Most of operations are reference from this link, but with some more refine, and detail.
http://www.kandroid.org/online-pdk/guide/debugging_native.html
This page show how to use gdb in android env, it will use adb to forward tcp to gbd port, so no network needed, and also show how to load the symbol information from an android build dir, also use sshfs to mapping the build env in server to local PC.
first, the commands in this page:
# the command under target board, adb
$ the command on host.
(god) the command under gdb shell.
to debug use gdb, tell adb forward all tcp to gdb port.
$ adb forward tcp:5039 tcp:5039
start gdb server at board.
# gbdserver :5039 --attach 257 &
or
# gdbserver :5039 /system/bin/surfacefligner
start debugging
$ prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin/arm-eabi-gdb out/target/product/sabresd_6q/symbols/system/bin/surfaceflinger
(gdb) set solib-absolute-prefix /home/xxxx/proj/ics/out/target/product/sabresd_6q/symbols/
(gdb) set solib-search-path /home/xxxx/proj/ics/out/target/product/sabresd_6q/symbols/system/lib
(gdb) target remote :5039
// don't let other scheduler during your debugging.
(gdb) set scheduler-locking on
// continue can start remote debugging.
(gbd) continue
Tips:
0. use sshfs to remap the build dir to your local PC:
// use adb require a usb cable connect to your board, so for some guy build the code on server, you can use sshfs to let all file system in server mapping to your PC.
// in my case, i use
sshfs b33xxx@10.192.224.xx:/home/b33xxx/ ~/shdroid1
start gdb command become:
prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin/arm-eabi-gdb /home/xxx/shdroid1/proj/ics/out/target/product/sabresd_6q/symbols/system/bin/surfaceflinger
and the path in gbd 's input is become:
set solib-absolute-prefix /home/xxx/shdroid1/proj/ics/out/target/product/sabresd_6q/symbols/
set solib-search-path /home/xxx/shdroid1/proj/ics/out/target/product/sabresd_6q/symbols/system/lib
1. how to keep gdb run
modify init.freescale.rc, change this line from:
setprop persist.sys.usb.config mtp
--> setprop persist.sys.usb.config gdb
2. How to let gdb load all symbol
gdbserver will stop at linker:begin.S when start, before continue, you should set a break point at main() function, after you stop at main, the all symbol will loaded, you can set break point by function's name
(gdb) b main
(gdb) continue
<--- after stop at main --->
b SurfaceFlinger::publishAndJoinThreadPool() # set break point by function name
3. how to restart debuging, restart debugging like this can keep the break points.
(gbd) kill
# gdbserver xxxx // needs to restart server
(gbd) target remote :5039 // reconnect.
(gbd) set scheduler-locking on
4. how to extract the stack dump quickly,
(going to android build dir)
$ . build/envsetup.sh
$ lunch
( choose your product)
(make sure this was full build dir)
run
$ ./development/scripts/stack
when you see this:
Reading native crash info from stdin
you can copy the stack dump from logcat, begin with
I/DEBUG ( 2167): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
such as:
I/DEBUG ( 2167): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG ( 2167): Build fingerprint: 'freescale/sabresd_6q/sabresd_6q:4.0.3/R13.2-rc3/eng.b33651.20120327.172909:eng/test-keys'
I/DEBUG ( 2167): pid: 2649, tid: 2649 >>> /system/bin/surfaceflinger <<<
I/DEBUG ( 2167): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 002e0064
I/DEBUG ( 2167): r0 ffffffff r1 002e0064 r2 401167d0 r3 0066791c
I/DEBUG ( 2167): r4 ffffffff r5 002e0064 r6 bec42a50 r7 40208e85
I/DEBUG ( 2167): r8 bec429f0 r9 00000a59 10 000003e8 fp 00000000
I/DEBUG ( 2167): ip 40196078 sp bec429b8 lr 4004d0e8 pc 4004d0e8 cpsr 00000010
I/DEBUG ( 2167): d0 0000000000000000 d1 0000000000000000
I/DEBUG ( 2167): d2 0000000000000000 d3 0000000000000000
I/DEBUG ( 2167): d4 0000000000000000 d5 0000000000000000
I/DEBUG ( 2167): d6 3f80000000000000 d7 000000003f800000
I/DEBUG ( 2167): d8 0000000000000000 d9 0000000000000000
I/DEBUG ( 2167): d10 0000000000000000 d11 0000000000000000
I/DEBUG ( 2167): d12 0000000000000000 d13 0000000000000000
I/DEBUG ( 2167): d14 0000000000000000 d15 0000000000000000
I/DEBUG ( 2167): d16 41a93d96b0b645a2 d17 3f50624dd2f1a9fc
I/DEBUG ( 2167): d18 41c5dae992000000 d19 0000000000000000
I/DEBUG ( 2167): d20 0000000000000000 d21 0000000000000000
I/DEBUG ( 2167): d22 0000000000000000 d23 0000000000000000
I/DEBUG ( 2167): d24 0000000000000000 d25 0000000000000000
I/DEBUG ( 2167): d26 0000000000000000 d27 0000000000000000
I/DEBUG ( 2167): d28 0000000000000000 d29 0000000000000000
I/DEBUG ( 2167): d30 0000000000000000 d31 0000000000000000
I/DEBUG ( 2167): scr 00000010
I/DEBUG ( 2167):
I/DEBUG ( 2167): #00 pc 000050e8 /system/lib/libcutils.so (android_atomic_add)
I/DEBUG ( 2167): #01 pc 0001a058 /system/lib/libutils.so (_ZNK7android7RefBase9decStrongEPKv)
I/DEBUG ( 2167): #02 pc 00019218 /system/lib/libbinder.so (_ZN7android2spINS_21IPermissionControllerEED1Ev)
I/DEBUG ( 2167): #03 pc 0001b1fa /system/lib/libbinder.so (_ZN7android14IPCThreadState14executeCommandEi)
I/DEBUG ( 2167): #04 pc 0001b3c6 /system/lib/libbinder.so (_ZN7android14IPCThreadState14joinThreadPoolEb)
I/DEBUG ( 2167):
I/DEBUG ( 2167): code around pc:
I/DEBUG ( 2167): 4004d0c8 e1853f92 e3530000 1afffffa e8bd8070 .?....S.....p...
I/DEBUG ( 2167): 4004d0d8 e92d4070 e1a04000 e1a05001 ebffffd1 p@-..@...P......
I/DEBUG ( 2167): 4004d0e8 e1950f9f e0802004 e1853f92 e3530000 ..... ...?....S.
I/DEBUG ( 2167): 4004d0f8 1afffffa e8bd8070 e1a01000 e3e00000 ....p...........
I/DEBUG ( 2167): 4004d108 eafffff2 e1a01000 e3a00001 eaffffef ................
I/DEBUG ( 2167):
I/DEBUG ( 2167): memory map around addr 002e0064:
I/DEBUG ( 2167): 00009000-0000a000 /system/bin/surfaceflinger
I/DEBUG ( 2167): (no map for address)
I/DEBUG ( 2167): 00662000-00668000 [heap]
I/DEBUG ( 2167):
I/DEBUG ( 2167): stack:
I/DEBUG ( 2167): bec42978 bec42a20 [stack]
I/DEBUG ( 2167): bec4297c bec429f0 [stack]
I/DEBUG ( 2167): bec42980 00000004
I/DEBUG ( 2167): bec42984 bec42a20 [stack]
I/DEBUG ( 2167): bec42988 00000a59
I/DEBUG ( 2167): bec4298c 000003e8
I/DEBUG ( 2167): bec42990 00000000
I/DEBUG ( 2167): bec42994 4010ed0d /system/lib/libsurfaceflinger.so
I/DEBUG ( 2167): bec42998 00000010
I/DEBUG ( 2167): bec4299c 00000004
I/DEBUG ( 2167): bec429a0 bec42a20 [stack]
I/DEBUG ( 2167): bec429a4 bec429f0 [stack]
I/DEBUG ( 2167): bec429a8 0066791c [heap]
I/DEBUG ( 2167): bec429ac 00000004
I/DEBUG ( 2167): bec429b0 df0027ad
I/DEBUG ( 2167): bec429b4 00000000
I/DEBUG ( 2167): #00 bec429b8 002e0064
I/DEBUG ( 2167): bec429bc 00667f68 [heap]
I/DEBUG ( 2167): bec429c0 bec42a50 [stack]
I/DEBUG ( 2167): bec429c4 4018205b /system/lib/libutils.so
I/DEBUG ( 2167): #01 bec429c8 bec42a50 [stack]
I/DEBUG ( 2167): bec429cc 00000000
I/DEBUG ( 2167): bec429d0 4021932c /system/lib/libbinder.so
I/DEBUG ( 2167): bec429d4 4020a21b /system/lib/libbinder.so
then you type CTRL-D to tell the script EOF,
then you will see the full stack dump with source and lines like this;
Reading symbols from /home/b33651/proj/ics/out/target/product/sabresd_6q/symbols
pid: 2649, tid: 2649 >>> /system/bin/surfaceflinger <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 002e0064
r0 ffffffff r1 002e0064 r2 401167d0 r3 0066791c
r4 ffffffff r5 002e0064 r6 bec42a50 r7 40208e85
r8 bec429f0 r9 00000a59 10 000003e8 fp 00000000
ip 40196078 sp bec429b8 lr 4004d0e8 pc 4004d0e8
Stack Trace:
RELADDR FUNCTION FILE:LINE
000050e8 android_atomic_add+16 /home/b33651/proj/ics/system/core/include/cutils/atomic-arm.h:158
0001a058 android::RefBase::decStrong(void const*) const+12 /home/b33651/proj/ics/frameworks/base/libs/utils/RefBase.cpp:351
v------> ~sp /home/b33651/proj/ics/frameworks/base/include/utils/StrongPointer.h:149
00019218 android::sp<android::IMemoryHeap>::~sp()+20 /home/b33651/proj/ics/frameworks/base/include/utils/StrongPointer.h:149
0001b1fa android::IPCThreadState::executeCommand(int)+538 /home/b33651/proj/ics/frameworks/base/libs/binder/IPCThreadState.cpp:1029
0001b3c6 android::IPCThreadState::joinThreadPool(bool)+186 /home/b33651/proj/ics/frameworks/base/libs/binder/IPCThreadState.cpp:468
Stack Data:
ADDR VALUE FILE:LINE/FUNCTION
bec42978 bec42a20
bec4297c bec429f0
bec42980 00000004
bec42984 bec42a20
bec42988 00000a59
bec4298c 000003e8
bec42990 00000000
bec42994 4010ed0d
bec42998 00000010
bec4299c 00000004
bec429a0 bec42a20
bec429a4 bec429f0
bec429a8 0066791c
bec429ac 00000004
bec429b0 df0027ad
bec429b4 00000000
bec429b8 002e0064
bec429bc 00667f68
bec429c0 bec42a50
bec429c4 4018205b
bec429c8 bec42a50
bec429cc 00000000
bec429d0 4021932c
bec429d4 4020a21b
#####----------------------------
set solib-absolute-prefix /home/kzj/shdroid1/proj/ics/out/target/product/sabresd_6q/symbols/
set solib-search-path /home/kzj/shdroid1/proj/ics/out/target/product/sabresd_6q/symbols/system/lib