author | fturovic <frank.turovich@nokia.com> |
Thu, 18 Feb 2010 15:11:20 -0600 | |
branch | RCL_2_4 |
changeset 990 | 5d016a880824 |
parent 0 | fb279309251b |
permissions | -rw-r--r-- |
990
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
1 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
2 |
"http://www.w3.org/TR/html4/loose.dtd"> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
3 |
<html><head> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
4 |
<title>Walking through the Call Stack</title> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
5 |
<link href="sysdoc-eclipse.css" type="text/css" rel="stylesheet" > |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
6 |
<link href="sysdoc-eclipse.css" type="text/css" rel="stylesheet" > |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
7 |
<link href="../../book.css" type="text/css" rel="stylesheet" > |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
8 |
<div class="Head1"> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
9 |
<h2>Walking through the Call Stack</h2> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
10 |
</div> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
11 |
<div> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
12 |
<p>The heuristic method is quick but produces lots of false positives. |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
13 |
Another option is to manually reconstitute the call stack from the memory dump. |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
14 |
This is relatively easy for debug builds because GCC uses R11 as a frame |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
15 |
pointer (FP) and generates the same prologue/epilogue for every |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
16 |
function.</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
17 |
<p>For release builds, there is no generic solution. It is necessary |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
18 |
to check the generated assembler code as there is no standard prologue/epilogue |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
19 |
and R11 is not used as frame pointer.</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
20 |
<p>A typical prologue for a debug ARM function looks like this:</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
21 |
<p class="CodeBlock">mov ip, sp<br>stmfd sp!, {fp, ip, lr, pc}<br>sub fp, ip, #4 /* FP now points to base of stack frame */<br>sub sp, sp, #16 /* space for local variables */</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
22 |
<p>noting that: SP = R13, FP = R11, IP |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
23 |
= R12, LR = R14, and PC = R15.</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
24 |
<p>This code creates the following stack frame:</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
25 |
<div class="Figure"> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
26 |
<p class="Image"><a name=""><img src="CrashDebuggerStackFrame-01.gif" alt="" border="0"></a></p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
27 |
</div> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
28 |
<p>Looking at the example session listed in when |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
29 |
<a href="CrashDebuggerCallStack.guide.html" title="Examining the call stack / Tracing through the stack heuristically">tracing through the stack heuristically</a>. in which the crash is due to a panic, the FP value is the |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
30 |
R11 value; this is 0x6571de70. This gives us the innermost stack |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
31 |
frame:</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
32 |
<p class="CodeBlock">6571de64: e8 de 71 65 <------------- pointer to previous stack frame <br> 74 de 71 65 <br> 74 fb 16 f8 <------------- Saved return address <br> 88 28 03 f8 <------------- FP points to this word</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
33 |
<p>Looking up the saved return address, 0xf816fb74, in |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
34 |
the symbol file shows that the current function was called from |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
35 |
DDmaChannel::DoCreate().</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
36 |
<p class="CodeBlock">f816fb50 0198 DDmaTestChannel::DoCreate(int, TDesC8 const *, TVersion const &)<br>f816fce8 007c DDmaTestChannel::~DDmaTestChannel(void)<br>f816fd64 0294 DDmaTestChannel::Request(int, void *, void *)</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
37 |
<p>Using the pointer to the previous stack frame saved into the |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
38 |
current frame, we can decode the next frame:</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
39 |
<p class="CodeBlock">6571ded4: 1c c4 03 64 <br> f8 02 00 64 <br> 10 df 71 65 <------------- pointer to previous stack frame <br> ec de 71 65 <br><br>6571dee4: 84 da 01 f8 <------------- saved return address <br> 5c fb 16 f8 <------------- start of second stack frame <br> 00 4e 40 00 <br> 00 00 00 00 </p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
40 |
<p>Looking up the saved return address, 0xf801da84, in |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
41 |
the symbol file shows that DDmaTestChannel::DoCreate() was called |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
42 |
from DLogicalDevice::ChannelCreate().</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
43 |
<p class="CodeBlock">f801d9b4 00f8 DLogicalDevice::ChannelCreate(DLogicalChannelBase *&, TChannelCreateInfo &)<br>f801daac 01b8 ExecHandler::ChannelCreate(TDesC8 const &, TChannelCreateInfo &, int)<br>f801dc64 00e4 ExecHandler::ChannelRequest(DLogicalChannelBase *, int, void *, void *)</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
44 |
<p>And here is the third stack frame:</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
45 |
<p class="CodeBlock">6571df04: d4 df 71 65 <------------- pointer to previous stack frame <br> 14 df 71 65 <br> e0 db 01 f8 <------------- saved return address <br> c0 d9 01 f8 <------------- start of third stack frame </p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
46 |
<p>So DLogicalDevice::ChannelCreate() was called from |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
47 |
ExecHandler::ChannelCreate().</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
48 |
<p>Note that this mechanical way of walking the stack is valid only |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
49 |
for debug functions. For release functions, it is necessary to study the code |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
50 |
generated by the compiler.</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
51 |
<p>For completness, this is a typical prologue for a debug THUMB |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
52 |
function:</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
53 |
<p class="CodeBlock">push { r7, lr }<br>sub sp, #28<br>add r7, sp, #12 /* R7 is THUMB frame pointer */</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
54 |
<p>and this creates the following stack frame:</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
55 |
<div class="Figure"> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
56 |
<p class="Image"><a name=""><img src="CrashDebuggerStackFrame-02.gif" alt="" border="0"></a></p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
57 |
</div> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
58 |
<p>A call stack can mix ARM and THUMB frames. Odd return addresses are |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
59 |
used for THUMB code and even ones for ARM code.</p> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
60 |
|
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
61 |
</div> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
62 |
<h5>Related tasks</h5> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
63 |
<ul> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
64 |
<li><a href="CrashDebuggerCallStack.guide02.html">General Points</a></li> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
65 |
<li><a href="CrashDebuggerCallStack.guide03.html">Finding the Stack</a></li> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
66 |
<li><a href="CrashDebuggerCallStack.guide04.html">Tracing through the Call Stack Heuristically</a></li> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
67 |
</ul> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
68 |
<div id="footer">Copyright © 2010 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. <br>License: <a href="http://www.eclipse.org/legal/epl-v10.html">http://www.eclipse.org/legal/epl-v10.html</a></div> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
69 |
</body> |
5d016a880824
revised some text and copyright date
fturovic <frank.turovich@nokia.com>
parents:
0
diff
changeset
|
70 |
</html> |
0
fb279309251b
DP tools release version Revision: 200912
Deepak Modgil <Deepak.Modgil@Nokia.com>
parents:
diff
changeset
|
71 |