Android NDK tombstone分析工具

时间:2022-01-11 19:44:57

Android NDK tombstone分析工具

在Andoird Native库发生异常的时候,Linux会发生不同级别的sig,来结构相关进程的运行,同时会产生tombstone trace文件用于记录发生崩溃寄存器和堆栈的状态。

这里面的涉及的知识点很多,但该文主要是介绍一下这种情况debug的工具stack.py。

1,keypoint

a,Android sig/进程间通讯

b,Linux 内存管理/ 用户空间和内核空间

c,Arm汇编

d,Android库的链接Linker

2,tombstone的结构大概如下

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'MBX/k200/k200:4.4.2/KOT49H/20140717:user/test-keys'
Revision: '11'
pid: 455, tid: 486, name: InputDispatcher  >>> system_server <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00290238
    r0 00290008  r1 00000230  r2 00000003  r3 00290008
    r4 64a42042  r5 677d9eac  r6 677f16e8  r7 000003f2
    r8 41656d40  r9 00000002  sl 00000000  fp 68088ca0
    ip 000000f2  sp 68088b38  lr 00000000  pc 4165a9d8  cpsr 200b0010
10      d0  677d9fd84b000000  d1  626e402800010000
11      d2  002e00640069006f  d3  00650074006e0069
12      d4  006c0061006e0072  d5  006c006f0070002e
13      d6  002e007900630069  d7  00790065004b0049
14      d8  0000000000000000  d9  0000000000000000
15      d10 0000000000000000  d11 0000000000000000
16      d12 0000000000000000  d13 0000000000000000
17      d14 0000000000000000  d15 0000000000000000
18      d16 3d5e000000000000  d17 3d5e000000000000
19      d18 408f400000000000  d19 41168cb340000000
20      d20 4020f5c28f5c28f6  d21 408a800000000000
21      d22 40b4c3e100000000  d23 3ff0000000000000
22      d24 41f2a05f20000000  d25 40b3880000000000
23      d26 408a800000000000  d27 4053000000000000
24      d28 0000000000000000  d29 0000000000000000
25      d30 0100010001000100  d31 0100010001000100
26      scr 20000010
27   
28  backtrace:
29      #00  pc 000219d8  /system/lib/libdvm.so
30      #01  pc 0002dfa0  /system/lib/libdvm.so (dvmMterpStd(Thread*)+76)
31      #02  pc 0002b638  /system/lib/libdvm.so (dvmInterpret(Thread*, Method const*, JValue*)+184)
32      #03  pc 00060581  /system/lib/libdvm.so (dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)+336)
33      #04  pc 0004c9cd  /system/lib/libdvm.so
34      #05  pc 00009de9  /system/lib/libandroid_servers.so
35      #06  pc 0000a2b7  /system/lib/libandroid_servers.so (android::NativeInputManager::interceptKeyBeforeDispatching(android::sp<android::InputWindowHandle> const&, android::KeyEvent const*, unsigned int)+58)
36      #07  pc 00020a49  /system/lib/libinputservice.so (android::InputDispatcher::doInterceptKeyBeforeDispatchingLockedInterruptible(android::InputDispatcher::CommandEntry*)+60)
37      #08  pc 00022487  /system/lib/libinputservice.so (android::InputDispatcher::runCommandsLockedInterruptible()+58)
38      #09  pc 0002571b  /system/lib/libinputservice.so (android::InputDispatcher::dispatchOnce()+50)
39      #10  pc 0001fb61  /system/lib/libinputservice.so (android::InputDispatcherThread::threadLoop()+8)
40      #11  pc 0000e9ed  /system/lib/libutils.so (android::Thread::_threadLoop(void*)+104)
41      #12  pc 0004d4b1  /system/lib/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+68)
42      #13  pc 0000e58f  /system/lib/libutils.so
43      #14  pc 0000d200  /system/lib/libc.so (__thread_entry+72)
44      #15  pc 0000d398  /system/lib/libc.so (pthread_create+240)
45   

其中backtrace就是当时system_server接收到signal 11时,堆栈调用的信息,这些信息很重要,能帮忙还原发生异常的现场。signal 11的定义在这里$android_root/prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.7-4.6/sysroot/usr/include/bits/signum.h

/* Signals.  */
#define    SIGHUP        1    /* Hangup (POSIX).  */
#define    SIGINT        2    /* Interrupt (ANSI).  */
#define    SIGQUIT        3    /* Quit (POSIX).  */
#define    SIGILL        4    /* Illegal instruction (ANSI).  */
#define    SIGTRAP        5    /* Trace trap (POSIX).  */
#define    SIGABRT        6    /* Abort (ANSI).  */
#define    SIGIOT        6    /* IOT trap (4.2 BSD).  */
#define    SIGBUS        7    /* BUS error (4.2 BSD).  */
10  #define    SIGFPE        8    /* Floating-point exception (ANSI).  */
11  #define    SIGKILL        9    /* Kill, unblockable (POSIX).  */
12  #define    SIGUSR1        10    /* User-defined signal 1 (POSIX).  */
13  #define    SIGSEGV        11    /* Segmentation violation (ANSI).  */
14  #define    SIGUSR2        12    /* User-defined signal 2 (POSIX).  */
15  #define    SIGPIPE        13    /* Broken pipe (POSIX).  */
16  #define    SIGALRM        14    /* Alarm clock (POSIX).  */
17  #define    SIGTERM        15    /* Termination (ANSI).  */
18  #define    SIGSTKFLT    16    /* Stack fault.  */
19  #define    SIGCLD        SIGCHLD    /* Same as SIGCHLD (System V).  */
20  #define    SIGCHLD        17    /* Child status has changed (POSIX).  */
21  #define    SIGCONT        18    /* Continue (POSIX).  */
22  #define    SIGSTOP        19    /* Stop, unblockable (POSIX).  */
23  #define    SIGTSTP        20    /* Keyboard stop (POSIX).  */
24  #define    SIGTTIN        21    /* Background read from tty (POSIX).  */
25  #define    SIGTTOU        22    /* Background write to tty (POSIX).  */
26  #define    SIGURG        23    /* Urgent condition on socket (4.2 BSD).  */
27  #define    SIGXCPU        24    /* CPU limit exceeded (4.2 BSD).  */
28  #define    SIGXFSZ        25    /* File size limit exceeded (4.2 BSD).  */
29  #define    SIGVTALRM    26    /* Virtual alarm clock (4.2 BSD).  */
30  #define    SIGPROF        27    /* Profiling alarm clock (4.2 BSD).  */
31  #define    SIGWINCH    28    /* Window size change (4.3 BSD, Sun).  */
32  #define    SIGPOLL        SIGIO    /* Pollable event occurred (System V).  */
33  #define    SIGIO        29    /* I/O now possible (4.2 BSD).  */
34  #define    SIGPWR        30    /* Power failure restart (System V).  */
35  #define SIGSYS        31    /* Bad system call.  */
36  #define SIGUNUSED    31

stack.py工具就是要把backtrace通过addr2line工具一次性把15个addr对应到代码。

先看一下帮助,在主机上执行

python stack.py --help

build/core/envsetup.mk:10: /version_defaults.mk: No such file or directory
build/core/envsetup.mk:115: /product_config.mk: No such file or directory
make: *** No rule to make target `/product_config.mk'.  Stop.
 
  usage: stack.py [options] [FILE]
 
  --symbols-dir=path
       the path to a symbols dir, such as =/tmp/out/target/product/dream/symbols
 
10    --symbols-zip=path
11         the path to a symbols zip file, such as =dream-symbols-12345.zip
12   
13    --auto
14         attempt to:
15           1) automatically find the build number in the crash
16           2) if it's an official build, download the symbols 
17              from the build server, and use them
18   
19    FILE should contain a stack trace in it somewhere
20         the tool will find that and re-print it with
21         source files and line numbers.  If you don't
22         pass FILE, or if file is -, it reads from
23         stdin.

tombstone生成文件一般位于手机中/data/tombstone/文件夹下面,工具使用如下:

python stack.py --symbols-dir=out/target/product/$yourproduct/symbols/ tombstone-00





Searching for native crashes in tombstone-0718
Reading symbols from out/target/product/k200/symbols/
pid: 455, tid: 486, name: InputDispatcher  >>> system_server <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00290238
    r0 00290008  r1 00000230  r2 00000003  r3 00290008
    r4 64a42042  r5 677d9eac  r6 677f16e8  r7 000003f2
    r8 41656d40  r9 00000002  sl 00000000  fp 68088ca0
    ip 000000f2  sp 68088b38  lr 00000000  pc 4165a9d8
 
10  Stack Trace:
11    ADDR      FUNCTION                                                                                                                                            FILE:LINE
12    000219d8  dalvik_inst                                                                                                                                         /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/dalvik/vm/mterp/out/InterpAsm-armv7-a-neon.S:7358
13    0002dfa0  dvmMterpStd(Thread*)                                                                                                                                /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/dalvik/vm/mterp/Mterp.cpp:105
14    0002b638  dvmInterpret(Thread*, Method const*, JValue*)                                                                                                       /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/dalvik/vm/interp/Interp.cpp:1961
15    00060581  dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*, std::__va_list)                                                                      /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/dalvik/vm/interp/Stack.cpp:526
16    0004c9cd  CallLongMethodV                                                                                                                                     /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/dalvik/vm/Jni.cpp:1968
17    00009de9  _JNIEnv::CallLongMethod(_jobject*, _jmethodID*, ...)                                                                                                /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/libnativehelper/include/nativehelper/jni.h:625
18    0000a2b7  android::NativeInputManager::interceptKeyBeforeDispatching(android::sp<android::InputWindowHandle> const&, android::KeyEvent const*, unsigned int)  /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/services/jni/com_android_server_input_InputManagerService.cpp:938
19    00020a49  android::InputDispatcher::doInterceptKeyBeforeDispatchingLockedInterruptible(android::InputDispatcher::CommandEntry*)                               /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/services/input/InputDispatcher.cpp:3478
20    00022487  android::InputDispatcher::runCommandsLockedInterruptible()                                                                                          /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/services/input/InputDispatcher.cpp:615 (discriminator 3)
21    0002571b  android::InputDispatcher::dispatchOnce()                                                                                                            /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/services/input/InputDispatcher.cpp:237
22    0001fb61  android::InputDispatcherThread::threadLoop()                                                                                                        /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/services/input/InputDispatcher.cpp:4484
23    0000e9ed  android::Thread::_threadLoop(void*)                                                                                                                 /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/system/core/libutils/Threads.cpp:770
24    0004d4b1  android::AndroidRuntime::javaThreadShell(void*)                                                                                                     /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/frameworks/base/core/jni/AndroidRuntime.cpp:1000
25    0000e58f  thread_data_t::trampoline(thread_data_t const*)                                                                                                     /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/system/core/libutils/Threads.cpp:95
26    0000d200  __thread_entry                                                                                                                                      /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/bionic/libc/bionic/pthread_create.cpp:105
27    0000d398  pthread_create                                                                                                                                      /mnt/nfsroot/gangfeng.xu/work/kk-amlogic-dev/bionic/libc/bionic/pthread_create.cpp:224

很方便吧,不用一个一个的去找了。

工具链接如下:

stack.py

 

 

refer to:
https://sites.google.com/a/itspaclub.com/www/android-debug/7-how-to-debug-native-code
http://*.com/questions/5106581/how-to-get-longer-stacktrace-tombstone-from-android
http://blog.csdn.net/helldevil/article/details/6682211