Re: [Valgrind-users] 答复: 转发: [HELP] Is there any bug with the program built by the clang4.0 with thumbv7--linux-android command para.

[John R. <jr...@bi...>]

Using the larger vgtrace.rar (871KB) from a message that was posted just a few minutes
before the smaller version (22.3KB), then the interesting part is near the end
***** line 358098
==== SB 4145 (evchecks 744961) [tid 1] 0x4002995 __dl__ZL24debuggerd_signal_handleriP7siginfoPv+584 /system_O/bin/linker+0x2995

------------------------ Front end ------------------------

         (thumb) 0x4002994:  mov r1, r0

               ------ IMark(0x4002994, 2, 1) ------
               t0 = 0x0:I32
               PUT(392) = t0
               t1 = 0x1:I32
               t2 = GET:I32(8)
               PUT(12) = ITE(CmpNE32(t1,0x0:I32),t2,GET:I32(12))
               PUT(68) = 0x4002997:I32

     [[snip]]

         (thumb) 0x40029A0:  blx 0x4039678 (switch to ARM mode)

               ------ IMark(0x40029A0, 4, 1) ------
               t13 = 0x0:I32
               PUT(392) = t13
               t14 = 0x1:I32
               PUT(392) = t13
               t15 = Shr32(t13,0x8:I8)
               if (CmpNE32(t15,0x0:I32)) { PUT(68) = 0x40029A1:I32; exit-NoDecode }
               PUT(392) = t13
               if (Not1(32to1(t14))) { PUT(68) = 0x40029A5:I32; exit-Boring }
               PUT(64) = 0x40029A5:I32
               PUT(68) = 0x4039678:I32
               PUT(68) = GET:I32(68); exit-Call

GuestBytes 4002995 16  46 40 F2 6B 10 52 46 5B 46 00 95 36 F0 6A EE 00  002ADA34

VexExpansionRatio 16 208   130 :10

--28961-- VALGRIND INTERNAL ERROR: Valgrind received a signal 4 (SIGILL) - exiting
--28961-- si_code=1;  Faulting address: 0x0;  sp: 0x831d9d94
*****

and the earlier translation for the subroutine at 0x4039678:
***** line 61104
==== SB 693 (evchecks 3967) [tid 1] 0x4039678 __dl_syscall /system_O/bin/linker+0x39678

------------------------ Front end ------------------------

	(arm) 0x4039678:  mov r12, r13   // no registers saved at entry

               ------ IMark(0x4039678, 4, 0) ------
               t1 = GET:I32(60)
               t0 = t1
               t2 = t0
               PUT(56) = t2
               PUT(68) = 0x403967C:I32

	(arm) 0x403967C:  stmdb r13!, {0x00F0}

               ------ IMark(0x403967C, 4, 0) ------
               t3 = GET:I32(60)
               t4 = t3
               PUT(60) = Sub32(t3,0x10:I32)
               STle(Sub32(t4,0x4:I32)) = GET:I32(36)
               STle(Sub32(t4,0x8:I32)) = GET:I32(32)
               STle(Sub32(t4,0xC:I32)) = GET:I32(28)
               STle(Sub32(t4,0x10:I32)) = GET:I32(24)
               PUT(68) = 0x4039680:I32

    [[snip]]

         (arm) 0x4039690:  ldmia r12, {0x0078}

               ------ IMark(0x4039690, 4, 0) ------
               t17 = GET:I32(56)
               t18 = t17
               PUT(20) = LDle:I32(Add32(t18,0x0:I32))
               PUT(24) = LDle:I32(Add32(t18,0x4:I32))
               PUT(28) = LDle:I32(Add32(t18,0x8:I32))
               PUT(32) = LDle:I32(Add32(t18,0xC:I32))
               PUT(68) = 0x4039694:I32

         (arm) 0x4039694:  svc #0x00000000

               ------ IMark(0x4039694, 4, 0) ------
               PUT(68) = 0x4039698:I32
               PUT(68) = GET:I32(68); exit-Sys_syscall

         (arm) 0x4039698:  ldmia r13!, {0x00F0}

               ------ IMark(0x4039698, 4, 0) ------
               t0 = GET:I32(60)
               t1 = t0
               PUT(24) = LDle:I32(Add32(t1,0x0:I32))
               PUT(28) = LDle:I32(Add32(t1,0x4:I32))
               PUT(32) = LDle:I32(Add32(t1,0x8:I32))
               PUT(36) = LDle:I32(Add32(t1,0xC:I32))
               PUT(60) = Add32(t0,0x10:I32)
               PUT(68) = 0x403969C:I32

     [[snip]]

         (arm) 0x40396A0:  bx{ls} r14   // conditional return; is taken to (thumb) 0x4008B8E [not shown]

               ------ IMark(0x40396A0, 4, 0) ------
               t5 = armg_calculate_condition[mcx=0x9]{0x5815eb7c}(Or32(GET:I32(72),0x90:I32),GET:I32(76),GET:I32(80),GET:I32(84)):I32
               if (Not1(32to1(t5))) { PUT(68) = 0x40396A4:I32; exit-Boring }
               t6 = GET:I32(64)
               PUT(68) = t6
               PUT(68) = GET:I32(68); exit-Return

     [[snip; note change to (thumb) mode]]

         (thumb) 0x40423E6:  add sp, #16   // THIS LOOKS VERY STRANGE; What is going on with the stack pointer?

               ------ IMark(0x40423E6, 2, 1) ------
               t26 = GET:I32(392)
               t27 = Shr32(t26,0x8:I8)
               PUT(392) = t27
               t28 = armg_calculate_condition[mcx=0x9]{0x5815eb7c}(Or32(GET:I32(72),Xor32(And32(t26,0xF0:I32),0xE0:I32)),GET:I32(76),GET:I32(80),GET:I32(84)):I32
               t29 = ITE(CmpNE32(And32(t26,0xF0:I32),0x0:I32),t28,0x1:I32)
               t30 = Xor32(And32(t26,0x1:I32),0x1:I32)
               t31 = And32(t30,t29)
               PUT(60) = ITE(CmpNE32(t29,0x0:I32),Add32(GET:I32(60),0x10:I32),GET:I32(60))
               PUT(68) = 0x40423E9:I32


         (thumb) 0x40423E8:  ldmia r13!, {0x81F0}  // unconditional return

               ------ IMark(0x40423E8, 4, 1) ------
               t32 = 0x0:I32
               PUT(392) = t32
               t33 = 0x1:I32
               PUT(392) = t32
               t34 = Shr32(t32,0x8:I8)
               if (CmpNE32(t34,0x0:I32)) { PUT(68) = 0x40423E9:I32; exit-NoDecode }
               PUT(392) = t32
               if (Not1(32to1(t33))) { PUT(68) = 0x40423ED:I32; exit-Boring }
               t35 = GET:I32(60)
               t36 = t35
               PUT(24) = LDle:I32(Add32(t36,0x0:I32))
               PUT(28) = LDle:I32(Add32(t36,0x4:I32))
               PUT(32) = LDle:I32(Add32(t36,0x8:I32))
               PUT(36) = LDle:I32(Add32(t36,0xC:I32))
               PUT(40) = LDle:I32(Add32(t36,0x10:I32))
               PUT(68) = LDle:I32(Add32(t36,0x14:I32))
               PUT(60) = Add32(t35,0x18:I32)
               PUT(68) = GET:I32(68)
               PUT(68) = GET:I32(68); exit-Return
*****

I'm very unsure of what is happening.

--