Last active
March 22, 2018 14:25
-
-
Save giuseppebarba/10149352 to your computer and use it in GitHub Desktop.
Android Debugging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Some system properties: | |
| -------------------------------------------------------------------------------- | |
| setprop debug.db.uid 32767 | |
| That will cause the crash catcher (debuggerd) to freeze the process, | |
| allowing you to use gdb/gdbserver to debug it. | |
| In the source tree, after you "source build/envsetup.sh" and use | |
| "lunch" or "choosecombo", you will have a shell command called | |
| "gdbclient". By default, it expects to debug "app_process" on port | |
| 5039 using the symbol-endowed shared libraries found in the "out" | |
| directory (you may need "adb forward tcp:5039 tcp:5039" to set up the | |
| TCP bridge). If you want to debug something else, you can issue the | |
| gdb/gdbserver commands manually. | |
| -------------------------------------------------------------------------------- | |
| setprop dalvik.vm.checkjni true | |
| setprop dalvik.vm.jniopts forcecopy | |
| enables jni checks (security) | |
| -------------------------------------------------------------------------------- | |
| setprop libc.debug.malloc 10 | |
| Enable malloc debugging | |
| 1 - perform leak detection | |
| 5 - fill allocated memory to detect overruns | |
| 10 - fill memory and add sentinels to detect overruns | |
| 20 - use special instrumented malloc/free routines for the emulator | |
| -------------------------------------------------------------------------------- | |
| adb forward tcp:5039 tcp:5039 | |
| Forward tcp communication on adb link(eg: usb cable) | |
| -------------------------------------------------------------------------------- | |
| Example on GDB: | |
| #on the target: | |
| ps (get the process id - #PiD) | |
| gdbserver :5039 --attach #PiD & | |
| #on the pc, inside android source tree: | |
| prebuilts/gcc/linux-x86/arm/arm-eabi-4.7/bin/arm-elf-gdb out/target/product/sooner/system/bin/app_process | |
| (gdb) set solib-absolute-prefix /work/android/device/out/target/product/sooner/symbols | |
| (gdb) set solib-search-path /work/android/device/out/target/product/sooner/symbols/android/lib | |
| (gdb) target remote :5039 | |
| Don't let other threads get scheduled while we're debugging. You should "set scheduler-locking off" before issuing a "continue", or else your thread may get stuck on a futex or other spinlock because no other thread can release it. | |
| (gdb) set scheduler-locking on | |
| Ignore SIGUSR1 if you're using JamVM. Shouldn't hurt if you're not. | |
| (gdb) handle SIGUSR1 noprint | |
| (gdb) where | |
| #0 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| #1 0x53010eb8 in pthread_cond_timedwait (cond=0x12081c, mutex=0x120818, abstime=0xffffffff) | |
| at system/klibc/android/pthread.c:490 | |
| #2 0x6b01c848 in monitorWait (mon=0x120818, self=0x6b039ba4, ms=0, ns=0) at extlibs/jamvm-1.4.1/src/lock.c:194 | |
| #3 0x6b01d1d8 in objectWait (obj=0x408091c0, ms=0, ns=0) at extlibs/jamvm-1.4.1/src/lock.c:420 | |
| #4 0x6b01d4c8 in jamWait (clazz=0xfffffffc, mb=0x0, ostack=0x2e188) at extlibs/jamvm-1.4.1/src/natives.c:91 | |
| #5 0x6b013b2c in resolveNativeWrapper (clazz=0x408001d0, mb=0x41798, ostack=0x2e188) at extlibs/jamvm-1.4.1/src/dll.c:236 | |
| #6 0x6b015c04 in executeJava () at extlibs/jamvm-1.4.1/src/interp.c:2614 | |
| #7 0x6b01471c in executeMethodVaList (ob=0x0, clazz=0x40808f20, mb=0x12563c, jargs=0xbe9229f4) | |
| at extlibs/jamvm-1.4.1/src/execute.c:91 | |
| #8 0x6b01bcd0 in Jam_CallStaticVoidMethod (env=0xfffffffc, klass=0x0, methodID=0x12563c) | |
| at extlibs/jamvm-1.4.1/src/jni.c:1063 | |
| #9 0x58025b2c in android::AndroidRuntime::callStatic (this=0xfffffffc, | |
| className=0xbe922f0a "android/activity/ActivityThread", methodName=0x57000b7c "main") | |
| at libs/android_runtime/AndroidRuntime.cpp:215 | |
| #10 0x57000504 in android::app_init (className=0xbe922f0a "android/activity/ActivityThread") | |
| at servers/app/library/app_init.cpp:20 | |
| #11 0x000089b0 in android::sp<android::ProcessState>::~sp () | |
| #12 0x000089b0 in android::sp<android::ProcessState>::~sp () | |
| Previous frame identical to this frame (corrupt stack?) | |
| (gdb) info threads | |
| 7 thread 263 __ioctl () at system/klibc/syscalls/__ioctl.S:12 | |
| 6 thread 262 accept () at system/klibc/syscalls/accept.S:12 | |
| 5 thread 261 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| 4 thread 260 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| 3 thread 259 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| 2 thread 258 __sigsuspend () at system/klibc/syscalls/__sigsuspend.S:12 | |
| 1 thread 257 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| (gdb) thread 7 | |
| [Switching to thread 7 (thread 263)]#0 __ioctl () at system/klibc/syscalls/__ioctl.S:12 | |
| 12 movs r0, r0 | |
| (gdb) bt | |
| #0 __ioctl () at system/klibc/syscalls/__ioctl.S:12 | |
| #1 0x53010704 in ioctl (fd=-512, request=-1072143871) at system/klibc/android/ioctl.c:22 | |
| #2 0x51040ac0 in android::IPCThreadState::talkWithDriver (this=0x1207b8, doReceive=true) at RefBase.h:83 | |
| #3 0x510418a0 in android::IPCThreadState::joinThreadPool (this=0x1207b8, isMain=false) | |
| at libs/utils/IPCThreadState.cpp:343 | |
| #4 0x51046004 in android::PoolThread::threadLoop (this=0xfffffe00) at libs/utils/ProcessState.cpp:52 | |
| #5 0x51036428 in android::Thread::_threadLoop (user=0xfffffe00) at libs/utils/Threads.cpp:1100 | |
| #6 0x58025c68 in android::AndroidRuntime::javaThreadShell (args=0x105ffe28) at libs/android_runtime/AndroidRuntime.cpp:540 | |
| (gdb) thread 6 | |
| [Switching to thread 6 (thread 262)]#0 accept () at system/klibc/syscalls/accept.S:12 | |
| 12 movs r0, r0 | |
| (gdb) bt | |
| #0 accept () at system/klibc/syscalls/accept.S:12 | |
| #1 0x6b0334e4 in jdwpAcceptConnection (state=0xfffffe00) at extlibs/jamvm-1.4.1/jdwp/JdwpNet.c:213 | |
| #2 0x6b032660 in jdwpThreadEntry (self=0x4d020) at extlibs/jamvm-1.4.1/jdwp/JdwpMain.c:37 | |
| #3 0x6b022c2c in shell (args=0x4d960) at extlibs/jamvm-1.4.1/src/thread.c:629 | |
| (gdb) thread 5 | |
| [Switching to thread 5 (thread 261)]#0 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| 88 bx lr | |
| (gdb) bt | |
| #0 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| #1 0x53010f48 in pthread_cond_timeout (cond=0x6b039b64, mutex=0x6b039b60, msecs=0) at system/klibc/android/pthread.c:513 | |
| #2 0x6b01c8d0 in monitorWait (mon=0x6b039b60, self=0x4d400, ms=1000, ns=272629312) at extlibs/jamvm-1.4.1/src/lock.c:183 | |
| #3 0x6b022084 in threadSleep (thread=0x4d400, ms=1000, ns=272629312) at extlibs/jamvm-1.4.1/src/thread.c:215 | |
| #4 0x6b00d4fc in asyncGCThreadLoop (self=0x4d400) at extlibs/jamvm-1.4.1/src/alloc.c:1179 | |
| #5 0x6b022c2c in shell (args=0x4d480) at extlibs/jamvm-1.4.1/src/thread.c:629 | |
| (gdb) thread 4 | |
| [Switching to thread 4 (thread 260)]#0 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| 88 bx lr | |
| (gdb) bt | |
| #0 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| #1 0x53010eb8 in pthread_cond_timedwait (cond=0x6b039934, mutex=0x6b039930, abstime=0x0) | |
| at system/klibc/android/pthread.c:490 | |
| #2 0x6b00b3ec in referenceHandlerThreadLoop (self=0x4d360) at extlibs/jamvm-1.4.1/src/alloc.c:1247 | |
| #3 0x6b022c2c in shell (args=0x4d960) at extlibs/jamvm-1.4.1/src/thread.c:629 | |
| (gdb) thread 3 | |
| [Switching to thread 3 (thread 259)]#0 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| 88 bx lr | |
| (gdb) bt | |
| #0 __futex_wait () at system/klibc/android/atomics_arm.S:88 | |
| #1 0x53010eb8 in pthread_cond_timedwait (cond=0x6b03992c, mutex=0x6b039928, abstime=0x0) | |
| at system/klibc/android/pthread.c:490 | |
| #2 0x6b00b1dc in finalizerThreadLoop (self=0x4d8e0) at extlibs/jamvm-1.4.1/src/alloc.c:1238 | |
| #3 0x6b022c2c in shell (args=0x4d960) at extlibs/jamvm-1.4.1/src/thread.c:629 | |
| (gdb) thread 2 | |
| [Switching to thread 2 (thread 258)]#0 __sigsuspend () at system/klibc/syscalls/__sigsuspend.S:12 | |
| 12 movs r0, r0 | |
| (gdb) bt | |
| #0 __sigsuspend () at system/klibc/syscalls/__sigsuspend.S:12 | |
| #1 0x6b023814 in dumpThreadsLoop (self=0x51b98) at extlibs/jamvm-1.4.1/src/thread.c:1107 | |
| #2 0x6b022c2c in shell (args=0x51b58) at extlibs/jamvm-1.4.1/src/thread.c:629 | |
| Android debug: | |
| https://github.com/keesj/gomo/wiki/AndroidGdbDebugging | |
| http://visualgdb.com/gdbreference/commands/shared_library_commands | |
| http://linux-mobile-hacker.blogspot.co.uk/2008/02/debug-shared-library-with-gdbserver.html?_sm_au_=iVVtR6kbZDPbn7QP | |
| http://www.kandroid.org/online-pdk/guide/debugging_gdb.html | |
| http://www.kandroid.org/online-pdk/guide/debugging_native.html | |
| http://www.opersys.com/downloads/cc-slides/embedded-android/embedded-android-131104.pdf | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment