Android NDK tombstone分析工具
在Andoird Native库发生异常的时候,Linux会发生不同级别的sig,来结构相关进程的运行,同时会产生tombstone trace文件用于记录发生崩溃寄存器和堆栈的状态。
这里面的涉及的知识点很多,但该文主要是介绍一下这种情况debug的工具stack.py。
1,keypoint
a,Android sig/进程间通讯
b,Linux 内存管理/ 用户空间和内核空间
c,Arm汇编
d,Android库的链接Linker
2,tombstone的结构大概如下
1 *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***2 Build fingerprint: 'MBX/k200/k200:4.4.2/KOT49H/20140717:user/test-keys'3 Revision: '11'4 pid: 455, tid: 486, name: InputDispatcher >>> system_server <<<5 signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 002902386 r0 00290008 r1 00000230 r2 00000003 r3 002900087 r4 64a42042 r5 677d9eac r6 677f16e8 r7 000003f28 r8 41656d40 r9 00000002 sl 00000000 fp 68088ca09 ip 000000f2 sp 68088b38 lr 00000000 pc 4165a9d8 cpsr 200b001010 d0 677d9fd84b000000 d1 626e40280001000011 d2 002e00640069006f d3 00650074006e006912 d4 006c0061006e0072 d5 006c006f0070002e13 d6 002e007900630069 d7 00790065004b004914 d8 0000000000000000 d9 000000000000000015 d10 0000000000000000 d11 000000000000000016 d12 0000000000000000 d13 000000000000000017 d14 0000000000000000 d15 000000000000000018 d16 3d5e000000000000 d17 3d5e00000000000019 d18 408f400000000000 d19 41168cb34000000020 d20 4020f5c28f5c28f6 d21 408a80000000000021 d22 40b4c3e100000000 d23 3ff000000000000022 d24 41f2a05f20000000 d25 40b388000000000023 d26 408a800000000000 d27 405300000000000024 d28 0000000000000000 d29 000000000000000025 d30 0100010001000100 d31 010001000100010026 scr 2000001027 28 backtrace:29 #00 pc 000219d8 /system/lib/libdvm.so30 #01 pc 0002dfa0 /system/lib/libdvm.so (dvmMterpStd(Thread*)+76)31 #02 pc 0002b638 /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+184)32 #03 pc 00060581 /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+336)33 #04 pc 0004c9cd /system/lib/libdvm.so34 #05 pc 00009de9 /system/lib/libandroid_servers.so35 #06 pc 0000a2b7 /system/lib/libandroid_servers.so (android::NativeInputManager::interceptKeyBeforeDispatching(android::sp<android::InputWindowHandle> const&, android::KeyEvent const*, unsigned int)+58)36 #07 pc 00020a49 /system/lib/libinputservice.so (android::InputDispatcher::doInterceptKeyBeforeDispatchingLockedInterruptible(android::InputDispatcher::CommandEntry*)+60)37 #08 pc 00022487 /system/lib/libinputservice.so (android::InputDispatcher::runCommandsLockedInterruptible()+58)38 #09 pc 0002571b /system/lib/libinputservice.so (android::InputDispatcher::dispatchOnce()+50)39 #10 pc 0001fb61 /system/lib/libinputservice.so (android::InputDispatcherThread::threadLoop()+8)40 #11 pc 0000e9ed /system/lib/libutils.so (android::Thread::_threadLoop(void*)+104)41 #12 pc 0004d4b1 /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+68)42 #13 pc 0000e58f /system/lib/libutils.so43 #14 pc 0000d200 /system/lib/libc.so (__thread_entry+72)44 #15 pc 0000d398 /system/lib/libc.so (pthread_create+240)45 其中backtrace就是当时system_server接收到signal 11时,堆栈调用的信息,这些信息很重要,能帮忙还原发生异常的现场。signal 11的定义在这里$android_root/prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.7-4.6/sysroot/usr/include/bits/signum.h
1 /* Signals. */2 #define SIGHUP 1 /* Hangup (POSIX). */3 #define SIGINT 2 /* Interrupt (ANSI). */4 #define SIGQUIT 3 /* Quit (POSIX). */5 #define SIGILL 4 /* Illegal instruction (ANSI). */6 #define SIGTRAP 5 /* Trace trap (POSIX). */7 #define SIGABRT 6 /* Abort (ANSI). */8 #define SIGIOT 6 /* IOT trap (4.2 BSD). */9 #define SIGBUS 7 /* BUS error (4.2 BSD). */10 #define SIGFPE 8 /* Floating-point exception (ANSI). */11 #define SIGKILL 9 /* Kill, unblockable (POSIX). */12 #define SIGUSR1 10 /* User-defined signal 1 (POSIX). */13 #define SIGSEGV 11 /* Segmentation violation (ANSI). */14 #define SIGUSR2 12 /* User-defined signal 2 (POSIX). */15 #define SIGPIPE 13 /* Broken pipe (POSIX). */16 #define SIGALRM 14 /* Alarm clock (POSIX). */17 #define SIGTERM 15 /* Termination (ANSI). */18 #define SIGSTKFLT 16 /* Stack fault. */19 #define SIGCLD SIGCHLD /* Same as SIGCHLD (System V). */20 #define SIGCHLD 17 /* Child status has changed (POSIX). */21 #define SIGCONT 18 /* Continue (POSIX). */22 #define SIGSTOP 19 /* Stop, unblockable (POSIX). */23 #define SIGTSTP 20 /* Keyboard stop (POSIX). */24 #define SIGTTIN 21 /* Background read from tty (POSIX). */25 #define SIGTTOU 22 /* Background write to tty (POSIX). */26 #define SIGURG 23 /* Urgent condition on socket (4.2 BSD). */27 #define SIGXCPU 24 /* CPU limit exceeded (4.2 BSD). */28 #define SIGXFSZ 25 /* File size limit exceeded (4.2 BSD). */29 #define SIGVTALRM 26 /* Virtual alarm clock (4.2 BSD). */30 #define SIGPROF 27 /* Profiling alarm clock (4.2 BSD). */31 #define SIGWINCH 28 /* Window size change (4.3 BSD, Sun). */32 #define SIGPOLL SIGIO /* Pollable event occurred (System V). */33 #define SIGIO 29 /* I/O now possible (4.2 BSD). */34 #define SIGPWR 30 /* Power failure restart (System V). */35 #define SIGSYS 31 /* Bad system call. */36 #define SIGUNUSED 31stack.py工具就是要把backtrace通过addr2line工具一次性把15个addr对应到代码。
先看一下帮助,在主机上执行
python stack.py --help
1 build/core/envsetup.mk:10: /version_defaults.mk: No such file or directory2 build/core/envsetup.mk:115: /product_config.mk: No such file or directory3 make: *** No rule to make target `/product_config.mk'. Stop.4 5 usage: stack.py [options] [FILE]6 7 --symbols-dir=path8 the path to a symbols dir, such as =/tmp/out/target/product/dream/symbols9 10 --symbols-zip=path11 the path to a symbols zip file, such as =dream-symbols-12345.zip12 13 --auto14 attempt to:15 1) automatically find the build number in the crash16 2) if it's an official build, download the symbols 17 from the build server, and use them18 19 FILE should contain a stack trace in it somewhere20 the tool will find that and re-print it with21 source files and line numbers. If you don't22 pass FILE, or if file is -, it reads from23 stdin.tombstone生成文件一般位于手机中/data/tombstone/文件夹下面,工具使用如下:
1 python stack.py --symbols-dir=out/target/product/$yourproduct/symbols/ tombstone-00
1 Searching for native crashes in tombstone-07182 Reading symbols from out/target/product/k200/symbols/3 pid: 455, tid: 486, name: InputDispatcher >>> system_server <<<4 signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 002902385 r0 00290008 r1 00000230 r2 00000003 r3 002900086 r4 64a42042 r5 677d9eac r6 677f16e8 r7 000003f27 r8 41656d40 r9 00000002 sl 00000000 fp 68088ca08 ip 000000f2 sp 68088b38 lr 00000000 pc 4165a9d89 10 Stack Trace:11 ADDR FUNCTION FILE:LINE12 000219d8 dalvik_inst /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/dalvik/vm/mterp/out/InterpAsm-armv7-a-neon.S:735813 0002dfa0 dvmMterpStd(Thread*) /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/dalvik/vm/mterp/Mterp.cpp:10514 0002b638 dvmInterpret(Thread*, Method const*, JValue*) /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/dalvik/vm/interp/Interp.cpp:196115 00060581 dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list) /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/dalvik/vm/interp/Stack.cpp:52616 0004c9cd CallLongMethodV /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/dalvik/vm/Jni.cpp:196817 00009de9 _JNIEnv::CallLongMethod(_jobject*, _jmethodID*, ...) /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/libnativehelper/include/nativehelper/jni.h:62518 0000a2b7 android::NativeInputManager::interceptKeyBeforeDispatching(android::sp<android::InputWindowHandle> const&, android::KeyEvent const*, unsigned int) /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/services/jni/com_android_server_input_InputManagerService.cpp:93819 00020a49 android::InputDispatcher::doInterceptKeyBeforeDispatchingLockedInterruptible(android::InputDispatcher::CommandEntry*) /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/services/input/InputDispatcher.cpp:347820 00022487 android::InputDispatcher::runCommandsLockedInterruptible() /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/services/input/InputDispatcher.cpp:615 (discriminator 3)21 0002571b android::InputDispatcher::dispatchOnce() /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/services/input/InputDispatcher.cpp:23722 0001fb61 android::InputDispatcherThread::threadLoop() /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/services/input/InputDispatcher.cpp:448423 0000e9ed android::Thread::_threadLoop(void*) /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/system/core/libutils/Threads.cpp:77024 0004d4b1 android::AndroidRuntime::javaThreadShell(void*) /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/core/jni/AndroidRuntime.cpp:100025 0000e58f thread_data_t::trampoline(thread_data_t const*) /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/system/core/libutils/Threads.cpp:9526 0000d200 __thread_entry /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/bionic/libc/bionic/pthread_create.cpp:10527 0000d398 pthread_create /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/bionic/libc/bionic/pthread_create.cpp:224很方便吧,不用一个一个的去找了。
工具链接如下:
stack.py
refer to:
https://sites.google.com/a/itspaclub.com/www/android-debug/7-how-to-debug-native-code
http://stackoverflow.com/questions/5106581/how-to-get-longer-stacktrace-tombstone-from-android
http://blog.csdn.net/helldevil/article/details/6682211
0 0