Unable to run run-time loaded code on ZedBoard
Patrick Gauvin
pggauvin at gmail.com
Mon Oct 19 21:59:29 UTC 2015
>>> I assume the base image and the o are built the same so should the
>>> bottom bit of the address be set for thumb mode? It has been a long time
>>> since looked at the specific detail.
>>
>> The bottom bit should be set when a bx/blx (with register argument) to
>> THUMB code is made, and I see it here when the blx to "rtems_main" is
>> made:
>>
>> (gdb) disas/r $pc-8,$pc+8
>> Dump of assembler code from 0x104686 to 0x104696:
>> 0x00104686 <dl_load_test+182>: 41 f2 94 41 movw r1,
>> #5268 ; 0x1494
>> 0x0010468a <dl_load_test+186>: c0 f2 20 01 movt r1, #32
>> => 0x0010468e <dl_load_test+190>: 98 47 blx r3
>> 0x00104690 <dl_load_test+192>: b8 60 str r0, [r7, #8]
>> 0x00104692 <dl_load_test+194>: bb 68 ldr r3, [r7, #8]
>> 0x00104694 <dl_load_test+196>: 02 2b cmp r3, #2
>> End of assembler dump.
>> (gdb) p/x $r3
>> $10 = 0x2138f9
>>
>>> If you disassemble a piece of code in the base image that calls printf
>>> what instruction do you see?
>>
>> This at is dl-load.c:45:
>> (gdb) disas /r $pc,$pc+32
>> Dump of assembler code from 0x10464a to 0x10466a:
>> => 0x0010464a <dl_load_test+122>: 4f f2 30 70 movw r0,
>> #63280 ; 0xf730
>> 0x0010464e <dl_load_test+126>: c0 f2 11 00 movt r0, #17
>> 0x00104652 <dl_load_test+130>: 39 69 ldr r1, [r7, #16]
>> 0x00104654 <dl_load_test+132>: 7a 69 ldr r2, [r7, #20]
>> 0x00104656 <dl_load_test+134>: 14 f0 67 ff bl
>> 0x119528 <printf>
>
> Yes it is and gdb seems to have stripped the bit and this is the same as
> the original print out. Maybe it is actually set. Is it possible to get
> a similar disassemble with for the loaded object file, ie the hex dump
> of the op codes and the decoded output?
Here is the dissasembly with raw instructions for the rtems main
symbol (rtl: sym:add:20 name:30:rtems_main bind:1 type:2
val:0x2138f9 sect:1 size:88):
(gdb) disas /r 0x2138f9,0x2138f9+88
Dump of assembler code from 0x2138f9 to 0x213951:
0x002138f9: b5 84 push {r7, lr}
0x002138fb: b0 00 sub sp, #16
0x002138fd: af 78 add r7, sp, #0
0x002138ff: 60 39 str r0, [r7, #4]
0x00213901: 60 43 str r1, [r7, #0]
0x00213903: f6 60 10 c0 movw r0, #14688 ; 0x3960
0x00213907: f2 21 00 79 movt r0, #33 ; 0x21
0x0021390b: 68 43 ldr r1, [r7, #4]
0x0021390d: f6 80 12 c0 movw r2, #14720 ; 0x3980
0x00213911: f2 21 02 05 movt r2, #33 ; 0x21
0x00213915: f7 08 fe 00 bl 0x119528 <printf>
0x00213919: 23 fb movs r3, #0
0x0021391b: 60 0f str r3, [r7, #12]
0x0021391d: e0 fb b.n 0x21393e
0x0021391f: 68 9b ldr r3, [r7, #12]
0x00213921: 00 3a lsls r3, r3, #2
0x00213923: 68 13 ldr r2, [r7, #0]
0x00213925: 44 1b add r3, r2
0x00213927: 68 43 ldr r3, [r3, #0]
0x00213929: f6 88 10 c0 movw r0, #14728 ; 0x3988
0x0021392d: f2 21 00 f9 movt r0, #33 ; 0x21
0x00213931: 68 1a ldr r1, [r7, #12]
0x00213933: 46 05 mov r2, r3
0x00213935: f7 f8 fd fb bl 0x119528 <printf>
0x00213939: 68 01 ldr r3, [r7, #12]
0x0021393b: 33 fb adds r3, #1
0x0021393d: 60 fa str r3, [r7, #12]
0x0021393f: 68 7b ldr r2, [r7, #12]
0x00213941: 68 9a ldr r3, [r7, #4]
0x00213943: 42 eb cmp r2, r3
0x00213945: db 7b blt.n 0x21391e
0x00213947: 68 18 ldr r3, [r7, #4]
0x00213949: 46 10 mov r0, r3
0x0021394b: 37 bd adds r7, #16
0x0021394d: 46 80 mov sp, r7
0x0021394f: bd 44 pop {r7, pc}
End of assembler dump.
If you want the full object file before it is loaded, I can dump it
from memory but I'm not sure GDB will decode the instructions.
>>> Note, ARM veneers is an outstanding task I need to complete.
>>
>> The bl instructions to printf inside the loaded code are within range
>> (16 MB for the 32bit T32 bl) so I don't think this application
>> requires veneers. I will keep this in mind for the future, though.
>
> Do you have a special option on? I thought the default was 24bit.
I don't have any special option on, but GCC seems to be generating the
32bit T32 encoding of bl rather than the 16bit (unless I'm
misinterpreting the hex dump, but even so the lesser 4MB range would
be enough in this case).
Thank you,
Patrick
More information about the users
mailing list