Objc_msgSend, objc_retain… At this time, some real clues can be found through the register and symbol table information in the crash log. A function call will be recorded in the register. This is mainly about practical operation.

Register information

Take the register information of a crash on bugly for example:

  1. The following figurex0~x28,fp,lrThe instruction after the colon represents the address on the register.
  2. Line 1: Description of crash thread, register information, here is the child threadthread32.ARM64.
  3. Lines 2 and 3:x0tox7It records the parameters and return values of the current function (x0Generally return), toobjc_msgSendFor example,x0The receiver,x1Corresponding to@selector().
  4. Line 8:fp,sp: represents the registers at the bottom of the stack and the registers at the top of the stack respectively. Lr is the link register, representing the address of the function called at the upper level (suppose that the current function B is called in function A, and the register information of thelrRepresents the address of function A).
  5. Line 12: App Base ADDR Indicates the base address of the module, which is the start address of the App in the register. This information is very important and will be used when searching the register.

After reading the register, more crash information can be obtained. Then, the symbolic function name can be obtained to locate the problem through the symbol table and the function address on the register

Some common register instructions are as follows:

View the symbol table

Run the atos -o symbol table path -l Module base address function address

atos -o /Users/xxx/Desktop/xxapp.app.dSYM/xxapp.app.dSYM/Contents/Resources/DWARF/xxapp -l 0x000000010079c000 0x00000001025cbfd4
Copy the code
  1. Currently, crash is a system function. What is useful to us is the input parameter of crash function and the function called at the previous level, that is, the address information after X0 ~x28 and LR.
  2. By using the ATOS command line tool to resolve the function address, you can obtain the specific function name, number of lines of code, class name information
  3. Combined with the code logic, you can basically locate the general problem.