压测中文加密解密

[zxp0505]

奔溃信息：A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x8 in tid 5529 (JVMTI Agent thr), pid 5368
压测方式：
private void test() {
for (int i = 0; i < 1000000; i++) {
long start = SystemClock.currentThreadTimeMillis();
String initstr = edit.getText().toString();
String one = strings[random.nextInt(10)];
String two = strings[random.nextInt(10)];
initstr = initstr.concat(one).concat(two);
String encode = AESEncrypt.encode(SecondActivity.this, initstr);
String decode = AESEncrypt.decode(SecondActivity.this, encode);
if (!initstr.equals(decode)) {
// YLog.e(TAG, "解密出錯：initstr：" + initstr + "----decode:" + decode);
Log.e(TAG, "解密出錯：initstr：" + initstr + "----decode:" + decode);
}
long end = SystemClock.currentThreadTimeMillis();
Log.e(TAG, "initstr：" + initstr + "----encode:" + encode+ "----decode:" + decode+"---耗时：" + (end - start));
// Log.e(TAG, "initstr：" + initstr + "----encode:" + encode+ "---耗时：" + (end - start));
}

使用中文字符串压测，奔溃必现

[BruceWind]

需要完整的日志
然后 用 addr2line -e -f libc.so 地址

比如 addr2line -e -f libc.so 999c1234234

[BruceWind]

一般要么你去定位地址，要么自己打日志看下具体挂在哪里。
我目前怀疑 可能是static 字段导致的。

[zxp0505]

java层加锁了 如果是纯英文或者符号的话 是不会出现的 今天试了下 中文混合的 就必现了
目前没有详细的日志输出 怎么输出呢 ？

[BruceWind]

你是crash了？ 按理说应该有详细日志。

[BruceWind]

不知道你测试的 中文字符是什么 我这里拿你的代码执行 for 循环没有发生crash

[zxp0505]

有日志 ：
--------- beginning of crash
2019-06-24 17:17:54.090 7726-7763/cpu.zxp.com.aa A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 7763 (Thread-2), pid 7726 (cpu.zxp.com.aa)
2019-06-24 17:17:54.105 7726-7726/cpu.zxp.com.aa A/zygote64: oat_quick_method_header.cc:56] Failed to find Dex offset for PC offset 0x26ae5088(PC 0x9907f8d8, entry_point=0x7259a850 current entry_point=0x7848510cb0) in android.os.Message android.os.MessageQueue.next()
2019-06-24 17:17:54.105 234-320/? E/HWC2On1Adapter: Validate was called more than once!
2019-06-24 17:17:54.125 234-320/? E/HWC2On1Adapter: Validate was called more than once!
2019-06-24 17:17:54.189 7767-7767/? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
2019-06-24 17:17:54.190 290-290/? I//system/bin/tombstoned: received crash request for pid 7726
2019-06-24 17:17:54.191 7767-7767/? I/crash_dump64: performing dump of process 7726 (target tid = 7763)
2019-06-24 17:17:54.191 7767-7767/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2019-06-24 17:17:54.191 7767-7767/? A/DEBUG: Build fingerprint: 'xiyun/px30_evb/px30_evb:8.1.0/G3F4D4Y1N/153400:userdebug/test-keys'
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: Revision: '0'
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: ABI: 'arm64'
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: pid: 7726, tid: 7763, name: Thread-2 >>> cpu.zxp.com.aa <<<
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: Cause: null pointer dereference
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: x0 0000007830bfdd68 x1 0000000000000001 x2 000000000000000b x3 0000000000000002
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: x4 0000000000000000 x5 0000000000000000 x6 0000000000000000 x7 e895afe88796e6ad
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: x8 5899245e026b5110 x9 5899245e026b5110 x10 0000007832c0f340 x11 000000000000042f
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: x12 0000000000000000 x13 000000000000000e x14 00000000000000e6 x15 0000000000000005
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: x16 00000078485ea5d0 x17 00000078c9230658 x18 0000000000000008 x19 00000078c9f0b9c0
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: x20 0000000099082da4 x21 00000078316bcca0 x22 0000000000000000 x23 0000000000000018
2019-06-24 17:17:54.192 7767-7767/? A/DEBUG: x24 0000007830bff588 x25 0000007830bff588 x26 00000078485efc78 x27 0000000070112d18
2019-06-24 17:17:54.193 7767-7767/? A/DEBUG: x28 0000000070111460 x29 0000007830bfdeb0 x30 00000078484c44d0
2019-06-24 17:17:54.193 7767-7767/? A/DEBUG: sp 0000007830bfdd30 pc 00000078484c44dc pstate 0000000060000000
2019-06-24 17:17:54.197 7767-7767/? A/DEBUG: backtrace:
2019-06-24 17:17:54.197 7767-7767/? A/DEBUG: #00 pc 00000000005074dc /system/lib64/libart.so (art::DoGetCalleeSaveMethodCaller(art::ArtMethod*, unsigned long, bool)+96)
2019-06-24 17:17:54.197 7767-7767/? A/DEBUG: #1 pc 00000000005251c0 /system/lib64/libart.so (artQuickToInterpreterBridge+396)
2019-06-24 17:17:54.197 7767-7767/? A/DEBUG: #2 pc 0000000000553d0c /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
2019-06-24 17:17:54.197 7767-7767/? A/DEBUG: #3 pc 0000000000007da0 /dev/ashmem/dalvik-jit-code-cache (deleted)
2019-06-24 17:17:54.956 290-290/? E//system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_10
2019-06-24 17:17:54.958 422-7772/system_process W/ActivityManager: Force finishing activity cpu.zxp.com.aa/.MainActivity

[zxp0505]

测试字符串："测试中文试试ANSDFJKdkf3493945990-.,./"

[BruceWind]

我用这个字符跑到现在 还拼接了一些字符 我这里没有崩溃。跑了几分钟都没跑完。

[BruceWind]

看你的日志里有 Cause: null pointer dereference

你查下这个地址是什么代码 0000000000007da0

[BruceWind]

现在似乎有10分钟过去了 。。。还没跑完这个test。

[zxp0505]

我这出现异常的是8.1.0的设备 使用6.0的也没出现

[BruceWind]

奇怪了。。。。。 我这里没有8.0设备。。。

[BruceWind]

我整个8.1 的虚拟机测试一下 。不过我虚拟机只能 x86 的。
还有个问题，你用的cmake还是ndk-build ？ cmake是没有代码扰乱的。ndk的话需要重新配置ndk。

[zxp0505]

使用的是cmake

[zxp0505]

[zxp0505]

当我使用 addr2line分析奔溃日志的时候 找不到/system/lib64下面的so 如何确定是/system/lib64这个目录下的so的路径 呢

[BruceWind]

那是系统内置的so，不要去定位这个so。

[zxp0505]

嗯 复现奔溃了吗

[BruceWind]

没 实在是奇怪

[zxp0505]

这就奇怪了 我这是必现 但是每次奔溃后的backtrace 信息不一样 如何分析定位呢

[BruceWind]

看样你只能 猜代码报错位置，加日志，看挂在哪里。
还有个问题，是我在想你这样子做压测是否有必要。

[saeed74]

I also have same problem with my Galaxy S7 android 8.0 (ARM)
error happens sometime if repeat calling AES Decrypt:
Fatal signal 11 (SIGSEGV), code 1, fault addr 0x666e6f43726593 in tid 9506 (Jit thread pool)

also I can't run it on emulator (x86 android 11) it stop with error below:
Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE)

my NDK Version is r13b

[saeed74]

fault addr changes every time: eg.:
Fatal signal 11 (SIGSEGV), code 1, fault addr 0x30205a in tid 14419 (Jit thread pool)

[BruceWind]

Sorry about hearing what you encountered.
Firstly, It cant run on emulator, check_emulator.c#L43.
And then, did you build with obfuscator?

[BruceWind]

If you built with obfuscator, I recommand you what disable obfuscator and retry it.
And then if the crash still occurs,you can use addr2line to find the exception occured from where.
There is an addr2line tutorial.

[saeed74]

im sorry for being suspicious of your library, that was my mistake. that happens because of my own code.
I was concatenation two string and that cause exception:
char * str3 = (char *) malloc(1 + strlen(part1) + strlen(part2) );
strcpy(str3, part1);
strcat(str3, part2);

[BruceWind]

It's ok. Im very glad to hear you find out.

[BruceWind]

嗯 复现奔溃了吗

I had written a README : How to locate where native crash at?

[BruceWind]

Sorry ever one, AES is no longer supported.
I have pushed code that use chacah20 instead of AES. #40