Mike Kinghan
2010-12-02 15:31:35 UTC
Hi all,
We build Beagle ROMs from difference branches for RVCT and GCCE. For GCCE
you take the GCC_SURGE branches of kernelhwsrv and beagleboard (as well as a
GCC-built baseline).
If we're ever to promote GCCE to be the reccommended compiler we need to be
able to unify the codelines, and to merge to codelines we have to show that
we can build working ROMS with RVCT from the GCC_SURGE branches.
You can pretty easily build a Beagle tshell rom from the GCC_SURGE code, but
it crashes on boot. I want to explain how you build such a ROM so others can
do it and get debugging the rom crash. And I've got a bit of debugging
evidence on the crash.
*=== To build a Beagle tshell rom with RVCT 4 from the GCC_SURGE code ===
*You have to do this build on Windows because there's no free Linux version
of RVCT 4. I assume you've got PDT 1.7 installed.*
*
* Clone FCL/sf/adapt/beagleboard/ with the --noupdate flag into
EPOCROOT/sf/adapt/beagleboard and then update to the GCC_SURGE branch.
* Clone FCL/sf/os/kernelhwsrv/ with the --noupdate flag into
EPOCROOT/sf/os/kernelhwsrv and then update to the GCC_SURGE branch.
* Clone FCL/interim/linux_build into EPOCROOT/linux_build (you only need
this to copy out a couple files).
* Get your PDK 3.0.4 baseline and populate your epoc32 tree as usual.
* Copy EPOCROOT/linux_build/sbsv1/sbsv1/buildsystem/extension/base/
bootstrap.mk -> EPOCROOT/epoc32/tools/makefile_templates/base/bootstrap.mk
* Copy EPOCROOT/linux_build/sbsv1/sbsv1/buildsystem/extension/base/config.mk->
EPOCROOT/epoc32/tools/makefile_templates/base/
config.mk
* Copy EPOCROOT/linux_build/linux_build/imgtools/romtools/rombuild/
romnibus.pl -> EPOCROOT/epoc32/rom/tools/romnibus.pl
* Build kernelhwsrv, e.g:
set EPOCROOT=D:\symbian\beagle\
set SBS_HOME=D:\Symbian_Tools\PDT_1.7\Raptor
set RVCT22BIN=unused
set RVCT22INC=unused
set RVCT22LIB=unused
set RVCT40BIN=D:\apps\RVCT_Symbian\bin
set RVCT40INC=D:\apps\RVCT_Symbian\include
set RVCT40LIB=D:\apps\RVCT_Symbian\lib
set LM_LICENSE_FILE=D:\apps\RVCT_Symbian\licenses\license.dat
cd %EPOCROOT%sf\os\kernelhwsrv
%SBS_HOME%\bin\sbs -c armv5_udeb.rvct4_0 -s package_definition.xml
* Buld Beagleboard, e.g:
set EPOCROOT=D:\symbian\beagle\
set SBS_HOME=D:\Symbian_Tools\PDT_1.7\Raptor
set RVCT22BIN=unused
set RVCT22INC=unused
set RVCT22LIB=unused
set RVCT40BIN=D:\apps\RVCT_Symbian\bin
set RVCT40INC=D:\apps\RVCT_Symbian\include
set RVCT40LIB=D:\apps\RVCT_Symbian\lib
set LM_LICENSE_FILE=D:\apps\RVCT_Symbian\licenses\license.dat
cd %EPOCROOT%sf\adapt\beagleboard
%SBS_HOME%\bin\sbs -c armv5_udeb.rvct4_0 -s package_definition.xml %1
Then the rom image is:
EPOCROOT\epoc32\rom\beagle_tshell_ARMV5_udeb.img
and the rom symbol file is:
EPOCROOT\epoc32\rom\beagle\beagle_tshell_ARMV5_udeb.symbol
*=== End of rom build ===
*When you boot this rom it will immediately crash like this:
MODE_USR:
R0=c80c0000 R1=dededec6 R2=1c1c1c1c R3=1c1c1c1c
R4=1c1c1c1c R5=1c1c1c1c R6=1c1c1c1c R7=1c1c1c1c
R8=1c1c1c1c R9=1c1c1c1c R10=c808fc80 R11=c808fc60
R12=00dedbdb R13=00000000 R14=00000000 R15=8000b12c
CPSR=20000113
MODE_FIQ:
R8=05600f01 R9=ffffffff R10=00000004 R11=00000002
R12=81001bcc R13=c003c000 R14=81000960 SPSR=00000000
MODE_IRQ:
R13=c003a000 R14=00000000 SPSR=00000000
MODE_SVC:
R13=c808eb80 R14=8007b1c8 SPSR=00000000
MODE_ABT:
R13=c003fc00 R14=8000b12c SPSR=20000113
MODE_UND:
R13=c003e000 R14=4020ffcc SPSR=00000000
TEEHBR=00000000 CPACR=00f00000
SCTLR=30c5387f ACTLR=00000072 PRRR=000a00a4 NMRR=00400040
DACR=00000001 TTBR0=80000018 TTBR1=80000018 TTBCR=00000001
VBAR=00014000 FCSEID=00000000 CTXIDR=00000000
Thread ID RWRW=00000000 RWRO=00000000 RWNO=00000000
DFSR=00000807 DFAR=c80c0000 IFSR=00000000 IFAR=00000000
ADFSR=00000000 AIFSR=00000000
FPEXC 0000000a
ExcCode 00000001
FAULT: Exception 0x10000000 (268435456)
This is a data fault on address c80c0000 (DFAR).
If you build it with full kernel tracing, the output right tup to the crash
is:
## Starting application at 0x81000000 ...
Initialise returned c8002118
Variant installed
Found ROM root dir index 0 addr 800025d8
K::InitialiseMicrokernel()
MM::Init1()
K::MaxMemCopyInOneGo=0x200
MM::MaxPagesInOneGo=32
Cache::Init1
CTR:80048004
CLR:a000023
type:3
I-CACHE L1:2007e01a, numsets:40h, assoc:4h, lineLog2:6h, size=4000h
D-CACHE L1:e007e01a, numsets:40h, assoc:4h, lineLog2:6h, size=4000h
type:4
U-CACHE L2:f03fe03a, numsets:200h, assoc:8h, lineLog2:6h, size=40000h
Instr Cache:
LineLength 0040 LineLenLog2 06
PurgeThreshold 0800 CleanThreshold 0800 FlushThreshold 0800
Data PoU Cache:
LineLength 0040 LineLenLog2 06
PurgeThreshold 0400 CleanThreshold 0300 FlushThreshold 0300
Data PoC Cache:
LineLength 0040 LineLenLog2 06
PurgeThreshold 2200 CleanThreshold 1980 FlushThreshold 1980
ArmMmu::Init1
CacheTypeRegister = 80048004
CacheTypeRegister = 80048004
CacheLevelIDRegister = 0a000023
L1DCache = 0x40,0x4,6 colourCount=1
L1ICache = 0x40,0x4,6 colourCount=1
L1ICache is VIPT
iAliasSize=0x2000
LPD size 00002000 GPD size 00004000 Alias size 00002000
ULB 00400000 ULE 38100000 USB 40000000 USE 70200000
DDB 38100000 UCB 70200000
Mmu::Init1
MmuBase::Init1
A::Init1()
Beagle::Init1()
Omap3530Assp::Init1()
Omap3530Interrupt::Init1()
Omap3530Interrupt::DisableAndClearAll 0 c620008c 1 c62000ac 2 c62000cc
Omap3530Interrupt::DisableAndClearAll INTCPS_SIR_IRQ ffffff80 at c6200000
Omap3530Interrupt::DisableAndClearAll OUT
Omap3530Interrupt::Init1() OUT
Omap3530Assp::Init1() OUT
Omap3530Assp::StartupReason
CPU page value 09080001
NTimerQ::Init1 - period 1000 us
MT:P 1000
kern_heap_addr c808f000, kern_stack_addr c808e000
HeapSizeMin 00031000
Created kernel fixed heap at c808f000, size 00031000
GetNewThread size=04bc
Get initial thread, 0
Done NKern::Init
DThread::Create Null owner Local-c808f248 size 030
SetOwner Local-c808f410 (Local-c808f248)
NKFMWait ObjLock
NKFMSignal ObjLock
Owner set
SetName Local-c808f248::Local-c808f410 (Null)
NKFMWait ObjLock
Name is now Null
NKFMSignal ObjLock
Name set, 0
Thread Local-c808f248::Null DoCreate: Function c808ed88 Ptr 300936ac
type 0, sup stack=c808e000, sup stack size=1000
user stack=00000000 size 0, init priority=808464440
NKFMWait SysLock
NKFMSignal SysLock
DThread::DoCreate(c808f410) claimed sync message at 00000000
NKFMWait SysLock
NKFMSignal SysLock
<TThreadWaitList::Up l=00000000 r=0
Created initial thread, 0
DProcess::Create
SetName Local-c808f248 (ekern.exe)
NKFMWait ObjLock
Name is now ekern.exe
NKFMSignal ObjLock
K::MutexCreate $LOCK owner ekern.exe visible=0 order=48
DMutex::Create owner ekern.exe, name $LOCK, visible=0, order=48
SetOwner Local-c808f930 (ekern.exe)
NKFMWait ObjLock
NKFMSignal ObjLock
SetName ekern.exe::Local-c808f930 ($LOCK)
NKFMWait ObjLock
Name is now $LOCK
NKFMSignal ObjLock
NKFMWait SysLock
NKFMSignal SysLock
<TThreadWaitList::Up l=00000000 r=0
NKFMWait ObjLock
NKFMSignal ObjLock
K::MutexCreate returns 0 c808f930
Lock mutex created, 0
<DMemModelProcess::DoCreate 0
Process attributes 80000000
NKFMWait SysLock
NKFMSignal SysLock
NKern::ThreadEnterCS ekern.exe::Null
NKFMWait SysLock
NKFMSignal SysLock
NKern::ThreadLeaveCS ekern.exe::Null
DObject::Close 2 ekern.exe::Null
M::NewCodeSeg
DCodeSeg::Create c808f9c0 file z:\sys\bin\ekern.exe ver 000a0000 process
ekern.e
xe
attach proc=NULL exe code seg=c808f9c0
CodeSeg @c808f9c0 Added By Name
NKFMWait SysLock
NKFMSignal SysLock
CodeSeg @c808f9c0 Added By Address 80003000
DCodeSeg::CheckedOpen 1 z:\sys\bin\ekern.exe Ver 10.0
Created initial process, 0
AddThread ekern.exe::Null to ekern.exe
MmuBase::Init2
DRamAllocator::Create
#banks from bootstrap=2
Total size=0fde0000
Total size=0fde0000, total pages=0000fde0
PA base=80000000, PA top=8fffffff
iNumZones=2
Coalesced bank: 80000000-81000000
Coalesced bank: 81220000-90000000
#Coalesced banks: 2
NKFMWait SysLock
If you feed the crash dump into printsym.pl with the rom symbol file, you,
get just 2 resolved addresses:
MODE_USR:
[snip]
R12=00dedbdb R13=00000000 R14=00000000 R15=8000b12c
= 00dedbdb ....
= 00000000 ....
= 00000000 ....
= 8000b12c ,... memset (EXPORTED)
cmem_.o(.emb_text) + 0xc8
[snip]
MODE_SVC:
???
R13=c808eb80 R14=8007b1c8 SPSR=00000000
= c808eb80 ....
= 8007b1c8 .... RHybridHeap::Free(void*) (EXPORTED)
heap_hybrid.o(.text) + 0x130
= 00000000 ....
MODE_ABT:
???
R13=c003fc00 R14=8000b12c SPSR=20000113
= c003fc00 ....
= 8000b12c ,... memset (EXPORTED)
cmem_.o(.emb_text) + 0xc8
= 20000113 ...
This suggests we have an aborting call to memset() from a call to
RHybridHeap::Free() at the end of the call stack, and if we check out the
source of RHybridHeap::Free() in
FCL<http://developer.symbian.org/xref/oss/xref/FCL>
/sf <http://developer.symbian.org/xref/oss/xref/FCL/sf>/os<http://developer.symbian.org/xref/oss/xref/FCL/sf/os>
/kernelhwsrv<http://developer.symbian.org/xref/oss/xref/FCL/sf/os/kernelhwsrv>
/kernel<http://developer.symbian.org/xref/oss/xref/FCL/sf/os/kernelhwsrv/kernel>
/eka<http://developer.symbian.org/xref/oss/xref/FCL/sf/os/kernelhwsrv/kernel/eka>
/common<http://developer.symbian.org/xref/oss/xref/FCL/sf/os/kernelhwsrv/kernel/eka/common>
/heap_hybrid.cpp,<http://developer.symbian.org/xref/oss/xref/FCL/sf/os/kernelhwsrv/kernel/eka/common/heap_hybrid.cpp>we
see that it calls memset() directly through the macro __ZAP_CELL().
So there's an air of heap corruption about this.
That's as far as I've got.
It would be good if somebody could post a complete HowTo for getting GDB
attached to the rom boot - though from what I can gather at *
http://developer.symbian.org/wiki/Wild_ducks_project/Ingredients*, you seem
to need an add-on board for this.
--
Mike Kinghan,
Test Lead, Symbian
+44(0)776 5222 793
Some facts about Symbian that we are legally obliged to tell you:
Symbian Foundation Limited is a Company Limited by Guarantee and not having Share Capital
We're registered in England and Wales - Companies House knows us by the number 6683783
Our address is 1 Boundary Row, Southwark, London SE1 8HP.
We build Beagle ROMs from difference branches for RVCT and GCCE. For GCCE
you take the GCC_SURGE branches of kernelhwsrv and beagleboard (as well as a
GCC-built baseline).
If we're ever to promote GCCE to be the reccommended compiler we need to be
able to unify the codelines, and to merge to codelines we have to show that
we can build working ROMS with RVCT from the GCC_SURGE branches.
You can pretty easily build a Beagle tshell rom from the GCC_SURGE code, but
it crashes on boot. I want to explain how you build such a ROM so others can
do it and get debugging the rom crash. And I've got a bit of debugging
evidence on the crash.
*=== To build a Beagle tshell rom with RVCT 4 from the GCC_SURGE code ===
*You have to do this build on Windows because there's no free Linux version
of RVCT 4. I assume you've got PDT 1.7 installed.*
*
* Clone FCL/sf/adapt/beagleboard/ with the --noupdate flag into
EPOCROOT/sf/adapt/beagleboard and then update to the GCC_SURGE branch.
* Clone FCL/sf/os/kernelhwsrv/ with the --noupdate flag into
EPOCROOT/sf/os/kernelhwsrv and then update to the GCC_SURGE branch.
* Clone FCL/interim/linux_build into EPOCROOT/linux_build (you only need
this to copy out a couple files).
* Get your PDK 3.0.4 baseline and populate your epoc32 tree as usual.
* Copy EPOCROOT/linux_build/sbsv1/sbsv1/buildsystem/extension/base/
bootstrap.mk -> EPOCROOT/epoc32/tools/makefile_templates/base/bootstrap.mk
* Copy EPOCROOT/linux_build/sbsv1/sbsv1/buildsystem/extension/base/config.mk->
EPOCROOT/epoc32/tools/makefile_templates/base/
config.mk
* Copy EPOCROOT/linux_build/linux_build/imgtools/romtools/rombuild/
romnibus.pl -> EPOCROOT/epoc32/rom/tools/romnibus.pl
* Build kernelhwsrv, e.g:
set EPOCROOT=D:\symbian\beagle\
set SBS_HOME=D:\Symbian_Tools\PDT_1.7\Raptor
set RVCT22BIN=unused
set RVCT22INC=unused
set RVCT22LIB=unused
set RVCT40BIN=D:\apps\RVCT_Symbian\bin
set RVCT40INC=D:\apps\RVCT_Symbian\include
set RVCT40LIB=D:\apps\RVCT_Symbian\lib
set LM_LICENSE_FILE=D:\apps\RVCT_Symbian\licenses\license.dat
cd %EPOCROOT%sf\os\kernelhwsrv
%SBS_HOME%\bin\sbs -c armv5_udeb.rvct4_0 -s package_definition.xml
* Buld Beagleboard, e.g:
set EPOCROOT=D:\symbian\beagle\
set SBS_HOME=D:\Symbian_Tools\PDT_1.7\Raptor
set RVCT22BIN=unused
set RVCT22INC=unused
set RVCT22LIB=unused
set RVCT40BIN=D:\apps\RVCT_Symbian\bin
set RVCT40INC=D:\apps\RVCT_Symbian\include
set RVCT40LIB=D:\apps\RVCT_Symbian\lib
set LM_LICENSE_FILE=D:\apps\RVCT_Symbian\licenses\license.dat
cd %EPOCROOT%sf\adapt\beagleboard
%SBS_HOME%\bin\sbs -c armv5_udeb.rvct4_0 -s package_definition.xml %1
Then the rom image is:
EPOCROOT\epoc32\rom\beagle_tshell_ARMV5_udeb.img
and the rom symbol file is:
EPOCROOT\epoc32\rom\beagle\beagle_tshell_ARMV5_udeb.symbol
*=== End of rom build ===
*When you boot this rom it will immediately crash like this:
MODE_USR:
R0=c80c0000 R1=dededec6 R2=1c1c1c1c R3=1c1c1c1c
R4=1c1c1c1c R5=1c1c1c1c R6=1c1c1c1c R7=1c1c1c1c
R8=1c1c1c1c R9=1c1c1c1c R10=c808fc80 R11=c808fc60
R12=00dedbdb R13=00000000 R14=00000000 R15=8000b12c
CPSR=20000113
MODE_FIQ:
R8=05600f01 R9=ffffffff R10=00000004 R11=00000002
R12=81001bcc R13=c003c000 R14=81000960 SPSR=00000000
MODE_IRQ:
R13=c003a000 R14=00000000 SPSR=00000000
MODE_SVC:
R13=c808eb80 R14=8007b1c8 SPSR=00000000
MODE_ABT:
R13=c003fc00 R14=8000b12c SPSR=20000113
MODE_UND:
R13=c003e000 R14=4020ffcc SPSR=00000000
TEEHBR=00000000 CPACR=00f00000
SCTLR=30c5387f ACTLR=00000072 PRRR=000a00a4 NMRR=00400040
DACR=00000001 TTBR0=80000018 TTBR1=80000018 TTBCR=00000001
VBAR=00014000 FCSEID=00000000 CTXIDR=00000000
Thread ID RWRW=00000000 RWRO=00000000 RWNO=00000000
DFSR=00000807 DFAR=c80c0000 IFSR=00000000 IFAR=00000000
ADFSR=00000000 AIFSR=00000000
FPEXC 0000000a
ExcCode 00000001
FAULT: Exception 0x10000000 (268435456)
This is a data fault on address c80c0000 (DFAR).
If you build it with full kernel tracing, the output right tup to the crash
is:
## Starting application at 0x81000000 ...
Initialise returned c8002118
Variant installed
Found ROM root dir index 0 addr 800025d8
K::InitialiseMicrokernel()
MM::Init1()
K::MaxMemCopyInOneGo=0x200
MM::MaxPagesInOneGo=32
Cache::Init1
CTR:80048004
CLR:a000023
type:3
I-CACHE L1:2007e01a, numsets:40h, assoc:4h, lineLog2:6h, size=4000h
D-CACHE L1:e007e01a, numsets:40h, assoc:4h, lineLog2:6h, size=4000h
type:4
U-CACHE L2:f03fe03a, numsets:200h, assoc:8h, lineLog2:6h, size=40000h
Instr Cache:
LineLength 0040 LineLenLog2 06
PurgeThreshold 0800 CleanThreshold 0800 FlushThreshold 0800
Data PoU Cache:
LineLength 0040 LineLenLog2 06
PurgeThreshold 0400 CleanThreshold 0300 FlushThreshold 0300
Data PoC Cache:
LineLength 0040 LineLenLog2 06
PurgeThreshold 2200 CleanThreshold 1980 FlushThreshold 1980
ArmMmu::Init1
CacheTypeRegister = 80048004
CacheTypeRegister = 80048004
CacheLevelIDRegister = 0a000023
L1DCache = 0x40,0x4,6 colourCount=1
L1ICache = 0x40,0x4,6 colourCount=1
L1ICache is VIPT
iAliasSize=0x2000
LPD size 00002000 GPD size 00004000 Alias size 00002000
ULB 00400000 ULE 38100000 USB 40000000 USE 70200000
DDB 38100000 UCB 70200000
Mmu::Init1
MmuBase::Init1
A::Init1()
Beagle::Init1()
Omap3530Assp::Init1()
Omap3530Interrupt::Init1()
Omap3530Interrupt::DisableAndClearAll 0 c620008c 1 c62000ac 2 c62000cc
Omap3530Interrupt::DisableAndClearAll INTCPS_SIR_IRQ ffffff80 at c6200000
Omap3530Interrupt::DisableAndClearAll OUT
Omap3530Interrupt::Init1() OUT
Omap3530Assp::Init1() OUT
Omap3530Assp::StartupReason
CPU page value 09080001
NTimerQ::Init1 - period 1000 us
MT:P 1000
kern_heap_addr c808f000, kern_stack_addr c808e000
HeapSizeMin 00031000
Created kernel fixed heap at c808f000, size 00031000
GetNewThread size=04bc
Get initial thread, 0
Done NKern::Init
DThread::Create Null owner Local-c808f248 size 030
SetOwner Local-c808f410 (Local-c808f248)
NKFMWait ObjLock
NKFMSignal ObjLock
Owner set
SetName Local-c808f248::Local-c808f410 (Null)
NKFMWait ObjLock
Name is now Null
NKFMSignal ObjLock
Name set, 0
Thread Local-c808f248::Null DoCreate: Function c808ed88 Ptr 300936ac
type 0, sup stack=c808e000, sup stack size=1000
user stack=00000000 size 0, init priority=808464440
NKFMWait SysLock
NKFMSignal SysLock
DThread::DoCreate(c808f410) claimed sync message at 00000000
NKFMWait SysLock
TThreadWaitList::Up W=0 T=0 L=0 l=00000000
<TThreadWaitList::Up W=0 T=1 L=0 l=00000000NKFMSignal SysLock
<TThreadWaitList::Up l=00000000 r=0
Created initial thread, 0
DProcess::Create
SetName Local-c808f248 (ekern.exe)
NKFMWait ObjLock
Name is now ekern.exe
NKFMSignal ObjLock
K::MutexCreate $LOCK owner ekern.exe visible=0 order=48
DMutex::Create owner ekern.exe, name $LOCK, visible=0, order=48
SetOwner Local-c808f930 (ekern.exe)
NKFMWait ObjLock
NKFMSignal ObjLock
SetName ekern.exe::Local-c808f930 ($LOCK)
NKFMWait ObjLock
Name is now $LOCK
NKFMSignal ObjLock
NKFMWait SysLock
TThreadWaitList::Up W=0 T=1 L=0 l=00000000
<TThreadWaitList::Up W=1 T=1 L=0 l=00000000NKFMSignal SysLock
<TThreadWaitList::Up l=00000000 r=0
NKFMWait ObjLock
NKFMSignal ObjLock
K::MutexCreate returns 0 c808f930
Lock mutex created, 0
DMemModelProcess::DoCreate ekern.exe
OS ASID=0, LPD=00000000, GPD=00000000, ASID info=c808f249<DMemModelProcess::DoCreate 0
Process attributes 80000000
NKFMWait SysLock
NKFMSignal SysLock
NKern::ThreadEnterCS ekern.exe::Null
NKFMWait SysLock
NKFMSignal SysLock
NKern::ThreadLeaveCS ekern.exe::Null
DObject::Close 2 ekern.exe::Null
M::NewCodeSeg
DCodeSeg::Create c808f9c0 file z:\sys\bin\ekern.exe ver 000a0000 process
ekern.e
xe
DEpocCodeSeg::DoCreate code_addr=80002f88
ROM Code Seg: mark 05000024 attr=10000009attach proc=NULL exe code seg=c808f9c0
CodeSeg @c808f9c0 Added By Name
NKFMWait SysLock
NKFMSignal SysLock
CodeSeg @c808f9c0 Added By Address 80003000
DCodeSeg::CheckedOpen 1 z:\sys\bin\ekern.exe Ver 10.0
Created initial process, 0
AddThread ekern.exe::Null to ekern.exe
MmuBase::Init2
DRamAllocator::Create
#banks from bootstrap=2
Total size=0fde0000
Total size=0fde0000, total pages=0000fde0
PA base=80000000, PA top=8fffffff
iNumZones=2
Coalesced bank: 80000000-81000000
Coalesced bank: 81220000-90000000
#Coalesced banks: 2
NKFMWait SysLock
If you feed the crash dump into printsym.pl with the rom symbol file, you,
get just 2 resolved addresses:
MODE_USR:
[snip]
R12=00dedbdb R13=00000000 R14=00000000 R15=8000b12c
= 00dedbdb ....
= 00000000 ....
= 00000000 ....
= 8000b12c ,... memset (EXPORTED)
cmem_.o(.emb_text) + 0xc8
[snip]
MODE_SVC:
???
R13=c808eb80 R14=8007b1c8 SPSR=00000000
= c808eb80 ....
= 8007b1c8 .... RHybridHeap::Free(void*) (EXPORTED)
heap_hybrid.o(.text) + 0x130
= 00000000 ....
MODE_ABT:
???
R13=c003fc00 R14=8000b12c SPSR=20000113
= c003fc00 ....
= 8000b12c ,... memset (EXPORTED)
cmem_.o(.emb_text) + 0xc8
= 20000113 ...
This suggests we have an aborting call to memset() from a call to
RHybridHeap::Free() at the end of the call stack, and if we check out the
source of RHybridHeap::Free() in
FCL<http://developer.symbian.org/xref/oss/xref/FCL>
/sf <http://developer.symbian.org/xref/oss/xref/FCL/sf>/os<http://developer.symbian.org/xref/oss/xref/FCL/sf/os>
/kernelhwsrv<http://developer.symbian.org/xref/oss/xref/FCL/sf/os/kernelhwsrv>
/kernel<http://developer.symbian.org/xref/oss/xref/FCL/sf/os/kernelhwsrv/kernel>
/eka<http://developer.symbian.org/xref/oss/xref/FCL/sf/os/kernelhwsrv/kernel/eka>
/common<http://developer.symbian.org/xref/oss/xref/FCL/sf/os/kernelhwsrv/kernel/eka/common>
/heap_hybrid.cpp,<http://developer.symbian.org/xref/oss/xref/FCL/sf/os/kernelhwsrv/kernel/eka/common/heap_hybrid.cpp>we
see that it calls memset() directly through the macro __ZAP_CELL().
So there's an air of heap corruption about this.
That's as far as I've got.
It would be good if somebody could post a complete HowTo for getting GDB
attached to the rom boot - though from what I can gather at *
http://developer.symbian.org/wiki/Wild_ducks_project/Ingredients*, you seem
to need an add-on board for this.
--
Mike Kinghan,
Test Lead, Symbian
+44(0)776 5222 793
Some facts about Symbian that we are legally obliged to tell you:
Symbian Foundation Limited is a Company Limited by Guarantee and not having Share Capital
We're registered in England and Wales - Companies House knows us by the number 6683783
Our address is 1 Boundary Row, Southwark, London SE1 8HP.