RISC-V反汇编调试记录分享

RISC-V反汇编调试记录分享

本文记录一次使用反汇编进行调试分析。

最近在 rtthread 下适配 MilkV Duo 的硬件定时器驱动时遇到了一些问题，demo 运行时报以下错误：

Unhandled Exception 2:Illegal Instruction
scause:0x0x0000000000000002,stval:0x0x000000000007a787,sepc:0x0x0000000080232a72  
--------------Dump Registers-----------------                                      
Function Registers:                                                               ra(x1) = 0x0x0000000080232f88   user_sp = 0x0x000000008029f5d8                gp(x3) = 0x0x0000000080262a68   tp(x4) = 0x0x00000000deadbeef             
Temporary Registers:                                                              t0(x5) = 0x0x0000000000000120   t1(x6) = 0x0x00000000deadbeef     t2(x7) = 0x0x000000008029f518                                         t3(x28) = 0x0x00000000deadbeef  t4(x29) = 0x0x00000000deadbeef         t5(x30) = 0x0x00000000deadbeef  t6(x31) = 0x0x00000000deadbeef         
Saved Registers:                                                                 s0/fp(x8) = 0x0x000000008029f618        s1(x9) = 0x0x00000000deadbeef    s2(x18) = 0x0x00000000deadbeef  s3(x19) = 0x0x00000000deadbeefs4(x20) = 0x0x00000000deadbeef  s5(x21) = 0x0x00000000deadbeefs6(x22) = 0x0x00000000deadbeef  s7(x23) = 0x0x00000000deadbeefs8(x24) = 0x0x00000000deadbeef  s9(x25) = 0x0x00000000deadbeefs10(x26) = 0x0x00000000deadbeef s11(x27) = 0x0x00000000deadbeef
Function Arguments Registers:                 a0(x10) = 0x0x00000000802604c0  a1(x11) = 0x0x000000008029f6b0a2(x12) = 0x0x000000008029f6b0  a3(x13) = 0x0x0000000000000008   a4(x14) = 0x0x0000000000000004  a5(x15) = 0x0x0000000080256080 a6(x16) = 0x0x0000000000000065  a7(x17) = 0x0x00000000deadbeef
sstatus = 0x0x0000000200040120               Supervisor Interrupt Disabled     Last Time Supervisor Interrupt EnabledLast Privilege is Supervisor ModePermit to Access User PageNot Permit to Read Executable-only Page
satp = 0x0x0000000000000000Current Page Table(Physical) = 0x0x0000000000000000Current ASID = 0x0x0000000000000000Mode = No Address Translation/Protection Mode
-----------------Dump OK---------------------
--------------Thread list--------------
current thread: tshell
--------------Backtrace--------------

想要查看 0x80232a72 处的程序指令，确认是否有非法指令。由于身边没有合适的调试器，不方便通过GDB对出错地址的代码进行定位。于是尝试通过反汇编进行分析：

$ objdump -l -S rtthread.elf > out.c

运行提示不支持当前架构，于是安装对应架构的反汇编工具：

$ sudo apt install binutils-riscv64-unknown-elf

安装完成后，即可进行反汇编：

$ riscv64-unknown-elf-objdump -l -S rtthread.elf > out.c

在反汇编得到的 out.c 中即可快速搜索定位到目标程序：

/home/Project/rt-thread/components/drivers/hwtimer/hwtimer.c:43float tv_sec;float devi_min = 1;80232a6e:	00023797          	auipc	a5,0x2380232a72:	61a78793          	addi	a5,a5,1562 # 80256088 <rt_system_timer_thread_init+0x6a6e>80232a76:	0007a787          	flw	fa5,0(a5)80232a7a:	fef42027          	fsw	fa5,-32(s0)

即可继续进行分析调试。