Dynarec gives segfault on gameshell

[slock83]

I've been trying for a few days to get your project running for a few days on the gameshell, and so far have seen some success (I was able to start a few games, including super meat boy and vvvvvv, for example), with limited performance, as expected (minutes long load times, 1 or 2 fps when lucky).

However, the dynarec does not seem to work, as enabling it just segfaults almost immediately.
Build on today's head b4a98f6 with only the -DARM_DYNAREC=1 option

Here's the log (No trace, will recompile with it if needed) :

BOX86_LOG=1 BOX86_DYNAREC=1 BOX86_DYNAREC_LOG=3 ~/code/box86/build/box86 x86/vvvvvv.x86
Using native(wrapped) libc.so.6
Using native(wrapped) ld-linux.so.2
Using native(wrapped) libpthread.so.0
Using native(wrapped) librt.so.1
Using emulated libgcc_s.so.1
Error: Symbol sendfile not found, cannot apply R_386_JMP_SLOT @0xb5c37170 (0x755c6)
Warning: Weak Symbol _ZGTtnaj not found, cannot apply R_386_JMP_SLOT @0xb5c371f8 (0x757e6)
Warning: Weak Symbol _ZGTtdlPv not found, cannot apply R_386_JMP_SLOT @0xb5c37560 (0x76586)
Ask for DynaRec Block creation @0x805b780
Ask for DynaRec Block Alloc #1
Emitting 112 bytes for 28 x86 bytes
0x805b780: 55  PUSH reg
        e9280200        STMDB r8!,{r9}
0x805b781: 89 E5  MOV Ed, Gd
        e1a09008        MOV r9, r8
0x805b783: 57  PUSH reg
        e9280800        STMDB r8!,{r11}
0x805b784: 56  PUSH reg
        e9280400        STMDB r8!,{r10}
0x805b785: 53  PUSH reg
        e9280080        STMDB r8!,{r7}
0x805b786: 83 E4 F0  AND Ed, Ib
        e30f3ff0        MOVW r3, #0xfff0
        e34f3fff        MOVT r3, #0xffff
        e0088003        AND r8, r8, r3
0x805b789: 81 EC 50 15 00 00  SUB Ed, Id
        e3013550        MOVW r3, #0x1550
        e580836c        STR r8, [r0, #876]
        e5803370        STR r3, [r0, #880]
        e0488003        SUB r8, r8, r3
        e5808374        STR r8, [r0, #884]
        e3003024        MOVW r3, #0x24
        e5803368        STR r3, [r0, #872]
0x805b78f: 8B 5D 0C  MOV Gd, Ed
        e289200c        ADD r2, r9, #12
        e5927000        LDR r7, [r2]
0x805b792: 8B 03  MOV Gd, Ed
        e5974000        LDR r4, [r7]
0x805b794: 89 04 24  MOV Ed, Gd
        e5884000        STR r4, [r8]
0x805b797: E8 54 F5 02 00  CALL Id
        e30b279c        MOVW r2, #0xb79c
        e3402805        MOVT r2, #0x805
        e9280004        STMDB r8!,{r2}
Jump to linker (#0)
        e30accf0        MOVW r12, #0xacf0
        e340c808        MOVT r12, #0x808
        e3061350        MOVW r1, #0x6350
        e34a1826        MOVT r1, #0xa826
        e5912000        LDR r2, [r1]
        e12fff12        BX r2
 --- DynaRec Block created @0x805b780 (0xb5281000, 0x70 bytes)
Running DynaRec Block @0x805b780 (0xb5281000) emu=0xa817c698
Segmentation faultDebug level is 1
Dynarec log level is 3
Dynarec is On
Using default BOX86_LD_LIBRARY_PATH: ./:lib/
Using default BOX86_PATH: ./:bin/
Counted 22 Env var
Looking for x86/vvvvvv.x86
Using native(wrapped) libSDL2-2.0.so.0
Using native(wrapped) libSDL2_mixer-2.0.so.0
Using emulated libstdc++.so.6
Using native(wrapped) libm.so.6
Using native(wrapped) libc.so.6
Using native(wrapped) ld-linux.so.2
Using native(wrapped) libpthread.so.0
Using native(wrapped) librt.so.1
Using emulated libgcc_s.so.1
Error: Symbol sendfile not found, cannot apply R_386_JMP_SLOT @0xb5c25170 (0x755c6)
Warning: Weak Symbol _ZGTtnaj not found, cannot apply R_386_JMP_SLOT @0xb5c251f8 (0x757e6)
Warning: Weak Symbol _ZGTtdlPv not found, cannot apply R_386_JMP_SLOT @0xb5c25560 (0x76586)
Ask for DynaRec Block creation @0x805b780
Ask for DynaRec Block Alloc #1
Emitting 112 bytes for 28 x86 bytes
0x805b780: 55  PUSH reg
        e9280200        STMDB r8!,{r9}
0x805b781: 89 E5  MOV Ed, Gd
        e1a09008        MOV r9, r8
0x805b783: 57  PUSH reg
        e9280800        STMDB r8!,{r11}
0x805b784: 56  PUSH reg
        e9280400        STMDB r8!,{r10}
0x805b785: 53  PUSH reg
        e9280080        STMDB r8!,{r7}
0x805b786: 83 E4 F0  AND Ed, Ib
        e30f3ff0        MOVW r3, #0xfff0
        e34f3fff        MOVT r3, #0xffff
        e0088003        AND r8, r8, r3
0x805b789: 81 EC 50 15 00 00  SUB Ed, Id
        e3013550        MOVW r3, #0x1550
        e580836c        STR r8, [r0, #876]
        e5803370        STR r3, [r0, #880]
        e0488003        SUB r8, r8, r3
        e5808374        STR r8, [r0, #884]
        e3003024        MOVW r3, #0x24
        e5803368        STR r3, [r0, #872]
0x805b78f: 8B 5D 0C  MOV Gd, Ed
        e289200c        ADD r2, r9, #12
        e5927000        LDR r7, [r2]
0x805b792: 8B 03  MOV Gd, Ed
        e5974000        LDR r4, [r7]
0x805b794: 89 04 24  MOV Ed, Gd
        e5884000        STR r4, [r8]
0x805b797: E8 54 F5 02 00  CALL Id
        e30b279c        MOVW r2, #0xb79c
        e3402805        MOVT r2, #0x805
        e9280004        STMDB r8!,{r2}
Jump to linker (#0)
        e30accf0        MOVW r12, #0xacf0
        e340c808        MOVT r12, #0x808
        e3061350        MOVW r1, #0x6350
        e34a1826        MOVT r1, #0xa826
        e5912000        LDR r2, [r1]
        e12fff12        BX r2
 --- DynaRec Block created @0x805b780 (0xb526f000, 0x70 bytes)
Running DynaRec Block @0x805b780 (0xb526f000) emu=0xa817c698
Segmentation fault

Thank you 👍

[ptitSeb]

What is the exact CPU of the gameshell? I see some Cortex-A7, is there NEON and VFPUv3? Not this can be the issue, as this seems way to early. Are you able to run gdb to catch the segfault and print a backtrace (along with the same kind of trace, to understand were it is).

[slock83]

It's an Allwinner R16/A33

specs outline

I will try with gdb

[ptitSeb]

Spec looks nice :) It should be able to play VVVVV easily (I play it, with the dynarec, on the Pandora that have lower specs).

[slock83]

Here's the gdb output. It doesn't seem very helpful...

Starting program: /home/cpi/code/box86/build/box86 x86/vvvvvv.x86
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
Debug level is 1
Dynarec log level is 3
Dynarec is On
Using default BOX86_LD_LIBRARY_PATH: ./:lib/
Using default BOX86_PATH: ./:bin/
Counted 23 Env var
Looking for x86/vvvvvv.x86
Using native(wrapped) libSDL2-2.0.so.0
Using native(wrapped) libSDL2_mixer-2.0.so.0
Using emulated libstdc++.so.6
Using native(wrapped) libm.so.6
Using native(wrapped) libc.so.6
Using native(wrapped) ld-linux.so.2
Using native(wrapped) libpthread.so.0
Using native(wrapped) librt.so.1
Using emulated libgcc_s.so.1
Error: Symbol sendfile not found, cannot apply R_386_JMP_SLOT @0xb5d1b170 (0x755c6)
Warning: Weak Symbol _ZGTtnaj not found, cannot apply R_386_JMP_SLOT @0xb5d1b1f8 (0x757e6)
Warning: Weak Symbol _ZGTtdlPv not found, cannot apply R_386_JMP_SLOT @0xb5d1b560 (0x76586)
Ask for DynaRec Block creation @0x805b780
Ask for DynaRec Block Alloc #1
Emitting 112 bytes for 28 x86 bytes
0x805b780: 55  PUSH reg
        e9280200        STMDB r8!,{r9}
0x805b781: 89 E5  MOV Ed, Gd
        e1a09008        MOV r9, r8
0x805b783: 57  PUSH reg
        e9280800        STMDB r8!,{r11}
0x805b784: 56  PUSH reg
        e9280400        STMDB r8!,{r10}
0x805b785: 53  PUSH reg
        e9280080        STMDB r8!,{r7}
0x805b786: 83 E4 F0  AND Ed, Ib
        e30f3ff0        MOVW r3, #0xfff0
        e34f3fff        MOVT r3, #0xffff
        e0088003        AND r8, r8, r3
0x805b789: 81 EC 50 15 00 00  SUB Ed, Id
        e3013550        MOVW r3, #0x1550
        e580836c        STR r8, [r0, #876]
        e5803370        STR r3, [r0, #880]
        e0488003        SUB r8, r8, r3
        e5808374        STR r8, [r0, #884]
        e3003024        MOV
W r3, #0x24
        e5803368        STR r3, [r0, #872]
0x805b78f: 8B 5D 0C  MOV Gd, Ed
        e289200c        ADD r2, r9, #12
        e5927000        LDR r7, [r2]
0x805b792: 8B 03  MOV Gd, Ed
        e5974000        LDR r4, [r7]
0x805b794: 89 04 24  MOV Ed, Gd
        e5884000        STR r4, [r8]
0x805b797: E8 54 F5 02 00  CALL Id
        e30b279c        MOVW r2, #0xb79c
        e3402805        MOVT r2, #0x805
        e9280004        STMDB r8!,{r2}
Jump to linker (#0)
        e30accf0        MOVW r12, #0xacf0
        e340c808        MOVT r12, #0x808
        e3051eb0        MOVW r1, #0x5eb0
        e34a1826        MOVT r1, #0xa826
        e5912000        LDR r2, [r1]
        e12fff12        BX r2
 --- DynaRec Block created @0x805b780 (0xb5365000, 0x70 bytes)
Running DynaRec Block @0x805b780 (0xb5365000) emu=0xa817c638

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x0805b780 in ?? ()

Also, spec is nice but plagued with the mali400mp gpu that has only been mainlined a few weeks ago despite his age. Hope to get your port of the serious engine running on it though (textures didn't draw on my last test due to missing features in the driver)

[ptitSeb]

Mmm, that backtrace doesn't make sense !

Look at frame #1: 0x0805b780 : this is the x86 code address ?!!! it should bethis address 0xb5365000 instead, were the ARM code has been generated.

That's odd. In gdb, you should put a break point at the end of DBGetBlock(...) function, like with b dynablock.c:159, of simply b DBGetBlock then finish to execute qickly that funciton (that seems to work correctly) and go the the caller function (probably DynaRun(...)) to see what is happening.

Or maybe break in arm_prolog, because maybe those Assembly function got mixed up?

It's a linux armhf regular build, right?

[ptitSeb]

Too bad for the mali... Well if it's mainline, got driver will probably come. When box86 work, you'll see thta good driver are also needed frequently, almost everything use OpenGL...

[slock83]

It's been years since I've last used gdb, don't know if this is helpful :

 BOX86_LOG=1 BOX86_DYNAREC=1 BOX86_DYNAREC_LOG=3 gdb --args ~/code/box86/build/box86 x86/vvvvvv.x86
GNU gdb (Debian 8.2.1-2+b1) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/cpi/code/box86/build/box86...done.
(gdb) b DBGetBlock
Breakpoint 1 at 0xa807b1cc: file /home/cpi/code/box86/src/dynarec/dynablock.c, line 104.
(gdb) b arm_prolog
Breakpoint 2 at 0xa807bc40: file /home/cpi/code/box86/src/dynarec/arm_prolog.S, line 12.
(gdb) run
Starting program: /home/cpi/code/box86/build/box86 x86/vvvvvv.x86
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
Debug level is 1
Dynarec log level is 3
Dynarec is On
Using default BOX86_LD_LIBRARY_PATH: ./:lib/
Using default BOX86_PATH: ./:bin/
Counted 23 Env var
Looking for x86/vvvvvv.x86
Using native(wrapped) libSDL2-2.0.so.0
Using native(wrapped) libSDL2_mixer-2.0.so.0
Using emulated libstdc++.so.6
Using native(wrapped) libm.so.6
Using native(wrapped) libc.so.6
Using native(wrapped) ld-linux.so.2
Using native(wrapped) libpthread.so.0
Using native(wrapped) librt.so.1
Using emulated libgcc_s.so.1
Error: Symbol sendfile not found, cannot apply R_386_JMP_SLOT @0xb5d1b170 (0x755c6)
Warning: Weak Symbol _ZGTtnaj not found, cannot apply R_386_JMP_SLOT @0xb5d1b1f8 (0x757e6)
Warning: Weak Symbol _ZGTtdlPv not found, cannot apply R_386_JMP_SLOT @0xb5d1b560 (0x76586)

Breakpoint 1, DBGetBlock (emu=emu@entry=0xa817c638, addr=134592384,
    create=create@entry=1, current=current@entry=0x0)
    at /home/cpi/code/box86/src/dynarec/dynablock.c:104
104         dynablocklist_t *dynablocks = GetDynablocksFromAddress(emu->context, addr);
(gdb) finish
Run till exit from #0  DBGetBlock (emu=emu@entry=0xa817c638, addr=134592384,
    create=create@entry=1, current=current@entry=0x0)
    at /home/cpi/code/box86/src/dynarec/dynablock.c:104
Ask for DynaRec Block creation @0x805b780
Ask for DynaRec Block Alloc #1
Emitting 112 bytes for 28 x86 bytes
0x805b780: 55  PUSH reg
        e9280200        STMDB r8!,{r9}
0x805b781: 89 E5  MOV Ed, Gd
        e1a09008        MOV r9, r8
0x805b783: 57  PUSH reg
        e9280800        STMDB r8!,{r11}
0x805b784: 56  PUSH reg
        e9280400        STMDB r8!,{r10}
0x805b785: 53  PUSH reg
        e9280080        STMDB r8!,{r7}
0x805b786: 83 E4 F0  AND Ed, Ib
        e30f3ff0        MOVW r3, #0xfff0
        e34f3fff        MOVT r3, #0xffff
        e0088003        AND r8, r8, r3
0x805b789: 81 EC 50 15 00 00  SUB Ed, Id
        e3013550        MOVW r3, #0x1550
        e580836c        STR r8, [r0, #876]
        e5803370        STR r3, [r0, #880]
        e0488003        SUB r8, r8, r3
        e5808374        STR r8, [r0, #884]
        e3003024        MOVW r3, #0x24
        e5803368        STR r3, [r0, #872]
0x805b78f: 8B 5D 0C  MOV Gd, Ed
        e289200c        ADD r2, r9, #12
        e5927000        LDR r7, [r2]
0x805b792: 8B 03  MOV Gd, Ed
        e5974000        LDR r4, [r7]
0x805b794: 89 04 24  MOV Ed, Gd
        e5884000        STR r4, [r8]
0x805b797: E8 54 F5 02 00  CALL Id
        e30b279c        MOVW r2, #0xb79c
        e3402805        MOVT r2, #0x805
        e9280004        STMDB r8!,{r2}
Jump to linker (#0)
        e30accf0        MOVW r12, #0xacf0
        e340c808        MOVT r12, #0x808
        e3051eb0        MOVW r1, #0x5eb0
        e34a1826        MOVT r1, #0xa826
        e5912000        LDR r2, [r1]
        e12fff12        BX r2
 --- DynaRec Block created @0x805b780 (0xb5365000, 0x70 bytes)
DynaRun (emu=emu@entry=0xa817c638)
    at /home/cpi/code/box86/src/dynarec/dynarec.c:139
139                 if(!block || !block->block || !block->done) {
Value returned is $1 = (dynablock_t *) 0xa8265e98
(gdb) s
145                     dynarec_log(LOG_DEBUG, "Running DynaRec Block @%p (%p) emu=%p\n", R_EIP, block->block, emu);
(gdb) s
__fprintf (stream=0xb6ec6db0 <_IO_2_1_stdout_>,
    format=0xa812217c "Running DynaRec Block @%p (%p) emu=%p\n")
    at fprintf.c:32
32      fprintf.c: No such file or directory.
(gdb) finish
Run till exit from #0  __fprintf (stream=0xb6ec6db0 <_IO_2_1_stdout_>,
    format=0xa812217c "Running DynaRec Block @%p (%p) emu=%p\n")
    at fprintf.c:32
Running DynaRec Block @0x805b780 (0xb5365000) emu=0xa817c638
0xa806a828 in DynaRun (emu=emu@entry=0xa817c638)
    at /home/cpi/code/box86/src/dynarec/dynarec.c:145
145                     dynarec_log(LOG_DEBUG, "Running DynaRec Block @%p (%p) emu=%p\n", R_EIP, block->block, emu);
Value returned is $2 = 61
(gdb) s
__GI__IO_fflush (fp=0xb6ec6db0 <_IO_2_1_stdout_>) at iofflush.c:33
33      iofflush.c: No such file or directory.
(gdb) finish
Run till exit from #0  __GI__IO_fflush (fp=0xb6ec6db0 <_IO_2_1_stdout_>)
    at iofflush.c:33
0xa806a830 in DynaRun (emu=emu@entry=0xa817c638)
    at /home/cpi/code/box86/src/dynarec/dynarec.c:145
145                     dynarec_log(LOG_DEBUG, "Running DynaRec Block @%p (%p) emu=%p\n", R_EIP, block->block, emu);
Value returned is $3 = 0
(gdb) finish
Run till exit from #0  0xa806a830 in DynaRun (emu=emu@entry=0xa817c638)
    at /home/cpi/code/box86/src/dynarec/dynarec.c:145

Program received signal SIGSEGV, Segmentation fault.
FillBlock (emu=0xa817c638, block=0xa8177bb0 <box86_dynarec_log>,
    addr=2821086872) at /home/cpi/code/box86/src/dynarec/dynarec_arm.c:85
85              if(helper.insts[i].x86.flags==X86_FLAGS_CHANGE) {
(gdb)

[slock83]

Also yes, this is a standard armhf build, only option I've added is the -DARM_DYNAREC (maybe I should add more, like forcing the mfpu ?)

[ptitSeb]

Yes, you need to force fpu probably, as well as hard fload-abi. (-mfpu=neon -mfloat-abi=hard is probably a good start).
But that's probably not the issue.

Ah yes, I just thought: you need to -marm in cpu flags ! The Dynarec is in ARM mode, not Thumb mode, and thumb is the default now everywhere. I probably need to write that in the COMPILE.md !

[slock83]

Thanks ! Compiling with these settings, at least it explain why arm_prolog was seemingly never called (at least it didn't trigger the breakpoint).

Given the speed of this device (and also I didn't take the time to setup my cross compiling toolchain on this computer yet...) I'll report the results tomorrow.

Thank you 😃

[ptitSeb]

Yeah, Box86 is getting bigger now with the dynarec (especialy passes 2 and 3)...

Hopefully it will work (and it will be fast)!

[slock83]

It did work ! Getting almost fullspeed on vvvvvv, will try a few other things now.
Thank you 😄

[ptitSeb]

Ah good. But not fullspeed on VVVVVV? I would have though it would be fullspeed.

[ptitSeb]

I guess this ticket can be closed now?

[slock83]

Yes, it can. Thank you :)