[gccsdk] Wesnoth latest crash

alan buckley alan_baa at hotmail.com
Thu Feb 5 05:27:40 PST 2009


I rebuilt wesnoth again just before christmas
and have only just managed to get time to
analyse the latest crash.
 
This occurs in the same place as the last one,
but I believe the details are different so John's
modification did do something.

Details of the crash
 
The version dumped here had been passed through elf2aif.
 
 
Fatal signal received: Segmentation fault
Stack backtrace:
Running thread 0x926544
  (  bbff00) pc:   7eeeec lr:   7ef440 sp:   bbff04  __write_backtrace()
  (  bbffa0) pc:   7eefd4 lr:   7efec0 sp:   bbffa4  __unixlib_raise_signal()
  (  bbffb0) pc:   7efdc4 lr:   537758 sp:   bb0200  __h_cback()
  Register dump at 00bbffb4:
    a1: fffffffc a2: ffffffff a3:   bb2410 a4:        1
    v1:   bb3290 v2:   bb0224 v3:   8fca9c v4:        1
    v5:   903944 v6:   baaf8c sl:   bb01a0 fp:   bb0280
    ip:   bb6fa8 sp:   bb0200 lr:   537758 pc:   7c29b4
    cpsr:       10
  007c29a0 : e_an : 6e615f65 : CDPVS   CP15,6,C5,C1,C5,3
  007c29a4 : d_ad : 64615f64 : STRVSBT R5,[R1],#-3940
  007c29a8 : dEPV : 56504564 : LDRPLB  R4,[R0],-R4,ROR #10
  007c29ac : ii.. : 00006969 : ANDEQ   R6,R0,R9,ROR #18
  007c29b0 : (..ÿ : ff000028 : Undefined instruction
  007c29b4 : . å : e5902000 : LDR     R2,[R0,#0]
  007c29b8 : .0å : e5903000 : LDR     R3,[R0,#0]
  007c29bc : .0Ĉ : e0833001 : ADD     R3,R3,R1
  007c29c0 : .0ی : e5803000 : STR     R3,[R0,#0]
  (  bb0280) pc:   53768c lr:   149ef0 sp:   bb0284  terrain_label::~terrain_label()()
  (  baac7c) pc:   140c64 lr:   7fd5f0 sp:   baac80  (anonymous namespace)::event_handler::handle_event_command((anonymous namespace)::queued_event const&, std::string const&, vconfig, bool&, bool&)()
  (  baacc0) pc:   17d8f0 lr:   17e248 sp:   baacc4  (anonymous namespace)::event_handler::handle_event((anonymous namespace)::queued_event const&, vconfig)()
  (  baaee4) pc:   17da44 lr:   17eaa0 sp:   baaee8  process_event((anonymous namespace)::event_handler&, (anonymous namespace)::queued_event const&)()
  (  bab098) pc:   17e62c lr:   17f084 sp:   bab09c  game_events::pump()()
  (  bab0a8) pc:   17f074 lr:    71118 sp:   bab0ac  game_events::fire(std::string const&, game_events::entity_location const&, game_events::entity_location const&, config const&)()
  (  ba9540) pc:    66ed4 lr:   7fd5f0 sp:   ba9544  attack::attack(game_display&, gamemap const&, std::vector>&, gamemap::location, gamemap::location, int, int, unit_map&, gamestatus const&, game_data const&, bool)()
  (  ba9794) pc:    97c04 lr:    98524 sp:   ba979c  ai_interface::attack_enemy(gamemap::location, gamemap::location, int, int)()
  (  ba97dc) pc:    98498 lr:    a0810 sp:   ba97e0  ai::attack_enemy(gamemap::location const&, gamemap::location const&, int, int)()
  (  ba9914) pc:    a01a8 lr:    a99c0 sp:   ba9918  ai::do_combat(std::map, std::allocator<std::pair>>&, std::multimap, std::allocator<std::pair>> const&, std::multimap, std::allocator<std::pair>> const&, std::multimap, std::allocator<std::pair>> const&, std::multimap, std::allocator<std::pair>> const&)()
  (  ba9af0) pc:    a9414 lr:    a9e20 sp:   ba9af4  ai::do_move()()
  (  ba9ccc) pc:    a9414 lr:    973fc sp:   ba9cd0  ai::do_move()()
  (  ba9e28) pc:    97240 lr:   335178 sp:   ba9e2c  ai::play_turn()()
  (  bbd248) pc:   334ef0 lr:   7fd5f0 sp:   bbd24c  playsingle_controller::play_ai_turn()()
  (  bbd2c0) pc:   335454 lr:   3363b0 sp:   bbd2c4  playsingle_controller::play_side(unsigned int, bool)()
  (  bbd4e0) pc:   33612c lr:   338f68 sp:   bbd4e4  playsingle_controller::play_turn(bool)()
  (  bba574) pc:   338554 lr:   7fd5f0 sp:   bba578  playsingle_controller::play_scenario(std::vector> const&, upload_log&, bool)()
  (  bbaab8) pc:   30d814 lr:   310b18 sp:   bbaabc  playsingle_scenario(game_data const&, config const&, config const*, display&, game_state&, std::vector> const&, upload_log&, bool)()
  (  bbe4e4) pc:   30f05c lr:   7fd5f0 sp:   bbe4e8  play_game(display&, game_state&, config const&, game_data const&, upload_log&, io_type_t, bool)()
  (  bbe6e8) pc:    18d18 lr:    278a4 sp:   bbe6ec  (anonymous namespace)::game_controller::play_game((anonymous namespace)::game_controller::RELOAD_GAME_DATA)()
  (  bbef6c) pc:    25620 lr:    28658 sp:   bbef70  play_game(int, char**)()
  (  bbeff4) pc:    28560 lr:   7fd094 sp:   bbeff8  main()

Thread 0x9549d8
  (  bbfee0) pc:   7e6cc0 lr:   831aac sp:   bbcee0  __pthread_yield_return()
  (  bbceec) pc:   7e6c3c lr:   831aac sp:   bbcef0  pthread_yield()
  (  bbcf40) pc:   831a3c lr:   806b40 sp:   bbcf44  __dspwrite()
  (  bbcf64) pc:   806a60 lr:   67c5b0 sp:   bbcf68  write()
  (  bbcf78) pc:   67c590 lr:   66aba0 sp:   bbcf7c  ^DSP_PlayAudio()
  (  bbcfa4) pc:   66aadc lr:   67296c sp:   bbcfa8  SDL_RunAudio()
  (  bbcfc4) pc:   672930 lr:   67d7ac sp:   bbcfc8  SDL_RunThread()
  (  bbcfd4) pc:   67d7a0 lr:   7e4fcc sp:   bbcfd8  ^RunThread()
  (  bbcfe4) pc:   7e4fb4 lr:        0 sp:   bbcfe8  ^__pthread_create()
 
 
I then looked at the assembly code of the program file in StrongEd.
 
Code around the crash:
 
method the calls the routine that crashes - terrain_label::~terrain_label
 
00537680 : E1A0C00D : .À á : MOV     R12,R13
00537684 : E92DDAF0 : ðÚ-é : STMDB   R13!,{R4-R7,R9,R11,R12,R14,PC}
00537688 : E24CB004 : .°Lâ : SUB     R11,R12,#4
0053768C : E15D000A : ..]á : CMP     R13,R10
00537690 : BB0B175F : _..» : BLLT    &007FD414
00537694 : E59F31B0 : °1Ÿå : LDR     R3,&0053784C
00537698 : E24DD060 : `ÐMâ : SUB     R13,R13,#&60       ; ="`"
0053769C : E59F21AC : ¬!Ÿå : LDR     R2,&00537850
005376A0 : E58D3028 : (0å : STR     R3,[R13,#40]
005376A4 : E59F31A8 : ¨1Ÿå : LDR     R3,&00537854
005376A8 : E58D005C : \.å : STR     R0,[R13,#92]
005376AC : E28D0010 : ..â : ADD     R0,R13,#&10        ; =16
005376B0 : E58D3034 : 40å : STR     R3,[R13,#52]
005376B4 : E58D202C : , å : STR     R2,[R13,#44]
005376B8 : E58DD030 : 0Ѝå : STR     R13,[R13,#48]
005376BC : E58DB038 : 8°å : STR     R11,[R13,#56]
005376C0 : EB0A694C : Li.ë : BL      &007D1BF8
005376C4 : E3A03005 : .0 ã : MOV     R3,#5
005376C8 : E58D3014 : .0å : STR     R3,[R13,#20]
005376CC : E59D005C : \.å : LDR     R0,[R13,#92]
005376D0 : EBFFFB05 : .ûÿë : BL      &005362EC     <-- terrain_label::clear()
005376D4 : E59D205C : \ å : LDR     R2,[R13,#92]
005376D8 : E5920008 : ..’å : LDR     R0,[R2,#8]
005376DC : E59F1174 : t.Ÿå : LDR     R1,&00537858
005376E0 : E240300C : .0@â : SUB     R3,R0,#&0C         ; =12
005376E4 : E1530001 : ..Sá : CMP     R3,R1
005376E8 : E58D304C : L0å : STR     R3,[R13,#76]
005376EC : 1A000009 : .... : BNE     &00537718
005376F0 : E59D205C : \ å : LDR     R2,[R13,#92]
005376F4 : E5920004 : ..’å : LDR     R0,[R2,#4]
005376F8 : E59F1158 : X.Ÿå : LDR     R1,&00537858
005376FC : E240300C : .0@â : SUB     R3,R0,#&0C         ; =12
00537700 : E1510003 : ..Qá : CMP     R1,R3
00537704 : E58D3044 : D0å : STR     R3,[R13,#68]
00537708 : 1A00000D : .... : BNE     &00537744
0053770C : E28D0010 : ..â : ADD     R0,R13,#&10        ; =16
00537710 : EB0A6A3B : ;j.ë : BL      &007D2004
00537714 : E91BAAF0 : ðª.é : LDMDB   R11,{R4-R7,R9,R11,R13,PC}
00537718 : E3A03003 : .0 ã : MOV     R3,#3
0053771C : E58D3014 : .0å : STR     R3,[R13,#20]
00537720 : E2400004 : ..@â : SUB     R0,R0,#4
00537724 : E3E01000 : ..àã : MVN     R1,#0
00537728 : EB0A2CA1 : ¡,.ë : BL      &007C29B4
0053772C : E3500000 : ..Pã : CMP     R0,#0
00537730 : CAFFFFEE : îÿÿÊ : BGT     &005376F0
00537734 : E59D004C : L.å : LDR     R0,[R13,#76]
00537738 : E28D1008 : ..â : ADD     R1,R13,#8
0053773C : EB0A1DC3 : Ã..ë : BL      &007BEE50
00537740 : EAFFFFEA : êÿÿê : B       &005376F0
00537744 : E3A03001 : .0 ã : MOV     R3,#1
00537748 : E58D3014 : .0å : STR     R3,[R13,#20]
0053774C : E2400004 : ..@â : SUB     R0,R0,#4
00537750 : E3E01000 : ..àã : MVN     R1,#0
00537754 : EB0A2C96 : –,.ë : BL      &007C29B4 <-- Subroutine call into the crash routine
 
 
Code leading up to the location of the crash:

007C2988 : 394E5A5F : _ZN9 : STMCCDB R14,{R0-R4,R6,R9,R11,R12,R14}^
007C298C : 6E675F5F : __gn : MCRVS   CP15,3,R5,C7,C15,2  ; ARMv4 Cache Operations
007C2990 : 78635F75 : u_cx : STMVCDA R3!,{R0,R2,R4-R6,R8-R12,R14}^  ; *** ! and ^
007C2994 : 5F383178 : x18_ : SWIPL   &383178
007C2998 : 6378655F : _exc : Undefined instruction
007C299C : 676E6168 : hang : STRVSB  R6,[R14,-R8,ROR #2]!
007C29A0 : 6E615F65 : e_an : CDPVS   CP15,6,C5,C1,C5,3
007C29A4 : 64615F64 : d_ad : STRVSBT R5,[R1],#-3940
007C29A8 : 56504564 : dEPV : LDRPLB  R4,[R0],-R4,ROR #10
007C29AC : 00006969 : ii.. : ANDEQ   R6,R0,R9,ROR #18
007C29B0 : FF000028 : (..ÿ : Undefined instruction
007C29B4 : E5902000 : . å : LDR     R2,[R0,#0]   <--- Calling here
007C29B8 : E5903000 : .0å : LDR     R3,[R0,#0]
007C29BC : E0833001 : .0Ĉ : ADD     R3,R3,R1
007C29C0 : E5803000 : .0ی : STR     R3,[R0,#0]
 
terrain_label::clear() called from terrain_label::~terrain_label
before the crash. I'm including it for completeness, but I'm not
sure if it is relevant.
 
005362CC : 314E5A5F : _ZN1 : Undefined instruction
005362D0 : 72657433 : 3ter : RSBVC   R7,R5,#&33000000
005362D4 : 6E696172 : rain : MCRVS   CP1,3,R6,C9,C2,3
005362D8 : 62616C5F : _lab : RSBVS   R6,R1,#&5F00
005362DC : 63356C65 : el5c : Undefined instruction
005362E0 : 7261656C : lear : RSBVC   R6,R1,#&1B000000
005362E4 : 00007645 : Ev.. : ANDEQ   R7,R0,R5,ASR #12
005362E8 : FF00001C : ...ÿ : Undefined instruction
005362EC : E1A0C00D : .À á : MOV     R12,R13
005362F0 : E92DD810 : .Ø-é : STMDB   R13!,{R4,R11,R12,R14,PC}
005362F4 : E24CB004 : .°Lâ : SUB     R11,R12,#4
005362F8 : E15D000A : ..]á : CMP     R13,R10
005362FC : BB0B1C44 : D..» : BLLT    &007FD414
00536300 : E5903000 : .0å : LDR     R3,[R0,#0]
00536304 : E1A04000 : .@ á : MOV     R4,R0
00536308 : E2530000 : ..Sâ : SUBS    R0,R3,#0
0053630C : 091BA810 : .¨.. : LDMEQDB R11,{R4,R11,R13,PC}
00536310 : EBFF712A : *qÿë : BL      &005127C0
00536314 : E3A03000 : .0 ã : MOV     R3,#0
00536318 : E5843000 : .0„å : STR     R3,[R4,#0]
 
 
This looks like the function name from before the code
that crashes.
 
_ZN9__gnu_cxx18__exchange_and_addEPVii

Does anybody know what the problem could be and how to
fix it?
 
Thanks,
Alan
 
_________________________________________________________________
Windows Live Messenger just got better .Video display pics, contact updates & more.
http://www.download.live.com/messenger



More information about the gcc mailing list