Home Page Ah File Ah diary Ah IOS Crash capture and stack symbolization analysis of -ios learning from entry to proficient in Ji long letter

IOS Crash capture and stack symbolization analysis of -ios learning from entry to proficient in Ji long letter

Sharing the hottest information


Recently, in the field of Crash analysis, it is found that although iOS's crash capture and stack symbolization already have many materials to refer to, there are no more complete sets of solutions, which lead to a lot of pits and delays. So I want to make a summary, elaborate the overall thinking and the guide for Crash collection and analysis, and give details on the details. With ideas, So Easy is also achieved.

Crash capture

For crash capture, before Analysis of the technical principles of mobile terminal monitoring system It is explained in detail, and the corresponding Demo is given. The crash is mainly caused by Mach anomaly and Objective-C exception (NSException). At the same time, for Mach anomaly, the BSD layer will be converted to the corresponding Signal signal. Then we can capture the Crash event by capturing the signal. For NSException, you can capture abnormal information by registering NSUncaughtExceptionHandler. The following image is taken from Ali, which shows the client crash analysis framework succinctly.



Before we develop our own Crash collection framework, we will definitely access the three party log framework such as NetEase cloud capture, Tencent Bugly, Fabric and so on to collect and analyze the crash. Conflicts often exist when multiple Crash collection frameworks exist.

Whether it is for Signal capture or NSException capture, there will be handler coverage problem. The correct approach should be to determine whether the former has registered handler, and if so, it should save the handler and then throw out the handler after processing its own handler for the Registrar to process. The corresponding Demo and Demo are provided by @zerygao.

The above is a rough code thinking to deal with the conflict of Signal handler, and the following are the ideas of NSException handler.

Stack collection

You can directly use the system method to get the current thread stack, or you can use PLCrashRepoter to get all the thread stack, or you can refer to it. BSBacktraceLogger I write a lightweight stack collection framework.

Stack symbol resolution

There are four common ways to restore stack symbolization:

  • Symbolicatecrash

  • Atos tools under mac

  • Alternatives to ATOS under Linux Atosl

  • The corresponding relation between address and symbol is extracted by dSYM file, and the symbol is restored.

The above scenarios have corresponding application scenarios. For the online Crash stack symbol recovery, the latter three schemes are mainly used. The use of ATOS and atosl is very similar. Here is an example of ATOS.

But ATOS is a tool on Mac. It needs to use Mac or black apple to do the parsing work. If we do the analysis work from the background, we often need a Linux based parsing scheme. At this time we can choose atosl, but this library has not been updated for many years. At the same time, based on our trial, atosl seems not to support the arm64 architecture, so we gave up the solution.

Finally, we use fourth schemes to extract the symbol table of dSYM, we can develop our own tools, or we can use bugly directly. Tools provided by NetEase cloud capture The following is the extracted symbol table. The first column is the starting memory address, the second column is the end address, and the third column is the corresponding function name, file name and line number.

Because every time the program starts to change the base address, the address mentioned above is a relative offset address. After we get the collapse stack address, we can match the address in the symbol table according to the offset address in the stack, and then find the function symbol corresponding to the stack. For example, the following fourth lines, offset to 43072, convert to sixteen or a840, use a840 to find corresponding relation in the symbol table above, and find corresponding -[GYRootViewController tableView:cellForRowAtIndexPath:]. In this way, stack addresses can be completely turned into function symbols.


There are multiple versions of our application and support many different architectures. How do we find the symbol table corresponding to the crash log? It is relying on UUID that only when the UUID of the crash log is consistent with the UUID of dSYM, can the correct analytical result be obtained.

DSYM's UUID acquisition method:

The method of obtaining UUID in application:

System library symbolization

The above only extracts the symbol table in dSYM, which is still powerless for the system library. For example, UIKit has no way to symbolized its address. If we want to symbolized the dynamic library, we need to get the symbol file of the system library first. The extraction system symbol file can be obtained from the iOS firmware, or the symbol file of the corresponding system can be found from the open source project on Github.

Just now, I have just explained a train of thought. The details can refer to the following information:

Copyright belongs to the author. For commercial retransmission, please contact the author for authorization.

IOS learn from entry to master.

Fabulous ( Zero )

This article is composed of Ji Chang Xin Creation, article address: Https://blog.isoyu.com/archives/20342.html
Use Knowledge sharing signature 4 The international license agreement is licensed. In addition to the reprint / provenance, all originals or translations of this site must be signed before retransmission. The final editing time is August, 23, 2017 at 04:00 afternoon.

Hot articles