【coredump简介】

blog.csdn.net/tenfyguo/article/details/8159176

 

【如何打开coredump功能】

1、打开kernel编译开关

@kernel/arch/arm/Kconfigconfig ARM        bool        default y        select HAVE_AOUT        select HAVE_DMA_API_DEBUG        ...+       select ELF_CORE                              ...        select HAVE_BPF_JIT if NET        help        ...

 

 

这个开关使能内核coredump模块

 

2、修改rc文件

 

@init.pisces.rcon early-init+   setrlimit 4 2147483647 2147483647on post-fs-data+   mkdir /data/tombstones 0711 system system+   mkdir /data/corefile+   chmod 777 /data/corefileon property:ro.debuggable=1+   write /proc/sys/kernel/core_pattern /data/corefile/core-%e-%p+   write /proc/sys/fs/suid_dumpable 1

 

其中，

setrlimit是设置coredump文件大小限制

/data/corefile/是coredump输出目录

/proc/sys/kernel/core_pattern是设置corefile的路径

/proc/sys/fs/suid_dumpble是coredump的动态开关，内核coredump模块根据这个值来判断是否要dump。

 

3、修改虚拟机

 

@dalvik/vm/native/dalvik_system_Zygote.cppstatic void enableDebugFeatures(u4 debugFlags){    ...#ifdef HAVE_ANDROID_OS    if ((debugFlags & DEBUG_ENABLE_DEBUGGER) != 0) {        /* To let a non-privileged gdbserver attach to this         * process, we must set its dumpable bit flag. However         * we are not interested in generating a coredump in         * case of a crash, so also set the coredump size to 0         * to disable that         */        if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) < 0) {            ALOGE("could not set dumpable bit flag for pid %d: %s",                 getpid(), strerror(errno));        } else {            struct rlimit rl;+#if 0            rl.rlim_cur = 0;            rl.rlim_max = RLIM_INFINITY;+#endif

 

虚拟机启动时，可能会将rlimit设置位0，所以这里得注释掉。

 

 

4、关闭SELinux

adb shell setenforce 0

selinux会限制app给/data/corefile/目录写文件，所以得关闭selinux。

 

【如何触发coredump】

coredump是kernel的信号处理函数作的，它会判断当前信号的默认处理类型是否为coredump，如果是则进入dump流程

关于信号及其默认处理类型如下：

 

*      +--------------------+------------------+ *      |  POSIX signal      |  default action  | *      +--------------------+------------------+ *      |  SIGHUP            |  terminate       | *      |  SIGINT            |  terminate       | *      |  SIGQUIT           |  coredump        | *      |  SIGILL            |  coredump        | *      |  SIGTRAP           |  coredump        | *      |  SIGABRT/SIGIOT    |  coredump        | *      |  SIGBUS            |  coredump        | *      |  SIGFPE            |  coredump        | *      |  SIGKILL           |  terminate(+)    | *      |  SIGUSR1           |  terminate       | *      |  SIGSEGV           |  coredump        | *      |  SIGUSR2           |  terminate       | *      |  SIGPIPE           |  terminate       | *      |  SIGALRM           |  terminate       | *      |  SIGTERM           |  terminate       | *      |  SIGCHLD           |  ignore          | *      |  SIGCONT           |  ignore(*)       | *      |  SIGSTOP           |  stop(*)(+)      | *      |  SIGTSTP           |  stop(*)         | *      |  SIGTTIN           |  stop(*)         | *      |  SIGTTOU           |  stop(*)         | *      |  SIGURG            |  ignore          | *      |  SIGXCPU           |  coredump        | *      |  SIGXFSZ           |  coredump        | *      |  SIGVTALRM         |  terminate       | *      |  SIGPROF           |  terminate       | *      |  SIGPOLL/SIGIO     |  terminate       | *      |  SIGSYS/SIGUNUSED  |  coredump        | *      |  SIGSTKFLT         |  terminate       | *      |  SIGWINCH          |  ignore          | *      |  SIGPWR            |  terminate       | *      |  SIGRTMIN-SIGRTMAX |  terminate       | *      +--------------------+------------------+ *      |  non-POSIX signal  |  default action  | *      +--------------------+------------------+ *      |  SIGEMT            |  coredump        | *      +--------------------+------------------+

 

其中SIGQUIT是android重新定义了信号处理函数，用作dump java trace。

我们native crash里常见的SIGBUS、SIGABRT、SIGSEGV都是coredump类型的。所以一旦程序出了上述类型的错误，就会自动进入coredump。

我们也可以在有root权限的情况下，adb shell后用kill -11 {pid}命令来主动出发coredump（注意亮屏下要敲2～3下才会进入dump流程）。

 

 

【生成的dump的文件在哪】

就是上面设置的core_pattern指向的路径：/data/corefile/core_***_{pid}

 

 

【如何分析coredump】

步骤1：gdb工具

 

prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.7/bin/arm-linux-androideabi-gdb

 

 

 

步骤2：准备symbols

 

out/target/product/pisces/symbols/

必须要跟手机coredump时的版本一致！

 

步骤3：进入gdb环境(直接运行gdb即可)

 

$ prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.7/bin/arm-linux-androideabi-gdbGNU gdb (GDB) 7.6Copyright (C) 2013 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later 
     
      This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.  Type "show copying"and "show warranty" for details.This GDB was configured as "--host=x86_64-linux-gnu --target=arm-linux-android".For bug reporting instructions, please see:
      
       .(gdb)
      
     

 

 

步骤4：装载可执行程序

 

(gdb) file out/target/product/pisces/symbols/system/bin/app_processReading symbols from /home/mi/workspace/0-mi3_v6/out/target/product/pisces/symbols/system/bin/app_process...done.

 

 

步骤5：配置动态库搜索路径

 

(gdb) set solib-search-path out/target/product/pisces/symbols/system/lib

 

 

步骤6：装载core文件

 

(gdb) core core-du.map.location-1804warning: core file may not match specified executable file.[New LWP 1804][New LWP 1824][New LWP 2210][New LWP 2320][New LWP 1826][New LWP 1818][New LWP 2062][New LWP 1819][New LWP 1813][New LWP 1817][New LWP 1808][New LWP 1814][New LWP 1815][New LWP 2076][New LWP 1992]warning: Could not load shared library symbols for 3 libraries, e.g. /system/bin/linker.Use the "info sharedlibrary" command to see the complete listing.Do you need "set solib-search-path" or "set sysroot"?Core was generated by `com.baidu.map.location                                                     '.Program terminated with signal 11, Segmentation fault.#0  epoll_wait () at bionic/libc/arch-arm/syscalls/epoll_wait.S:1010        mov     r7, ip

 

 

接下来就可以用gdb的命令了