I rebuilt wesnoth again just before christmas
and have only just managed to get time to
analyse the latest crash.
This occurs in the same place as the last one,
but I believe the details are different so John's
modification did do something.
Details of the crash
The version dumped here had been passed through elf2aif.
Fatal signal received: Segmentation fault
Stack backtrace:
Running thread 0x926544
( bbff00) pc: 7eeeec lr: 7ef440 sp: bbff04 __write_backtrace()
( bbffa0) pc: 7eefd4 lr: 7efec0 sp: bbffa4 __unixlib_raise_signal()
( bbffb0) pc: 7efdc4 lr: 537758 sp: bb0200 __h_cback()
Register dump at 00bbffb4:
a1: fffffffc a2: ffffffff a3: bb2410 a4: 1
v1: bb3290 v2: bb0224 v3: 8fca9c v4: 1
v5: 903944 v6: baaf8c sl: bb01a0 fp: bb0280
ip: bb6fa8 sp: bb0200 lr: 537758 pc: 7c29b4
cpsr: 10
007c29a0 : e_an : 6e615f65 : CDPVS CP15,6,C5,C1,C5,3
007c29a4 : d_ad : 64615f64 : STRVSBT R5,[R1],#-3940
007c29a8 : dEPV : 56504564 : LDRPLB R4,[R0],-R4,ROR #10
007c29ac : ii.. : 00006969 : ANDEQ R6,R0,R9,ROR #18
007c29b0 : (..ÿ : ff000028 : Undefined instruction
007c29b4 : . �å : e5902000 : LDR R2,[R0,#0]
007c29b8 : .0�å : e5903000 : LDR R3,[R0,#0]
007c29bc : .0Ĉ : e0833001 : ADD R3,R3,R1
007c29c0 : .0ی : e5803000 : STR R3,[R0,#0]
( bb0280) pc: 53768c lr: 149ef0 sp: bb0284
terrain_label::~terrain_label()()
( baac7c) pc: 140c64 lr: 7fd5f0 sp: baac80 (anonymous
namespace)::event_handler::handle_event_command((anonymous
namespace)::queued_event const&, std::string const&, vconfig, bool&, bool&)()
( baacc0) pc: 17d8f0 lr: 17e248 sp: baacc4 (anonymous
namespace)::event_handler::handle_event((anonymous namespace)::queued_event
const&, vconfig)()
( baaee4) pc: 17da44 lr: 17eaa0 sp: baaee8 process_event((anonymous
namespace)::event_handler&, (anonymous namespace)::queued_event const&)()
( bab098) pc: 17e62c lr: 17f084 sp: bab09c game_events::pump()()
( bab0a8) pc: 17f074 lr: 71118 sp: bab0ac
game_events::fire(std::string const&, game_events::entity_location const&,
game_events::entity_location const&, config const&)()
( ba9540) pc: 66ed4 lr: 7fd5f0 sp: ba9544
attack::attack(game_display&, gamemap const&, std::vector>&, gamemap::location,
gamemap::location, int, int, unit_map&, gamestatus const&, game_data const&,
bool)()
( ba9794) pc: 97c04 lr: 98524 sp: ba979c
ai_interface::attack_enemy(gamemap::location, gamemap::location, int, int)()
( ba97dc) pc: 98498 lr: a0810 sp: ba97e0
ai::attack_enemy(gamemap::location const&, gamemap::location const&, int, int)()
( ba9914) pc: a01a8 lr: a99c0 sp: ba9918 ai::do_combat(std::map,
std::allocator<std::pair>>&, std::multimap, std::allocator<std::pair>> const&,
std::multimap, std::allocator<std::pair>> const&, std::multimap,
std::allocator<std::pair>> const&, std::multimap, std::allocator<std::pair>>
const&)()
( ba9af0) pc: a9414 lr: a9e20 sp: ba9af4 ai::do_move()()
( ba9ccc) pc: a9414 lr: 973fc sp: ba9cd0 ai::do_move()()
( ba9e28) pc: 97240 lr: 335178 sp: ba9e2c ai::play_turn()()
( bbd248) pc: 334ef0 lr: 7fd5f0 sp: bbd24c
playsingle_controller::play_ai_turn()()
( bbd2c0) pc: 335454 lr: 3363b0 sp: bbd2c4
playsingle_controller::play_side(unsigned int, bool)()
( bbd4e0) pc: 33612c lr: 338f68 sp: bbd4e4
playsingle_controller::play_turn(bool)()
( bba574) pc: 338554 lr: 7fd5f0 sp: bba578
playsingle_controller::play_scenario(std::vector> const&, upload_log&, bool)()
( bbaab8) pc: 30d814 lr: 310b18 sp: bbaabc
playsingle_scenario(game_data const&, config const&, config const*, display&,
game_state&, std::vector> const&, upload_log&, bool)()
( bbe4e4) pc: 30f05c lr: 7fd5f0 sp: bbe4e8 play_game(display&,
game_state&, config const&, game_data const&, upload_log&, io_type_t, bool)()
( bbe6e8) pc: 18d18 lr: 278a4 sp: bbe6ec (anonymous
namespace)::game_controller::play_game((anonymous
namespace)::game_controller::RELOAD_GAME_DATA)()
( bbef6c) pc: 25620 lr: 28658 sp: bbef70 play_game(int, char**)()
( bbeff4) pc: 28560 lr: 7fd094 sp: bbeff8 main()
Thread 0x9549d8
( bbfee0) pc: 7e6cc0 lr: 831aac sp: bbcee0 __pthread_yield_return()
( bbceec) pc: 7e6c3c lr: 831aac sp: bbcef0 pthread_yield()
( bbcf40) pc: 831a3c lr: 806b40 sp: bbcf44 __dspwrite()
( bbcf64) pc: 806a60 lr: 67c5b0 sp: bbcf68 write()
( bbcf78) pc: 67c590 lr: 66aba0 sp: bbcf7c ^DSP_PlayAudio()
( bbcfa4) pc: 66aadc lr: 67296c sp: bbcfa8 SDL_RunAudio()
( bbcfc4) pc: 672930 lr: 67d7ac sp: bbcfc8 SDL_RunThread()
( bbcfd4) pc: 67d7a0 lr: 7e4fcc sp: bbcfd8 ^RunThread()
( bbcfe4) pc: 7e4fb4 lr: 0 sp: bbcfe8 ^__pthread_create()
I then looked at the assembly code of the program file in StrongEd.
Code around the crash:
method the calls the routine that crashes - terrain_label::~terrain_label
00537680 : E1A0C00D : .À á : MOV R12,R13
00537684 : E92DDAF0 : ðÚ-é : STMDB R13!,{R4-R7,R9,R11,R12,R14,PC}
00537688 : E24CB004 : .°Lâ : SUB R11,R12,#4
0053768C : E15D000A : ..]á : CMP R13,R10
00537690 : BB0B175F : _..» : BLLT &007FD414
00537694 : E59F31B0 : °1Ÿå : LDR R3,&0053784C
00537698 : E24DD060 : `ÐMâ : SUB R13,R13,#&60 ; ="`"
0053769C : E59F21AC : ¬!Ÿå : LDR R2,&00537850
005376A0 : E58D3028 : (0�å : STR R3,[R13,#40]
005376A4 : E59F31A8 : ¨1Ÿå : LDR R3,&00537854
005376A8 : E58D005C : \.�å : STR R0,[R13,#92]
005376AC : E28D0010 : ..�â : ADD R0,R13,#&10 ; =16
005376B0 : E58D3034 : 40�å : STR R3,[R13,#52]
005376B4 : E58D202C : , �å : STR R2,[R13,#44]
005376B8 : E58DD030 : 0Ð�å : STR R13,[R13,#48]
005376BC : E58DB038 : 8°�å : STR R11,[R13,#56]
005376C0 : EB0A694C : Li.ë : BL &007D1BF8
005376C4 : E3A03005 : .0 ã : MOV R3,#5
005376C8 : E58D3014 : .0�å : STR R3,[R13,#20]
005376CC : E59D005C : \.�å : LDR R0,[R13,#92]
005376D0 : EBFFFB05 : .ûÿë : BL &005362EC <-- terrain_label::clear()
005376D4 : E59D205C : \ �å : LDR R2,[R13,#92]
005376D8 : E5920008 : ..’å : LDR R0,[R2,#8]
005376DC : E59F1174 : t.Ÿå : LDR R1,&00537858
005376E0 : E240300C : ....@â : SUB R3,R0,#&0C ; =12
005376E4 : E1530001 : ..Sá : CMP R3,R1
005376E8 : E58D304C : L0�å : STR R3,[R13,#76]
005376EC : 1A000009 : .... : BNE &00537718
005376F0 : E59D205C : \ �å : LDR R2,[R13,#92]
005376F4 : E5920004 : ..’å : LDR R0,[R2,#4]
005376F8 : E59F1158 : X.Ÿå : LDR R1,&00537858
005376FC : E240300C : ....@â : SUB R3,R0,#&0C ; =12
00537700 : E1510003 : ..Qá : CMP R1,R3
00537704 : E58D3044 : D0�å : STR R3,[R13,#68]
00537708 : 1A00000D : .... : BNE &00537744
0053770C : E28D0010 : ..�â : ADD R0,R13,#&10 ; =16
00537710 : EB0A6A3B : ;j.ë : BL &007D2004
00537714 : E91BAAF0 : ðª.é : LDMDB R11,{R4-R7,R9,R11,R13,PC}
00537718 : E3A03003 : .0 ã : MOV R3,#3
0053771C : E58D3014 : .0�å : STR R3,[R13,#20]
00537720 : E2400004 : ....@â : SUB R0,R0,#4
00537724 : E3E01000 : ..àã : MVN R1,#0
00537728 : EB0A2CA1 : ¡,.ë : BL &007C29B4
0053772C : E3500000 : ..Pã : CMP R0,#0
00537730 : CAFFFFEE : îÿÿÊ : BGT &005376F0
00537734 : E59D004C : L.�å : LDR R0,[R13,#76]
00537738 : E28D1008 : ..�â : ADD R1,R13,#8
0053773C : EB0A1DC3 : Ã..ë : BL &007BEE50
00537740 : EAFFFFEA : êÿÿê : B &005376F0
00537744 : E3A03001 : .0 ã : MOV R3,#1
00537748 : E58D3014 : .0�å : STR R3,[R13,#20]
0053774C : E2400004 : ....@â : SUB R0,R0,#4
00537750 : E3E01000 : ..àã : MVN R1,#0
00537754 : EB0A2C96 : –,.ë : BL &007C29B4 <-- Subroutine call into the
crash routine
Code leading up to the location of the crash:
007C2988 : 394E5A5F : _ZN9 : STMCCDB R14,{R0-R4,R6,R9,R11,R12,R14}^
007C298C : 6E675F5F : __gn : MCRVS CP15,3,R5,C7,C15,2 ; ARMv4 Cache
Operations
007C2990 : 78635F75 : u_cx : STMVCDA R3!,{R0,R2,R4-R6,R8-R12,R14}^ ; *** ! and
^
007C2994 : 5F383178 : x18_ : SWIPL &383178
007C2998 : 6378655F : _exc : Undefined instruction
007C299C : 676E6168 : hang : STRVSB R6,[R14,-R8,ROR #2]!
007C29A0 : 6E615F65 : e_an : CDPVS CP15,6,C5,C1,C5,3
007C29A4 : 64615F64 : d_ad : STRVSBT R5,[R1],#-3940
007C29A8 : 56504564 : dEPV : LDRPLB R4,[R0],-R4,ROR #10
007C29AC : 00006969 : ii.. : ANDEQ R6,R0,R9,ROR #18
007C29B0 : FF000028 : (..ÿ : Undefined instruction
007C29B4 : E5902000 : . �å : LDR R2,[R0,#0] <--- Calling here
007C29B8 : E5903000 : .0�å : LDR R3,[R0,#0]
007C29BC : E0833001 : .0Ĉ : ADD R3,R3,R1
007C29C0 : E5803000 : .0ی : STR R3,[R0,#0]
terrain_label::clear() called from terrain_label::~terrain_label
before the crash. I'm including it for completeness, but I'm not
sure if it is relevant.
005362CC : 314E5A5F : _ZN1 : Undefined instruction
005362D0 : 72657433 : 3ter : RSBVC R7,R5,#&33000000
005362D4 : 6E696172 : rain : MCRVS CP1,3,R6,C9,C2,3
005362D8 : 62616C5F : _lab : RSBVS R6,R1,#&5F00
005362DC : 63356C65 : el5c : Undefined instruction
005362E0 : 7261656C : lear : RSBVC R6,R1,#&1B000000
005362E4 : 00007645 : Ev.. : ANDEQ R7,R0,R5,ASR #12
005362E8 : FF00001C : ...ÿ : Undefined instruction
005362EC : E1A0C00D : .À á : MOV R12,R13
005362F0 : E92DD810 : .Ø-é : STMDB R13!,{R4,R11,R12,R14,PC}
005362F4 : E24CB004 : .°Lâ : SUB R11,R12,#4
005362F8 : E15D000A : ..]á : CMP R13,R10
005362FC : BB0B1C44 : D..» : BLLT &007FD414
00536300 : E5903000 : .0�å : LDR R3,[R0,#0]
00536304 : E1A04000 : .@ á : MOV R4,R0
00536308 : E2530000 : ..Sâ : SUBS R0,R3,#0
0053630C : 091BA810 : .¨.. : LDMEQDB R11,{R4,R11,R13,PC}
00536310 : EBFF712A : *qÿë : BL &005127C0
00536314 : E3A03000 : .0 ã : MOV R3,#0
00536318 : E5843000 : .0„å : STR R3,[R4,#0]
This looks like the function name from before the code
that crashes.
_ZN9__gnu_cxx18__exchange_and_addEPVii
Does anybody know what the problem could be and how to
fix it?
Thanks,
Alan
_________________________________________________________________
Windows Live Messenger just got better .Video display pics, contact updates &
more.
http://www.download.live.com/messenger
_______________________________________________
GCCSDK mailing list [email protected]
Bugzilla: http://www.riscos.info/bugzilla/index.cgi
List Info: http://www.riscos.info/mailman/listinfo/gcc
Main Page: http://www.riscos.info/index.php/GCCSDK
