RISC-V反汇编调试记录分享
本文记录一次使用反汇编进行调试分析。
最近在 rtthread 下适配 MilkV Duo 的硬件定时器驱动时遇到了一些问题,demo 运行时报以下错误:
Unhandled Exception 2:Illegal Instruction
scause:0x0x0000000000000002,stval:0x0x000000000007a787,sepc:0x0x0000000080232a72
--------------Dump Registers-----------------
Function Registers:
ra(x1) = 0x0x0000000080232f88 user_sp = 0x0x000000008029f5d8
gp(x3) = 0x0x0000000080262a68 tp(x4) = 0x0x00000000deadbeef
Temporary Registers:
t0(x5) = 0x0x0000000000000120 t1(x6) = 0x0x00000000deadbeef
t2(x7) = 0x0x000000008029f518
t3(x28) = 0x0x00000000deadbeef t4(x29) = 0x0x00000000deadbeef
t5(x30) = 0x0x00000000deadbeef t6(x31) = 0x0x00000000deadbeef
Saved Registers:
s0/fp(x8) = 0x0x000000008029f618 s1(x9) = 0x0x00000000deadbeef
s2(x18) = 0x0x00000000deadbeef s3(x19) = 0x0x00000000deadbeef
s4(x20) = 0x0x00000000deadbeef s5(x21) = 0x0x00000000deadbeef
s6(x22) = 0x0x00000000deadbeef s7(x23) = 0x0x00000000deadbeef
s8(x24) = 0x0x00000000deadbeef s9(x25) = 0x0x00000000deadbeef
s10(x26) = 0x0x00000000deadbeef s11(x27) = 0x0x00000000deadbeef
Function Arguments Registers:
a0(x10) = 0x0x00000000802604c0 a1(x11) = 0x0x000000008029f6b0
a2(x12) = 0x0x000000008029f6b0 a3(x13) = 0x0x0000000000000008
a4(x14) = 0x0x0000000000000004 a5(x15) = 0x0x0000000080256080
a6(x16) = 0x0x0000000000000065 a7(x17) = 0x0x00000000deadbeef
sstatus = 0x0x0000000200040120
Supervisor Interrupt Disabled
Last Time Supervisor Interrupt Enabled
Last Privilege is Supervisor Mode
Permit to Access User Page
Not Permit to Read Executable-only Page
satp = 0x0x0000000000000000
Current Page Table(Physical) = 0x0x0000000000000000
Current ASID = 0x0x0000000000000000
Mode = No Address Translation/Protection Mode
-----------------Dump OK---------------------
--------------Thread list--------------
current thread: tshell
--------------Backtrace--------------
想要查看 0x80232a72
处的程序指令,确认是否有非法指令。由于身边没有合适的调试器,不方便通过GDB对出错地址的代码进行定位。于是尝试通过反汇编进行分析:
$ objdump -l -S rtthread.elf > out.c
运行提示不支持当前架构,于是安装对应架构的反汇编工具:
$ sudo apt install binutils-riscv64-unknown-elf
安装完成后,即可进行反汇编:
$ riscv64-unknown-elf-objdump -l -S rtthread.elf > out.c
在反汇编得到的 out.c
中即可快速搜索定位到目标程序:
/home/Project/rt-thread/components/drivers/hwtimer/hwtimer.c:43
float tv_sec;
float devi_min = 1;
80232a6e: 00023797 auipc a5,0x23
80232a72: 61a78793 addi a5,a5,1562 # 80256088 <rt_system_timer_thread_init+0x6a6e>
80232a76: 0007a787 flw fa5,0(a5)
80232a7a: fef42027 fsw fa5,-32(s0)
即可继续进行分析调试。