Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tcf-dev] Faulty address resolving of global variable in tcf_elf.c 
Hi Eugene,
Thanks for the answer.
Does this mean that this situation can't be handled by TCF and requires updating the binary somehow, like specifying
another link flag or using binutils to post-process the elf-file?

Best regards,
Claes

Some more details about the elf:
Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .text             PROGBITS        00000000 0000d4 00e750 01  AX  0   0 16
  [ 2] .text             PROGBITS        0000e750 00e824 000060 01  AX  0   0  4
  [ 3] .initdat          PROGBITS        0000e7b0 00e884 0006f4 01   A  0   0  4
  [ 4] .tls              NOBITS          0000eea4 00ef78 000000 01  WA  0   0  4
  [ 5] .rodata           PROGBITS        0000eea4 00ef78 000014 01   A  0   0  4
  [ 6] .bssnz            NOBITS          ff06c000 00ef8c 000850 01  WA  0   0  4   <----- this is the false positive that goes to pheader 1
  [ 7] .bssnz            NOBITS          ff170000 00ef8c 000040 01  WA  0   0  4   <----- this is the actual section with the variable we look for (goes to pheader 2)

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  LOAD           0x0000d4 0x00000000 0x00000000 0x0eeb8 0x0eeb8 R E 0x1000
  LOAD           0x00ef8c 0xff06c000 0xff06c000 0x00000 0x00850 RW  0x1000    <---- mistakenly used program header
  LOAD           0x00ef8c 0xff170000 0xff170000 0x00000 0x008c0 RW  0x1000   <----- correct program header
  LOAD           0x00ef8c 0xff171000 0xff171000 0x00000 0x00454 RW  0x1000
  LOAD           0x00ef8c 0xff173f80 0xff173f80 0x00000 0x00004 RW  0x1000

Section to Segment mapping:
  Segment Sections...
   00     .text .text .initdat .tls .rodata
   01     .bssnz
   02     .bssnz .data .bss .heap    <------ in this (second) .bssnz is the variable
   03     .data
   04     .data

-----Original Message-----
From: tcf-dev-bounces@xxxxxxxxxxx [mailto:tcf-dev-bounces@xxxxxxxxxxx] On Behalf Of Eugene Tarassov
Sent: Friday, March 18, 2016 8:13 PM
To: TCF Development <tcf-dev@xxxxxxxxxxx>
Subject: Re: [tcf-dev] Faulty address resolving of global variable in tcf_elf.c

Hi Claes,

Your memory map regions overlap because of BSS section. This causes ambiguity in the address calculation. To resolve it, you need to set either file_size or bss=1 in one of the regions.

Regards,
Eugene

-----Original Message-----
From: tcf-dev-bounces@xxxxxxxxxxx [mailto:tcf-dev-bounces@xxxxxxxxxxx] On Behalf Of Lillieskold, Claes
Sent: Friday, March 18, 2016 1:24 AM
To: TCF Development
Subject: [tcf-dev] Faulty address resolving of global variable in tcf_elf.c

Hi,
I have a problem resolving the address of a global variable that resides in a Data (nm type 'D') section.
When debugging TCF (starting with get_location_info()), I get down to the function elf_run_time_address_in_region(), which is iterates through the ELF program headers and attempts to find the right location for the variable using the each MemoryRegion that is passed from elf_map_to_run_time_address().

The correct address for my variable should be 0xff170200 (from ELF information, nm, and DWARF information, objdump -W), but I get 0xff06c200.

If I understand the code in elf_run_time_address_in_region() correctly, the conditions on line 1637 - 1640 in tcf_elf.c should be enough to find the right combination of MemoryRegion and ELF program header which matches the address, but it seems that I get a false hit.

Setting a breakpoint on tcf_elf.c:1641 and printing some variables after 'rt' has been set, I get this 'rt' in elf_run_time_address_in_region() which uses the region starting at 0xff06c000.

Address addr:
    addr = 0x00000000ff170200
ELF_PHeader p:
    address  = 0x00000000ff170000
    mem_size = 0x00000000000008c0
    offset   = 0x000000000000ef8c
MemoryRegion r:
    addr      = 0x000000000000ef8c
   size      = 0x00000000ff06c000
    file_offs = 0x0000000000000850
Address rt:
    rt = 0x00000000ff06c200

I'm not sure *if* and *which* check is missing, but just for experimentation, I added a check of the MemoryRegion in elf_map_to_run_time_address() before calling elf_run_time_address_in_region:

+        if (addr < r->addr || addr > r->addr + r->size) {
+            continue;
+        }
         rt = elf_run_time_address_in_region(ctx, r, file, sec, addr);

Unlikely that this is correct, but with this fix, I get the correct address  for my symbol using the MemoryRegion starting at address 0xff170000:

Address addr:
    addr = 0x00000000ff170200
ELF_PHeader p:
    address  = 0x00000000ff170000
    mem_size = 0x00000000000008c0 <- equal to r->file_offs
    offset   = 0x000000000000ef8c
MemoryRegion r:
    addr      = 0x000000000000ef8c
    size      = 0x00000000ff170000
    file_offs = 0x00000000000008c0
Address rt:
  rt = 0x00000000ff170200

Perhaps the ELF program header should be range-checked against MemoryMap somehow before (line 1639) calculating the address on line ?

Best regards,
Claes

PS: Code is from SHA a39644fbcd864ca93ba2033f7ac36e1f742db22d

tcf_elf.c:
1637 if (!is_p_header_region(file, p, r)) continue;
1638 if (addr < p->address || addr >= p->address + p->mem_size) continue;
1639 rt = (ContextAddress)(addr - p->address + p->offset - r->file_offs + r->addr);
1640 if (rt < r->addr || rt >= r->addr + r->size) continue;
1641 return rt;
----------------------------------------------------------------------
Intel Sweden AB
Registered Office: Isafjordsgatan 30B, 164 40 Kista, Stockholm, Sweden Registration Number: 556189-6027

This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.

_______________________________________________
tcf-dev mailing list
tcf-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/tcf-dev


This email and any attachments are intended for the sole use of the named recipient(s) and contain(s) confidential information that may be proprietary, privileged or copyrighted under applicable law. If you are not the intended recipient, do not read, copy, or forward this email message or any attachments. Delete this email message and any attachments immediately.

_______________________________________________
tcf-dev mailing list
tcf-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/tcf-dev
----------------------------------------------------------------------
Intel Sweden AB
Registered Office: Isafjordsgatan 30B, 164 40 Kista, Stockholm, Sweden
Registration Number: 556189-6027

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

Back to the top