Debugging segmentation fault
Type 1 Seg Fault has backtrace of shared objects (most of the times we face this)
The PC holds the offset and it has to be traced in the top most 'so' file present in back trace. This can be done by using addr2line or objdump tool
a. Using addr2line:
Syntax: <path to arm-eabi-addr2line> -f -e <path to so file> <offset which is the PC value>
Example: #00 pc 0000e234 /system/lib/libc.so ./prebuilt/linux-x86/toolchain/arm-eabi-4.3.1/bin/arm-eabi-addr2line -f -e ./out/target/product/generic/symbols/system/lib/libc.so 0x0000e234
Returns strlen bionic/libc/arch-arm/bionic/strlen.c:62
b. Using objdump:
Syntax: <path to arm-eabi-objdump> -S <path to so file>
Example: prebuilt/linux-x86/toolchain/arm-eabi-4.3.1/bin/arm-eabi-objdump -S out/target/product/zoom2/symbols/system/lib/libOMX.TI.Video.encoder.so > ObjDumpFile.txt Output is redirected to ObjDumpFile file
Now the ObjDumpFile has the Intermix of source code with disassembly. We can search using the PC offset in it to see the exact line number
Tip: Make sure to use the debug version of 'so' files which are within the symbols dir in out folder otherwise we would not get the source code symbols in obj dump
Type 2 Seg fault print has the thread name along with register values. The backtrace of shared objects is not present
1. The PC holds a virtual address
2. The first '3' digits of PC provide info on the virtual memory mapping where the shared object('so') is loaded and remaining digits provide the offset within the 'so'
3. Use the 'ps' call to get the Process ID of the thread where it fails.
4. Get the memory map of the process using the following:
In device console/adb shell, print values of 'maps' file within the process id <pid>. Syntax: cat proc/<pid>/maps It is recommended that we get the memory map during the normal execution before the failure itself otherwise it is possible for process to be killed and might lead to mismatch.
5. Use the first '3' digits of PC value to identify the shared object which has caused the failure(using memory map)
6. Get the obj dump of the 'so' and search with the offset to get the exact line of failure. (this can be done in the similar way as in Type 1 seg fault debugging mentioned above)
Example:
Seg Fault Message: PV author: unhandled page fault (11) at 0x00000004, code 0x017 pgd = ccfc8000 [00000004] *pgd=8cbe1031, *pte=00000000, *ppte=00000000 Pid: 9691, comm: PV author CPU: 0 Not tainted (2.6.29-omap1 #20) PC is at 0x81b23140 LR is at 0x81b23049 ...
Based on PC, the shared object is in range of 0x81bxxxxx and offset within that is 0x23140
PV author runs in context of Media server process (PID: 944) Using cat /proc/944/maps we can identify the ‘so’ loaded in this region 81b00000-81b2a000 r-xp 00000000 b3:02 34574 /system/lib/libOMX.TI.Video.encoder.so So appears to be in OMX TI Video encoder
Now with the offset we can use the addr2line or objdump to get the line causing this issue
http://omappedia.org/wiki/Android_Debugging