Home/ Questions/Q 6074971
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T10:26:32+00:00

Often I see ARM stack traces (read: Android NDK stack traces) that terminate with

  • 0

Often I see ARM stack traces (read: Android NDK stack traces) that terminate with an lr pointer, like so:

      #00  pc 001c6c20  /data/data/com.audia.dev.qt/lib/libQtGui.so
      #01  lr 80a356cc  /data/data/com.audia.dev.rta/lib/librta.so

I know that lr stands for link register on ARM and other architectures, and that it’s a quick way to store a return address, but I don’t understand why it always seems to store a useless address. In this example, 80a356cc cannot be mapped to any code using addr2line or gdb.

Is there any way to get more information? Why must the trace stop at the lr address anyway?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Stumbled on the answer finally. I just had to be more observant. Look at the following short stack trace and the information that comes after it:

             #00  pc 000099d6  /system/lib/libandroid.so
         #01  lr 80b6c17c  /data/data/com.audia.dev.rta/lib/librta.so

code around pc:
a9d899b4 bf00bd0e 2102b507 aa016d43 28004798 
a9d899c4 9801bfa8 bf00bd0e 460eb573 93004615 
a9d899d4 6d842105 462b4632 200047a0 bf00bd7c 
a9d899e4 b100b510 f7fe3808 2800edf4 f04fbf14 
a9d899f4 200030ff bf00bd10 b097b5f0 4614af01 

code around lr:
80b6c15c e51b3078 e5933038 e5932024 e51b302c 
80b6c16c e1a00002 e3a01000 e3a02000 ebfeee5c 
80b6c17c e1a03000 e50b303c e51b303c e1a03fa3 
80b6c18c e6ef3073 e3530000 0a000005 e59f34fc 
80b6c19c e08f3003 e1a00003 e51b103c ebfeebe6

    Now the lr address is still a 80xxxxxx address that isn’t useful to us.

    The address it prints from the pc is 000099d6, but look at the next section, code around pc. The first column is a list of addresses (you can tell from the fact that it increments by 16 each time.) None of those addresses looks like the pc address, unless you chop off the first 16 bits. Then you’ll notice that the a9d899d4 must correspond to 000099d4, and the code where the program stopped is two bytes in from that.

    Android’s stack trace seems to have “chopped off” the first 2 bytes of the pc address for me, but for whatever reason it does not do it for addresses in the leaf register. Which brings us to the solution:

    In short, I was able to chop off the first 16 bits from the 80b6c17c address to make it 0000c17c, and so far that has given me a valid code address every time that I can look up with gdb or addr2line. (edit: I’ve found it’s actually usually the first 12 bits or first 3 hexadecimal digits. You can decide this for yourself by looking at the stack trace output like I described above.) I can confirm that it is the right code address as well. This has definitely made debugging a great bit easier!

    • 0