Unable to run run-time loaded code on ZedBoard

Patrick Gauvin pggauvin at gmail.com
Sun Oct 18 22:00:33 UTC 2015 

Hello,

Object code seems to be loaded properly (dlload) and symbols resolved
correctly (dlsym), but when the resolved symbol is called,
instructions don't do what they're supposed to, and usually the board
crashes soon after. This behavior is seen on the xilinx_zynq_zedboard
BSP, but the code behaves as expected on the xilinx_zynq_a9_qemu BSP.
I am using the 4.11 branch of RTEMS. I have a feeling it might have to
do with the MPU, but I figured before I continue debugging it would be
worth posting here to see if anyone has seen this before or has ideas.
Any input is appreciated.

The following is from a GDB session attached to a ZedBoard running
testsuites/libtests/dl01
(https://github.com/RTEMS/rtems/tree/4.11/testsuites/libtests/dl01)
program, with comments. 0x2138f8 is the start of the loaded function.
Adding 1 to the address is just to make GDB disassemble as THUMB code.
The function being called is "rtems_main" at line 54 of dl-load.c.
dl-o1.c contains the definition of "rtems_main", I've provided its
disassembly at the end of the email.

0x002138f8 in bsp_section_work_begin ()
15: /x $lr = 0x104691
14: /x $sp = 0x208a80
13: /x $r7 = 0x208a80
9: /x $r2 = 0x0
7: /x $r1 = 0x201494
6: /x $r0 = 0x2
(gdb) disas $pc+1,$pc+88
Dump of assembler code from 0x2138f9 to 0x213950:
   0x002138f9:  push    {r7, lr}
   0x002138fb:  sub     sp, #16
   0x002138fd:  add     r7, sp, #0
   0x002138ff:  str     r0, [r7, #4]
   0x00213901:  str     r1, [r7, #0]
   0x00213903:  movw    r0, #14688      ; 0x3960
   0x00213907:  movt    r0, #33 ; 0x21
   0x0021390b:  ldr     r1, [r7, #4]
   0x0021390d:  movw    r2, #14720      ; 0x3980
   0x00213911:  movt    r2, #33 ; 0x21
   0x00213915:  bl      0x119528 <printf>
   0x00213919:  movs    r3, #0
   0x0021391b:  str     r3, [r7, #12]
   0x0021391d:  b.n     0x21393e
   0x0021391f:  ldr     r3, [r7, #12]
   0x00213921:  lsls    r3, r3, #2
   0x00213923:  ldr     r2, [r7, #0]
   0x00213925:  add     r3, r2
   0x00213927:  ldr     r3, [r3, #0]
   0x00213929:  movw    r0, #14728      ; 0x3988
   0x0021392d:  movt    r0, #33 ; 0x21
   0x00213931:  ldr     r1, [r7, #12]
   0x00213933:  mov     r2, r3
   0x00213935:  bl      0x119528 <printf>
   0x00213939:  ldr     r3, [r7, #12]
   0x0021393b:  adds    r3, #1
   0x0021393d:  str     r3, [r7, #12]
   0x0021393f:  ldr     r2, [r7, #12]
   0x00213941:  ldr     r3, [r7, #4]
   0x00213943:  cmp     r2, r3
   0x00213945:  blt.n   0x21391e
   0x00213947:  ldr     r3, [r7, #4]
   0x00213949:  mov     r0, r3
   0x0021394b:  adds    r7, #16
   0x0021394d:  mov     sp, r7
   0x0021394f:  pop     {r7, pc}
End of assembler dump.
(gdb) si
0x002138fa in bsp_section_work_begin ()
15: /x $lr = 0x104691
14: /x $sp = 0x208a80 # EXPECTED: 0x208a78
13: /x $r7 = 0x208a80
9: /x $r2 = 0x0
7: /x $r1 = 0x201494
6: /x $r0 = 0x2
(gdb)
0x002138fc in bsp_section_work_begin ()
15: /x $lr = 0x104691
14: /x $sp = 0x208a80 # EXPECTED: 0x208a70
13: /x $r7 = 0x208a80
9: /x $r2 = 0x0
7: /x $r1 = 0x2 # EXPECTED: No change
6: /x $r0 = 0x2
(gdb)
0x002138fe in bsp_section_work_begin ()
15: /x $lr = 0x104691
14: /x $sp = 0x208a80
13: /x $r7 = 0x208a80
9: /x $r2 = 0x0
7: /x $r1 = 0x2
6: /x $r0 = 0x2
(gdb)

Eventually it crashes at 0x0021394c. No branches to printf were taken.


PROGRAM OUTPUT:
This is with RTL tracing enabled.

*** BEGIN OF TEST libdl (RTL) 1 ***
load: /dl-o1.o
rtl: alloc: new: SYMBOL addr=0x20c518 size=384
rtl: alloc: new: OBJECT addr=0x20c6a0 size=2048
rtl: alloc: new: OBJECT addr=0x20cea8 size=2048
rtl: alloc: new: OBJECT addr=0x20d6b0 size=2048
rtl: alloc: new: OBJECT addr=0x20deb8 size=2048
rtl: alloc: new: OBJECT addr=0x20e6c0 size=136
rtl: alloc: new: OBJECT addr=0x20b1e8 size=13
rtl: alloc: new: OBJECT addr=0x20b200 size=2
rtl: adding global symbols, table size 25808
rtl: global symbol add: 987
rtl: alloc: new: SYMBOL addr=0x20e750 size=19740

[snipped out a lot of "rtl: esyms: ..."]

rtl: loading '/dl-o1.o'
rtl: alloc: new: OBJECT addr=0x20b210 size=9
rtl: alloc: del: OBJECT addr=0x0
rtl: alloc: new: OBJECT addr=0x213478 size=136
rtl: alloc: new: OBJECT addr=0x20b228 size=9
rtl: alloc: new: OBJECT addr=0x20b240 size=9
rtl: alloc: new: OBJECT addr=0x213508 size=56
rtl: alloc: new: OBJECT addr=0x20b258 size=6
rtl: sect: 1 : .text
rtl: alloc: new: OBJECT addr=0x213548 size=56
rtl: alloc: new: OBJECT addr=0x213588 size=10
rtl: sect: 2 : .rel.text
rtl: alloc: new: OBJECT addr=0x2135a0 size=56
rtl: alloc: new: OBJECT addr=0x2135e0 size=6
rtl: sect: 3 : .data
rtl: alloc: new: OBJECT addr=0x2135f0 size=56
rtl: alloc: new: OBJECT addr=0x213630 size=5
rtl: sect: 4 : .bss
rtl: alloc: new: OBJECT addr=0x213640 size=56
rtl: alloc: new: OBJECT addr=0x213680 size=8
rtl: sect: 5 : .rodata
rtl: alloc: new: OBJECT addr=0x213690 size=56
rtl: alloc: new: OBJECT addr=0x2136d0 size=16
rtl: sect: 7 : .rel.debug_info
rtl: alloc: new: OBJECT addr=0x2136e8 size=56
rtl: alloc: new: OBJECT addr=0x213728 size=19
rtl: sect: 10: .rel.debug_aranges
rtl: alloc: new: OBJECT addr=0x213748 size=56
rtl: alloc: new: OBJECT addr=0x213788 size=16
rtl: sect: 12: .rel.debug_line
rtl: unsupported section: 15: type=1879048195 flags=00
rtl: alloc: new: OBJECT addr=0x2137a0 size=56
rtl: alloc: new: OBJECT addr=0x2137e0 size=17
rtl: sect: 17: .rel.debug_frame
rtl: alloc: new: OBJECT addr=0x213800 size=56
rtl: alloc: new: OBJECT addr=0x213840 size=10
rtl: sect: 18: .shstrtab
rtl: alloc: new: OBJECT addr=0x213858 size=56
rtl: alloc: new: OBJECT addr=0x213898 size=8
rtl: sect: 19: .symtab
rtl: alloc: new: OBJECT addr=0x2138a8 size=56
rtl: alloc: new: OBJECT addr=0x2138e8 size=8
rtl: sect: 20: .strtab
rtl: alloc: new: READ_EXEC addr=0x2138f8 size=92
rtl: alloc: new: READ addr=0x213960 size=53
rtl: alloc: new: READ_WRITE addr=0x2139a0 size=1
rtl: load sect: text  - b:0x2138f8 s:92 a:4
rtl: load sect: const - b:0x213960 s:53 a:4
rtl: load sect: data  - b:0x2139a0 s:1 a:1
rtl: load sect: bss   - b:0x0 s:0 a:1
rtl: loading: .text -> 0x2138f8 (88)
rtl: loading: .rodata -> 0x213960 (52)
rtl: alloc: new: SYMBOL addr=0x2139b0 size=121
rtl: alloc: new: SYMBOL addr=0x213a38 size=31
rtl: sym:add:6  name:9 :$d                   bind:0  type:0
val:0x213960 sect:5 size:0
rtl: sym:add:7  name:12:.LC0                 bind:0  type:0
val:0x213960 sect:5 size:0
rtl: sym:add:8  name:17:.LC1                 bind:0  type:0
val:0x213980 sect:5 size:0
rtl: sym:add:9  name:22:.LC2                 bind:0  type:0
val:0x213988 sect:5 size:0
rtl: sym:add:10 name:27:$t                   bind:0  type:0
val:0x2138f8 sect:1 size:0
rtl: sym:add:20 name:30:rtems_main           bind:1  type:2
val:0x2138f9 sect:1 size:88
rtl: relocation: .rel.text, syms:.symtab
rtl: rel: sym:.LC0(7 )=00213960 type:47 off:0000000a
rtl: THM_MOVT_ABS/THM_MOVW_ABS_NC 0x1060f643 @ 0x213902 in /dl-o1.o
rtl: rel: sym:.LC0(7 )=00213960 type:48 off:0000000e
rtl: THM_MOVT_ABS/THM_MOVW_ABS_NC 0x21f2c0 @ 0x213906 in /dl-o1.o
rtl: rel: sym:.LC1(8 )=00213980 type:47 off:00000014
rtl: THM_MOVT_ABS/THM_MOVW_ABS_NC 0x1280f643 @ 0x21390c in /dl-o1.o
rtl: rel: sym:.LC1(8 )=00213980 type:48 off:00000018
rtl: THM_MOVT_ABS/THM_MOVW_ABS_NC 0x221f2c0 @ 0x213910 in /dl-o1.o
rtl: rel: sym:printf(21)=00119529 type:10 off:0000001c
rtl: THM_CALL/JUMP24 0xfe08f705 @ 0x213914 in /dl-o1.o
rtl: rel: sym:.LC2(9 )=00213988 type:47 off:00000030
rtl: THM_MOVT_ABS/THM_MOVW_ABS_NC 0x1088f643 @ 0x213928 in /dl-o1.o
rtl: rel: sym:.LC2(9 )=00213988 type:48 off:00000034
rtl: THM_MOVT_ABS/THM_MOVW_ABS_NC 0x21f2c0 @ 0x21392c in /dl-o1.o
rtl: rel: sym:printf(21)=00119529 type:10 off:0000003c
rtl: THM_CALL/JUMP24 0xfdf8f705 @ 0x213934 in /dl-o1.o
rtl: alloc: del: SYMBOL addr=0x2139b0
rtl: alloc: new: OBJECT addr=0x2139b0 size=84
rtl: linkmap_add
rtl: unresolv: global resolve
handle: 0x213478 loaded


dl-o1.o DISASSEMBLED:

[patrick at w096 dl01]$ arm-rtems4.11-objdump -d dl-o1.o

dl-o1.o:     file format elf32-littlearm


Disassembly of section .text:

00000000 <rtems_main>:
   0:   b580            push    {r7, lr}
   2:   b084            sub     sp, #16
   4:   af00            add     r7, sp, #0
   6:   6078            str     r0, [r7, #4]
   8:   6039            str     r1, [r7, #0]
   a:   f240 0000       movw    r0, #0
   e:   f2c0 0000       movt    r0, #0
  12:   6879            ldr     r1, [r7, #4]
  14:   f240 0200       movw    r2, #0
  18:   f2c0 0200       movt    r2, #0
  1c:   f7ff fffe       bl      0 <printf>
  20:   2300            movs    r3, #0
  22:   60fb            str     r3, [r7, #12]
  24:   e00f            b.n     46 <rtems_main+0x46>
  26:   68fb            ldr     r3, [r7, #12]
  28:   009b            lsls    r3, r3, #2
  2a:   683a            ldr     r2, [r7, #0]
  2c:   4413            add     r3, r2
  2e:   681b            ldr     r3, [r3, #0]
  30:   f240 0000       movw    r0, #0
  34:   f2c0 0000       movt    r0, #0
  38:   68f9            ldr     r1, [r7, #12]
  3a:   461a            mov     r2, r3
  3c:   f7ff fffe       bl      0 <printf>
  40:   68fb            ldr     r3, [r7, #12]
  42:   3301            adds    r3, #1
  44:   60fb            str     r3, [r7, #12]
  46:   68fa            ldr     r2, [r7, #12]
  48:   687b            ldr     r3, [r7, #4]
  4a:   429a            cmp     r2, r3
  4c:   dbeb            blt.n   26 <rtems_main+0x26>
  4e:   687b            ldr     r3, [r7, #4]
  50:   4618            mov     r0, r3
  52:   3710            adds    r7, #16
  54:   46bd            mov     sp, r7
  56:   bd80            pop     {r7, pc}

Thank you,

Patrick

More information about the users mailing list