高通车机8155平台android开启ASAN定位内存问题方法

前言

高通8155平台有自己的客制化，仅按照google的描述在编译命令里面加上-fsanitize=address是不能够编译出来带ASAN的bin或者SO。还需要更多的编译属性配置。

一、system分区模块打开ASAN

修改自己对应模块bin以及shared libs 的Android.bp

1. 针对Android.bp情形

Android.bp 的cflags 里面添加 :

"-Wno-error", "-fno-omit-frame-pointer", "-O0", "-Wno-frame-larger-than="

Android.bp 申明属性 :

clang: true sanitize: {address: true,}

示例如下：


cc_defaults {
    name: "asan_debugd_defaults",
    cflags: [
        "-Werror",
        "-Wall",
        //enable asan related cflags begin
        "-Wno-error",
        "-fno-omit-frame-pointer",
        "-O0",
        "-Wno-frame-larger-than=",
        //enable asan related cflags end
    ],
     
    clang: true,  //ASAN related property
    sanitize: {address: true,}, //ASAN option
 
    cppflags: [
        "-Wnon-virtual-dtor",
        "-fno-strict-aliasing",
    ],
    ldflags: [
        "-Wl",
    ],
}
 
 
cc_binary {
    name: "asan_debugd",
    defaults: ["asan_debugd_defaults"],
    static_libs: [ "libAsanDebug",],
    shared_libs: [ "liblog", "libutils", "libcutils"],
    srcs: ["asan_debugd.cpp"],
}

注意，如果bin开启了ASAN，则bin的static libraries 都默认开启ASAN。而shared libraries 不会感染编译配置。所以可疑的shared libs 也要加。

2, 针对Android.mk情形

Android.mk需要打开如下属性：

LOCAL_CFLAGS += -fno-omit-frame-pointer -O0 -Wno-frame-larger-than= -fsanitize=address

LOCAL_CLANG := true

LOCAL_SHARED_LIBRARIES +=libclang_rt.asan-aarch64-android

其中LOCAL_SHARED_LIBRARIES 所申明的.so，在/system/lib64/里面有，在/system/lib/里面的so叫另外一个名字libclang_rt.asan-arm-android.so, 所以最好仅编译64位版本。只要能复现问题，不必32、64位都要编译。

示例（仅演示64位）如下：


LOCAL_PATH := $(call my-dir)
 
################################### /system/bin/asan_debugd ############################################
 
include $(CLEAR_VARS)
LOCAL_MODULE := asan_debugd
 
LOCAL_CFLAGS := -Werror
 
LOCAL_LDFLAGS += -Wl
 
LOCAL_CPPFLAGS += -Wfloat-equal -Wformat=2 -Wshadow -fstack-protector-all
 
LOCAL_MODULE_TAGS := optional
 
LOCAL_MULTILIB :=64
 
LOCAL_SRC_FILES += asan_debugd.cpp
 
LOCAL_C_INCLUDES := $(LOCAL_PATH)
 
LOCAL_SHARED_LIBRARIES := liblog libutils libcutils \
                          libAsanDebug
 
#LOCAL_STATIC_LIBRARIES :=  libAsanDebug
 
#asan related cflags
LOCAL_CFLAGS += -fno-omit-frame-pointer  -O0 -Wno-frame-larger-than=  -fsanitize=address
LOCAL_CLANG := true
LOCAL_SHARED_LIBRARIES +=libclang_rt.asan-aarch64-android
 
include $(BUILD_EXECUTABLE)

二，vendor分区打开ASAN

1, 预编译ASAN库

vendor空间所开启的编译命令与上述类似。但是有个问题，在/vendor/lib64/里面没有libclang_rt.asan-aarch64-android.so，所以需要把/system/lib64/里面的libclang_rt.asan-aarch64-android.so 预编译到/vendor/lib64.

如果不会写预编译的Android.mk 可以点击下面链接下载，预编译的lib以及Android.mk我都整理号了：

高通8155p平台QNX+Android9开启ASAN定位内存问题方法Android.mk与Android.bp都有_高通8155资源-CSDN文库

上述文件夹下载好了，放到能够编译到的地方即可。然后修改自己模块的Android.mk或者Android.bp 以下假设我预编译到vendor/lib(64)的.so改名叫做libclang_rt.asan-android_vnd.so

为了方便大家调试，我把32、64位的.so都编译进去了。并且各位的Android.bp不用再声明32或者64了。

2，vendor分区Android.bp


cc_defaults {
    name: "asan_debuglib_defaults_vnd",
    cflags: [
        "-Werror",
        "-Wall",
        "-Wno-error",                 // asan related cflags
        "-fno-omit-frame-pointer",    // asan related cflags
        "-O0",                        //  asan related cflags
        "-Wno-frame-larger-than="     // asan related cflags
    ],
    cppflags: [
        "-Wnon-virtual-dtor",
        "-fno-strict-aliasing",
    ],
    ldflags: [
        "-Wl",
    ],
 
    shared_libs: [ "liblog", "libutils", "libcutils", 
        "libclang_rt.asan-android_vnd",
    ],
    clang: true, // asan related cflags
    sanitize: {address: true,}, // asan related cflags
    compile_multilib: "64",
}
 
// vendor/lib64/libAsanDebug_vnd
 
cc_library_shared {
    name: "libAsanDebug_vnd",
    vendor: true,  //vendor partition
    defaults: ["asan_debuglib_defaults_vnd"],
    static_libs: [
    ],
    export_include_dirs: ["export_headers", ],
    srcs: ["AsanDebug.cpp"],
}

3，vendor分区Android.mk


LOCAL_PATH := $(call my-dir)
 
##################################### /vendor/lib64/libAsanDebug_vnd #################################
 
include $(CLEAR_VARS)
LOCAL_MODULE := libAsanDebug_vnd
 
LOCAL_CFLAGS := -Werror
 
LOCAL_LDFLAGS += -Wl
 
LOCAL_MODULE_TAGS := optional
 
LOCAL_SRC_FILES +=  AsanDebug.cpp
 
LOCAL_C_INCLUDES := $(LOCAL_PATH) \
                    $(LOCAL_PATH)/export_headers
 
 
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/export_headers
 
 
#ifeq (1,$(filter 1,$(shell echo "$$(( $(PLATFORM_SDK_VERSION) >= 26 ))" )))
LOCAL_PROPRIETARY_MODULE := true
#endif
 
LOCAL_SHARED_LIBRARIES :=liblog libutils libcutils
 
#asan related configure begin
LOCAL_CFLAGS += -fno-omit-frame-pointer  -O0 -Wno-frame-larger-than=  -fsanitize=address
LOCAL_CLANG := true
LOCAL_SHARED_LIBRARIES +=libclang_rt.asan-android_vnd
#asan related configure end
 
include $(BUILD_SHARED_LIBRARY)
#include $(BUILD_STATIC_LIBRARY)

三、编译问题汇总

1，虚函数没有被子类实现


Base.h:0: error: undefined reference to 'vtable for 
prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/aarch64-linux-android/bin/ld.gold: the vtable symbol may be undefined because the class is missing its key function
Base.h:0: error: undefined reference to 'vtable for 
prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/aarch64-linux-android/bin/ld.gold: the vtable symbol may be undefined because the class is missing its key function
clang-6.0: error: linker command failed with exit code 1 (use -v to see invocation)
[ 68% 20/29] target Prebuilt:...D/vendor.gwm.hardware.health@1.0-service-client)
ninja: build stopped: subcommand failed.

解决办法：


diff --git a/1.0/default/impl/src/monitor/MonitorBase.h b/1.0/default/impl/src/monitor/MonitorBase.h
index 2590edd..a1c31ad 100755
--- a/1.0/default/impl/src/monitor/MonitorBase.h
+++ b/1.0/default/impl/src/monitor/MonitorBase.h
@@ -50,7 +50,7 @@ class MonitorBase : public android::RefBase {
   MonitorBase() {}
   virtual ~MonitorBase() {}
 
-  virtual void dumpResource();
+  virtual void dumpResource() {}

2，surfaceflinger开启后也会出现如下问题：


frameworks/native/services/surfaceflinger/RenderEngine/RenderEngine.h:0: error: undefined reference to 'vtable for android::RE::RenderEngine'
prebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.9/arm-linux-androideabi/bin/ld: the vtable symbol may be undefined because the class is missing its key function
clang-6.0: error: linker command failed with exit code 1 (use -v to see invocation)
ninja: build stopped: subcommand failed.

解决方法：


diff --git a/services/surfaceflinger/RenderEngine/RenderEngine.h b/services/surfaceflinger/RenderEngine/RenderEngine.h
old mode 100644
new mode 100755
index 178615548..2d15eabd1
--- a/services/surfaceflinger/RenderEngine/RenderEngine.h
+++ b/services/surfaceflinger/RenderEngine/RenderEngine.h
@@ -103,7 +103,7 @@ public:
     virtual void unbindNativeBufferAsFrameBuffer(RE::BindNativeBufferAsFramebuffer* bindHelper) = 0;
  
     // set-up
-    virtual void checkErrors() const;
+    virtual void checkErrors() const = 0;
     virtual void setViewportAndProjection(size_t vpw, size_t vph, Rect sourceCrop, size_t hwh,
                                           bool yswap, Transform::orientation_flags rotation) = 0;
     virtual void setupLayerBlending(bool premultipliedAlpha, bool opaque, bool disableTexture,

四，编译与运行

ASAN在发现有违规内存操作的时候，就会ABORT该进程，并产生tombstone，main log打印异常栈。在如踩内存发生的时候就会打印，而不会等到被踩内存时候发生。

ASAN检测内存泄漏能力较弱。通常要等到应用推出时候才会把统计的未释放的内存打印出来。这就需要程序设计能够正常推出的代码流程。

以下烂代码为例，开启 ASAN：


 
+  if (HeartBeatCount > 60) {
+       char* p = (char*)malloc(40);
+       for(int x = 0; x < 50; x ++) {p[x] = 'c';}
+  }
+

编译、烧写，开机；抓取adb log.

五， LOG分析

上述在运行时候会产生如下LOG打印：


01-02 03:13:59.407   573   626 I HealthFdbusClient: sendHeartBeat: sendHeartBeat count=60
01-02 03:13:59.408   573   626 I vendor.gwm.hardware.health@1.0-service: =================================================================
01-02 03:13:59.408   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.409   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.409   573   626 I vendor.gwm.hardware.health@1.0-service: ==573==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x003200039678 at pc 0x005892d4c428 bp 0x007692802970 sp 0x007692802968
01-02 03:13:59.409   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.409   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.409   573   626 I vendor.gwm.hardware.health@1.0-service: WRITE of size 1 at 0x003200039678 thread T3
01-02 03:13:59.409   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.422   573   626 I vendor.gwm.hardware.health@1.0-service:     #0 0x5892d4c427  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x28427)
01-02 03:13:59.422   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.422   573   626 I vendor.gwm.hardware.health@1.0-service:     #1 0x5892d3bdd3  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x17dd3)
01-02 03:13:59.422   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.422   573   626 I vendor.gwm.hardware.health@1.0-service:     #2 0x5892d3e693  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x1a693)
01-02 03:13:59.422   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.422   573   626 I vendor.gwm.hardware.health@1.0-service:     #3 0x5892d43813  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x1f813)
01-02 03:13:59.422   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.422   573   626 I vendor.gwm.hardware.health@1.0-service:     #4 0x76968439b7  (/system/lib64/libc.so+0x819b7)
01-02 03:13:59.422   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.423   573   626 I vendor.gwm.hardware.health@1.0-service:     #5 0x76967e547b  (/system/lib64/libc.so+0x2347b)
01-02 03:13:59.423   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.423   573   626 I chatty  : uid=0(root) health@1.0-serv identical 1 line
01-02 03:13:59.423   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.423   573   626 I vendor.gwm.hardware.health@1.0-service: 0x003200039678 is located 0 bytes to the right of 40-byte region [0x003200039650,0x003200039678)
01-02 03:13:59.423   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.423   573   626 I vendor.gwm.hardware.health@1.0-service: allocated by thread T3 here:
01-02 03:13:59.423   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service:     #0 0x76957ac133  (/system/lib64/libclang_rt.asan-aarch64-android.so+0x9d133)
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service:     #1 0x5892d4c38b  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x2838b)
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service:     #2 0x5892d3bdd3  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x17dd3)
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service:     #3 0x5892d3e693  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x1a693)
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service:     #4 0x5892d43813  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x1f813)
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.424   573   626 I vendor.gwm.hardware.health@1.0-service:     #5 0x76968439b7  (/system/lib64/libc.so+0x819b7)
01-02 03:13:59.425   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.425   573   626 I vendor.gwm.hardware.health@1.0-service:     #6 0x76967e547b  (/system/lib64/libc.so+0x2347b)
01-02 03:13:59.425   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.425   573   626 I chatty  : uid=0(root) health@1.0-serv identical 1 line
01-02 03:13:59.425   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.425   573   626 I vendor.gwm.hardware.health@1.0-service: Thread T3 created by T0 here:
01-02 03:13:59.425   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.425   573   626 I vendor.gwm.hardware.health@1.0-service:     #0 0x76957999bf  (/system/lib64/libclang_rt.asan-aarch64-android.so+0x8a9bf)
01-02 03:13:59.425   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.425   573   626 I vendor.gwm.hardware.health@1.0-service:     #1 0x5892d3f8c7  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x1b8c7)
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service:     #2 0x5892d35953  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x11953)
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service:     #3 0x5892d3687b  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x1287b)
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service:     #4 0x5892d3172f  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0xd72f)
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service:     #5 0x769686eacb  (/system/lib64/libc.so+0xacacb)
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service:     #6 0x5892d315d7  (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0xd5d7)
01-02 03:13:59.426   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.429   573   626 I vendor.gwm.hardware.health@1.0-service:     #7 0x7696aaf58f  (/system/bin/linker64+0x2e58f)
01-02 03:13:59.429   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.429   573   626 I chatty  : uid=0(root) health@1.0-serv identical 1 line
01-02 03:13:59.429   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.430   573   626 I vendor.gwm.hardware.health@1.0-service: SUMMARY: AddressSanitizer: heap-buffer-overflow (/vendor/bin/hw/vendor.gwm.hardware.health@1.0-service+0x28427) 
01-02 03:13:59.430   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.430   573   626 I vendor.gwm.hardware.health@1.0-service: Shadow bytes around the buggy address:
01-02 03:13:59.430   573   626 I vendor.gwm.hardware.health@1.0-service:   0x001640007270: fa fa fd fd fd fd fa fa fa fa fd fd fd fd fd fd
01-02 03:13:59.430   573   626 I vendor.gwm.hardware.health@1.0-service:   0x001640007280: fa fa fd fd fd fd fa fa fa fa fd fd fd fd fd fd
01-02 03:13:59.430   573   626 I vendor.gwm.hardware.health@1.0-service:   0x001640007290: fa fa fd fd fd fd fd fd fa fa fd fd fd fa fa fa
01-02 03:13:59.430   573   626 I vendor.gwm.hardware.health@1.0-service:   0x0016400072a0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
01-02 03:13:59.430   573   626 I vendor.gwm.hardware.health@1.0-service:   0x0016400072b0: fa fa fd fd fd fd fa fa fa fa fd fd fd fa fa fa
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service: =>0x0016400072c0: fa fa 00 00 00 00 fa fa fa fa 00 00 00 00 00[fa]
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   0x0016400072d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   0x0016400072e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   0x0016400072f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   0x001640007300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   0x001640007310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service: Shadow byte legend (one shadow byte represents 8 application bytes):
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   Addressable:           00
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   Partially addressable: 01 02 03 04 05 06 07 
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   Heap left redzone:       fa
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   Freed heap region:       fd
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   Stack left redzone:      f1
01-02 03:13:59.431   573   626 I vendor.gwm.hardware.health@1.0-service:   Stack mid redzone:       f2
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Stack right redzone:     f3
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Stack after return:      f5
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Stack use after scope:   f8
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Global redzone:          f9
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Global init order:       f6
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Poisoned by user:        f7
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Container overflow:      fc
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Array cookie:            ac
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Intra object redzone:    bb
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   ASan internal:           fe
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Left alloca redzone:     ca
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service:   Right alloca redzone:    cb
01-02 03:13:59.432   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.433   573   626 I vendor.gwm.hardware.health@1.0-service: ==573==ABORTING
01-02 03:13:59.433   573   626 I vendor.gwm.hardware.health@1.0-service: 
01-02 03:13:59.433   573   626 F libc    : Fatal signal 6 (SIGABRT), code -6 (SI_TKILL) in tid 626 (health@1.0-serv), pid 573 (health@1.0-serv)
01-02 03:13:59.510 10797 10797 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
01-02 03:13:59.511   935   935 I /system/bin/tombstoned: received crash request for pid 626
01-02 03:13:59.512 10797 10797 I crash_dump64: performing dump of process 573 (target tid = 626)
01-02 03:13:59.514 10797 10797 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-02 03:13:59.514 10797 10797 F DEBUG   : Build fingerprint: 'Android/sa8155_v35_d02/sa8155_v35_d02:9/PQ1A.190105.004/zhangheyang04181326:userdebug/test-keys'
01-02 03:13:59.514 10797 10797 F DEBUG   : Revision: '0'
01-02 03:13:59.514 10797 10797 F DEBUG   : ABI: 'arm64'
01-02 03:13:59.514 10797 10797 F DEBUG   : pid: 573, tid: 626, name: health@1.0-serv  >>> /vendor/bin/hw/vendor.gwm.hardware.health@1.0-service <<<
01-02 03:13:59.514 10797 10797 F DEBUG   : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
01-02 03:13:59.514 10797 10797 F DEBUG   : Abort message too long: claimed length = 3499
01-02 03:13:59.514 10797 10797 F DEBUG   :     x0  0000000000000000  x1  0000000000000272  x2  0000000000000006  x3  0000000000000008
01-02 03:13:59.514 10797 10797 F DEBUG   :     x4  ff464d4853514e41  x5  ff464d4853514e41  x6  ff464d4853514e41  x7  7f7f7f7f7f7f7f7f
01-02 03:13:59.514 10797 10797 F DEBUG   :     x8  0000000000000083  x9  1858882d2c01f7e5  x10 0000000000000000  x11 fffffffc7fffffdf
01-02 03:13:59.514 10797 10797 F DEBUG   :     x12 0000000000000001  x13 0000000000000000  x14 0000000000000004  x15 0000000000000000
01-02 03:13:59.514 10797 10797 F DEBUG   :     x16 00000076968b12c8  x17 00000076967ef0d0  x18 0000000000000006  x19 000000000000023d
01-02 03:13:59.514 10797 10797 F DEBUG   :     x20 0000000000000272  x21 0000007696496108  x22 0000007695a8c3b8  x23 00000076964960f0
01-02 03:13:59.514 10797 10797 F DEBUG   :     x24 0000005892d4c428  x25 0000000000000001  x26 0000007696bd65e0  x27 000000000000006f
01-02 03:13:59.514 10797 10797 F DEBUG   :     x28 0000000000000000  x29 0000007692801c90
01-02 03:13:59.514 10797 10797 F DEBUG   :     sp  0000007692801c50  lr  00000076967e3bfc  pc  00000076967e3c24
01-02 03:13:59.519 10797 10797 F DEBUG   : 
01-02 03:13:59.519 10797 10797 F DEBUG   : backtrace:
01-02 03:13:59.519 10797 10797 F DEBUG   :     #00 pc 0000000000021c24  /system/lib64/libc.so (abort+116)
01-02 03:13:59.519 10797 10797 F DEBUG   :     #01 pc 0000000000033690  /system/lib64/libclang_rt.asan-aarch64-android.so (__sanitizer::Abort()+56)
01-02 03:13:59.519 10797 10797 F DEBUG   :     #02 pc 0000000000031250  /system/lib64/libclang_rt.asan-aarch64-android.so (__sanitizer::Die()+164)
01-02 03:13:59.519 10797 10797 F DEBUG   :     #03 pc 00000000000a1fd0  /system/lib64/libclang_rt.asan-aarch64-android.so (__asan::ScopedInErrorReport::~ScopedInErrorReport()+316)
01-02 03:13:59.519 10797 10797 F DEBUG   :     #04 pc 00000000000a1768  /system/lib64/libclang_rt.asan-aarch64-android.so (__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool)+348)
01-02 03:13:59.519 10797 10797 F DEBUG   :     #05 pc 00000000000a2594  /system/lib64/libclang_rt.asan-aarch64-android.so (__asan_report_store1+48)
01-02 03:13:59.519 10797 10797 F DEBUG   :     #06 pc 0000000000028424  /vendor/bin/hw/vendor.gwm.hardware.health@1.0-service (vendor::gwm::hardware::health::V1_0::implementation::HealthFdbusClient::sendHeartBeat(int)+1252)
01-02 03:13:59.519 10797 10797 F DEBUG   :     #07 pc 0000000000017dd0  /vendor/bin/hw/vendor.gwm.hardware.health@1.0-service (vendor::gwm::hardware::health::V1_0::implementation::Health::sendHeartBeat()+96)
01-02 03:13:59.519 10797 10797 F DEBUG   :     #08 pc 000000000001a690  /vendor/bin/hw/vendor.gwm.hardware.health@1.0-service (vendor::gwm::hardware::health::V1_0::implementation::HealthThreadWorker::HandleLifeSign()+900)
01-02 03:13:59.519 10797 10797 F DEBUG   :     #09 pc 000000000001f810  /vendor/bin/hw/vendor.gwm.hardware.health@1.0-service
01-02 03:13:59.519 10797 10797 F DEBUG   :     #10 pc 00000000000819b4  /system/lib64/libc.so (__pthread_start(void*)+36)
01-02 03:13:59.519 10797 10797 F DEBUG   :     #11 pc 0000000000023478  /system/lib64/libc.so (__start_thread+68)

根据提示内容，以及addr2line，分别找到触发ASAN的地方、被监控内存申请的地方、被监测线程创建的地方。

触发ASAN的地方，参考上述LOG WRITE of size 1 at 0x003200039678 thread T3


codes/android/out/target/product/sa8155_v35/symbols/vendor/bin/hw]
> addr2line -e ./vendor.gwm.hardware.health@1.0-service 28427 -f -a -C
0x0000000000028427
vendor::gwm::hardware::health::V1_0::implementation::HealthFdbusClient::sendHeartBeat(int)
vendor/noch/project/v3.5/sa8155/interfaces/impl/health/1.0/default/impl/src/fdbus/HealthFdbusClient.cpp:181

被监控内存申请的地方，参考上述LOG allocated by thread T3 here:


> addr2line -e ./vendor.gwm.hardware.health@1.0-service 2838b -f -a -C
0x000000000002838b
vendor::gwm::hardware::health::V1_0::implementation::HealthFdbusClient::sendHeartBeat(int)
vendor/noch/project/v3.5/sa8155/interfaces/impl/health/1.0/default/impl/src/fdbus/HealthFdbusClient.cpp:180

被监测线程创建的地方，参考上述LOG Thread T3 created by T0 here:


> addr2line -e ./vendor.gwm.hardware.health@1.0-service 1b8c7 -f -a -C
0x000000000001b8c7
std::__1::__libcpp_thread_create(long*, void* (*)(void*), void*)
external/libcxx/include/__threading_support:33

结语

如果有不懂的地方请留言，我会更新回复。

相关阅读:
CY3/5/7/FITC荧光素标记乳糖/蜜二糖/单乙酰氨基半乳糖
 计算机毕业设计Java大连环保公益网源码+系统+数据库+lw文档
 CSS样式中选择器+盒子模型+定位+浮动
 VScode + opencv（cmake编译） + c++ + win配置教程
 2024护网面试题精选(一)
互联网行业，常见含金量高的证书，看看你有几个？
Java手写HashMap及拓展实践
 机器学习入门路线
 海德上位机软件学习总结(NetScada5.0)
Vue响应式数据的判断
原文地址：https://blog.csdn.net/suixin______/article/details/133713263