效能最佳化-使用objdump分析core堆疊
使用objdump分析core堆疊
原始碼
執行程式
使用objdump分析
原始碼
執行程式
objdump
使用c++程式設計的同學,經常會遇到諸如記憶體越界、重複釋放等記憶體問題,大家比較習慣的追查這類問題的方式是,開啟core檔案的limit,生成core檔案,用gdb進行分析; 但是,在實際的生產環境中。由於程式本省佔用記憶體非常大,比如搜尋的索引服務,進行core的dump不太現實,所以一般採用,在程式中捕獲訊號,之後列印程序的堆疊資訊,再進行追查。 下面本文,就按照這種方式進行追查,首先,分析沒有so的程式如何使用objdump與彙編進行分析程式的問題所在;接著分析有so的程式,如何使用objdump進行分析,希望對大家能有所幫助。
普通程式的core分析
原始碼
#include
#include
#include
#include
#include
#include
#include
static void print_stack_fs(int sig, FILE * output)
{
fprintf(output, “————————————————————\n”);
char pTime[256];
//getSafeNow(pTime, 256);
fprintf(output, “[%s] received signal=%d, thread_id=%ld\n”,
“now”, sig, getpid());
void *array[128]; // 128 stacks at most
size_t size = backtrace(array, sizeof(array) / sizeof(array[0]));
if (size > 0 && size < 128) {
char ** stackLog = backtrace_symbols(array, size);
if(stackLog) {
for (size_t i = 0; i < size; i++) {
fprintf(output,“%s\n”, stackLog[i]);
}
fflush(output);
free(stackLog);
}
}
}
static void sig_handler(int signo)
{
if (signo == SIGSEGV ||
signo == SIGBUS ||
signo == SIGABRT ||
signo == SIGFPE) {
print_stack_fs(signo, stderr);
exit(-1);
}
else if (signo == SIGTERM || signo == SIGINT) {
exit(-1);
}
}
static void sig_register()
{
struct sigaction sigac;
sigemptyset(&sigac。sa_mask);
sigac。sa_handler = sig_handler;
sigac。sa_flags = 0;
sigaction(SIGTERM, &sigac, 0);
sigaction(SIGINT , &sigac, 0);
sigaction(SIGQUIT, &sigac, 0);
sigaction(SIGPIPE, &sigac, 0);
sigaction(SIGBUS , &sigac, 0);
sigaction(SIGABRT, &sigac, 0);
sigaction(SIGFPE , &sigac, 0);
sigaction(SIGSEGV, &sigac, 0);
}
int main(int argc, char *argv[])
{
sig_register();
int a = 10, b = -2, c = 100;
char * pstr = 0x00;
int d = 100;
*pstr = 0x00;
return 0;
}
執行程式
關鍵地址:0x400add,指向出錯的程式碼的具體的虛擬空間地址
[now] received signal=11, thread_id=1852
。/a。out() [0x4008ab]
。/a。out() [0x400985]
/lib64/libc。so。6(+0x362f0) [0x7fbc41a3d2f0]
。/a。out() [0x400add]
/lib64/libc。so。6(__libc_start_main+0xf5) [0x7fbc41a29445]
。/a。out() [0x400769]
使用objdump分析
objdump -d a。out ,分析-0x18(%rbp)的地址是變數pstr的地址,之後將pstr的放置到暫存器rax賦值,之後沒有申請記憶體的空指標進行賦值出core,具體請看下面的彙編程式碼
321 0000000000400aa1
322 400aa1: 55 push %rbp
323 400aa2: 48 89 e5 mov %rsp,%rbp
324 400aa5: 48 83 ec 30 sub $0x30,%rsp
325 400aa9: 89 7d dc mov %edi,-0x24(%rbp)
326 400aac: 48 89 75 d0 mov %rsi,-0x30(%rbp)
327 400ab0: e8 f2 fe ff ff callq 4009a7 <_ZL12sig_registerv>
328 400ab5: c7 45 fc 0a 00 00 00 movl $0xa,-0x4(%rbp) // 變數a
329 400abc: c7 45 f8 fe ff ff ff movl $0xfffffffe,-0x8(%rbp) // 變數b
330 400ac3: c7 45 f4 64 00 00 00 movl $0x64,-0xc(%rbp) // 變數c
331 400aca: 48 c7 45 e8 00 00 00 movq $0x0,-0x18(%rbp) // 變數 pstr
332 400ad1: 00
333 400ad2: c7 45 e4 64 00 00 00 movl $0x64,-0x1c(%rbp) // 變數d
334 400ad9: 48 8b 45 e8 mov -0x18(%rbp),%rax // 將變數pstr放到rax暫存器
335 400add: c6 00 00 movb $0x0,(%rax) // 對pstr賦值,也就是對空指標賦值,找到問題
336 400ae0: b8 00 00 00 00 mov $0x0,%eax
337 400ae5: c9 leaveq
338 400ae6: c3 retq
339 400ae7: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
core在so裡面的objdump分析
原始碼
max。h
#ifndef __MAX_H__
#define __MAX_H__
int max(int n1, int n2, int n3);
#endif
max。cpp
#include “max。h”
int max(int n1, int n2, int n3)
{
int max_num = n1;
max_num = max_num < n2? n2: max_num;
max_num = max_num < n3? n3: max_num;
char * pstr = 0x00;
*pstr = 0x00;
return max_num;
}
test。cpp
#include
#include
#include
#include
#include
#include
#include
#include “max。h”
static void print_stack_fs(int sig, FILE * output)
{
fprintf(output, “————————————————————\n”);
char pTime[256];
//getSafeNow(pTime, 256);
fprintf(output, “[%s] received signal=%d, thread_id=%ld\n”,
“now”, sig, getpid());
void *array[128]; // 128 stacks at most
size_t size = backtrace(array, sizeof(array) / sizeof(array[0]));
if (size > 0 && size < 128) {
char ** stackLog = backtrace_symbols(array, size);
if(stackLog) {
for (size_t i = 0; i < size; i++) {
fprintf(output,“%s\n”, stackLog[i]);
}
fflush(output);
free(stackLog);
}
}
}
static void sig_handler(int signo)
{
if (signo == SIGSEGV ||
signo == SIGBUS ||
signo == SIGABRT ||
signo == SIGFPE) {
print_stack_fs(signo, stderr);
exit(-1);
}
else if (signo == SIGTERM || signo == SIGINT) {
exit(-1);
}
}
static void sig_register()
{
struct sigaction sigac;
sigemptyset(&sigac。sa_mask);
sigac。sa_handler = sig_handler;
sigac。sa_flags = 0;
sigaction(SIGTERM, &sigac, 0);
sigaction(SIGINT , &sigac, 0);
sigaction(SIGQUIT, &sigac, 0);
sigaction(SIGPIPE, &sigac, 0);
sigaction(SIGBUS , &sigac, 0);
sigaction(SIGABRT, &sigac, 0);
sigaction(SIGFPE , &sigac, 0);
sigaction(SIGSEGV, &sigac, 0);
}
int main(int argc, char *argv[])
{
sig_register();
int a = 10, b = -2, c = 100;
int d = 100;
printf(“max among 10, -2 and 100 is %d。\n”, max(a, b, c));
return 0;
}
執行程式
關鍵地址:。/libmax。so(_Z3maxiii+0x45) [0x7fb914d6868a]
[now] received signal=11, thread_id=1893
。/a。out() [0x4009fb]
。/a。out() [0x400ad5]
/lib64/libc。so。6(+0x362f0) [0x7fb9141b12f0]
。/libmax。so(_Z3maxiii+0x45) [0x7fb914d6868a]
。/a。out() [0x400c33]
/lib64/libc。so。6(__libc_start_main+0xf5) [0x7fb91419d445]
。/a。out() [0x4008b9]
objdump
針對so進行反編譯,執行 objdump -d libmax。so,然後找搭配_Z3maxiii,地址是645,然後+上0x45,得到地址 68A 彙編程式碼:movq $0x0,-0x10(%rbp) 定義pstr,68A的地址同樣是對未申請記憶體的地址進行賦值出錯。
106 0000000000000645 <_Z3maxiii>:
107 645: 55 push %rbp
108 646: 48 89 e5 mov %rsp,%rbp
109 649: 89 7d ec mov %edi,-0x14(%rbp) // 引數1
110 64c: 89 75 e8 mov %esi,-0x18(%rbp) // 引數2
111 64f: 89 55 e4 mov %edx,-0x1c(%rbp) // 引數3
112 652: 8b 45 ec mov -0x14(%rbp),%eax
113 655: 89 45 fc mov %eax,-0x4(%rbp)
114 658: 8b 45 fc mov -0x4(%rbp),%eax
115 65b: 3b 45 e8 cmp -0x18(%rbp),%eax
116 65e: 7d 05 jge 665 <_Z3maxiii+0x20>
117 660: 8b 45 e8 mov -0x18(%rbp),%eax
118 663: eb 03 jmp 668 <_Z3maxiii+0x23>
119 665: 8b 45 fc mov -0x4(%rbp),%eax
120 668: 89 45 fc mov %eax,-0x4(%rbp)
121 66b: 8b 45 fc mov -0x4(%rbp),%eax
122 66e: 3b 45 e4 cmp -0x1c(%rbp),%eax
123 671: 7d 05 jge 678 <_Z3maxiii+0x33>
124 673: 8b 45 e4 mov -0x1c(%rbp),%eax
125 676: eb 03 jmp 67b <_Z3maxiii+0x36>
126 678: 8b 45 fc mov -0x4(%rbp),%eax
127 67b: 89 45 fc mov %eax,-0x4(%rbp)
128 67e: 48 c7 45 f0 00 00 00 movq $0x0,-0x10(%rbp) // pstr
129 685: 00
130 686: 48 8b 45 f0 mov -0x10(%rbp),%rax
131 68a: c6 00 00 movb $0x0,(%rax) // 對pstr賦值0,這個就是問題所在了
132 68d: 8b 45 fc mov -0x4(%rbp),%eax
133 690: 5d pop %rbp
使用addr2line定位問題的行數
[dubaokun@localhost so]$ addr2line -e libmax。so -ifC 68a
max(int, int, int)
/home/dubaokun/github/code/engine_code/compile/objdump/so/max。cpp:9 (discriminator 3)
總結
以上的程式較為簡單,實際工作中的程式較為複雜,但是複雜都是由基礎而來的,大家可以認真思考、仔細研究,對於彙編程式碼要有一定的理解。