如何分析Android程序的backtrace
最近碰到Android apk crash的问题,单从log很难定位。从tombstone里面得到下面的backtrace。
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Android/msm8996/msm8996:7.1.2/N2G47H/20180921.193127:userdebug/test-keys'
Revision: '0'
ABI: 'arm64'
pid: 2848, tid: 3158, name: Thread-5819 >>> com.company.package <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
x0 0000007fa5ae0a60 x1 0000000000000000 x2 0000000000000008 x3 0000000000000010
x4 0000000000000000 x5 c6a4a7935bd1e995 x6 c6a4a7935bd1e995 x7 0000000000000000
x8 0000007fa5ae0ab8 x9 0000007f8d4e2ac8 x10 0000000000000174 x11 0000000000000000
x12 0000007f8d4e2ac8 x13 ffffffffffffffff x14 0000000000000000 x15 003b9aca00000000
x16 0000007f98060850 x17 0000007fb69177c0 x18 0000000000000020 x19 0000007f97a12330
x20 0000007f870feb68 x21 0000007f870feb40 x22 0000000000000000 x23 0000007f7ef07ac0
x24 0000007f870fea78 x25 0000007f978c03a0 x26 0000007f870ff2f0 x27 0000007f870fea20
x28 0000007f870feba0 x29 0000007f870fe6f0 x30 0000007f9725f6c8
sp 0000007f870fe6f0 pc 0000007f9725f6c8 pstate 0000000080000000
v0 00000000000000000000000000000000 v1 00000000000000000000000000000000
v2 00000000000000000000000000000000 v3 00000000000000000000000000000000
v4 00000000000000004000000000000000 v5 00000000000000000000000000000000
v6 00000000000000000000000000000000 v7 00000000000000000000000000000000
v8 0000000000000000000000003ce0e100 v9 00000000000000000000000042ff0000
v10 0000000000000000000000003f800000 v11 00000000000000000000000000000000
v12 00000000000000000000000000000000 v13 00000000000000000000000000000000
v14 00000000000000000000000000000000 v15 00000000000000000000000000000000
v16 000000000000000000000000c307e06a v17 0000000000000000fffefffdfffdfffe
v18 0000000000000000fffffffefffeffff v19 000000000000000000ee00ee00ee00ee
v20 000000000000000000040003fffdfffc v21 000000000000000000ef00ef00ed00ec
v22 00000002000000020000000200000002 v23 00000000000000000000000000000148
v24 00000000000000000000000000000001 v25 00000000000000000000000000000029
v26 0000000000000000000000003e800000 v27 000000000000000000000000bf737871
v28 0000000000000000000000003f737871 v29 00000000000000000000007f8d52cf38
v30 00000000000000000000000000000140 v31 000000000000000000000000bfc4f8c4
fpsr 0000001b fpcr 00000000
backtrace:
#00 pc 00000000000a96c8 /system/app/Package/Package.apk (offset 0x5c1000)
#01 pc 00000000000b4574 /system/app/Package/Package.apk (offset 0x5c1000)
#02 pc 00000000000d52f0 /system/app/Package/Package.apk (offset 0x5c1000)
#03 pc 00000000000367ac /system/app/Package/Package.apk (offset 0xe0e000)
#04 pc 0000000000033070 /system/app/Package/Package.apk (offset 0xe0e000)
#05 pc 0000000000176910 /system/app/Package/Package.apk (offset 0xe0e000)
#06 pc 0000000000068618 /system/lib64/libc.so (_ZL15__pthread_startPv+196)
#07 pc 000000000001df68 /system/lib64/libc.so (__start_thread+16)
一看这个backtrace有点傻眼。通常得到的backtrace应该会打印出调用的so还有相应的函数名,这个不知道怎么回事只显示出apk的名字。调查了半天,怀疑是只有在apk是install的时候,才会有符号表的信息,出现有信息的打印。我们这个出现问题的时候,apk是编到rom里的,so库的符号表应该都被stip掉了。但是问题是这个crash很难重现,安装apk以后一直复现不了。好在这个apk自己只有三个so库,用addr2line试一试应该容易试出来。Android的sdk里自带了addr2line的工具,我们用的ndk13b版本,在windows上这个工具所在的目录是\Android\Sdk\android-ndk-r13b\toolchains\x86_64-4.9\prebuilt\windows-x86_64\bin,用-e参数指定文件名,-f参数显示函数名。果然,很容易就试出来是哪个so了。
$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libndk_camera.so -f 176910
execute_native_thread_routine
/usr/local/google/buildbot/src/android/ndk-r13-release/toolchain/gcc/gcc-4.9/libstdc++-v3/src/c++11/thread.cc:84
$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libndk_camera.so -f 33070
_ZNKSt7_Mem_fnIM12CameraEngineFvvEEclIJEvEEvPS0_DpOT_
C:/Users/qwang/AppData/Local/Android/Sdk/android-ndk-r13b/sources/cxx-stl/gnu-libstdc++/4.9/include/functional:569 (discriminator 4)
$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libndk_camera.so -f 367ac
_ZN12CameraEngine12ProcessFrameEv
C:\Users\qwang\StudioProjects\Service\package\app\src\main\cpp/camera_engine.cpp:525 (discriminator 2)
$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libnative-lib.so -f d52f0
_ZN9OrionAlgo38vision_Algo_regressFacekeypointFromMatEN2cv3MatEiiii
C:\Users\qwang\StudioProjects\Service\package\app\src\main\cpp/OrionAlgo.cpp:107
$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libnative-lib.so -f b4574
_ZN6vision13TrackStrategy13trackOrDetectERN2cv3MatEPNS_3SSDERSt6vectorI3BoxSaIS7_EEf
C:\Users\qwang\StudioProjects\Service\package\app\src\main\cpp\src\main\cpp\inference\postproc\src/track_strategy.cpp:38
$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libnative-lib.so -f a96c8
_ZN6vision3SSD6detectERN2cv3MatERSt6vectorI3BoxSaIS5_EE
C:\Users\qwang\StudioProjects\Service\package\app\src\main\cpp\src\main\cpp\inference\algo\src/ssd.cpp:82