Segfault on Blackberry Passport when using SCUMM engine

Discussion about other and unofficial ports of ScummVM

Moderator: ScummVM Team

Post Reply
ToddWalter
Posts: 3
Joined: Fri Jan 02, 2015 3:26 pm

Segfault on Blackberry Passport when using SCUMM engine

Post by ToddWalter »

I've been noodling around with the NDK and git 1.8.0git-1755-gd8af639. After a fair amount of unexpected learning experiences I have a somewhat-functional binary. In a fine example of irony, I can run an SCI32 game (GK1) flawlessly but any SCUMM game segfaults. GDB output looks odd compared to what I had been seeing up until this point.

Code: Select all

GNU gdb (GDB) 7.5 qnx (rev. 863)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+&#58; GNU GPL version 3 or later <http&#58;//gnu.org/licenses/gpl.html>
This is free software&#58; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=i686-pc-linux-gnu --target=arm-unknown-nto-qnx8.0.0"...
Reading symbols from /home/luke/git/scummvm/scummvm...done.
&#91;New pid 284205303 tid 1&#93;

warning&#58; Shared object "/home/luke/bbndk/target_10_3_0_698/qnx6/armle-v7/lib/libTouchControlOverlay.so.1" could not be validated and will be ignored.

warning&#58; Shared object "/home/luke/bbndk/target_10_3_0_698/qnx6/armle-v7/lib/libc.so.3" could not be validated and will be ignored.

warning&#58; Could not load shared library symbols for 10 libraries, e.g. /apps/com.example.ScummVM.testDev_ple_ScummVMd1373eeb/native/lib/libTouchControlOverlay.so.1.
Use the "info sharedlibrary" command to see the complete listing.
Do you need "set solib-search-path" or "set sysroot"?
Program terminated with signal 11, Segmentation fault.
#0  0x112854e8 in Scumm&#58;&#58;ImuseChannel&#58;&#58;getParameters &#40;this=0xc8, stereo=@0x0&#58; <error reading variable>, 
    is_16bit=@0x28&#58; <error reading variable>, vol=@0xcccccc&#58; <error reading variable>, pan=@0x0&#58; <error reading variable>&#41;
    at ./engines/scumm/smush/channel.h&#58;121
121			pan = _pan;
&#40;gdb&#41; set solib-search-path ../bbscumm/lib
Reading symbols from /home/luke/git/bbscumm/lib/libTouchControlOverlay.so.1...&#40;no debugging symbols found&#41;...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libTouchControlOverlay.so.1
Reading symbols from /home/luke/git/bbscumm/lib/libSDL-1.2.so.11...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libSDL-1.2.so.11
Reading symbols from /home/luke/git/bbscumm/lib/libogg.so.8...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libogg.so.8
Reading symbols from /home/luke/git/bbscumm/lib/libvorbis.so.4...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libvorbis.so.4
Reading symbols from /home/luke/git/bbscumm/lib/libpng16.so.0...&#40;no debugging symbols found&#41;...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libpng16.so.0
warning&#58; Shared object "/home/luke/bbndk/target_10_3_0_698/qnx6/armle-v7/usr/lib/ldqnx.so.2" could not be validated and will be ignored.
Reading symbols from /home/luke/git/bbscumm/lib/libvorbisfile.so.6...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libvorbisfile.so.6
Reading symbols from /home/luke/git/bbscumm/lib/libFLAC.so.8...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libFLAC.so.8
Reading symbols from /home/luke/git/bbscumm/lib/libmad.so.0...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libmad.so.0
Reading symbols from /home/luke/git/bbscumm/lib/libtheoradec.so.2...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libtheoradec.so.2
Reading symbols from /home/luke/git/bbscumm/lib/libmpeg2.so.0...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libmpeg2.so.0
Reading symbols from /home/luke/git/bbscumm/lib/libxml2.so.1...&#40;no debugging symbols found&#41;...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libxml2.so.1
Reading symbols from /home/luke/git/bbscumm/lib/libpng14.so.0...&#40;no debugging symbols found&#41;...done.
Loaded symbols for /home/luke/git/bbscumm/lib/libpng14.so.0
&#40;gdb&#41; bt
#0  0x112854e8 in Scumm&#58;&#58;ImuseChannel&#58;&#58;getParameters &#40;this=0xc8, stereo=@0x0&#58; <error reading variable>, 
    is_16bit=@0x28&#58; <error reading variable>, vol=@0xcccccc&#58; <error reading variable>, pan=@0x0&#58; <error reading variable>&#41;
    at ./engines/scumm/smush/channel.h&#58;121
#1  0x111e3554 in Scumm&#58;&#58;Gdi&#58;&#58;drawBitmap &#40;this=<error reading variable&#58; Cannot access memory at address 0x24>, 
    ptr=<error reading variable&#58; Cannot access memory at address 0x20>, 
    vs=<error reading variable&#58; Cannot access memory at address 0x1c>, 
    x=<error reading variable&#58; Cannot access memory at address 0x18>, 
    y=<error reading variable&#58; Cannot access memory at address 0x14>, 
    width=<error reading variable&#58; Cannot access memory at address 0x10>, 
    height=<error reading variable&#58; Cannot access memory at address 0xc>, 
    stripnr=<error reading variable&#58; Cannot access memory at address 0x8>, 
    numstrip=<error reading variable&#58; Cannot access memory at address 0x4>, 
    flag=<error reading variable&#58; Cannot access memory at address 0x3>&#41; at engines/scumm/gfx.cpp&#58;1839
Backtrace stopped&#58; previous frame inner to this frame &#40;corrupt stack?&#41;
&#40;gdb&#41; disass
Dump of assembler code for function Scumm&#58;&#58;ImuseChannel&#58;&#58;getParameters&#40;bool&, bool&, int&, int&&#41;&#58;
   0x112854ac <+0>&#58;	push	&#123;r7&#125;
   0x112854ae <+2>&#58;	sub	sp, #20
   0x112854b0 <+4>&#58;	add	r7, sp, #0
   0x112854b2 <+6>&#58;	str	r0, &#91;r7, #12&#93;
   0x112854b4 <+8>&#58;	str	r1, &#91;r7, #8&#93;
   0x112854b6 <+10>&#58;	str	r2, &#91;r7, #4&#93;
   0x112854b8 <+12>&#58;	str	r3, &#91;r7, #0&#93;
   0x112854ba <+14>&#58;	ldr	r3, &#91;r7, #12&#93;
   0x112854bc <+16>&#58;	ldr	r3, &#91;r3, #52&#93;	; 0x34
   0x112854be <+18>&#58;	cmp	r3, #2
   0x112854c0 <+20>&#58;	ite	ne
   0x112854c2 <+22>&#58;	movne	r3, #0
   0x112854c4 <+24>&#58;	moveq	r3, #1
   0x112854c6 <+26>&#58;	uxtb	r2, r3
   0x112854c8 <+28>&#58;	ldr	r3, &#91;r7, #8&#93;
   0x112854ca <+30>&#58;	strb	r2, &#91;r3, #0&#93;
   0x112854cc <+32>&#58;	ldr	r3, &#91;r7, #12&#93;
   0x112854ce <+34>&#58;	ldr	r3, &#91;r3, #44&#93;	; 0x2c
   0x112854d0 <+36>&#58;	cmp	r3, #8
   0x112854d2 <+38>&#58;	ite	le
   0x112854d4 <+40>&#58;	movle	r3, #0
   0x112854d6 <+42>&#58;	movgt	r3, #1
   0x112854d8 <+44>&#58;	uxtb	r2, r3
   0x112854da <+46>&#58;	ldr	r3, &#91;r7, #4&#93;
   0x112854dc <+48>&#58;	strb	r2, &#91;r3, #0&#93;
   0x112854de <+50>&#58;	ldr	r3, &#91;r7, #12&#93;
   0x112854e0 <+52>&#58;	ldr	r2, &#91;r3, #32&#93;
   0x112854e2 <+54>&#58;	ldr	r3, &#91;r7, #0&#93;
   0x112854e4 <+56>&#58;	str	r2, &#91;r3, #0&#93;
   0x112854e6 <+58>&#58;	ldr	r3, &#91;r7, #12&#93;
=> 0x112854e8 <+60>&#58;	ldr	r2, &#91;r3, #36&#93;	; 0x24
   0x112854ea <+62>&#58;	ldr	r3, &#91;r7, #24&#93;
   0x112854ec <+64>&#58;	str	r2, &#91;r3, #0&#93;
   0x112854ee <+66>&#58;	mov.w	r3, #1
   0x112854f2 <+70>&#58;	mov	r0, r3
   0x112854f4 <+72>&#58;	add.w	r7, r7, #20
   0x112854f8 <+76>&#58;	mov	sp, r7
   0x112854fa <+78>&#58;	pop	&#123;r7&#125;
   0x112854fc <+80>&#58;	bx	lr
End of assembler dump.
&#40;gdb&#41; 
Does the SMUSH code pick up any ARM assembly somewhere? Alternatively, I had to alter gfxARM.s slightly to get past a SIGILL so it's possible I'm screwing up the stack prior to this call.

Any ideas, notes from previous porting efforts, etc. appreciated.

Cheers,

Todd
digitall
ScummVM Developer
Posts: 1177
Joined: Thu Aug 02, 2012 1:40 pm

Post by digitall »

ToddWalter: It is nice to get someone actually doing some good debugging...

The only assembly files present in the tree (outside of the platform specific backend code in backends/platform are:
https://github.com/scummvm/scummvm/blob ... _arm_asm.s : This is the ARM assembly optimised version of the audio rate conversion code.

and two similar files in the SCUMM engine:
https://github.com/scummvm/scummvm/blob ... m/gfxARM.s
https://github.com/scummvm/scummvm/blob ... proc3ARM.s

You should be able to modify the makefiles to use the normal (but slower) C versions of these modules and see if that removes the segfault / stack frame corruption.

There have been cases before where the ARM assembly have got out of sync with the associated C code, so this might be a similar issue.
ToddWalter
Posts: 3
Joined: Fri Jan 02, 2015 3:26 pm

Post by ToddWalter »

Yeah, I was being greedy trying to get it working with the ASM intact. I just hate giving up on a problem. I'll have to re-read Tonc's guide to ARM assembly again and try and suss out what I did wrong. Do you know if I alter a register that has a constant do I have to alter the offset constant to match the changed position? If so, I know what I screwed up! :oops:
ToddWalter
Posts: 3
Joined: Fri Jan 02, 2015 3:26 pm

Post by ToddWalter »

Well, that works. Sound is a bit stuttery, but I expect that is due to the flash drive's access speed. Unfortunately, calling up the BBOS settings menu crashes the GUI. Oddly enough, the sound from the intro kept going so I had to reboot my BB to stop it. Now I need to figure out how to get the virtual keyboard to appear when summoned. For whatever reason RIM decided to leave off the symbol key and numbers so it's still a necessity.
Post Reply