SX510 - page 6 - CHDK Releases - CHDK Forum

SX510

  • 213 Replies
  • 69573 Views
*

Offline srsa_4c

  • ******
  • 4450
Re: SX510
« Reply #50 on: 28 / March / 2014, 15:52:43 »
Advertisements
@nafraf
Some ideas if you want to investigate.

- Does the camera crash if zebra is enabled, but there's no overexposure (and underexposure)?

- From your romlog, the crash happened because the firmware tried to read from an address held by R1. That register has a very suspicious value, 0x90909090, that's four 0x90 bytes. The port's CHDK_COLOR_BASE is 0x90, and it's red:
Code: [Select]
pal[CHDK_COLOR_BASE+0]  = 0x3F3ADF62;  // Redcore/conf.c shows that
Code: [Select]
CONF_INFO( 62, conf.zebra_color, CONF_DEF_VALUE, cl:MAKE_COLOR(COLOR_RED, COLOR_RED)),COLOR_RED is the default zebra color. So, I suspect that the mentioned two modules somehow manage to write screen content to somewhere else in memory...

- You could try to choose another color for zebra and then crash the camera - if the offending byte changes from 0x90 to your newly chosen color, then... that could prove my above theory.

- Do any other CHDK drawings have a similar effect (crash)?

*

Offline nafraf

  • *****
  • 1308
Re: SX510
« Reply #51 on: 29 / March / 2014, 14:55:22 »
Test with sx510hs-101a-1.3.0-3402-full_ALPHA.zip.

Camera crashes if histogram and zebra enabled simultaneously (the existence of overexposure regions is not required to crash). The problem is that camera does not crash in 100% of cases, then it is being hard to isolate the problem. The attached file contains ROMLOG for 3 different crashes:

- zebra enabled - nooverexposure - histogram - crash after 1st shoot.
- zebra enabled - overexposure   - histogram - crash after 1st shoot.
- zebra enabled - overexposure   - histogram - crash after 2nd shoot.

- You could try to choose another color for zebra and then crash the camera - if the offending byte changes from 0x90 to your newly chosen color, then... that could prove my above theory.
Your theory is confirmed by third ROMLOG, zebra color selected was 0x97, and R1=0x97979797


*

Offline reyalp

  • ******
  • 13749
Re: SX510
« Reply #52 on: 29 / March / 2014, 16:02:15 »
Perhaps the palette buffer is invalid at some point?
Don't forget what the H stands for.

*

Offline srsa_4c

  • ******
  • 4450
Re: SX510
« Reply #53 on: 29 / March / 2014, 16:37:46 »
The address which surely gets overwritten is [0x185c4 + 0xc]. The exception happens inside the firmware's malloc() function, in sub_6b74d4.

Camera crashes if histogram and zebra enabled simultaneously
So, enabling only one of these is not enough?
Do you get the same when using your own CHDK build (made with another toolchain)?

edit (my first sentence was ambiguous)
The word @ (0x185c4 + 0xc) surely gets overwritten.
« Last Edit: 29 / March / 2014, 18:34:06 by srsa_4c »


*

Offline reyalp

  • ******
  • 13749
Re: SX510
« Reply #54 on: 29 / March / 2014, 17:09:11 »
The address which surely gets overwritten is [0x185c4 + 0xc]. The exception happens inside the firmware's malloc() function, in sub_6b74d4.
Suggests heap corruption, so a bad pointer is very like.

Try disabling CHDK palette overrides?
Don't forget what the H stands for.

*

Offline philmoz

  • *****
  • 3427
    • Photos
Re: SX510
« Reply #55 on: 29 / March / 2014, 18:11:38 »
The address which surely gets overwritten is [0x185c4 + 0xc]. The exception happens inside the firmware's malloc() function, in sub_6b74d4.
Suggests heap corruption, so a bad pointer is very like.

Try disabling CHDK palette overrides?

Could it be the problem some cameras have when writing to the inactive bitmap buffer?

Phil.
CHDK ports:
  sx30is (1.00c, 1.00h, 1.00l, 1.00n & 1.00p)
  g12 (1.00c, 1.00e, 1.00f & 1.00g)
  sx130is (1.01d & 1.01f)
  ixus310hs (1.00a & 1.01a)
  sx40hs (1.00d, 1.00g & 1.00i)
  g1x (1.00e, 1.00f & 1.00g)
  g5x (1.00c, 1.01a, 1.01b)
  g7x2 (1.01a, 1.01b, 1.10b)

*

Offline srsa_4c

  • ******
  • 4450
Re: SX510
« Reply #56 on: 29 / March / 2014, 18:56:46 »
Could it be the problem some cameras have when writing to the inactive bitmap buffer?
I personally don't believe that writing to the inactive buffer's memory area should cause any problems - it's just regular RAM, only used as bitmap buffer.
What I do believe is that there are bugs - either in CHDK (core / module(s) / some of the ports) or in the fw - which corrupt memory. These may go unnoticed if the area they corrupt is not "important". For example, a possible memory corruption surfaced while doing my last trials for SticK's s90.

In this case, I'm not sure how the palette buffer's wrong address could cause corruption when histogram+zebra is enabled, and not cause anything when they are not. But I don't have a better idea either. Trying a build made by a different toolchain could give some additional hints.

*

Offline nafraf

  • *****
  • 1308
Re: SX510
« Reply #57 on: 29 / March / 2014, 20:09:36 »
New tests (patch in attachment):
- CHDK palette override disabled
- recreview_hold found
- bitmap_buffer, active_bitmap_buffer found by comparison with ixus140
-#define  DRAW_ON_ACTIVE_BITMAP_BUFFER_ONLY      1
- Compiler gcc 4.6.0 (main.bin.dump)

Camera still have the same behavior, it crashes if histogram+zebra enabled.

@reyalp, could you test zebra+histogram using ixus140?

Camera crashes if histogram and zebra enabled simultaneously
So, enabling only one of these is not enough?
Enabling only one of these is hard to have a crash. During previous test, IIRC camera crashed once with just zebra enabled.
vb.mohsen2 reported crash using histogram, but I'm not sure if zebra was enabled during his test.  I could not reproduce it.


*

Offline srsa_4c

  • ******
  • 4450
Re: SX510
« Reply #58 on: 29 / March / 2014, 20:32:47 »
- Compiler gcc 4.6.0 (main.bin.dump)

Camera still have the same behavior, it crashes if histogram+zebra enabled.
So, different compiler (= different CHDK code), same memory area getting trashed. And, if you're using zebra+histogram, there's a higher chance for crash. IMHO this scenario means that the zebra module is calling a routine in the histogram module.
I have experimented on my a3200 with zebra+histo, no crash, memory around 0x185c4 is not touched...

*

Offline reyalp

  • ******
  • 13749
Re: SX510
« Reply #59 on: 29 / March / 2014, 20:36:55 »
@reyalp, could you test zebra+histogram using ixus140?
Is there anything else I need to do to reproduce the crash?

I enabled zebra and histogram (set to always on in rec) and shot a few different sets in continuous without problems. Also did 50 shots with rsint -cont
Don't forget what the H stands for.

 

Related Topics