首页 > 代码库 > coredump功能介绍

coredump功能介绍

【coredump简介】

blog.csdn.net/tenfyguo/article/details/8159176

 

【如何打开coredump功能】

1、打开kernel编译开关

@kernel/arch/arm/Kconfig
config ARM
        bool
        default y
        select HAVE_AOUT
        select HAVE_DMA_API_DEBUG
        ...
+       select ELF_CORE                      
        ...
        select HAVE_BPF_JIT if NET
        help
        ...

 

 

这个开关使能内核coredump模块

 

2、修改rc文件

 

@init.pisces.rc
on early-init
+   setrlimit 4 2147483647 2147483647

on post-fs-data
+   mkdir /data/tombstones 0711 system system
+   mkdir /data/corefile
+   chmod 777 /data/corefile

on property:ro.debuggable=1
+   write /proc/sys/kernel/core_pattern /data/corefile/core-%e-%p
+   write /proc/sys/fs/suid_dumpable 1

 

其中,

setrlimit是设置coredump文件大小限制

/data/corefile/是coredump输出目录

/proc/sys/kernel/core_pattern是设置corefile的路径

/proc/sys/fs/suid_dumpble是coredump的动态开关,内核coredump模块根据这个值来判断是否要dump。

 

3、修改虚拟机

 

@dalvik/vm/native/dalvik_system_Zygote.cpp
static void enableDebugFeatures(u4 debugFlags)
{
    ...
#ifdef HAVE_ANDROID_OS
    if ((debugFlags & DEBUG_ENABLE_DEBUGGER) != 0) {
        /* To let a non-privileged gdbserver attach to this
         * process, we must set its dumpable bit flag. However
         * we are not interested in generating a coredump in
         * case of a crash, so also set the coredump size to 0
         * to disable that
         */
        if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) < 0) {
            ALOGE("could not set dumpable bit flag for pid %d: %s",
                 getpid(), strerror(errno));
        } else {
            struct rlimit rl;
+#if 0
            rl.rlim_cur = 0;
            rl.rlim_max = RLIM_INFINITY;
+#endif

 

虚拟机启动时,可能会将rlimit设置位0,所以这里得注释掉。

 

 
4、关闭SELinux
adb shell setenforce 0

selinux会限制app给/data/corefile/目录写文件,所以得关闭selinux。

 

【如何触发coredump】
coredump是kernel的信号处理函数作的,它会判断当前信号的默认处理类型是否为coredump,如果是则进入dump流程
关于信号及其默认处理类型如下:

 

 *      +--------------------+------------------+
 *      |  POSIX signal      |  default action  |
 *      +--------------------+------------------+
 *      |  SIGHUP            |  terminate       |
 *      |  SIGINT            |  terminate       |
 *      |  SIGQUIT           |  coredump        |
 *      |  SIGILL            |  coredump        |
 *      |  SIGTRAP           |  coredump        |
 *      |  SIGABRT/SIGIOT    |  coredump        |
 *      |  SIGBUS            |  coredump        |
 *      |  SIGFPE            |  coredump        |
 *      |  SIGKILL           |  terminate(+)    |
 *      |  SIGUSR1           |  terminate       |
 *      |  SIGSEGV           |  coredump        |
 *      |  SIGUSR2           |  terminate       |
 *      |  SIGPIPE           |  terminate       |
 *      |  SIGALRM           |  terminate       |
 *      |  SIGTERM           |  terminate       |
 *      |  SIGCHLD           |  ignore          |
 *      |  SIGCONT           |  ignore(*)       |
 *      |  SIGSTOP           |  stop(*)(+)      |
 *      |  SIGTSTP           |  stop(*)         |
 *      |  SIGTTIN           |  stop(*)         |
 *      |  SIGTTOU           |  stop(*)         |
 *      |  SIGURG            |  ignore          |
 *      |  SIGXCPU           |  coredump        |
 *      |  SIGXFSZ           |  coredump        |
 *      |  SIGVTALRM         |  terminate       |
 *      |  SIGPROF           |  terminate       |
 *      |  SIGPOLL/SIGIO     |  terminate       |
 *      |  SIGSYS/SIGUNUSED  |  coredump        |
 *      |  SIGSTKFLT         |  terminate       |
 *      |  SIGWINCH          |  ignore          |
 *      |  SIGPWR            |  terminate       |
 *      |  SIGRTMIN-SIGRTMAX |  terminate       |
 *      +--------------------+------------------+
 *      |  non-POSIX signal  |  default action  |
 *      +--------------------+------------------+
 *      |  SIGEMT            |  coredump        |
 *      +--------------------+------------------+

 

其中SIGQUIT是android重新定义了信号处理函数,用作dump java trace。

我们native crash里常见的SIGBUS、SIGABRT、SIGSEGV都是coredump类型的。所以一旦程序出了上述类型的错误,就会自动进入coredump。

我们也可以在有root权限的情况下,adb shell后用kill -11 {pid}命令来主动出发coredump(注意亮屏下要敲2~3下才会进入dump流程)。

 

 

【生成的dump的文件在哪】

就是上面设置的core_pattern指向的路径:/data/corefile/core_***_{pid}

 

 

【如何分析coredump】

步骤1:gdb工具

 

 prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.7/bin/arm-linux-androideabi-gdb

 

 

 

步骤2:准备symbols

 

 out/target/product/pisces/symbols/

必须要跟手机coredump时的版本一致!

 

步骤3:进入gdb环境(直接运行gdb即可)

 

 $ prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.7/bin/arm-linux-androideabi-gdb
GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=x86_64-linux-gnu --target=arm-linux-android".
For bug reporting instructions, please see:
<http://source.android.com/source/report-bugs.html>.
(gdb)

 

 

步骤4:装载可执行程序

 

 (gdb) file out/target/product/pisces/symbols/system/bin/app_process
Reading symbols from /home/mi/workspace/0-mi3_v6/out/target/product/pisces/symbols/system/bin/app_process...done.

 

 

步骤5:配置动态库搜索路径

 

 (gdb) set solib-search-path out/target/product/pisces/symbols/system/lib

 

 

步骤6:装载core文件

 

(gdb) core core-du.map.location-1804
warning: core file may not match specified executable file.
[New LWP 1804]
[New LWP 1824]
[New LWP 2210]
[New LWP 2320]
[New LWP 1826]
[New LWP 1818]
[New LWP 2062]
[New LWP 1819]
[New LWP 1813]
[New LWP 1817]
[New LWP 1808]
[New LWP 1814]
[New LWP 1815]
[New LWP 2076]
[New LWP 1992]
warning: Could not load shared library symbols for 3 libraries, e.g. /system/bin/linker.
Use the "info sharedlibrary" command to see the complete listing.
Do you need "set solib-search-path" or "set sysroot"?
Core was generated by `com.baidu.map.location                                                     ‘.
Program terminated with signal 11, Segmentation fault.
#0  epoll_wait () at bionic/libc/arch-arm/syscalls/epoll_wait.S:10
10        mov     r7, ip

 

 

接下来就可以用gdb的命令了

 

coredump功能介绍