如何分析Android程序的backtrace

最近碰到Android apk crash的问题,单从log很难定位。从tombstone里面得到下面的backtrace。

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Android/msm8996/msm8996:7.1.2/N2G47H/20180921.193127:userdebug/test-keys'
Revision: '0'
ABI: 'arm64'
pid: 2848, tid: 3158, name: Thread-5819  >>> com.company.package <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
    x0   0000007fa5ae0a60  x1   0000000000000000  x2   0000000000000008  x3   0000000000000010
    x4   0000000000000000  x5   c6a4a7935bd1e995  x6   c6a4a7935bd1e995  x7   0000000000000000
    x8   0000007fa5ae0ab8  x9   0000007f8d4e2ac8  x10  0000000000000174  x11  0000000000000000
    x12  0000007f8d4e2ac8  x13  ffffffffffffffff  x14  0000000000000000  x15  003b9aca00000000
    x16  0000007f98060850  x17  0000007fb69177c0  x18  0000000000000020  x19  0000007f97a12330
    x20  0000007f870feb68  x21  0000007f870feb40  x22  0000000000000000  x23  0000007f7ef07ac0
    x24  0000007f870fea78  x25  0000007f978c03a0  x26  0000007f870ff2f0  x27  0000007f870fea20
    x28  0000007f870feba0  x29  0000007f870fe6f0  x30  0000007f9725f6c8
    sp   0000007f870fe6f0  pc   0000007f9725f6c8  pstate 0000000080000000
    v0   00000000000000000000000000000000  v1   00000000000000000000000000000000
    v2   00000000000000000000000000000000  v3   00000000000000000000000000000000
    v4   00000000000000004000000000000000  v5   00000000000000000000000000000000
    v6   00000000000000000000000000000000  v7   00000000000000000000000000000000
    v8   0000000000000000000000003ce0e100  v9   00000000000000000000000042ff0000
    v10  0000000000000000000000003f800000  v11  00000000000000000000000000000000
    v12  00000000000000000000000000000000  v13  00000000000000000000000000000000
    v14  00000000000000000000000000000000  v15  00000000000000000000000000000000
    v16  000000000000000000000000c307e06a  v17  0000000000000000fffefffdfffdfffe
    v18  0000000000000000fffffffefffeffff  v19  000000000000000000ee00ee00ee00ee
    v20  000000000000000000040003fffdfffc  v21  000000000000000000ef00ef00ed00ec
    v22  00000002000000020000000200000002  v23  00000000000000000000000000000148
    v24  00000000000000000000000000000001  v25  00000000000000000000000000000029
    v26  0000000000000000000000003e800000  v27  000000000000000000000000bf737871
    v28  0000000000000000000000003f737871  v29  00000000000000000000007f8d52cf38
    v30  00000000000000000000000000000140  v31  000000000000000000000000bfc4f8c4
    fpsr 0000001b  fpcr 00000000

backtrace:
    #00 pc 00000000000a96c8  /system/app/Package/Package.apk (offset 0x5c1000)
    #01 pc 00000000000b4574  /system/app/Package/Package.apk (offset 0x5c1000)
    #02 pc 00000000000d52f0  /system/app/Package/Package.apk (offset 0x5c1000)
    #03 pc 00000000000367ac  /system/app/Package/Package.apk (offset 0xe0e000)
    #04 pc 0000000000033070  /system/app/Package/Package.apk (offset 0xe0e000)
    #05 pc 0000000000176910  /system/app/Package/Package.apk (offset 0xe0e000)
    #06 pc 0000000000068618  /system/lib64/libc.so (_ZL15__pthread_startPv+196)
    #07 pc 000000000001df68  /system/lib64/libc.so (__start_thread+16)

 一看这个backtrace有点傻眼。通常得到的backtrace应该会打印出调用的so还有相应的函数名,这个不知道怎么回事只显示出apk的名字。调查了半天,怀疑是只有在apk是install的时候,才会有符号表的信息,出现有信息的打印。我们这个出现问题的时候,apk是编到rom里的,so库的符号表应该都被strip掉了。但是问题是这个crash很难重现,安装apk以后一直复现不了。好在这个apk自己只有三个so库,用addr2line试一试应该容易试出来。Android的sdk里自带了addr2line的工具,我们用的ndk13b版本,在windows上这个工具所在的目录是\Android\Sdk\android-ndk-r13b\toolchains\x86_64-4.9\prebuilt\windows-x86_64\bin,用-e参数指定文件名,-f参数显示函数名。果然,很容易就试出来是哪个so了。

$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libndk_camera.so -f 176910
execute_native_thread_routine
/usr/local/google/buildbot/src/android/ndk-r13-release/toolchain/gcc/gcc-4.9/libstdc++-v3/src/c++11/thread.cc:84

$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libndk_camera.so -f 33070
_ZNKSt7_Mem_fnIM12CameraEngineFvvEEclIJEvEEvPS0_DpOT_
C:/Users/qwang/AppData/Local/Android/Sdk/android-ndk-r13b/sources/cxx-stl/gnu-libstdc++/4.9/include/functional:569 (discriminator 4)

$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libndk_camera.so -f 367ac
_ZN12CameraEngine12ProcessFrameEv
C:\Users\qwang\StudioProjects\Service\package\app\src\main\cpp/camera_engine.cpp:525 (discriminator 2)

$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libnative-lib.so -f d52f0
_ZN9OrionAlgo38vision_Algo_regressFacekeypointFromMatEN2cv3MatEiiii
C:\Users\qwang\StudioProjects\Service\package\app\src\main\cpp/OrionAlgo.cpp:107

$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libnative-lib.so -f b4574
_ZN6vision13TrackStrategy13trackOrDetectERN2cv3MatEPNS_3SSDERSt6vectorI3BoxSaIS7_EEf
C:\Users\qwang\StudioProjects\Service\package\app\src\main\cpp\src\main\cpp\inference\postproc\src/track_strategy.cpp:38

$ ./x86_64-linux-android-addr2line.exe -e ~/StudioProjects/Service/package/app/build/intermediates/cmake/debug/obj/arm64-v8a/libnative-lib.so -f a96c8
_ZN6vision3SSD6detectERN2cv3MatERSt6vectorI3BoxSaIS5_EE
C:\Users\qwang\StudioProjects\Service\package\app\src\main\cpp\src\main\cpp\inference\algo\src/ssd.cpp:82