简介
NE即Native Exception,我们主要指Android C/C++程序出现异常报错,因Camera HAL是由C/C++实现的,在相机系统开发过程中,经常会碰到NE问题。出现NE问题的原因有很多,如空指针、内存踩踏、FDLEAK、数组越界访问等在出现问题时,Kernel会发送一个signal给user space,user space中有个tombstoned进程接收处理信号,在异常进程奔溃前,tombstoned会将该进程的backtrace、memroy map等信息抓取出来保存到/data/tombstones/tombstone_xx文件、同时会将tombstone信息输出到logcat中。在一些平台,经过设置后,可将整个崩溃进程保存为coredump文件,可通过Trace32或者GDB调试coredump文件。
本文主要介绍Native栈还原,即根据NE报错信息,定位到报错代码,使用的工具是addr2line
注意:内存踩踏出现的报错通常报错位置可能不是出错位置,所以踩内存问题通常需要借助工具定位
Native栈还原
-
我们抓到NE报错问题后首先将tombstone文件从/data/tombstones/tombstone_xx导出,如:
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** Build fingerprint: 'XXXX/XX/XX:10/QKQ1.200412.002/eng.buildf.20200611.122340:user/release-keys' Revision: '0' ABI: 'arm64' Timestamp: 2020-06-13 11:18:11+0800 pid: 13260, tid: 13260, name: provider@2.4-se >>> /vendor/bin/hw/android.hardware.camera.provider@2.4-service_64 <<< uid: 1047 signal 6 (SIGABRT), code 0 (SI_USER from pid 4396, uid 0), fault addr -------- x0 0000007157fd7b20 x1 0000000000000089 x2 00000000fffffffe x3 0000000000000000 x4 0000000000000000 x5 00000000ffffffff x6 00000000ffffffff x7 000000716d685000 x8 0000000000000062 x9 0000000000000089 x10 0000000000000009 x11 0000000000000000 x12 000000716cf54b47 x13 000000716ceec98d x14 0000000000000000 x15 0000000000050482 x16 00000071f170a950 x17 00000071f1695320 x18 00000071634af530 x19 00000000fffffffe x20 0000000000000000 x21 0000007157fd7b20 x22 0000000000000089 x23 00000071f30a2188 x24 00000071f1db9020 x25 0000000000000002 x26 000000716d686000 x27 00000071580092c8 x28 0000000000000002 x29 0000007ff862f280 sp 0000007ff862f220 lr 00000071f16988ac pc 00000071f169533c backtrace: #00 pc 000000000008033c /apex/com.android.runtime/lib64/bionic/libc.so (syscall+28) (BuildId: 778f9db29d872fa660c03bee8d69f746) #01 pc 00000000000838a8 /apex/com.android.runtime/lib64/bionic/libc.so (__futex_wait_ex(void volatile*, bool, int, bool, timespec const*)+140) (BuildId: 778f9db29d872fa660c03bee8d69f746) #02 pc 00000000000e7a98 /apex/com.android.runtime/lib64/bionic/libc.so (NonPI::MutexLockWithTimeout(pthread_mutex_internal_t*, bool, timespec const*)+596) (BuildId: 778f9db29d872fa660c03bee8d69f746) #03 pc 000000000058d444 /vendor/lib64/hw/camera.qcom.so (CamX::Mutex::Lock()+116) (BuildId: f3ec37ddca55cd2b52366606c94f3e2a) #04 pc 00000000007614fc /vendor/lib64/hw/camera.qcom.so (CamX::Session::Destroy()+572) (BuildId: f3ec37ddca55cd2b52366606c94f3e2a) #05 pc 00000000006ae9a8 /vendor/lib64/hw/camera.qcom.so (CamX::ChiContext::DestroySession(CamX::CHISession*)+40) (BuildId: f3ec37ddca55cd2b52366606c94f3e2a) #06 pc 000000000017341c /vendor/lib64/hw/com.qti.chi.override.so (Session::Destro