BUF)-1] = = ' \ n ')
Buf[strlen (BUF)-1] = ';
snprintf (cmd, sizeof (CMD), "GdB%s%d", buf, Getpid ());
System (CMD);
Exit (0);
}
void
Dummy_function (void)
{
unsigned char *ptr = 0x00;
*ptr = 0x00;
}
Int
Main (void)
{
Signal (SIGSEGV, &dump);
Dummy_function ();
return 0;
} |
| Compile-run effects are as follows:
Xiaosuo@gentux Test $ gcc-g-rdynamic F.C
Xiaosuo@gentux test $./a.out
GNU GDB 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
The GDB is free software, covered by the GNU general public License, and your are
Welcome to change it and/or distribute copies of it under certain conditions.
Type ' show copying ' to the conditions.
There is absolutely no warranty for GDB. Type ' show warranty ' for details.
This is GDB was configured as "I686-pc-linux-gnu" ... The Using host libthread_db the Library "/lib/libthread_db.so.1".
Attaching to Program:/home/xiaosuo/test/a.out, Process 9563
Reading symbols From/lib/libc.so.6...done.
Loaded symbols for/lib/libc.so.6
Reading symbols From/lib/ld-linux.so.2...done.
Loaded symbols for/lib/ld-linux.so.2
0xffffe410 in __kernel_vsyscall ()
(GDB) bt
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb7ee4b53 in Waitpid () from/lib/libc.so.6
#2 0xb7e925c9 in strtold_l () from/lib/libc.so.6
#3 0x08048830 in Dump (signo=11) at f.c:22
#4 <signal Handler Called>
#5 0x0804884c in Dummy_function () at f.c:31
#6 0x08048886 in Main () f.c:38 |
| What do you think. Is it still cool.
The above methods are in the system on the premise of GDB, if not. In fact, GLIBC provides us with this kind of function to dump stack content, see/usr/include/execinfo.h (These functions do not provide man page, no wonder we can't find), in addition, you can also through the GNU manual to learn.
4. Analysis using BackTrace and objdump:
The rewrite code is as follows:
#include <execinfo.h>
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
/* A dummy function to make the backtrace more interesting. */
void
Dummy_function (void)
{
unsigned char *ptr = 0x00;
*ptr = 0x00;
}
void dump (int signo)
{
void *array[10];
size_t size;
Char **strings;
size_t i;
Size = BackTrace (array, 10);
strings = Backtrace_symbols (array, size);
printf ("obtained%ZD stack frames.\n", size);
for (i = 0; i < size; i++)
printf ("%s\n", Strings[i]);
Free (strings);
Exit (0);
}
Int
Main (void)
{
Signal (SIGSEGV, &dump);
Dummy_function ();
return 0;
} |
The results of the compilation run are as follows:
Xiaosuo@gentux Test $ gcc-g-rdynamic g.c
Xiaosuo@gentux test $./a.out
Obtained 5 stack frames.
./a.out (dump+0x19) [0X80486C2]
[0xffffe420]
./a.out (MAIN+0X35) [0x804876f]
/lib/libc.so.6 (__libc_start_main+0xe6) [0xb7e02866]
./a.out [0x8048601] |
This time you may be a little disappointed, it seems not to be able to give enough information to mark the error, no hurry, first see what can be analyzed, with the Objdump disassembly program, find the address 0x804876f corresponding code location:
Xiaosuo@gentux Test $ objdump-d a.out |
8048765:e8 FE FF FF call 804856c <signal@plt>
804876A:E8 FF FF FF call 8048694 <dummy_function>
804876F:B8 mov $0x0,%eax
8048774:c9 leave
|
We still found in which function (dummy_function) error, the information is not very complete, but there is always better than no AH!
Postscript:
This paper gives some methods to analyze the "paragraph error", do not think that this is the same as the "back" of the words of the four kinds of writing, because each method has its own scope of application and the applicable environment, please use, or according to the doctor's advice.
|
