Skip to content

Instantly share code, notes, and snippets.

@stffrdhrn

stffrdhrn/or1ksim-busted.md

Created July 19, 2023 21:36
Show Gist options
  • Save stffrdhrn/acda47a6628e3971e84f7a4fe80f006f to your computer and use it in GitHub Desktop.
Save stffrdhrn/acda47a6628e3971e84f7a4fe80f006f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
or1ksim-busted.md

Cannot even run a hello world newlib elf binary!

Last instructions before failing

...
S 000063b4: d6519dd4 l.sw    -27180(r17),r19 [000095d4] = 00008800  flag: 1
S 000063b8: 1a200001 l.movhi r17,0x1         r17        = 00010000  flag: 1
S 000063bc: d6519dd0 l.sw    -27184(r17),r19 [000095d0] = 00008800  flag: 1
S 000063c0: 85c10000 l.lwz   r14,0x0(r1)     r14        = 00000000  flag: 1
S 000063c4: 86010004 l.lwz   r16,0x4(r1)     r16        = 00000000  flag: 1
S 000063c8: 86410008 l.lwz   r18,0x8(r1)     r18        = 00000000  flag: 1
S 000063cc: 8681000c l.lwz   r20,0xc(r1)     r20        = 00000000  flag: 1
S 000063d0: 86c10010 l.lwz   r22,0x10(r1)    r22        = 00000000  flag: 1
S 000063d4: 87010014 l.lwz   r24,0x14(r1)    r24        = 00000000  flag: 1
S 000063d8: 87410018 l.lwz   r26,0x18(r1)    r26        = 00000000  flag: 1
S 000063dc: 8781001c l.lwz   r28,0x1c(r1)    r28        = 00000000  flag: 1
S 000063e0: 87c10020 l.lwz   r30,0x20(r1)    r30        = 00000000  flag: 1
S 000063e4: 85210024 l.lwz   r9,0x24(r1)     r9         = 000020bc  flag: 1
S 000063e8: 44004800 l.jr    r9                                     flag: 1
S 000063ec: 9c210028 l.addi  r1,r1,0x28      r1         = 007fe000  flag: 1
S 000020bc: 040000a9 l.jal   0xa9                                   flag: 1
S 000020c0: 15000000 l.nop   0                                      flag: 1
S 00002360: 9c21fff0 l.addi  r1,r1,-16       r1         = 007fdff0  flag: 1
S 00002364: d4018000 l.sw    0x0(r1),r16     [007fdff0] = 00000000  flag: 1
S 00002368: d401a008 l.sw    0x8(r1),r20     [007fdff8] = 00000000  flag: 1
S 0000236c: 1a000001 l.movhi r16,0x1         r16        = 00010000  flag: 1
S 00002370: 1a800001 l.movhi r20,0x1         r20        = 00010000  flag: 1
S 00002374: 9e1087e8 l.addi  r16,r16,-30744  r16        = 000087e8  flag: 1
S 00002378: 9e9487e8 l.addi  r20,r20,-30744  r20        = 000087e8  flag: 1
S 0000237c: aa200002 l.ori   r17,r0,0x2      r17        = 00000002  flag: 1
S 00002380: e2948002 l.sub   r20,r20,r16     r20        = 00000000  flag: 1
S 00002384: e2948888 l.sra   r20,r20,r17     r20        = 00000000  flag: 1
S 00002388: 1a200000 l.movhi r17,0           r17        = 00000000  flag: 1
S 0000238c: d4019004 l.sw    0x4(r1),r18     [007fdff4] = 00000000  flag: 1
S 00002390: e4148800 l.sfeq  r20,r17                                flag: 1
S 00002394: 10000009 l.bf    0x9                                    flag: 1
S 00002398: d401480c l.sw    0xc(r1),r9      [007fdffc] = 000020c4  flag: 1
S 000023b8: 1a000001 l.movhi r16,0x1         r16        = 00010000  flag: 1
S 000023bc: 1a800001 l.movhi r20,0x1         r20        = 00010000  flag: 1
S 000023c0: 9e1087e8 l.addi  r16,r16,-30744  r16        = 000087e8  flag: 1
S 000023c4: 9e9487ec l.addi  r20,r20,-30740  r20        = 000087ec  flag: 1
S 000023c8: aa200002 l.ori   r17,r0,0x2      r17        = 00000002  flag: 1
S 000023cc: e2948002 l.sub   r20,r20,r16     r20        = 00000004  flag: 1
S 000023d0: e2948888 l.sra   r20,r20,r17     r20        = 00000001  flag: 1
S 000023d4: 1a200000 l.movhi r17,0           r17        = 00000000  flag: 1
S 000023d8: e4148800 l.sfeq  r20,r17                                flag: 0
S 000023dc: 10000008 l.bf    0x8                                    flag: 0
S 000023e0: 1a400000 l.movhi r18,0           r18        = 00000000  flag: 0
S 000023e4: 86300000 l.lwz   r17,0x0(r16)    r17        = 00000000  flag: 0
S 000023e8: 48008800 l.jalr  r17                                    flag: 0
S 000023ec: 9e520001 l.addi  r18,r18,0x1     r18        = 00000001  flag: 0
Instruction address translation failed: no trace available
S 00000004: 00000000 l.j     0x0                                    flag: 0
Instruction address translation failed: no trace available
S 00000004: 00000000 l.j     0x0                                    flag: 0
Instruction address translation failed: no trace available
S 00000004: 00000000 l.j     0x0                                    flag: 0

Regs:

INTERNAL SIMULATOR ERROR:
no translation for currently executed instruction
 (executed) [cycle 440900001, #440899279]
00000004:                00000000  l.j 0x0 (next insn) (delay insn)
GPR00: 00000000  GPR01: 007fdff0  GPR02: 007fe000  GPR03: 0000903c  
GPR04: 00000000  GPR05: 00000424  GPR06: 00000000  GPR07: 00000000  
GPR08: 00000000  GPR09: 000023f0  GPR10: 00000000  GPR11: 0000903c  
GPR12: 00000000  GPR13: 00000000  GPR14: 00000000  GPR15: 00000000  
GPR16: 000087e8  GPR17: 00000000  GPR18: 00000001  GPR19: 00008800  
GPR20: 00000001  GPR21: 000093f8  GPR22: 00000000  GPR23: 00009390  
GPR24: 00000000  GPR25: 00009328  GPR26: 00000000  GPR27: 00000000  
GPR28: 00000000  GPR29: 00000000  GPR30: 00000000  GPR31: 00000000  flag: 0

Dump of code around error:

1122     23b0:       13 ff ff fc     l.bf 23a0 <__libc_init_array+0x40>
1123     23b4:       9e 10 00 04     l.addi r16,r16,4
1124     23b8:       1a 00 00 01     l.movhi r16,0x1
1125     23bc:       1a 80 00 01     l.movhi r20,0x1
1126     23c0:       9e 10 87 e8     l.addi r16,r16,-30744
1127     23c4:       9e 94 87 ec     l.addi r20,r20,-30740
1128     23c8:       aa 20 00 02     l.ori r17,r0,0x2
1129     23cc:       e2 94 80 02     l.sub r20,r20,r16
1130     23d0:       e2 94 88 88     l.sra r20,r20,r17
1131     23d4:       1a 20 00 00     l.movhi r17,0x0
1132     23d8:       e4 14 88 00     l.sfeq r20,r17
1133     23dc:       10 00 00 08     l.bf 23fc <__libc_init_array+0x9c>
1134     23e0:       1a 40 00 00     l.movhi r18,0x0
1135     23e4:       86 30 00 00     l.lwz r17,0(r16)
1136     23e8:       48 00 88 00     l.jalr r17                <--- jumps to null!
1137     23ec:       9e 52 00 01     l.addi r18,r18,1
1138     23f0:       e4 34 90 00     l.sfne r20,r18
1139     23f4:       13 ff ff fc     l.bf 23e4 <__libc_init_array+0x84>
1140     23f8:       9e 10 00 04     l.addi r16,r16,4
1141     23fc:       86 01 00 00     l.lwz r16,0(r1)
1142     2400:       86 41 00 04     l.lwz r18,4(r1)
1143     2404:       86 81 00 08     l.lwz r20,8(r1)
1144     2408:       85 21 00 0c     l.lwz r9,12(r1)
1145     240c:       44 00 48 00     l.jr r9
1146     2410:       9c 21 00 10     l.addi r1,r1,16

Function C:

/* Iterate over all the init routines.  */
void
__libc_init_array (void)
{
  size_t count;
  size_t i;

  count = __preinit_array_end - __preinit_array_start;
  for (i = 0; i < count; i++)
    __preinit_array_start[i] ();

  _init ();

  count = __init_array_end - __init_array_start;
  for (i = 0; i < count; i++)
    __init_array_start[i] ();
}
@stffrdhrn
Copy link
Author

Init array elements:

< shorne@antec ~/work/openrisc/build-or1ksim > or1k-elf-readelf -s ../hello.elf  | grep init_array
     5: 000087e8     0 SECTION LOCAL  DEFAULT    5 .init_array
    79: 000087ec     0 NOTYPE  LOCAL  DEFAULT    5 __init_array_end
    80: 000087e8     0 NOTYPE  LOCAL  DEFAULT    5 __preinit_array_end
    81: 000087e8     0 NOTYPE  LOCAL  DEFAULT    5 __init_array_start
    82: 000087e8     0 NOTYPE  LOCAL  DEFAULT    5 __preinit_array_start
   136: 00002360   180 FUNC    GLOBAL DEFAULT    2 __libc_init_array

Should not be null!

< shorne@antec ~/work/openrisc/build-or1ksim > or1k-elf-readelf -x .init_array ../hello.elf  

Hex dump of section '.init_array':
  0x000087e8 00002220                            .."

Should go to 2220:

1011 00002220 <frame_dummy>:
1012     2220:       1a 20 00 00     l.movhi r17,0x0
1013     2224:       9e 31 00 00     l.addi r17,r17,0
1014     2228:       1a 60 00 00     l.movhi r19,0x0

@stffrdhrn
Copy link
Author

According to above when reading address 0x000087e8 of section .init_array nothing was there.

From Elf section loading logs, we cannot see that section being loaded

loadcode: filename ../hello.elf  startaddr=00000000  virtphy_transl=00000000
Not COFF file format
ELF type: 0x0002
ELF machine: 0x005c
ELF version: 0x00000001
ELF sec = 21
Section: .vectors, vaddr: 0x00000000, paddr: 0x0 offset: 0x00002000, size: 0x00002000
Section: .text, vaddr: 0x00002000, paddr: 0x2000 offset: 0x00004000, size: 0x000047d4
Section: .rodata, vaddr: 0x000067d4, paddr: 0x67d4 offset: 0x000087d4, size: 0x0000000e
Section: .eh_frame, vaddr: 0x000087e4, paddr: 0x87e4 offset: 0x000087e4, size: 0x00000004
Section: .fini_array, vaddr: 0x000087ec, paddr: 0x87ec offset: 0x000087ec, size: 0x00000004
Section: .data, vaddr: 0x000087f0, paddr: 0x87f0 offset: 0x000087f0, size: 0x00000c70
WARNING: sim_init: Debug module not enabled, cannot start remote service to GDB

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment