IOS Crash Analytics

IOS Crash Analytics

Symbolize (symbolicate)

The parsing of memory addresses refers to the 内存地址 from 符号 to.

Thread crashed:0 libsystem_kernel.dylib 0x00000001957b3270 0x195798000 + 1112161 Libsystem_pthread.dylib   0x0000000195851224 0x19584c000 + 210282 libsystem_c.dylib 0x000000019572ab14 0x1956c8000 + 4042443 Libc++abi.dylib 0x00000001947fd414 0x1947fc000 + 51404 libc++abi.dylib 0x000000019481c b88 0x1947fc000 + 1340245 LIBOBJC. A.dylib 0X000000019502C3BC 0x195024000 + 337246 libc++abi.dylib 0x0000000194819bb0 0x194 7fc000 + 1217767 libc++abi.dylib 0x0000000194819474 0x1947fc000 + 1199248 LIBOBJC. A.dylib 0x000000019502c200 0x195024000 + 332809 corefoundation 0x00000001848ce21c 0x184                  7a8000 + 120476410 Touchpaldialer 0x000000010052e2c4 0x100028000 + 526816411 Touchpaldialer   0x000000010052e038 0x100028000 + 526751212 libsystem_platform.dylib 0x0000000195848948 0x195844000 + 1876013 TouchpAldialer 0x00000001009106b4 0x100028000 + 934059614 touchpaldialer 0x00000001009106b4 0                  x100028000 + 934059615 Touchpaldialer 0x0000000100918024 0x100028000 + 937168416 Touchpaldialer 0x00000001009cd354 0x100028000 + 1011387617 touchpaldialer 0x00000001009ce940 0x100028000 + 10 11948818 touchpaldialer 0x0000000100909a08 0x100028000 + 931277619 Touchpaldialer 0x00 000001009cf698 0x100028000 + 1012290420 libsystem_pthread.dylib 0x000000019584fe7c 0x19584c000 + 1599621 Libsyst Em_pthread.dylib 0x000000019584fdd8 0x19584c000 + 1583222 libsystem_pthread.dylib 0X000000019584CFAC 0x19 584c000 + 4012

This 内存地址 refers to the memory address of the program when it is run (different from 程序编译之后的内存地址 )

符号Refers to human readable code information, which is generally included 文件名、类型、函数名、行数 .

For example, the following is a line of parsed symbolic information:

1 -[ContactEditNoteView saveNote] (in TouchPalDialer) (ContactEditNoteView.m:98)

Collect the source of Crashcrash

uncaught exception causes the program to terminate; exception can be processed before the program is terminated uncaught exception hangler .

IOS Developer library:uncaught Exceptions

If an exception was not caught, it was intercepted by a function called the uncaught exception handler. The uncaught exception handler always causes the program to exit and May perform some task before this happens.

Sources of uncaught exception :

1. Kernel
2. Other processes
3. Process of itself

Handling unhandled exceptions and signals

An unhandled signal can come from three places:the kernel, and other processes or the application itself. The most common signals, cause crashes are:


Exc_bad_access is a Mach exception sent by the kernel to your application when you try to ACCESS memory that's not mapped For your application. If not handled at the Mach level, it'll be translated into a sigbus or SIGSEGV BSD signal.
SIGABRT is a BSD signal sent by an application to itself when an nsexception or obj_exception_throw are not caught.

The MAC OS x kernel architecture looks like this. Mach's exception may be converted to UNIX-like signal via BSD.

Paste_image.png Paste_image.png capture crash

1. If it is turned into a nsexception, it can be NSSetUncaughtExecptionHandler() captured;

2. If sent in unix signal the form of a corresponding thread, you can register the corresponding signal function with C function to handlesignal(int sig, sig_t func)

Get specific information on crash

1. [NSException callStackSymbols];

2. int backtrace(void** array, int size);
char** backtrace_symbols(void* const* array, int size);

Contrast

capture the entrance to the crash	API	get crash specific information	Description
NSExecption	NSSetUncaughtExecptionHandler()	[NSException callStackSymbols]
signal	signal(int sig, sig_t func)	int BackTrace (void** array, int size); char** Backtrace_symbols (void* const* array, int size);

Steps to collect crash

1. Registration UncaughtExecptionHandler andsignal(int sig, sig_t func)

2. Get the symbol for the function call stack by corresponding method: [NSException callStackSymbols] orbacktrace_symbols(void* const* array, int size)

3. Save as file and upload to server

4. Symbolic parsing is performed based on the call stack information and the symbol table file (. dsym file). The commands that are commonly used are: atos . Like whatatos -o ./TouchPalDialer.app/TouchPalDialer -arch arm64 -s 0x2760 0x00000001004ed148

Collection of Crash instances

The following is the crash information collected in the actual code from the fileios_crash.plist

<?xml version= "1.0" encoding= "UTF-8"? ><! DOCTYPE plist Public "-//apple//dtd plist 1.0//en" "Http://www.apple.com/DTDs/PropertyList-1.0.dtd" ><plist Version= "1.0" ><dict> <key>abstract</key> <string>uncaughtsignalexception:signal was R aised.</string> <key>app_name</key> <string>com.cootek.Contacts</string> <key&gt ;app_version</key> <string>5384</string> <key>detail</key> <string>0 TOUCHP                      Aldialer 0x00000001005e533c _znsbitst11char_traitsitesaitee7reserveem + 378016 |            0x00000001005e4fd4 _znsbitst11char_traitsitesaitee7reserveem + 377144 Libsystem_platform.dylib 0x0000000197b4094c _sigtramp + |3 touchpaldialer 0x0000000100a46624 _znst8_rb_treeisbits T11char_traitsitesaiteest4pairiks3_st6vectoriisaiieeest10_select1stis9_est4lessis3_esais9_ee4finders5_ + 3|4 Touchpaldialer 0x0000000100a46624 _znst8_rb_treeisbitst11char_traitsitesaiteest4pairiks3_st6 vectoriisaiieeest10_select1stis9_est4lessis3_esais9_ee4finders5_ + 3160 |5 touchpaldialer 0x0000000 100a462e4 _znst8_rb_treeisbitst11char_traitsitesaiteest4pairiks3_st6vectoriisaiieeest10_select1stis9_ est4lessis3_esais9_ee4finders5_ + 2328 |6 touchpaldialer 0x0000000100a4bc20 _znst8_rb_treeijst4pair ikjn7orlando7vipinfoeest10_select1stis4_est4lessijesais4_ee4finders1_ + 632 |7 touchpaldialer 0x000   00001005416C0 _ZNST6VECTORISSSAISSEE13_M_INSERT_AUXEN9__GNU_CXX17__NORMAL_ITERATORIPSSS1_EERKSS + 666676 |8 Touchpaldialer 0x0000000100540914 _znst6vectorisssaissee13_m_insert_auxen9__gnu_cxx17__normal_iterato RIPSSS1_EERKSS + 663176 libdispatch.dylib 0x00000001979693ac <redacted> + |10 Libdispatch . dylib 0x000000019796936c <redacted&Gt                   + |11 Libdispatch.dylib 0x00000001979734c0 <redacted> + 1216 |12 libdispatch.dylib 0x000000019796c474 <redacted> + |13 libdispatch.dylib 0x0000000197975224 <redacted              > + 664 |14 libdispatch.dylib 0x000000019797675c <redacted> + 108 |15 libsystem_pthread.dylib 0x0000000197b452e4 _pthread_wqthread + 816 |16 libsystem_pthread.dylib 0x0000000197b44fa8 Start_ Wqthread + 4</string> <key>device</key> <string>iPhone7,1</string> <key>manuf acturer</key> <string>Apple</string> <key>os_name</key> <string>ios</strin g> <key>os_version</key> <string>ios 8.1.2</string> <key>slide</key> &L T;integer>933888</integer> <key>timestamp</key> <string>1456103577</string>< /dict></plist>

Tools: atosThe essential: load address, slide

atos -- convert numeric addresses to symbols of binary images or processesatos [-o <binary-image-file>] [-p <pid> | <partial-executable-name>] [-arch architecture]          [-l <load-address>] [-s <slide>] [-printHeader] [-f <address-input-file>]          [<address> ...]        

Use atos examples of use:

atos -o ./TouchPalDialer.app/TouchPalDialer -arch arm64 -s 0x2760 0x00000001004ed148

Attention:

atosThe parse address requirement entered in the command is 构建的内存地址（built address） (because the address is to correspond to the dSYM file, and the dSYM file is generated in the build), and the address of the function call stack obtained and uploaded is the memory address of the program at runtime, called 实际加载地址 .

Paste_image.png

The Apple Developer documentation (Technical note TN2123) points out that two load addresses need to be differentiated (load address): 实际加载地址期望加载地址

1. 实际加载地址 (actual load address)
   Refers to the address at which the program runs. Each program load (load) can be different.

2. 期望加载地址 (intented load address)
   Refers to the load address specified after compilation.

偏移量 = 实际加载地址 - 期望加载地址

slide = acutal load address - intended load addrss

Get load address, slide

• Loading addresses (load address)
  If you can obtain a completed crash log file (. crash file) that is generated by a system crashreporter, the Binary Images current program's**实际加载地址(acutal load address)**

Examples are as follows:

Binary Images:0x100028000 - 0x100c53fff TouchPalDialer arm64  <a197140a05563a0c983ef71bb8a83e1b> /var/mobile/Containers/Bundle/Application/C5B024A9-A8CC-4F1D-8613-99376B830C3E/TouchPalDialer.app/TouchPalDialer0x1200c0000 - 0x1200e7fff dyld arm64  <36eff49275c23d2d815e48af33eea471> /usr/lib/dyld0x182e60000 - 0x182e7dfff libJapaneseConverter.dylib arm64  <39642fdaade73029adb01e10922d2ba3> /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib

• offset (slide)
  Call the API of the underlying C to get,_dyld_get_image_vmaddr_slide(uint32_t image_index)

Examples are as follows:

+ (long) getImageSlide {    long slide = -1;    for (uint32_t i = 0; i < _dyld_image_count(); i++) {        if (_dyld_get_image_header(i)->filetype == MH_EXECUTE) {            slide = _dyld_get_image_vmaddr_slide(i);            break;        }    }    return slide;}

Resources

• How to read objective-c stack traces
  Http://stackoverflow.com/questions/6462214/how-to-read-objective-c-stack-traces

• Technical Note TN2151
  Understanding and Analyzing IOS application Crash Reports
  Https://developer.apple.com/library/ios/technotes/tn2151/_index.html

• Technical Note TN2123
  Crashreporter
  Https://developer.apple.com/library/mac/technotes/tn2004/tn2123.html

• Demystifying IOS Application Crash Logs
  Http://www.raywenderlich.com/23704/demystifying-ios-application-crash-logs

• Symbolicating Your IOS Crash Reports
  https://possiblemobile.com/2015/03/symbolicating-your-ios-crash-reports/

• Exploring IOS Crash Reports
  
  https://www.plausible.coop/blog/?p=176

• intended load addressVsactual load address
  Http://www.cocoabuilder.com/archive/xcode/312725-can-symbolicate-crash-reports.html

• Toolsman atos
  Https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/atos.1.html

• man otool
  
  http://www.unix.com/man-page/OSX/1/otool/

• Tales from the Crash mines:issue #1, by Landon Fuller
  Https://www.mikeash.com/pyblog/tales-from-the-crash-mines-issue-1.html

• Is your iOS installation package really "stripped"?
  
  http://zhuanlan.zhihu.com/geek-makes-life-better/19925959

• Analysis of crash log using Symbolicatecrash and Xcrun Atos
  http://blog.csdn.net/mkhgg/article/details/17247673

• StackOverflow
  How to read objective-c stack traces
  Http://stackoverflow.com/questions/6462214/how-to-read-objective-c-stack-traces

• IOS crash Reports:atos not working as expected
  http://stackoverflow.com/questions/13574933/ios-crash-reports-atos-not-working-as-expected

• dwarfdump: dSYM files generated after Xcode compiles the app
  http://blog.csdn.net/yan8024/article/details/8186760

• Use Dwarfdump to check if dSYM and app match
  http://blog.csdn.net/yan8024/article/details/8186774

• Load Address
  Can ' t symbolicate crash reports
  Http://www.cocoabuilder.com/archive/xcode/312725-can-symbolicate-crash-reports.html

• Debugging Stack Traces
  
  Http://www.cocoabuilder.com/archive/cocoa/276690-debugging-stack-traces.html

• Static or dynamic libraries dynamic linking on IOS
  http://ddeville.me/2014/04/dynamic-linking/

• The Lldb Debugger
  
  Http://lldb.llvm.org/symbolication.html

game3108
Links: http://www.jianshu.com/p/830576bde445
Source: Pinterest
Copyright belongs to the author. Commercial reprint please contact the author for authorization, non-commercial reprint please specify the source.

IOS Crash Analytics