Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Building on Android #28

Closed
Manouchehri opened this issue Dec 19, 2018 · 15 comments
Closed

Building on Android #28

Manouchehri opened this issue Dec 19, 2018 · 15 comments

Comments

@Manouchehri
Copy link
Contributor

I know Android is not officially supported (#17), but figured I'd document my progress in an open ticket until I finish it.

Using Termux (and clang, see #27):

apt install libelf-dev git ruby make clang-6.0
$ make
MAMBO: detected architecture "arm"
PIE: detected architecture "arm"
make --no-print-directory ARCH=arm pie
ruby generate_decoder.rb arm > pie-arm-decoder.c
ruby generate_decoder.rb arm header > pie-arm-decoder.h
cc -c -Os -Wall -g -std=c99  pie-arm-decoder.c -o pie-arm-decoder.o
ruby generate_encoder.rb arm > pie-arm-encoder.c
ruby generate_encoder.rb arm header > pie-arm-encoder.h
cc -c -Os -Wall -g -std=c99  pie-arm-encoder.c -o pie-arm-encoder.o
ruby generate_field-decoder.rb arm > pie-arm-field-decoder.c
ruby generate_field-decoder.rb arm header > pie-arm-field-decoder.h
cc -c -Os -Wall -g -std=c99  pie-arm-field-decoder.c -o pie-arm-field-decoder.o
make --no-print-directory ARCH=thumb pie
ruby generate_decoder.rb thumb > pie-thumb-decoder.c
ruby generate_decoder.rb thumb header > pie-thumb-decoder.h
cc -c -Os -Wall -g -std=c99  pie-thumb-decoder.c -o pie-thumb-decoder.o
ruby generate_encoder.rb thumb > pie-thumb-encoder.c
ruby generate_encoder.rb thumb header > pie-thumb-encoder.h
cc -c -Os -Wall -g -std=c99  pie-thumb-encoder.c -o pie-thumb-encoder.o
ruby generate_field-decoder.rb thumb > pie-thumb-field-decoder.c
ruby generate_field-decoder.rb thumb header > pie-thumb-field-decoder.h
cc -c -Os -Wall -g -std=c99  pie-thumb-field-decoder.c -o pie-thumb-field-decoder.o
ruby api/generate_emit_wrapper.rb pie/pie-arm-encoder.c header > api/emit_arm.h
ruby api/generate_emit_wrapper.rb pie/pie-thumb-encoder.c header > api/emit_thumb.h
cc -D_GNU_SOURCE -g -std=gnu99 -O2 -fno-integrated-as -mfpu=neon -DPLUGINS_NEW -c -o elf_loader/elf_loader.o elf_loader/elf_loader.c
In file included from elf_loader/elf_loader.c:32:
elf_loader/../api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
elf_loader/elf_loader.c:269:1: warning: control may reach end of non-void function [-Wreturn-type]
}
^
2 warnings generated.
ruby api/generate_emit_wrapper.rb pie/pie-arm-encoder.c > api/emit_arm.c
ruby api/generate_emit_wrapper.rb pie/pie-thumb-encoder.c > api/emit_thumb.c
cc -D_GNU_SOURCE -g -std=gnu99 -O2 -fno-integrated-as -mfpu=neon -DPLUGINS_NEW -static -ldl -Wl,-Ttext-segment=0xa8000000 -fno-integrated-as -DDBM_LINK_UNCOND_IMM -DDBM_INLINE_UNCOND_IMM -DDBM_LINK_COND_IMM -DDBM_LINK_CBZ -DDBM_LINK_TBZ -DDBM_TB_DIRECT  -DLINK_BX_ALT -DDBM_INLINE_HASH -DDBM_TRACES  -I/usr/include/libelf -o dbm dispatcher.S common.c dbm.c traces.c syscalls.c dispatcher.c signals.c util.S api/helpers.c api/plugin_support.c api/branch_decoder_support.c api/load_store.c elf_loader/elf_loader.o scanner_thumb.c scanner_arm.c api/emit_arm.c api/emit_thumb.c plugins/branch_count.c pie/pie-arm-encoder.o pie/pie-arm-decoder.o pie/pie-arm-field-decoder.o pie/pie-thumb-encoder.o pie/pie-thumb-decoder.o pie/pie-thumb-field-decoder.o -lelf -lpthread
/data/data/com.termux/files/usr/tmp/dispatcher-59fa24.s: Assembler messages:
/data/data/com.termux/files/usr/tmp/dispatcher-59fa24.s: Warning: end of file in comment; newline inserted
In file included from common.c:30:
./api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
1 warning generated.
In file included from dbm.c:35:
./api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
dbm.c:624:1: warning: return type of 'main' is not 'int' [-Wmain-return-type]
void main(int argc, char **argv, char **envp) {
^
dbm.c:624:1: note: change return type to 'int'
void main(int argc, char **argv, char **envp) {
^~~~
int
2 warnings generated.
In file included from traces.c:28:
./api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
traces.c:321:12: warning: 21 enumeration values not handled in switch: 'unknown', 'stub', 'uncond_b_to_bl_thumb'... [-Wswitch]
    switch(thread_data->code_cache_meta[trace_id].exit_branch_type) {
           ^
traces.c:543:10: warning: 19 enumeration values not handled in switch: 'unknown', 'stub', 'uncond_b_to_bl_thumb'... [-Wswitch]
  switch(thread_data->code_cache_meta[fragment_id].exit_branch_type) {
         ^
3 warnings generated.
In file included from syscalls.c:32:
./api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
syscalls.c:113:3: warning: implicit declaration of function 'pthread_attr_setinheritsched' is invalid in C99 [-Wimplicit-function-declaration]
  pthread_attr_setinheritsched(&attr, PTHREAD_INHERIT_SCHED);
  ^
2 warnings generated.
/data/data/com.termux/files/usr/tmp/syscalls-53fc5f.s: Assembler messages:
/data/data/com.termux/files/usr/tmp/syscalls-53fc5f.s:170: Error: selected processor does not support `dmb SY' in ARM mode
/data/data/com.termux/files/usr/tmp/syscalls-53fc5f.s:1789: Error: selected processor does not support `dmb SY' in ARM mode
In file included from dispatcher.c:25:
./api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
dispatcher.c:142:11: warning: 17 enumeration values not handled in switch: 'unknown', 'stub', 'trace_inline_max'... [-Wswitch]
  switch (source_branch_type) {
          ^
2 warnings generated.
In file included from signals.c:27:
./api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
1 warning generated.
/data/data/com.termux/files/usr/tmp/util-8c1fb3.s: Assembler messages:
/data/data/com.termux/files/usr/tmp/util-8c1fb3.s: Warning: end of file in comment; newline inserted
In file included from api/helpers.c:25:
In file included from api/../plugins.h:20:
api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
api/helpers.c:135:35: warning: implicit conversion from enumeration type 'enum reg_alt' to different enumeration type 'enum reg' [-Wenum-conversion]
  emit_arm_copy_to_reg_32bit(ctx, lr, (uint32_t)function_ptr);
  ~~~~~~~~~~~~~~~~~~~~~~~~~~      ^~
api/helpers.c:140:37: warning: implicit conversion from enumeration type 'enum reg_alt' to different enumeration type 'enum reg' [-Wenum-conversion]
  emit_thumb_copy_to_reg_32bit(ctx, lr, (uint32_t)function_ptr);
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~      ^~
api/helpers.c:339:21: warning: implicit conversion from enumeration type 'enum reg_alt' to different enumeration type 'enum reg' [-Wenum-conversion]
  emit_set_reg(ctx, lr, (uintptr_t)function_ptr);
  ~~~~~~~~~~~~      ^~
api/helpers.c:619:10: warning: enumeration value 'A64_INST' not handled in switch [-Wswitch]
  switch(mambo_get_inst_type(ctx)) {
         ^
5 warnings generated.
In file included from api/plugin_support.c:26:
api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
1 warning generated.
In file included from api/branch_decoder_support.c:23:
api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
1 warning generated.
In file included from api/load_store.c:26:
In file included from api/../plugins.h:20:
api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
api/load_store.c:609:49: warning: passing 'int *' to parameter of type 'uint32_t *' (aka 'unsigned int *') converts between pointers to integer types with different sign
      [-Wpointer-sign]
      _decode_arm(i == IMM_LDR, p, u, operand2, &rm, &imm);
                                                ^~~
api/load_store.c:574:79: note: passing argument to parameter 'rm' here
void _decode_arm(bool is_imm, uint32_t p, uint32_t u, uint32_t op2, uint32_t *rm, int *imm) {
                                                                              ^
api/load_store.c:627:53: warning: passing 'int *' to parameter of type 'uint32_t *' (aka 'unsigned int *') converts between pointers to integer types with different sign
      [-Wpointer-sign]
      _decode_arm(i, p, u, (imm4h << 4) | rm_imm4l, &rm, &imm);
                                                    ^~~
api/load_store.c:574:79: note: passing argument to parameter 'rm' here
void _decode_arm(bool is_imm, uint32_t p, uint32_t u, uint32_t op2, uint32_t *rm, int *imm) {
                                                                              ^
3 warnings generated.
In file included from scanner_thumb.c:30:
./api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
scanner_thumb.c:150:19: warning: '&' within '|' [-Wbitwise-op-parentheses]
      mask = mask & 0x8 | 0x4;
             ~~~~~^~~~~ ~
scanner_thumb.c:150:19: note: place parentheses around the '&' expression to silence this warning
      mask = mask & 0x8 | 0x4;
                  ^
             (         )
scanner_thumb.c:153:19: warning: '&' within '|' [-Wbitwise-op-parentheses]
      mask = mask & 0xc | 0x2;
             ~~~~~^~~~~ ~
scanner_thumb.c:153:19: note: place parentheses around the '&' expression to silence this warning
      mask = mask & 0xc | 0x2;
                  ^
             (         )
scanner_thumb.c:156:19: warning: '&' within '|' [-Wbitwise-op-parentheses]
      mask = mask & 0xe | 0x1;
             ~~~~~^~~~~ ~
scanner_thumb.c:156:19: note: place parentheses around the '&' expression to silence this warning
      mask = mask & 0xe | 0x1;
                  ^
             (         )
scanner_thumb.c:568:33: warning: passing 'uint16_t *' (aka 'unsigned short *') to parameter of type 'int16_t *' (aka 'short *') converts between pointers to integer types with
      different sign [-Wpointer-sign]
  set_cc_imm_links(thread_data, *o_write_p, basic_block, address_taken, address_skipped, taken_in_cache, skipped_in_cache);
                                ^~~~~~~~~~
scanner_thumb.c:463:35: note: passing argument to parameter 'write_p' here
                         int16_t *write_p,
                                  ^
scanner_thumb.c:647:33: warning: passing 'uint16_t *' (aka 'unsigned short *') to parameter of type 'int16_t *' (aka 'short *') converts between pointers to integer types with
      different sign [-Wpointer-sign]
  set_cc_imm_links(thread_data, *o_write_p, basic_block, address_taken, address_skipped, taken_in_cache, skipped_in_cache);
                                ^~~~~~~~~~
scanner_thumb.c:463:35: note: passing argument to parameter 'write_p' here
                         int16_t *write_p,
                                  ^
scanner_thumb.c:767:12: warning: 494 enumeration values not handled in switch: 'THUMB_ADC16', 'THUMB_ADD16', 'THUMB_ADD_FROM_PC16'... [-Wswitch]
    switch(inst) {
           ^
scanner_thumb.c:1289:18: warning: 515 enumeration values not handled in switch: 'THUMB_ADC16', 'THUMB_ADD16', 'THUMB_ADD_FROM_PC16'... [-Wswitch]
          switch(inst) {
                 ^
scanner_thumb.c:1412:39: warning: implicit conversion from enumeration type 'enum reg_alt' to different enumeration type 'enum reg' [-Wenum-conversion]
          copy_to_reg_32bit(&write_p, lr, ((uint32_t)read_address) + 2 + 1);
          ~~~~~~~~~~~~~~~~~           ^~
scanner_thumb.c:2403:39: warning: implicit conversion from enumeration type 'enum reg_alt' to different enumeration type 'enum reg' [-Wenum-conversion]
          copy_to_reg_32bit(&write_p, lr, ((uint32_t)read_address) + 4 + 1);
          ~~~~~~~~~~~~~~~~~           ^~
scanner_thumb.c:2564:16: warning: 516 enumeration values not handled in switch: 'THUMB_ADC16', 'THUMB_ADD16', 'THUMB_ADD_FROM_PC16'... [-Wswitch]
        switch(inst) {
               ^
11 warnings generated.
In file included from scanner_arm.c:30:
./api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
scanner_arm.c:318:12: warning: 370 enumeration values not handled in switch: 'ARM_AND', 'ARM_BFC', 'ARM_BFI'... [-Wswitch]
    switch(inst) {
           ^
scanner_arm.c:680:43: warning: implicit conversion from enumeration type 'enum reg_alt' to different enumeration type 'enum reg' [-Wenum-conversion]
          arm_copy_to_reg_32bit(&write_p, lr, (uint32_t)read_address + 4);
          ~~~~~~~~~~~~~~~~~~~~~           ^~
scanner_arm.c:733:43: warning: implicit conversion from enumeration type 'enum reg_alt' to different enumeration type 'enum reg' [-Wenum-conversion]
          arm_copy_to_reg_32bit(&write_p, lr, (uint32_t)read_address + 4);
          ~~~~~~~~~~~~~~~~~~~~~           ^~
scanner_arm.c:773:41: warning: implicit conversion from enumeration type 'enum reg_alt' to different enumeration type 'enum reg' [-Wenum-conversion]
        arm_copy_to_reg_32bit(&write_p, lr, (uint32_t)read_address + 4);
        ~~~~~~~~~~~~~~~~~~~~~           ^~
scanner_arm.c:859:17: warning: 383 enumeration values not handled in switch: 'ARM_ADC', 'ARM_ADD', 'ARM_AND'... [-Wswitch]
        switch (inst) {
                ^
scanner_arm.c:959:19: warning: 383 enumeration values not handled in switch: 'ARM_ADC', 'ARM_ADD', 'ARM_AND'... [-Wswitch]
          switch (inst) {
                  ^
scanner_arm.c:1061:17: warning: 383 enumeration values not handled in switch: 'ARM_ADC', 'ARM_ADD', 'ARM_AND'... [-Wswitch]
        switch (inst) {
                ^
scanner_arm.c:1073:51: warning: & has lower precedence than ==; == will be evaluated first [-Wparentheses]
          assert(condition_code == AL && rn == sp & prepostindex && !updown && writeback); // PUSH {PC}
                                         ~~~~~~~~~^
/data/data/com.termux/files/usr/include/assert.h:51:23: note: expanded from macro 'assert'
#  define assert(e) ((e) ? __assert_no_op : __assert2(__FILE__, __LINE__, __PRETTY_FUNCTION__, #e))
                      ^
scanner_arm.c:1073:51: note: place parentheses around the '==' expression to silence this warning
          assert(condition_code == AL && rn == sp & prepostindex && !updown && writeback); // PUSH {PC}
                                         ~~~~~~~~ ^
/data/data/com.termux/files/usr/include/assert.h:51:23: note: expanded from macro 'assert'
#  define assert(e) ((e) ? __assert_no_op : __assert2(__FILE__, __LINE__, __PRETTY_FUNCTION__, #e))
                      ^
scanner_arm.c:1073:51: note: place parentheses around the & expression to evaluate it first
          assert(condition_code == AL && rn == sp & prepostindex && !updown && writeback); // PUSH {PC}
                                               ~~~^~~~~~~~~~~~~~
/data/data/com.termux/files/usr/include/assert.h:51:23: note: expanded from macro 'assert'
#  define assert(e) ((e) ? __assert_no_op : __assert2(__FILE__, __LINE__, __PRETTY_FUNCTION__, #e))
                      ^
scanner_arm.c:1076:40: warning: implicit conversion from enumeration type 'enum reg_alt' to different enumeration type 'enum reg' [-Wenum-conversion]
          arm_add_sub_32_bit(&write_p, sp, sp, -8);
          ~~~~~~~~~~~~~~~~~~           ^~
scanner_arm.c:1076:44: warning: implicit conversion from enumeration type 'enum reg_alt' to different enumeration type 'enum reg' [-Wenum-conversion]
          arm_add_sub_32_bit(&write_p, sp, sp, -8);
          ~~~~~~~~~~~~~~~~~~               ^~
scanner_arm.c:1102:19: warning: 383 enumeration values not handled in switch: 'ARM_ADC', 'ARM_ADD', 'ARM_AND'... [-Wswitch]
          switch (inst) {
                  ^
12 warnings generated.
In file included from api/emit_arm.c:2:
api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
1 warning generated.
In file included from api/emit_thumb.c:2:
api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
1 warning generated.
In file included from plugins/branch_count.c:27:
In file included from plugins/../plugins.h:20:
plugins/../api/../dbm.h:363:9: warning: 'PAGE_SIZE' macro redefined [-Wmacro-redefined]
#define PAGE_SIZE (page_size)
        ^
/data/data/com.termux/files/usr/include/sys/user.h:38:9: note: previous definition is here
#define PAGE_SIZE 4096
        ^
plugins/branch_count.c:45:1: warning: control may reach end of non-void function [-Wreturn-type]
}
^
plugins/branch_count.c:65:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
plugins/branch_count.c:70:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
plugins/branch_count.c:88:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
5 warnings generated.
clang-7: error: assembler command failed with exit code 1 (use -v to see invocation)
make[1]: *** [makefile:65: dbm] Error 1
make: *** [makefile:56: all] Error 2
@Manouchehri
Copy link
Contributor Author

I see @HuErr appears to have a working Android based off of #15. Would you mind sharing mambondk? =)

@Manouchehri
Copy link
Contributor Author

Manouchehri commented Dec 26, 2018
edited

Was able to get a bit further with Termux by setting CFLAGS+=-mcpu=krait in the makefile.

@whcjb
Copy link

whcjb commented Jul 27, 2019

hi @Manouchehri ,have you solved to work the project on android?

@amimo
Copy link

amimo commented Nov 7, 2019

I am trying to build mambo with android ndk, able to compile now.android-ndk-build

@umarcor
Copy link
Contributor

umarcor commented Nov 12, 2019

@amimo, it seems that you merged multiple non-related modifications in a single commit. Is there any other branch/repo where we can find the modifications in a series of atomic commits?

@amimo
Copy link

amimo commented Nov 13, 2019

@umarcor I split this single commit into smaller ones. You can see all the change I made here android-ndk-build.

@Manouchehri
Copy link
Contributor Author

I’m not sure why I forgot to share this, but I sponsored @liamwhite to poke around with building Mambo for Android. https://gist.github.com/Manouchehri/7263b3231a755d8f34cf719006b2c393

@liamwhite
Copy link

Note that the mixtape link in this gist is dead. The package in question is, however, part of the gist. (You will need to clone it or download it directly.)

@amimo
Copy link

amimo commented Nov 14, 2019

@Manouchehri @liamwhite really nice patches, can I port them to my ndk-build?
I also have a question about the disp_thread_data variable, it looks like a tls variable, is it still so after putting it in the data section?

@Manouchehri
Copy link
Contributor Author

Sure, feel free to use the patches.

@lgeek
Copy link
Member

lgeek commented Nov 14, 2019
edited

@Manouchehri @liamwhite I only had a quick look at the patches, but I've noticed fix-sigaction.patch is going to break signal handling. The POSIX / libc struct sigaction is different from the kernel's, which is why MAMBO has a kernel_sigaction.h.

@umarcor
Copy link
Contributor

umarcor commented Feb 19, 2020

I tried building https://gist.github.com/Manouchehri/7263b3231a755d8f34cf719006b2c393 on Termux v0.92 (Android v8.1.0). The build is successful, executing without args is correct, but trying to use it produces a segmentation fault:

$ ./dbm "$(which ls)"
Segmentation fault
$ cd test
$ ../dbm mmap_munmap
Segmentation fault
$ ../dbm mprotect_exec
Segmentation fault
$ ../dbm self_modifying
Segmentation fault

I tried three different commits: https://github.com/umarcor/mambo/commits/termux

All of them produce the same result: successful build but segfult.

Note that building other tests (hw_div, load_store and/or sirgnals) fails because of unknown directive .func.

These are the binaries that correspond to the last commit: termux-bins.zip

@WanghongLin
Copy link

Any further information since the latest comment created?

Recently I try to run mambo on Android, successfully built with latest master of this repository. I got SIGSEGV when run on real device.

Below this the debug output of adb shell console.

$ ./mambo /system/bin/toybox ls -al
INTERP field found

p_type: 0x6
p_offset: 0x40
p_vaddr: 0x40
p_paddr: 0x40
p_filesz: 0x230
p_memsz: 0x230
p_flags: 0x4
p_align: 0x8
Unhandled program header table entry type

p_type: 0x1
p_offset: 0x0
p_vaddr: 0x0
p_paddr: 0x0
p_filesz: 0x301b4
p_memsz: 0x301b4
p_flags: 0x4
p_align: 0x1000

p_type: 0x1
p_offset: 0x31000
p_vaddr: 0x31000
p_paddr: 0x31000
p_filesz: 0xb37d0
p_memsz: 0xb37d0
p_flags: 0x5
p_align: 0x1000
imap added: 76361be000 7636272000
imap 0x5859a7b0a8:
76361be000 - 7636272000

p_type: 0x1
p_offset: 0xe5000
p_vaddr: 0xe5000
p_paddr: 0xe5000
p_filesz: 0x6478
p_memsz: 0x6478
p_flags: 0x6
p_align: 0x1000

p_type: 0x1
p_offset: 0xeb480
p_vaddr: 0xec480
p_paddr: 0xec480
p_filesz: 0xcf8
p_memsz: 0xc938
p_flags: 0x6
p_align: 0x1000

p_type: 0x2
p_offset: 0xeac78
p_vaddr: 0xeac78
p_paddr: 0xeac78
p_filesz: 0x120
p_memsz: 0x120
p_flags: 0x6
p_align: 0x8
Unhandled program header table entry type

p_type: 0x6474e552
p_offset: 0xe5000
p_vaddr: 0xe5000
p_paddr: 0xe5000
p_filesz: 0x6478
p_memsz: 0x7000
p_flags: 0x4
p_align: 0x1
Unhandled program header table entry type

p_type: 0x6474e550
p_offset: 0x16ee0
p_vaddr: 0x16ee0
p_paddr: 0x16ee0
p_filesz: 0x4b8c
p_memsz: 0x4b8c
p_flags: 0x4
p_align: 0x4
Unhandled program header table entry type

p_type: 0x6474e551
p_offset: 0x0
p_vaddr: 0x0
p_paddr: 0x0
p_filesz: 0x0
p_memsz: 0x0
p_flags: 0x6
p_align: 0x0
Unhandled program header table entry type

p_type: 0x4
p_offset: 0x270
p_vaddr: 0x270
p_paddr: 0x270
p_filesz: 0x20
p_memsz: 0x20
p_flags: 0x4
p_align: 0x4
Unhandled program header table entry type

p_type: 0x6
p_offset: 0x40
p_vaddr: 0x40
p_paddr: 0x40
p_filesz: 0x2a0
p_memsz: 0x2a0
p_flags: 0x4
p_align: 0x8
Unhandled program header table entry type

p_type: 0x3
p_offset: 0x2e0
p_vaddr: 0x2e0
p_paddr: 0x2e0
p_filesz: 0x15
p_memsz: 0x15
p_flags: 0x4
p_align: 0x1
Unhandled program header table entry type

p_type: 0x1
p_offset: 0x0
p_vaddr: 0x0
p_paddr: 0x0
p_filesz: 0x2a004
p_memsz: 0x2a004
p_flags: 0x4
p_align: 0x1000

p_type: 0x1
p_offset: 0x2b000
p_vaddr: 0x2b000
p_paddr: 0x2b000
p_filesz: 0x42700
p_memsz: 0x42700
p_flags: 0x5
p_align: 0x1000
imap added: 76362b1000 76362f4000
imap 0x5859a7b0a8:
76361be000 - 7636272000
76362b1000 - 76362f4000

p_type: 0x1
p_offset: 0x6e000
p_vaddr: 0x6e000
p_paddr: 0x6e000
p_filesz: 0x3de0
p_memsz: 0x3de0
p_flags: 0x6
p_align: 0x1000

p_type: 0x1
p_offset: 0x71de0
p_vaddr: 0x72de0
p_paddr: 0x72de0
p_filesz: 0x2878
p_memsz: 0x6ae8
p_flags: 0x6
p_align: 0x1000

p_type: 0x7
p_offset: 0x6e000
p_vaddr: 0x6e000
p_paddr: 0x6e000
p_filesz: 0x0
p_memsz: 0x0
p_flags: 0x4
p_align: 0x40
Unhandled program header table entry type

p_type: 0x2
p_offset: 0x71060
p_vaddr: 0x71060
p_paddr: 0x71060
p_filesz: 0x240
p_memsz: 0x240
p_flags: 0x6
p_align: 0x8
Unhandled program header table entry type

p_type: 0x6474e552
p_offset: 0x6e000
p_vaddr: 0x6e000
p_paddr: 0x6e000
p_filesz: 0x3de0
p_memsz: 0x4000
p_flags: 0x4
p_align: 0x1
Unhandled program header table entry type

p_type: 0x6474e550
p_offset: 0x21aa4
p_vaddr: 0x21aa4
p_paddr: 0x21aa4
p_filesz: 0x17e4
p_memsz: 0x17e4
p_flags: 0x4
p_align: 0x4
Unhandled program header table entry type

p_type: 0x6474e551
p_offset: 0x0
p_vaddr: 0x0
p_paddr: 0x0
p_filesz: 0x0
p_memsz: 0x0
p_flags: 0x6
p_align: 0x0
Unhandled program header table entry type

p_type: 0x4
p_offset: 0x2f8
p_vaddr: 0x2f8
p_paddr: 0x2f8
p_filesz: 0x38
p_memsz: 0x38
p_flags: 0x4
p_align: 0x4
Unhandled program header table entry type
entry address: 0x76361d9ac0
Code cache: 0x7633ef7000
*thread_data in dispatcher at: 0x7633ef7268
Traces start at: 0x7634c64800
Syscall wrapper addr: 0x33ef71b4
scan(0x76361d9ac0)
A64 scan read_address: 0x76361d9ac0, w: : 0x7633ef7414, bb: 4
instruction enum: 36
instruction word: 0x910003e0
A64 scan read_address: 0x76361d9ac4, w: : 0x7633ef7418, bb: 4
instruction enum: 20
instruction word: 0x9400cc58
A64 branch target: 0x763620cc24
Address of first basic block is: 0x7633ef7400
Segmentation fault

And below is the crash information

2021-11-25 14:53:58.639 7258-7258/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-11-25 14:53:58.639 7258-7258/? A/DEBUG: Revision: '0'
2021-11-25 14:53:58.639 7258-7258/? A/DEBUG: ABI: 'arm64'
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG: Timestamp: 2021-11-25 14:53:58+0800
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG: pid: 7255, tid: 7255, name: mambo  >>> ./mambo <<<
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG: uid: 2000
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG: signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x7633ef45e4
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG:     x0  000000763620cc24  x1  0000000000000004  x2  0000007633d6f140  x3  0000007634ef7000
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG:     x4  0000000000000038  x5  8080808080808080  x6  fefefefefefefeff  x7  7f7f7f7f7f7f7f7f
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG:     x8  0000007633d6f380  x9  0000007633ef45e4  x10 0000000000000010  x11 0000000000001c57
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG:     x12 636f6c6220636973  x13 7830203a7369206b  x14 0000000000000010  x15 00e8000000000000
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG:     x16 0000005859a7ae38  x17 0000007633ef7268  x18 00000076b7c08000  x19 0000000020000000
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG:     x20 0000000000000000  x21 0000000000000000  x22 0000007633d6f386  x23 0000007fd2744508
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG:     x24 0000007633d6f370  x25 0000000000000042  x26 0000007fd27444f0  x27 0000005859a7647e
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG:     x28 0000007633d6f170  x29 0000007fd27441d0
2021-11-25 14:53:58.640 7258-7258/? A/DEBUG:     lr  0000007633ef710c  sp  0000007633d6ee90  pc  0000007633ef45e4  pst 0000000020001000
2021-11-25 14:53:58.653 7258-7258/? A/DEBUG: backtrace:
2021-11-25 14:53:58.653 7258-7258/? A/DEBUG:       #00 pc 00000000001845e4  <anonymous:7633d70000>

How can I fix this SIGSEGV to make it work on Android platform?

The attached file is the binary I compile with cmake + clang for aarch64, can run on API >= 28 Android device.
mambo.zip

@lgeek
Copy link
Member

lgeek commented Nov 25, 2021

Hi @WanghongLin. Our position is the same as before: we don't officially support Android. But if you do a standard build of MAMBO on an Arm GNU/Linux system and copy the statically linked executable to an Android device, it should work. You don't need any of the patches from this issue.

Here's the current master branch HEAD running on my phone with the cachesim plugin enabled:

p:/data/local/tmp $ ./dbm /system/bin/toybox ls -al                                                                                                                                      
total 1898
drwxrwx--x 2 shell shell    3488 2021-11-25 18:18 .
drwxr-x--x 4 root  root     3488 1970-01-02 07:00 ..
-rwxrwxrwx 1 shell shell 1935024 2021-11-25 18:18 dbm
We're done; exiting with status: 0

-- MAMBO cachesim 569b5f90-dirty --

Cache L1i: 49152 bytes, 64 byte lines, 3-way set-associative, LRU replacement policy

         2471364 references
         2471364 reads
               0 writes
            5156 misses total       (0.21% of references)
            5156 misses reads       (0.21% of references)
               0 misses writes      (0.00% of references)
               0 writebacks total   (0.00% of references)
               0 writebacks reads   (0.00% of references)
               0 writebacks writes  (0.00% of references)

Cache L1d: 32768 bytes, 64 byte lines, 2-way set-associative, LRU replacement policy

         1718398 references
         1225298 reads
          493100 writes
           44277 misses total       (2.58% of references)
           37377 misses reads       (2.18% of references)
            6900 misses writes      (0.40% of references)
           11255 writebacks total   (0.65% of references)
            7766 writebacks reads   (0.45% of references)
            3489 writebacks writes  (0.20% of references)

Cache L2: 1048576 bytes, 64 byte lines, 16-way set-associative, random replacement policy

           49433 references
           42533 reads
            6900 writes
           13445 misses total       (27.20% of references)
           10880 misses reads       (22.01% of references)
            2565 misses writes      (5.19% of references)
             910 writebacks total   (1.84% of references)
             752 writebacks reads   (1.52% of references)
             158 writebacks writes  (0.32% of references)

Note that the latest commit from the master branch is required because the Android libraries were trying to create an executable mapping without read permissions, which was previously making an assert fail.

@IgWod
Copy link
Collaborator

IgWod commented May 21, 2024

Closing due to inactivity. Please re-open if required.

@IgWod IgWod closed this as not planned Won't fix, can't repro, duplicate, stale May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@lgeek @amimo @Manouchehri @WanghongLin @IgWod @liamwhite @whcjb @umarcor