I wrote some very simple code, aimed to work on bare metal RaspberryPi. My code consists of gpio.s (with function "flash", which turns LED on and off) and main.s, shown below.
.section .init
.globl _start
_start:
mov sp, $0x8000
b main
.section .text
.globl main
main:
ldr r5, =variable
ldr r4, [r5]
cmp r4, $100
bleq flash
loop:
b loop
.section .data
.align 4
.globl variable
variable:
.word 100
So r4 should be filled with 100 => condition flag should be eq => LED should flash! But it does not. Why?
Apart from that example, function "flash" works, as well as in the case of adding these lines after "ldr r5, =variable":
mov r1, $100
str r1, [r5]
So it seems like memory is accessible, but doesn't get initialized. I would be grateful for your explanations.
Disassembly:
./build/output.elf: file format elf32-littlearm
Disassembly of section .init:
00000000 <_start>:
0: e3a0d902 mov sp, #32768 ; 0x8000
4: ea00205c b 817c <main>
Disassembly of section .text:
00008000 <getGpioAddr>:
8000: e59f0170 ldr r0, [pc, #368] ; 8178 <flash2+0x14>
8004: e1a0f00e mov pc, lr
00008008 <setGpioFunct>:
8008: e3500035 cmp r0, #53 ; 0x35
800c: 93510007 cmpls r1, #7 ; 0x7
8010: 83a00001 movhi r0, #1 ; 0x1
8014: 81a0f00e movhi pc, lr
8018: e92d0030 push {r4, r5}
801c: e1a02001 mov r2, r1
8020: e1a01000 mov r1, r0
8024: e92d4000 push {lr}
8028: ebfffff4 bl 8000 <getGpioAddr>
802c: e8bd4000 pop {lr}
8030: e3a04000 mov r4, #0 ; 0x0
00008034 <subTen>:
8034: e351000a cmp r1, #10 ; 0xa
8038: 2241100a subcs r1, r1, #10 ; 0xa
803c: 22844001 addcs r4, r4, #1 ; 0x1
8040: 2afffffb bcs 8034 <subTen>
8044: e3a05004 mov r5, #4 ; 0x4
8048: e0030594 mul r3, r4, r5
804c: e0800003 add r0, r0, r3
8050: e3a05003 mov r5, #3 ; 0x3
8054: e0030591 mul r3, r1, r5
8058: e1a02312 lsl r2, r2, r3
805c: e3e0430e mvn r4, #939524096 ; 0x38000000
8060: e3a05009 mov r5, #9 ; 0x9
8064: e0451001 sub r1, r5, r1
8068: e3a05003 mov r5, #3 ; 0x3
806c: e0030591 mul r3, r1, r5
8070: e1a04374 ror r4, r4, r3
8074: e5905000 ldr r5, [r0]
8078: e0055004 and r5, r5, r4
807c: e1855002 orr r5, r5, r2
8080: e5805000 str r5, [r0]
8084: e8bd0030 pop {r4, r5}
8088: e3a00000 mov r0, #0 ; 0x0
808c: e1a0f00e mov pc, lr
00008090 <setPin>:
8090: e3500035 cmp r0, #53 ; 0x35
8094: 83a00001 movhi r0, #1 ; 0x1
8098: 81a0f00e movhi pc, lr
809c: e92d0020 push {r5}
80a0: e3500020 cmp r0, #32 ; 0x20
80a4: 22401020 subcs r1, r0, #32 ; 0x20
80a8: 31a01000 movcc r1, r0
80ac: 23a02020 movcs r2, #32 ; 0x20
80b0: 33a0201c movcc r2, #28 ; 0x1c
80b4: e92d4000 push {lr}
80b8: ebffffd0 bl 8000 <getGpioAddr>
80bc: e8bd4000 pop {lr}
80c0: e3a05001 mov r5, #1 ; 0x1
80c4: e1a05115 lsl r5, r5, r1
80c8: e7805002 str r5, [r0, r2]
80cc: e3a00000 mov r0, #0 ; 0x0
80d0: e8bd0020 pop {r5}
80d4: e1a0f00e mov pc, lr
000080d8 <clearPin>:
80d8: e3500035 cmp r0, #53 ; 0x35
80dc: 83a00001 movhi r0, #1 ; 0x1
80e0: 81a0f00e movhi pc, lr
80e4: e92d0020 push {r5}
80e8: e3500020 cmp r0, #32 ; 0x20
80ec: 22401020 subcs r1, r0, #32 ; 0x20
80f0: 31a01000 movcc r1, r0
80f4: 23a0202c movcs r2, #44 ; 0x2c
80f8: 33a02028 movcc r2, #40 ; 0x28
80fc: e92d4000 push {lr}
8100: ebffffbe bl 8000 <getGpioAddr>
8104: e8bd4000 pop {lr}
8108: e3a05001 mov r5, #1 ; 0x1
810c: e1a05115 lsl r5, r5, r1
8110: e7805002 str r5, [r0, r2]
8114: e3a00000 mov r0, #0 ; 0x0
8118: e8bd0020 pop {r5}
811c: e1a0f00e mov pc, lr
00008120 <flash>:
8120: e92d4013 push {r0, r1, r4, lr}
8124: e3a00010 mov r0, #16 ; 0x10
8128: e3a01001 mov r1, #1 ; 0x1
812c: ebffffb5 bl 8008 <setGpioFunct>
8130: e3a00010 mov r0, #16 ; 0x10
8134: ebffffe7 bl 80d8 <clearPin>
8138: eb000004 bl 8150 <wait>
813c: e3a00010 mov r0, #16 ; 0x10
8140: ebffffd2 bl 8090 <setPin>
8144: eb000001 bl 8150 <wait>
8148: e8bd4013 pop {r0, r1, r4, lr}
814c: e1a0f00e mov pc, lr
00008150 <wait>:
8150: e3a0583f mov r5, #4128768 ; 0x3f0000
00008154 <loop>:
8154: e2455001 sub r5, r5, #1 ; 0x1
8158: e3550000 cmp r5, #0 ; 0x0
815c: 1afffffc bne 8154 <loop>
8160: e1a0f00e mov pc, lr
00008164 <flash2>:
8164: e92d4000 push {lr}
8168: ebffffec bl 8120 <flash>
816c: ebffffeb bl 8120 <flash>
8170: e8bd4000 pop {lr}
8174: e1a0f00e mov pc, lr
8178: 20200000 .word 0x20200000
0000817c <main>:
817c: e59f500c ldr r5, [pc, #12] ; 8190 <loop+0x4>
8180: e5954000 ldr r4, [r5]
8184: e3540064 cmp r4, #100 ; 0x64
8188: 0bffffe4 bleq 8120 <flash>
0000818c <loop>:
818c: eafffffe b 818c <loop>
8190: 00008194 .word 0x00008194
Disassembly of section .data:
00008194 <variable>:
8194: 00000064 .word 0x00000064
Linker scripts, makefile etc. taken from: http://www.cl.cam.ac.uk/projects/raspberrypi/tutorials/os/ok01.html
from your link (you should not ask questions here using links, put the code in the question)
0000817c <main>:
817c: e59f500c ldr r5, [pc, #12] ; 8190 <loop+0x4>
8180: e3a01064 mov r1, #100 ; 0x64
8184: e3540064 cmp r4, #100 ; 0x64
8188: 0bffffe4 bleq 8120 <flash>
0000818c <loop>:
818c: eafffffe b 818c <loop>
8190: 000081a0 .word 0x000081a0
Disassembly of section .data:
000081a0 <variable>:
81a0: 00000064 .word 0x00000064
...
you are moving r1 a 100 but comparing r4 which has not been initialized at least in this code, so that is unpredictable what will happen. if you replace that with a mov r4,[r5] it should work as desired as r5 is getting the address of the word that contains the #100 and then you read from that address into r4.
I assume you have verified that if you simply bl flash it works (not a conditional but always go there) as desired?
In this bare metal mode you definitely have access to read/write memory, no worries there.
David
Memory is normally initialized as part of the C runtime code. If you are writing bare-metal assembly without including the functionality of the C runtime then your variables in RAM will not be initialized. You need to explicitly initialize the value of variable in your own code.
Finally found out! Really subtle, and it's not my fault indeed. I had taken the makefile and linker script from Alex Chadwick tutorial, and the linker script looked like that:
SECTIONS {
/*
* First and formost we need the .init section, containing the IVT.
*/
.init 0x0000 : {
*(.init)
}
/*
* We allow room for the ATAGs and the stack and then start our code at
* 0x8000.
*/
.text 0x8000 : {
*(.text)
}
/*
* Next we put the data.
*/
.data : {
*(.data)
}
/*
* Finally comes everything else. A fun trick here is to put all other
* sections into this section, which will be discarded by default.
*/
/DISCARD/ : {
*(*)
}
}
.init section was based at 0x0000, and then the .text started at 0x8000. But actually, kernel.img is loaded at address 0x8000 by Pi (real address of .init was 0x8000), so: whole .text section (as well as the following sections) were shifted - due to that fact, addresses of labels were misassumed at the assembling-linking time. Only pc-relative addressing could work, as PC was set correctly. The solution is to start the image at 0x8000:
SECTIONS {
/*
* First and formost we need the .init section, containing the IVT.
*/
.init 0x8000 : {
*(.init)
}
.text : {
*(.text)
}
/*
* Next we put the data.
*/
.data : {
*(.data)
}
/*
* Finally comes everything else. A fun trick here is to put all other
* sections into this section, which will be discarded by default.
*/
/DISCARD/ : {
*(*)
}
}
I've just checked the template on his website and it's corrected now, so there is no point contacting him. I must have downloaded template before this correction. Thank you guys for your attempts.
Related
Since I updated Xcode to 6.0.1 and iOS SDK to 8.0 my app no longer work on the device (running iOS 8 ofc).
But it works perfectly in the simulator.
The app crashes in UIApplicationMain before any call to the delegate has ever happened.
It seems either a value or key is null at CFTypeCollectionRetain.
I've tried
Recreating certificates/provision profiles.
Re-built with/without ARC.
Tested both armv7 and arm64 builds.
Xcode template (Game) application compiles and runs without probs.
Things to note
Almost all code is C++, it's a game engine and are using bare minimum of OS services.
Some global constructors (executed prior to main) are using pthreads primitives.
No root view controller is created (legacy reasons), instead a custom view is created which uses CAEAGLLayer to "enable" GLES... but since the program doesn't reach the point where those are created I've ignored it for time being.
Inside UIApplicationMain there is a call to [_UIFlippingView layerClass] which crashes; but cannot find any information about the UIFlippingView class whatsoever on Google...
I don't expect an answer but any good advise as to where look next would be very appreciated!
Callstack is as follows:
* thread #1: tid = 0x185d9, 0x23f7646c CoreFoundation`__CFTypeCollectionRetain + 104, queue = 'com.apple.main-thread', stop reason = EXC_BREAKPOINT (code=EXC_ARM_BREAKPOINT, subcode=0xdefe)
* frame #0: 0x23f7646c CoreFoundation`__CFTypeCollectionRetain + 104
frame #1: 0x23fd9168 CoreFoundation`__CFBasicHashAddValue + 564
frame #2: 0x23ec06c0 CoreFoundation`CFBasicHashAddValue + 19048
frame #3: 0x23ef745e CoreFoundation`CFDictionaryCreate + 178
frame #4: 0x28a8d246 BackBoardServices`BKSHIDEventCreateClientAttributes + 186
frame #5: 0x28a8d2ac BackBoardServices`___getHIDEventSystemClient_block_invoke + 36
frame #6: 0x01fab740 libdispatch.dylib`dispatch_once_f + 100
frame #7: 0x28a8d318 BackBoardServices`BKSHIDEventRegisterEventCallback + 84
frame #8: 0x274ab4a8 UIKit`UIApplicationMain + 576
frame #9: 0x0008833c Traktor.Amalgam.App`main(argc=1, argv=0x01d3f9e8) + 196 at Main.mm:15
CoreFoundation`__CFTypeCollectionRetain:
0x23f76404: push {r4, r5, r7, lr}
0x23f76406: mov r4, r1
0x23f76408: add r7, sp, #0x8
0x23f7640a: cbz r4, 0x23f7646c ; __CFTypeCollectionRetain + 104
0x23f7640c: ldrd r0, r1, [r4]
0x23f76410: cmp r0, #0x0
0x23f76412: ubfx r1, r1, #0x8, #0xa
0x23f76416: beq 0x23f7644a ; __CFTypeCollectionRetain + 70
0x23f76418: movw r2, #0xdf70
0x23f7641c: movt r2, #0xe02
0x23f76420: add r2, pc
0x23f76422: ldr r2, [r2]
0x23f76424: cmp r0, r2
0x23f76426: beq 0x23f7644a ; __CFTypeCollectionRetain + 70
0x23f76428: movw r2, #0x4aa4
0x23f7642c: movt r2, #0xe03
0x23f76430: add r2, pc
0x23f76432: ldr.w r5, [r2, r1, lsl #2]
0x23f76436: cmp r0, r5
0x23f76438: beq 0x23f7644a ; __CFTypeCollectionRetain + 70
0x23f7643a: tst.w r0, #0x1
0x23f7643e: beq 0x23f76456 ; __CFTypeCollectionRetain + 82
0x23f76440: mov r0, r4
0x23f76442: blx 0x2400d1e0 ; symbol stub for: +[NSMutableOrderedSet orderedSetWithCapacity:]
0x23f76446: cmp r0, r5
0x23f76448: bne 0x23f76456 ; __CFTypeCollectionRetain + 82
0x23f7644a: mov r0, r4
0x23f7644c: movs r1, #0x0
0x23f7644e: pop.w {r4, r5, r7, lr}
0x23f76452: b.w 0x23eafc38 ; _CFRetain
0x23f76456: movw r0, #0xb93e
0x23f7645a: movt r0, #0xe02
0x23f7645e: add r0, pc
0x23f76460: ldr r1, [r0]
0x23f76462: mov r0, r4
0x23f76464: pop.w {r4, r5, r7, lr}
0x23f76468: b.w 0x2400c0c8 ; objc_msgSend$shim
0x23f7646c: trap -- TRAPPED HERE
0x23f7646e: nop
Inside UIApplicationMain code, interesting is the call to [_UIFlippingView layerClass] which crashes...
0x274ab486: blx 0x27b5b248 ; symbol stub for: roundf$shim
0x274ab48a: movs r5, #0x0
0x274ab48c: movw r0, #0x60f1
0x274ab490: movt r0, #0x0
0x274ab494: add r0, pc
0x274ab496: blx 0x27b595d8 ; symbol stub for: -[UIGravityBehavior _commonInit]
0x274ab49a: movw r0, #0xfa8f
0x274ab49e: movt r0, #0xfff9
0x274ab4a2: add r0, pc
0x274ab4a4: blx 0x27b59068 -- THIS CALL ; symbol stub for: +[_UIFlippingView layerClass]
0x274ab4a8: mov r0, r5
0x274ab4aa: mov r1, r11
0x274ab4ac: blx 0x27b5b248 ; symbol stub for: roundf$shim
0x274ab4b0: movw r1, #0x23e4
0x274ab4b4: movt r1, #0xb12
0x274ab4b8: add r1, pc
0x274ab4ba: ldr r1, [r1]
0x274ab4bc: blx 0x27b5b248 ; symbol stub for: roundf$shim
Was able to fix the issue!!
Apparently Xcode had the bad idea of autogenerating a "Product Module Name" setting which didn't match "Product Name" and thus crashed the app when running on the device. This is mindbogglingly bad but imho what to expect of Xcode...
I'm facing a hard problem. When I run my app on iphone 5s, my iphone will be reboot (Apple logo appear) in the first time, but then run my app again, it can run fine. It just happen when run in the first time and run on iphone 5s ( iphone 4s and iphone 5 dont encounter this issue). And when it reboot, Xcode console shows message error :
dyld`_dyld_start:
0x2befd028: mov r8, sp
0x2befd02c: sub sp, sp, #16
0x2befd030: bic sp, sp, #7
0x2befd034: ldr r3, [pc, #112] ; _dyld_start + 132
0x2befd038: sub r0, pc, #8
0x2befd03c: ldr r3, [r0, r3]
0x2befd040: sub r3, r0, r3
0x2befd044: ldr r0, [r8]
0x2befd048: ldr r1, [r8, #4]
0x2befd04c: add r2, r8, #8
0x2befd050: ldr r4, [pc, #88] ; _dyld_start + 136
0x2befd054: add r4, r4, pc
0x2befd058: str r4, [sp]
0x2befd05c: add r4, sp, #12
0x2befd060: str r4, [sp, #4]
0x2befd064: blx 0x2befd0d0 ; dyldbootstrap::start(macho_header const*, int, char const**, long, macho_header const*, unsigned long*)
0x2befd068: ldr r5, [sp, #12]
0x2befd06c: cmp r5, #0
0x2befd070: bne 0x2befd07c ; _dyld_start + 84
0x2befd074: add sp, r8, #4
0x2befd078: bx r0
0x2befd07c: mov lr, r5
0x2befd080: mov r5, r0
0x2befd084: ldr r0, [r8, #4]
0x2befd088: add r1, r8, #8
0x2befd08c: add r2, r1, r0, lsl #2
0x2befd090: add r2, r2, #4
0x2befd094: mov r3, r2
0x2befd098: ldr r4, [r3]
0x2befd09c: add r3, r3, #4
0x2befd0a0: cmp r4, #0
0x2befd0a4: bne 0x2befd098 ; _dyld_start + 112
0x2befd0a8: bx r5
0x2befd0ac: strheq r3, [r2], -r0
0x2befd0b0: .long 0xffffefa4 ; unknown opcode
This code is when start up app:
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
// Override point for customization after application launch.
// Add the tab bar controller's current view as a subview of the window
if (UI_USER_INTERFACE_IDIOM() == UIUserInterfaceIdiomPhone) {
loginViewControl = [[LoginTab alloc] initWithNibName:#"LoginTab" bundle:nil];
} else {
loginViewControl = [[LoginTab alloc] initWithNibName:#"LoginTab~ipad" bundle:nil];
}
// loginViewControl = [[LoginTab alloc] init];
UINavigationController *objNavigationController=[[[UINavigationController alloc]initWithRootViewController:loginViewControl]autorelease];
self.window.rootViewController = objNavigationController;
[self.window makeKeyAndVisible];
completeTab = [[CompletedTab alloc] init];
// photoButton.frame = CGRectMake(0, 430, 160, 49);
return YES;
}
I found on the internet but i can not find out the solution for this issue. Anybody know this issue and solution? Thanks so much.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I'm currently experiencing some issues with the [[UIApplication sharedApplication] openURL:[NSURL URLWithString:]] method in Xcode:
In my iPhone app, I'm downloading a .txt file from a server and parsing it like this:
NSString * idHelper = [allLines objectAtIndex:18];
appId1 = [idHelper stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
"allLines" is an array with all the contents of the .txt file in it.
"appId1" is a NSString.
In the above code, I'm setting appId1 to this URL: http://itunes.apple.com/app/id343200656/
In my UIViewController's .xib I'm calling the following method with a UIButton:
- (IBAction)downloadApp:(id)sender {
NSLog(#"downloadApp1");
[[UIApplication sharedApplication] openURL:[NSURL URLWithString:appId1]];
}
This method should open the mobile App Store and show the app from the link.
But everytime I call this method, the app crashes and I just can't figure out why.
Can anyone help me with this issue? Thank you very much!
Edit: Here is the crash log. Sorry.
`libsystem_c.dylib`memmove$VARIANT$Swift:
0x39df7006: push {r7, lr}
libsystem_c.dylib`memcpy$VARIANT$Swift + 2:
0x39df7008: mov r7, sp
0x39df700a: subs r3, r0, r1
0x39df700c: beq.w 0x39df72ae ; memcpy$VARIANT$Swift + 680
0x39df7010: mov r12, r0
0x39df7012: cmp r3, r2
0x39df7014: blo.w 0x39df72b0 ; memcpy$VARIANT$Swift + 682
0x39df7018: subs.w r3, r2, #32
0x39df701c: bls.w 0x39df72a0 ; memcpy$VARIANT$Swift + 666
0x39df7020: orr.w lr, r0, r1
0x39df7024: orr.w lr, lr, r2
0x39df7028: ands lr, lr, #15
0x39df702c: bne 0x39df7048 ; memcpy$VARIANT$Swift + 66
0x39df702e: subs r3, #32
0x39df7030: vld1.8 {d0, d1, d2, d3}, [r1, :128]!
0x39df7034: vst1.8 {d0, d1, d2, d3}, [r12, :128]!
0x39df7038: bhi 0x39df702e ; memcpy$VARIANT$Swift + 40
0x39df703a: add r1, r3
0x39df703c: vld1.8 {d0, d1, d2, d3}, [r1, :128]
0x39df7040: add r12, r3
0x39df7042: vst1.8 {d0, d1, d2, d3}, [r12, :128]
0x39df7046: pop {r7, pc}
0x39df7048: tst.w r12, #15
0x39df704c: itttt ne
0x39df704e: ldrbne r3, [r1], #1
0x39df7052: strbne r3, [r12], #1
0x39df7056: subne r2, #1
0x39df7058: bne 0x39df7048 ; memcpy$VARIANT$Swift + 66
0x39df705a: and lr, r1, #15
0x39df705e: bic r1, r1, #15
0x39df7062: subs.w r3, r2, #32`
The app crashes at "0x39df704e: ldrbne r3, [r1], #1" with a EXC_BAD_ACCESS (code=1, address= 0x0).
And here is the crash log with zombie objects enabled:
libobjc.A.dylib`objc_msgSend:
0x399955c0: teq.w r0, #0
0x399955c4: beq 0x39995606 ; objc_msgSend + 70
0x399955c6: push.w {r3, r4}
0x399955ca: ldr r4, [r0]
0x399955cc: lsr.w r9, r1, #2
0x399955d0: ldr r3, [r4, #8]
0x399955d2: add.w r3, r3, #8
0x399955d6: ldr r12, [r3, #-8]
0x399955da: and.w r9, r9, r12
0x399955de: ldr.w r4, [r3, r9, lsl #2]
If you don't use ARC, you should add an retain
appId1 = [[idHelper stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding] retain];
as constructor stringByAddingPercentEscapesUsingEncoding: returns an autoreleased object
I am trying to save images in photo album.I am doing this by following code:
CGSize targetSize =self.view.frame.size;
UIGraphicsBeginImageContext(targetSize);
//UIGraphicsBeginImageContextWithOptions(targetSize, NO, 2.0);
// Also tried this but no improvement
UIImage* image1 = mkImage1.image;
UIImage* image2 = mkImage2.image;
UIImage* image3 = mkImage3.image;
CGRect rectImage1 = CGRectMake(mkImage1.frame.origin.x , mkImage1.frame.origin.y , mkImage1.frame.size.width , mkImage1.frame.size.height );
CGRect rectImage2 = CGRectMake(mkImage2.frame.origin.x , mkImage2.frame.origin.y , mkImage2.frame.size.width , mkImage2.frame.size.height );
CGRect rectImage3 = CGRectMake(mkImage3.frame.origin.x , mkImage3.frame.origin.y , mkImage3.frame.size.width , mkImage3.frame.size.height );
[image1 drawInRect:rectImage1]; // crashing line
[image2 drawInRect:rectImage2];
[image3 drawInRect:rectImage3];
tempImage = UIGraphicsGetImageFromCurrentImageContext();
UIGraphicsEndImageContext();
UIImageWriteToSavedPhotosAlbum(tempImage, nil,nil,nil);
My app is crashing while I try to draw image1.However if I comment that line, all other images are saving properly without any issue..
My Log Info Gives me this Info:
ImageIO`ImageIO_ABGR_TO_ARGB_8Bit:
0x330abc70: push {r4, r5, r6, r7, lr}
0x330abc72: add r7, sp, #12
0x330abc74: push.w {r8, r10, r11}
0x330abc78: ldr r1, [r0]
0x330abc7a: ldr r2, [r0, #12]
0x330abc7c: cmp.w r2, r1, lsl #2
0x330abc80: blo 0x330abd06 ; ImageIO_ABGR_TO_ARGB_8Bit + 150
0x330abc82: ldr r3, [r0, #24]
0x330abc84: lsls r2, r1, #2
0x330abc86: cmp r3, r2
0x330abc88: blo 0x330abd06 ; ImageIO_ABGR_TO_ARGB_8Bit + 150
0x330abc8a: ldr r2, [r0, #4]
0x330abc8c: cmp r2, #0
0x330abc8e: beq 0x330abd06 ; ImageIO_ABGR_TO_ARGB_8Bit + 150
0x330abc90: bic lr, r1, #7
0x330abc94: ldr r3, [r0, #8]
0x330abc96: ldr.w r12, [r0, #20]
0x330abc9a: sub.w r4, r1, lr
0x330abc9e: asrs r5, r1, #3
0x330abca0: mov r6, r12
0x330abca2: mov r8, r3
0x330abca4: cbz r5, 0x330abcbe ; ImageIO_ABGR_TO_ARGB_8Bit + 78
0x330abca6: mov r8, r3
0x330abca8: mov r9, r5
0x330abcaa: mov r6, r12
0x330abcac: vld4.8 {d0, d1, d2, d3}, [r8]!
0x330abcb0: vswp d0, d2
0x330abcb4: vst4.8 {d0, d1, d2, d3}, [r6]! // EXC_BAD_ACCESS
0x330abcb8: subs.w r9, r9, #1
0x330abcbc: bne 0x330abeac ; slab_dealloc + 132
0x330abcbe: cmp lr, r1
0x330abcc0: bge 0x330abcf8 ; ImageIO_ABGR_TO_ARGB_8Bit + 136
0x330abcc2: add.w r8, r8, #2
0x330abcc6: adds r6, #2
0x330abcc8: mov r9, r4
0x330abcca: ldrb.w r11, [r8]
0x330abcce: subs.w r9, r9, #1
0x330abcd2: ldrb r10, [r8, #-2]
0x330abcd6: strb r11, [r6, #-2]
0x330abcda: ldrb r11, [r8, #-1]
0x330abcde: strb r11, [r6, #-1]
//*************///
Thread 1, Queue : com.apple.main-thread
0x32ac2526 in -[UIImage drawInRect:] ()
0x00018e32 in -[MyAppViewController saveToAlbum]
when I convert that image from png to jpg, everything is working Fine.
But I want png format only to save.
I'm slightly confused by the following bit of disassembly:
_GSEventLockDevice:
000047d8 b5f0 push {r4, r5, r6, r7, lr}
000047da af03 add r7, sp, #12
000047dc b08d sub sp, #52
000047de f7ffffb3 bl _GSGetPurpleSystemEventPort
000047e2 466d mov r5, sp
000047e4 2234 movs r2, #52
000047e6 2100 movs r1, #0
000047e8 4604 mov r4, r0
000047ea 4628 mov r0, r5
000047ec f005e8b0 blx 0x9950 # symbol stub for: _memset
000047f0 2600 movs r6, #0
000047f2 f24030f6 movw r0, 0x3f6
000047f6 4621 mov r1, r4
000047f8 e88d0041 stmia.w sp, {r0, r6}
000047fc 4628 mov r0, r5
000047fe f7fffaf7 bl _GSSendEvent
00004802 b00d add sp, #52
00004804 bdf0 pop {r4, r5, r6, r7, pc}
00004806 bf00 nop
I don't get how this would go in C. The only bit I get is:
memset(whateverTheStackPointerIs, 0, 52);
But how do I know what sp is and how would it look in C?
The
sub sp, #52
reserves 52 bytes of space for local variables on the stack; afterwards sp will point to the first of those 52 bytes. They are all then zeroed with the memset call. After the memset, stmia stores particular values in the first two words. So the C equivalent would be something like
GEEventLockDecvice() {
int tmp = GSGetPurpleSystemEventPort();
int localdata[13] = {0};
localdata[0] = *0x3f6;
localdata[1] = 0;
return GSSendEvent(&localdata, tmp);
}