http://bugs.winehq.org/show_bug.cgi?id=31308
Bug #: 31308 Summary: Remote Tools for Visual Studio 2012 RC for Windows on ARM (WoA) crashes due to invalid user TLS register value access Product: Wine Version: 1.5.9 Platform: arm OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net Classification: Unclassified
Hello,
for André, some toy to play with ;-)
"Remote Tools for Visual Studio 2012 RC" for Windows on ARM (WoA) can be downloaded here:
http://www.microsoft.com/visualstudio/11/en-us/downloads#remote-tools
It crashes on my quad Cortex-A9 based i.mx6 Sabre with Ubuntu Linux 12.04
--- snip --- Unhandled exception: page fault on read access to 0xc2083992 in 32-bit code (0x00419d44). Register dump: Thumb User Mode Pc:419d44 Sp:4134f720 Lr:418ed1 Cpsr:200f0030(--C-) r0:0208 r1:0001 r2:4134f7c8 r3:0208 r4:c208398a r5:4134f7c8 r6:0000 r7:4134f728 r8:dddd r9:04e4 r10:0100 Fp:4134f758 Ip:4134f518 Stack dump: 0x4134f720: 00000000 00000000 4134f7c8 00000100 0x4134f730: 00000001 8161b1cd 4134f748 00000100 0x4134f740: 4134f7c8 00000001 4134fd38 00446530 0x4134f750: 000004e4 4006e000 4134f790 00418f91 0x4134f760: 4134fac8 000004e4 00000000 00000000 0x4134f770: 00446998 00446308 42164138 40a72801 Backtrace: =>0 0x00419d44 in rtools_setup_arm (+0x19d44) (0x4134f758) 1 0x00418ed1 in rtools_setup_arm (+0x18ed0) (0x4134f758) 0x00419d44: ldr r4, [r4, #8] Modules: Module Address Debug info Name (77 modules) ELF 8000- 12000 Deferred <wine-loader> PE 400000- 454000 Export rtools_setup_arm ELF 40031000-4003f000 Deferred libsm.so.6 ... System information: Wine build: wine-1.5.9-186-g1f6febe Platform: arm Host system: Linux Host version: 3.2.0-1000-linaro-lt-mx6 --- snip ---
WINEDEBUG=+tid,+seh,+relay doesn't reveal much, might be app init/startup code:
--- snip --- $ wine ./rtools_setup_arm.exe ... 0024:Call KERNEL32.GetLastError() ret=00416973 0024:Ret KERNEL32.GetLastError() retval=00000000 ret=00416973 0024:Call KERNEL32.MultiByteToWideChar(000004e4,00000001,4130f7c8 " \x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94"...,00000100,00000000,00000000) ret=00418e95 0024:Ret KERNEL32.MultiByteToWideChar() retval=00000100 ret=00418e95 0024:trace:seh:raise_exception info[0]=00000000 0024:trace:seh:raise_exception info[1]=c2083992 0024:trace:seh:raise_exception Pc:419d44 Sp:4130f720 Lr:418ed1 Cpsr:200f0030 r0:0208 r1:0001 r2:0100 r3:0208 0024:trace:seh:raise_exception r4:c208398a r5:4130f7c8 r6:0000 r7:4130f728 r8:dddd r9:04e4 r10:0100 Fp:4130f758 Ip:4130f518 0024:trace:seh:call_stack_handlers calling handler at 0x403e3900 code=c0000005 flags=0 0024:Call KERNEL32.UnhandledExceptionFilter(4130f574) ret=403e3964 wine: Unhandled page fault on read access to 0xc2083992 at address 0x419d44 (thread 0024), starting debugger... 0024:trace:seh:start_debugger Starting debugger "winedbg --auto 35 68" ... --- snip ---
Winedbg's builtin disassembler isn't really helpful, it's missing various thumb(2) opcodes.
Fortunately there is a free IDA 6.2 demo version for Linux which also supports ARM family for download: http://www.hex-rays.com/products/ida/support/download_demo.shtml
This is an invaluable tool which can be used to improve winedbg's disassembler and investigate other problems on ARM.
The code in question:
--- snip --- ... .text:00419D40 MRC p15, 0, R4,c13,c0, 2 .text:00419D44 LDR R4, [R4,#8] ... --- snip ---
ARM info center CP15 c13 register summary: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0388f/CIHFGFG...
Another resource: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0360f/CACEAIH...
Opcode_2=3 register "TPIDRURO" is actually ARM HW TLS register, used by libc (__get_tls()).
Opcode_2=2 register "TPIDRURW" is "Software Thread ID, User, R/W"
Not sure if this is a "free for use" register or if any user space threading library code actually manages this register. One would have to search eglibc sources for ARM and any userspace libraries mapped into process address space, not part of Wine. The values don't seem very random but they point to invalid (not mapped) memory locations. I couldn't find any MCR opcodes in application code, so it's probably written elsewhere.
This linux kernel patch has a bit of information: http://www.kernelhub.org/?p=2&msg=57979 It got committed to Linux 3.3.5: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5 (search for TPIDRURW). I'm running 3.2.0 so it's obviously not cleared by kernel side on context switch.
Anyway, I fear this will be most likely upstream if the kernel deliberately clears it on every context switch (starting with 3.3.5).
$ du -sh rtools_setup_arm.exe 16M rtools_setup_arm.exe
$ sha1sum rtools_setup_arm.exe 6f75e6dad60b64e1f074884829b63ca00bcdb531 rtools_setup_arm.exe
Regards