chromium作为浏览器架构,除提供给浏览器做渲染引擎之外,还作为android平台上webview的主要构成部分,提供给包括浏览器等诸多web app作为数据加载及渲染只用;
经常遇到某第三方软件调用webview过程中出现crash,如下一例做参考,调试定位native webview 的crash。
遇到一个crash问题,第三方应用com.whty.wicity.china, monkey过程中出现了crash,可复现,crash log如下:
ABI: 'arm'
pid: 1043, tid: 1531, name: WorkerPool/1531 >>> com.whty.wicity.china <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
r0 00000000 r1 00000000 r2 80000000 r3 00000000
r4 ffffffff r5 a0113220 r6 aa120ae0 r7 a0113220
r8 00000000 r9 00000001 sl aa13c380 fp 00000000
ip ac649d88 sp 8497f3f8 lr ac611c09 pc ac5dab1c cpsr 60070030
d0 6974747568732073 d1 3a6e776f6420676e
d2 0000000000000000 d3 0000000000000000
d4 e4dc8b4d3b1d2cb7 d5 551baf3358041d64
d6 e4740430bf0cabe7 d7 044b8d39302f0ef3
d8 0000000000000000 d9 0000000000000000
d10 0000000000000000 d11 0000000000000000
d12 0000000000000000 d13 0000000000000000
d14 0000000000000000 d15 0000000000000000
d16 0000000000000000 d17 0000000000000000
d18 0000000000000000 d19 0000000000000000
d20 400140e308f51835 d21 4000000000000000
d22 3fd999999997fa04 d23 3fe5555555555593
d24 8f97f8788f97f7e0 d25 8f97f9a88f97f910
d26 0000000200000002 d27 0000000200000002
d28 0000000200000002 d29 0000000200000002
d30 0000000600000006 d31 0000000003424c7c
scr 28000093
backtrace:
#00 pc 00018b1c /system/lib/libc.so (strlen+71)
#01 pc 0004fc05 /system/lib/libc.so (__strlen_chk+4)
#02 pc 0032cf4d /system/lib/libart.so (_ZN3art6Thread6AttachEPKcbP8_jobjectb+136)
#03 pc 00318217 /system/lib/libart.so (_ZN3art7Runtime19AttachCurrentThreadEPKcbP8_jobjectb+66)
#04 pc 0023bf9b /system/lib/libart.so (_ZN3art3JII27AttachCurrentThreadInternalEP7_JavaVMPP7_JNIEnvPvb+330)
#05 pc 01a6f073 /system/app/webview/webview.apk (offset 0x80d000)
#06 pc 00704767 /system/app/webview/webview.apk (offset 0x80d000)
#07 pc 0070f0c1 /system/app/webview/webview.apk (offset 0x80d000)
#08 pc 0070f581 /system/app/webview/webview.apk (offset 0x80d000)
#09 pc 0070ec23 /system/app/webview/webview.apk (offset 0x80d000)
#10 pc 0070f999 /system/app/webview/webview.apk (offset 0x80d000)
#11 pc 0070f7bd /system/app/webview/webview.apk (offset 0x80d000)
#12 pc 01a9e64b /system/app/webview/webview.apk (offset 0x80d000)
#13 pc 01aa17af /system/app/webview/webview.apk (offset 0x80d000)
#14 pc 01a9e493 /system/app/webview/webview.apk (offset 0x80d000)
#15 pc 00047133 /system/lib/libc.so (_ZL15__pthread_startPv+22)
#16 pc 00019e5d /system/lib/libc.so (__start_thread+6)
调试如下:
1. 请测试同事提供corefile及symbol文件
2. 进入prebuild的gcc下的gdb,加载
set solib-search-path /symbols/system/lib/
file symbols/system/bin/app_process32
core-file corefile/core-1043****
加载模块代码 directory + code
打出调用栈如下:
(gdb) bt
#0 strlen () at bionic/libc/arch-arm/cortex-a15/bionic/strlen.S:100
#1 0xac611c08 in __strlen_chk (s=0x0, s_len=4294967295) at bionic/libc/bionic/__strlen_chk.cpp:59
#2 0xa9f41f50 in strlen (s=0x0) at bionic/libc/include/string.h:324
#3 length (__s=<optimized out>) at external/libcxx/include/string:640
#4 operator<<<std::__1::char_traits<char> > (__os=..., __str=<optimized out>) at external/libcxx/include/ostream:894
#5 art::Thread::Attach (thread_name=0x0, as_daemon=<optimized out>, thread_group=<optimized out>, create_peer=<optimized out>) at art/runtime/thread.cc:756
#6 0xa9f2d21a in art::Runtime::AttachCurrentThread (this=<optimized out>, thread_name=0x0, as_daemon=false, thread_group=0x0, create_peer=true) at art/runtime/runtime.cc:1499
#7 0xa9e50f9e in art::JII::AttachCurrentThreadInternal (vm=<optimized out>, p_env=0x8497f4fc, raw_args=<optimized out>, as_daemon=false) at art/runtime/java_vm_ext.cc:401
#8 0x98a66074 in AttachCurrentThread (thr_args=0x0, p_env=0x8497f4fc, this=<optimized out>) at ../../third_party/android_tools/ndk/platforms/android-16/arch-arm/usr/include/jni.h:1091
#9 base::android::AttachCurrentThread () at ../../base/android/jni_android.cc:46
#10 0x976fb76a in net::android::VerifyX509CertChain (cert_chain=..., auth_type=..., host=..., status=status@entry=0x8497f584, is_issued_by_known_root=is_issued_by_known_root@entry=0x8dc64978,