工具:
1. addr2line - 透過objdump將address轉換成行數
${project}/LINUX/android/prebuilts/tools/gcc-sdk/addr2line
$ addr2line -iCfe <XXXX.so>
<address>Ex: addr2line -iCfe libart-compiler.so 001e84f7
2. objdump - 可得知運行過程中暫存器內所存的值的變化
$ source build/envsetup.sh
$ choosecombo
$ arm-linux-androideabi-objdump -S -g <XXXX.so> > <XXXX.asm>
Ex: arm-linux-androideabi-objdump -S -g libart-compiler.so > libart-compiler.asm
3. symbol file
手機上燒錄的版本和電腦上要分析的版本要一致,經過轉換後的行數才會正確
${project}\out\target\product\${production}\symbols\system\lib\XXXX.so
Ex: l-chambalplus-holly-release\LINUX\android\out\target\product\hollyds\symbols\system\lib\libc.so
分析log:
main log:05-20 20:45:27.503 V/ESTA ( 4241): Build fingerprint: 'alps/hollyss/hollyss:5.0/2.59.J.0.31_3_05/1431922950:userdebug/test-keys'
05-20 20:45:27.503 V/ESTA ( 4241): Revision: '0'
05-20 20:45:27.503 V/ESTA ( 4241): ABI: 'arm'
05-20 20:45:27.503 V/ESTA ( 4241): pid: 3205, tid: 3205, name: le.android.talk >>> com.google.android.talk <<<
05-20 20:45:27.503 V/ESTA ( 4241): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
05-20 20:45:27.503 V/ESTA ( 4241): Abort message: 'art/runtime/quick_exception_handler.cc:417] Check failed: handler_quick_frame_pc_ != 0u (handler_quick_frame_pc_=0, 0u=0) '
05-20 20:45:27.503 V/ESTA ( 4241): r0 00000000 r1 00000c85 r2 00000006 r3 00000000
05-20 20:45:27.503 V/ESTA ( 4241): r4 f7052118 r5 00000006 r6 0000000b r7 0000010c
05-20 20:45:27.503 V/ESTA ( 4241): r8 00000001 r9 f4c4f550 sl f4c07800 fp e1be1510
05-20 20:45:27.503 V/ESTA ( 4241): ip 00000c85 sp ffa4d590 lr f6fdde15 pc f7000f18 cpsr 60070010
05-20 20:45:27.503 V/ESTA ( 4241):
05-20 20:45:27.503 V/ESTA ( 4241): backtrace:
05-20 20:45:27.503 V/ESTA ( 4241): #00 pc 00039f18 /system/lib/libc.so (tgkill+12)
05-20 20:45:27.503 V/ESTA ( 4241): #01 pc 00016e11 /system/lib/libc.so (pthread_kill+52)
05-20 20:45:27.503 V/ESTA ( 4241): #02 pc 00017a13 /system/lib/libc.so (raise+10)
05-20 20:45:27.503 V/ESTA ( 4241): #03 pc 00014357 /system/lib/libc.so (__libc_android_abort+34)
05-20 20:45:27.503 V/ESTA ( 4241): #04 pc 00012a84 /system/lib/libc.so (abort+4)
05-20 20:45:27.503 V/ESTA ( 4241): #05 pc 000a7753 /system/lib/libart.so (art::LogMessage::~LogMessage()+1410)
05-20 20:45:27.503 V/ESTA ( 4241): #06 pc 0020aaf7 /system/lib/libart.so (art::QuickExceptionHandler::DoLongJump()+210)
05-20 20:45:27.503 V/ESTA ( 4241): #07 pc 00223ad3 /system/lib/libart.so (art::Thread::QuickDeliverException()+118)
05-20 20:45:27.503 V/ESTA ( 4241): #08 pc 0027c125 /system/lib/libart.so (artDeliverExceptionFromCode+60)
05-20 20:45:27.503 V/ESTA ( 4241): #09 pc 0005f9cb /data/dalvik-cache/arm/system@framework@boot.oat
1. 使用addr2line將backtrace每一個address做轉換
backtrace:
#00 pc 00039f18 /system/lib/libc.so (tgkill+12)
tgkill
/home/user/Holly_SS_Formal/ex_host_sync/LINUX/android/bionic/libc/arch-arm/syscalls/tgkill.S:9
#01 pc 00016e11 /system/lib/libc.so (pthread_kill+52)pthread_kill
/home/user/tt/holly/LINUX/android/bionic/libc/bionic/pthread_kill.cpp:49
#02 pc 00017a13 /system/lib/libc.so (raise+10)
raise
/home/user/Holly_SS_Daily/ex_host_sync/LINUX/android/bionic/libc/bionic/raise.cpp:32
....................
#06 pc 0020aaf7 /system/lib/libart.so (art::QuickExceptionHandler::DoLongJump()+210)
art::QuickExceptionHandler::DoLongJump()
/home/user/tt/holly/LINUX/android/art/runtime/quick_exception_handler.cc:417
2. 使用objdump顯示目的檔的檔頭、區段、內容、符號表等資訊
利用backtrace的address找出正確的位置
623017 20aa8e: 4824 ldr r0, [pc, #144] ; (20ab20 <_ZN3art21QuickExceptionHandler10DoLongJumpEv+0xfc>)
623018 20aa90: 447f add r7, pc
623019 20aa92: 447e add r6, pc
.................................
623052 20aaf0: f699 eb94 blx a421c <_ZNSt3__1lsINS_11char_traitsIcEEEERNS_13basic_ostreamIcT_EES6_PKc>
623053 20aaf4: 4628 mov r0, r5
623054 20aaf6: f69c fb6b bl a71d0 <_ZN3art10LogMessageD1Ev>
623055 20aafa: f8dd c008 ldr.w ip, [sp, #8]
623056 20aafe: e7cb b.n 20aa98 <_ZN3art21QuickExceptionHandler10DoLongJumpEv+0x74>
Native Crash類型:
1. SIGABRTsignal 6 (SIGABRT), code -6 (SI_TKILL), fault addr
Abort message: 'art/runtime/quick_exception_handler.cc:417] Check failed: handler_quick_frame_pc_ != 0u (handler_quick_frame_pc_=0, 0u=0)
重點:
觀察Abort message,確認backtrace發生crash的位置
觀察main log發生crash的時間點附近,是否有造成crash發生的異常
2. SIGSEGV
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x10
重點:
根據addr2line轉換出的行數,trace source code找出發生問題的地方
配合objdump,找出暫存器的值為何發生異常
沒有留言:
張貼留言