调了一天overlay,发现系统总是crash,死在同一个地方pc值0 根据判断,我的应用程序已经跑完,crash的地方位于libsurfaceflinger.so库中 通过readelf和objdump分析libsurfaceflinger库,找0001aaa0、0001bee6、0001de92等位置 objdump出的数据被strip过,没有标号,还好readelf可以看出函数的大概地址 0x0001aa00地址在LayerBuffer附近,怒了,给LayerBuffer.cpp每个函数都打上断点,最终发现最后一个调用的函数是onVisibilityResolved。
void LayerBuffer::OverlaySource::onVisibilityResolved( const Transform& planeTransform) { LOGE("%s",__FUNCTION__); // this code-path must be as tight as possible, it's called each time // the screen is composited. if (UNLIKELY(mOverlay != 0)) { if (mVisibilityChanged || !mInitialized) { mVisibilityChanged = false; mInitialized = true; const Rect bounds(mLayer.getTransformedBounds()); int x = bounds.left; int y = bounds.top; int w = bounds.width(); int h = bounds.height(); // we need a lock here to protect "destroy" Mutex::Autolock _l(mOverlaySourceLock); if (mOverlay) { overlay_control_device_t* overlay_dev = mOverlayDevice; overlay_dev->setPosition(overlay_dev, mOverlay, x,y,w,h); overlay_dev->setParameter(overlay_dev, mOverlay, OVERLAY_TRANSFORM, mLayer.getOrientation()); overlay_dev->commit(overlay_dev, mOverlay); } } } } setPosition和setParameter都有被调用,看到commit函数我傻了,这个函数没实现,TI的样例代码中确实有实现。 看来就是因为这个函数为空,导致出现的crash。
错误情况 01-01 00:13:01.100: DEBUG/Overlay(830): overlay_createOverlay:IN w=320 h=240 format=4 01-01 00:13:01.100: DEBUG/Overlay(830): create_shared_data :: fd = 75, size = 4096 01-01 00:13:01.100: DEBUG/Overlay(830): overlay_object share->sizeed is 4096 01-01 00:13:01.100: INFO/Overlay(830): Successed to create overlay !! 01-01 00:13:01.100: DEBUG/Overlay(830): overlay_setParameter 01-01 00:13:01.100: DEBUG/Overlay(830): not support OVERLAY_DITHER 01-01 00:13:01.110: DEBUG/Overlay(830): overlay_setPosition 01-01 00:13:01.110: DEBUG/Overlay(830): overlay_setPosition : 0, 0 - 320, 240 01-01 00:13:01.110: DEBUG/Overlay(830): overlay_setParameter 01-01 00:13:01.110: DEBUG/Overlay(830): not support OVERLAY_TRANSFORM 01-01 00:13:01.120: ERROR/Overlay(1011): Overlay open! 01-01 00:13:01.120: DEBUG/Overlay(1011): overlay_device_open 2 : OVERLAY_HARDWARE_DATA 01-01 00:13:01.120: DEBUG/Overlay(1011): overlay_initialize :: fd = 12, size = 4096 01-01 00:13:01.120: DEBUG/Overlay(1011): open_shared_data :: fd = 12, size = 4096 01-01 00:13:01.120: DEBUG/Overlay(1011): overlay_initialize success 01-01 00:13:01.120: DEBUG/Overlay(1011): overlay_initialize : 0 , len=0x3fc00 01-01 00:13:01.120: DEBUG/Overlay(1011): overlay_dequeueBuffer 01-01 00:13:01.120: DEBUG/Overlay(1011): overlay_getBufferAddress 01-01 00:13:01.140: INFO/DEBUG(816): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 01-01 00:13:01.140: INFO/DEBUG(816): Build fingerprint: 'ky6410/ky6410/ky6410/:2.1-update1/ECLAIR/eng.kyon.20101204.140927:eng/test-keys' 01-01 00:13:01.140: INFO/DEBUG(816): pid: 830, tid: 836 >>> system_server <<< 01-01 00:13:01.140: INFO/DEBUG(816): signal 11 (SIGSEGV), fault addr 00000000 01-01 00:13:01.140: INFO/DEBUG(816): r0 001400c8 r1 00368970 r2 50605d12 r3 80e00b63 01-01 00:13:01.140: INFO/DEBUG(816): r4 80e00e91 r5 00000000 r6 001400c8 r7 80e00b25 01-01 00:13:01.140: INFO/DEBUG(816): r8 00100000 r9 a9d1b82d 10 44b67000 fp 00127120 01-01 00:13:01.140: INFO/DEBUG(816): ip afbc30c8 sp 44c66d90 lr acd1aaa3 pc 00000000 cpsr 00000010 01-01 00:13:02.010: INFO/DEBUG(816): #00 pc 00000000 01-01 00:13:02.030: INFO/DEBUG(816): #01 pc 0001aaa0 /system/lib/libsurfaceflinger.so 01-01 00:13:02.030: INFO/DEBUG(816): #02 pc 0001bee6 /system/lib/libsurfaceflinger.so 01-01 00:13:02.030: INFO/DEBUG(816): #03 pc 0001de92 /system/lib/libsurfaceflinger.so 01-01 00:13:02.050: INFO/DEBUG(816): #04 pc 0001fff6 /system/lib/libsurfaceflinger.so 01-01 00:13:02.050: INFO/DEBUG(816): #05 pc 000207ac /system/lib/libsurfaceflinger.so 01-01 00:13:02.050: INFO/DEBUG(816): #06 pc 0001b46a /system/lib/libutils.so 01-01 00:13:02.070: INFO/DEBUG(816): #07 pc 0001b892 /system/lib/libutils.so 01-01 00:13:02.070: INFO/DEBUG(816): #08 pc 00010020 /system/lib/libc.so 01-01 00:13:02.070: INFO/DEBUG(816): #09 pc 0000faf0 /system/lib/libc.so 01-01 00:13:02.070: INFO/DEBUG(816): code around lr: 01-01 00:13:02.070: INFO/DEBUG(816): acd1aa90 6d77681b 22041c30 692947b8 6df51c30 01-01 00:13:02.070: INFO/DEBUG(816): acd1aaa0 980447a8 eb1af7fa bdf0b007 b083b500 01-01 00:13:02.080: INFO/DEBUG(816): acd1aab0 23006880 93002200 f7fe9301 b003fef1 01-01 00:13:02.080: INFO/DEBUG(816): stack: 01-01 00:13:02.100: INFO/DEBUG(816): 44c66d50 00000140 01-01 00:13:02.100: INFO/DEBUG(816): 44c66d54 80e00eff /system/lib/hw/overlay.ky6410.so 01-01 00:13:02.100: INFO/DEBUG(816): 44c66d58 80e017a6 /system/lib/hw/overlay.ky6410.so 01-01 00:13:02.100: INFO/DEBUG(816): 44c66d5c 50605d12 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d60 00000000 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d64 80e020c8 /system/lib/hw/overlay.ky6410.so 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d68 80e01560 /system/lib/hw/overlay.ky6410.so 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d6c 00000004 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d70 80e00b25 /system/lib/hw/overlay.ky6410.so 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d74 80e00b63 /system/lib/hw/overlay.ky6410.so 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d78 80e015be /system/lib/hw/overlay.ky6410.so 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d7c 80e00b3d /system/lib/hw/overlay.ky6410.so 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d80 80e00e91 /system/lib/hw/overlay.ky6410.so 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d84 0043f658 [heap] 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d88 df002777 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d8c e3a070ad 01-01 00:13:02.110: INFO/DEBUG(816): #01 44c66d90 00000140 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d94 000000f0 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d98 44c66dc4 01-01 00:13:02.110: INFO/DEBUG(816): 44c66d9c 00000000 01-01 00:13:02.110: INFO/DEBUG(816): 44c66da0 0043f688 [heap] 01-01 00:13:02.110: INFO/DEBUG(816): 44c66da4 000000f0 01-01 00:13:02.110: INFO/DEBUG(816): 44c66da8 00100000 [heap] 01-01 00:13:02.110: INFO/DEBUG(816): 44c66dac 002b0e18 [heap] 01-01 00:13:02.110: INFO/DEBUG(816): 44c66db0 00126f40 [heap] 01-01 00:13:02.110: INFO/DEBUG(816): 44c66db4 0012700c [heap] 01-01 00:13:02.110: INFO/DEBUG(816): 44c66db8 00126f40 [heap] 01-01 00:13:02.110: INFO/DEBUG(816): 44c66dbc acd1bee9 /system/lib/libsurfaceflinger.so 01-01 00:13:09.010: DEBUG/Zygote(818): Process 830 terminated by signal (11)
正确的调用流程,留着以后分析。 E/SurfaceFlinger( 822): LayerBuffer E/SurfaceFlinger( 822): onFirstRef E/SurfaceFlinger( 822): SurfaceLayerBuffer E/SurfaceFlinger( 822): createSurface E/SurfaceFlinger( 822): unlockPageFlip E/SurfaceFlinger( 822): getSource isurface = 0xa6c0 E/SurfaceFlinger( 822): createOverlay E/SurfaceFlinger( 822): createOverlay E/SurfaceFlinger( 822): Source E/SurfaceFlinger( 822): OverlaySource D/Overlay ( 822): overlay_createOverlay:IN w=320 h=240 format=4 D/Overlay ( 822): create_shared_data :: fd = 70, size = 4096 D/Overlay ( 822): overlay_object share->sizeed is 4096 I/Overlay ( 822): Successed to create overlay !! D/Overlay ( 822): overlay_setParameter D/Overlay ( 822): not support OVERLAY_DITHER E/SurfaceFlinger( 822): LayerBuffer::OverlaySource::OverlaySource return E/SurfaceFlinger( 822): unlockPageFlip E/SurfaceFlinger( 822): getSource E/SurfaceFlinger( 822): onVisibilityResolved D/Overlay ( 822): overlay_setPosition E/Overlay ( 967): Overlay open! E/Overlay ( 967): D/Overlay ( 822): overlay_setPosition : 0, 0 - 320, 240 D/Overlay ( 822): overlay_setParameter D/Overlay ( 822): not support OVERLAY_TRANSFORM D/Overlay ( 967): overlay_device_open 2 : OVERLAY_HARDWARE_DATA D/Overlay ( 967): overlay_initialize :: fd = 12, size = 4096 D/Overlay ( 967): open_shared_data :: fd = 12, size = 4096 D/Overlay ( 967): overlay_initialize success D/Overlay ( 967): overlay_initialize : 0 , len=0x3fc00 D/Overlay ( 967): overlay_dequeueBuffer buffer = 0xb0017a00 err is 0 D/Overlay ( 967): overlay_getBufferAddress address = 0x0 D/Overlay ( 967): overlay_queueBuffer queueBuffer err is 0 D/Overlay ( 967): overlay_data_close D/Overlay ( 967): destroy_shared_data D/Overlay ( 967): overlay_data_close return E/SurfaceFlinger( 822): ditch E/SurfaceFlinger( 822): ~LayerBuffer E/SurfaceFlinger( 822): ~OverlaySource D/Overlay ( 822): overlay_destroyOverlay D/Overlay ( 822): destroy_shared_data E/SurfaceFlinger( 822): ~SurfaceLayerBuffer E/SurfaceFlinger( 822): unregisterBuffers |