headers
Nathan Hüsken | 13 Jan 2013 00:10
Picon

Understand disassemble for segfault on android

Hey,

I am still investigating the segfaults of the exectuable produced by ghc
to arm-linux-androideabi cross compiler.

I need help. Can someone tell me if my conclusions are correct?

The crash happens here:

Dump of assembler code for function stg_returnToStackTop:
   0x003f059c <+0>:	push	{r4, lr}
   0x003f05a0 <+4>:	sub	sp, sp, #16
   0x003f05a4 <+8>:	ldr	r1, [r0, #140]	; 0x8c
=> 0x003f05a8 <+12>:	ldr	r12, [r1, #12]
   0x003f05ac <+16>:	ldr	r1, [r12, #12]
   0x003f05b0 <+20>:	mov	r2, #0

Since it is in the begining of stg_returnToStackTop, it has to be
LOAD_THREAD_STATE();
I believe the code for this is produced by loadThreadState:

loadThreadState dflags tso stack = do
  catAGraphs [
        -- tso = CurrentTSO;
        mkAssign (CmmLocal tso) stgCurrentTSO,
        -- stack = tso->stackobj;
        mkAssign (CmmLocal stack) (CmmLoad (cmmOffset dflags (CmmReg
(CmmLocal tso)) (tso_stackobj dflags)) (bWord dflags)),
(...)
(Continue reading)

Permalink | Reply |
headers
Nathan Hüsken | 13 Jan 2013 16:49
Picon

Re: Understand disassemble for segfault on android

Ok, the instruction

ldr	r1, [r0, #140]  <-> tso = CurrentTSO

seems the assume that REG_Base is r0 (140 is the offset of the tso in
StgRegTable, to which the REG_Base register should point).
But according to MachRegs.h on arm architecture, REG_Base should be r4.

Ineed, when I do

p *(unsigned int*)($r4+140)

I get (after converting to hex) is:

0x401033C0

looking at the backtrace:

(...)
#3  0x003c4cb0 in scheduleWaitThread (tso=0x401033c0, ret=0x0,
pcap=0xbe843b6c)
(...)

this is the same address as given to scheduleWaitThread for tso.

So the question is, why is r0 and not r4 used???

Regards,
Nathan
(Continue reading)

Permalink | Reply |

Gmane