CODEWITHSUNDEEP
ioscxcodeassemblyexc-bad-access
Riley Testut
Riley Testut

Reputation: 461

EXC_BAD_ACCESS in Assembly Code in iOS App

I'm trying to debug an EXC_BAD_ACCESS crash in an iOS App I am working on. Basically, my code calls the function new_dyna_start() which corresponds to the a certain assembly method. Here's the relevant assembly code:

.align  4
42430:
.long _translation_cache_iphone

.align  2
.globl  _new_dyna_start
//  .type   new_dyna_start, %function
_new_dyna_start:
ldr r12, .dlptr
mov r0, #0xa4000000
stmia   r12, {r4, r5, r6, r7, r8, r9, sl, fp, lr}
sub fp, r12, #28
add r0, r0, #0x40
bl  _new_recompile_block
ldr r0, [fp, #64]
ldr r10, [fp, #400+36] /* Count */
str r0, [fp, #72]
sub r10, r10, r0
ldr r0, 42430b
ldr pc, [r0]

From my (limited) understanding, at line 6 of the method, it calls the C function new_recompile_block(). This method works fine, and I know it finishes because at the end of the function I have

printf("End of loop");

which then appears in the debugger. After the method completes, I'm not entirely sure I understand what happens, but it seems that the assembly method obtains a reference to the C variable translation_cache_iphone. However, at the final line the app crashes oddly. This message appears in Xcode: https://i.sstatic.net/moAzS.jpg

However, if I click on the side to the last method called, I see it is this: https://i.sstatic.net/wIVhU.jpg

This seems to support my idea that it is the translation_cache_iphone variable causing the crash, as the memory address of the EXC_BAD_ACCESS (0x401000) is the same as translation_cache_iphone. translation_cache_iphone is declared as:

unsigned char* translation_cache_iphone = NULL;

and is initialized by:

translation_cache_iphone = (unsigned char *)(((unsigned long) translation_cache_static_iphone + (4096)) & ~(4095));

Am I right in assuming that this is the problem? Is the problem in the assembly code, or in the C code? I've tried modifying both, but to no avail. The assembly code above is the original.

Here is a link to the full source on Github. Simply compile and run on an iDevice with Xcode and you'll see the exact issues I'm facing. It may be easier to debug that way.

Upvotes: 1

Views: 1129

Answers (2)

gibertoni
gibertoni

Reputation: 1378

This seems to support my idea that it is the translation_cache_iphone variable causing the crash

Yes, I believe that this variable is the problem.

In the assembly code you posted I can see one line that could cause an invalid access to the memory, and it is:

ldr r0, 42430b
ldr pc, [r0]

The first line loads the data from the label 42430 to the register r0. Then, the second line points PC (Program Counter) to the content of r0.

In the beginning of the assembly code you have declared what is the label 42430:

42430:
  .long _translation_cache_iphone

Then, when it tries to access this value and execute is as code, it crashes.

Upvotes: 1

Jester
Jester

Reputation: 58792

The last two instructions form an indirect jump to the translation_cache_iphone which is thus expected to be executable code. Verify that is the case and that memory permissions are appropriate - in many systems data pages are not executable by default.

Upvotes: 1

Related Questions