android crash之段错误原因及分析方法

在解决app/frameworks客户问题的过程中经常碰到段错误的问题，在Aplog中搜索fatal关键字会碰到类似F/libc    ( 6721): Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 7185 (TimedEventQueue)的信息。段错误的出现有以下原因：

1、空指针

2、内存地址被挤占，值不为空，但访问的对象或者变量挂掉了

3、内存不足，提示low memory等信息

碰到段错误最主要是看tombstone log，其主要结构包括Header，Backtrace，Register，Memory，Stack等，实例如下

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***Build fingerprint: 'intel/anzhen4_mrd7_64/anzhen4_mrd7:5.0/LRX21V/lirhett02091150:userdebug/dev-keys'Revision: '0'ABI: 'x86'pid: 1785, tid: 1789, name: Compiler driver  >>> /system/bin/dex2oat <<<signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------Abort message: 'art/compiler/dex/quick/x86/utility_x86.cc:491] Bad case in OpRegRegReg OpMul'    eax 00000000  ebx 000006f9  ecx 000006fd  edx 00000006    esi f42ffdb8  edi 00000000    xcs 00000023  xds 0000002b  xes 0000002b  xfs 00000087  xss 0000002b    eip f7672826  ebp 000006fd  esp f42ff460  flags 00000206backtrace:    #00 pc 00085826  /system/lib/libc.so (tgkill+22)    #01 pc 000310a3  /system/lib/libc.so (pthread_kill+163)    #02 pc 00032975  /system/lib/libc.so (raise+37)    #03 pc 0002ac65  /system/lib/libc.so (abort+85)    #04 pc 00375ff7  /system/lib/libart.so (art::Runtime::Abort()+295)    #05 pc 000ea904  /system/lib/libart.so (art::LogMessage::~LogMessage()+1668)    #06 pc 0016f5cb  /system/lib/libart-compiler.so (art::X86Mir2Lir::OpRegRegReg(art::OpKind, art::RegStorage, art::RegStorage, art::RegStorage)+507)    #07 pc 0015c609  /system/lib/libart-compiler.so (art::X86Mir2Lir::GenArithOpInt(art::Instruction::Code, art::RegLocation, art::RegLocation, art::RegLocation)+3401)    #08 pc 0012a747  /system/lib/libart-compiler.so (art::Mir2Lir::CompileDalvikInstruction(art::MIR*, art::BasicBlock*, art::LIR*)+2087)    #09 pc 0012d19a  /system/lib/libart-compiler.so (art::Mir2Lir::MethodBlockCodeGen(art::BasicBlock*)+314)    #10 pc 0012d4ef  /system/lib/libart-compiler.so (art::Mir2Lir::MethodMIR2LIR()+255)    #11 pc 000f014a  /system/lib/libart-compiler.so (art::Mir2Lir::Materialize()+186)    #12 pc 0015dbc4  /system/lib/libart-compiler.so (art::X86Mir2Lir::Materialize()+36)    #13 pc 00188446  /system/lib/libart-compiler.so    #14 pc 0012dee6  /system/lib/libart-compiler.so (art::QuickCompiler::Compile(art::DexFile::CodeItem const*, unsigned int, art::InvokeType, unsigned short, unsigned int, _jobject*, art::DexFile const&) const+166)    #15 pc 001ba189  /system/lib/libart-compiler.so (art::CompilerDriver::CompileMethod(art::DexFile::CodeItem const*, unsigned int, art::InvokeType, unsigned short, unsigned int, _jobject*, art::DexFile const&, art::DexToDexCompilationLevel)+1897)    #16 pc 001baeb4  /system/lib/libart-compiler.so (art::CompilerDriver::CompileClass(art::ParallelCompilationManager const*, unsigned int)+2404)    #17 pc 001a7b8c  /system/lib/libart-compiler.so (art::ParallelCompilationManager::ForAllClosure::Run(art::Thread*)+44)    #18 pc 003a0f6b  /system/lib/libart.so (art::ThreadPoolWorker::Run()+75)    #19 pc 003a20ea  /system/lib/libart.so (art::ThreadPoolWorker::Callback(void*)+90)    #20 pc 00030079  /system/lib/libc.so (__pthread_start(void*)+57)    #21 pc 0002b3ca  /system/lib/libc.so (__start_thread+26)    #22 pc 00012c46  /system/lib/libc.so (__bionic_clone+70)

在分析tombstone log的时候注意几点

1、我比较熟悉的调试工具是ndk-stack，用法为ndk-stack -sym <lib目录> -dump <crash文件>。ndk-stack命令相当于调用了多条addr2line命令解析crash文件的每一行Log。objdump是通过汇编语言定位问题。

2、lib目录最好是带符号的链接库，目录为out/target/product/xxx/symbols/system/lib，而不是out/target/product/xxx/system/lib

3、ndk-stack后显示文件名，函数名，行数等信息，从下倒上依次分析，定位问题发生点

分析：http://bootloader.wikidot.com/linux:android:crashlog

ndk-stack工具下载：http://developer.android.com/tools/sdk/ndk/index.html