3.5.2 v8崩溃问题反馈

Creator 3.x
#1

反馈一个崩溃问题

在Android上,creator3.5.2有个崩溃,不定时,偶现但频次不低

我们查了部分资料,收集到的信息是这些

堆栈地址初步分析是GC起作用,新生代扫描遍历崩溃(见下面的崩溃堆栈)

cocoscreator 3.5.2 内置v8版本是 9.1.269
而在2.x和creator3D,内置v8版本是8.0.426

最直观比较creator的external下面v8头文件目录, 9.1比 8.0多了一个cppgc

v8的升级一向都非常激进, 大版本时不时整个新东西出来

2022-08-26 09:40:49.507 17205-17205/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\

2022-08-26 09:40:49.507 17205-17205/? A/DEBUG: Build fingerprint: 'OPPO/PDVM00/OP4E35:10/QKQ1.200614.002/1635767580:user/release-keys'\

2022-08-26 09:40:49.507 17205-17205/? A/DEBUG: Revision: '0'\

2022-08-26 09:40:49.507 17205-17205/? A/DEBUG: ABI: 'arm64'\

2022-08-26 09:40:49.508 17205-17205/? A/DEBUG: Timestamp: 2022-08-26 09:40:49+0800\

2022-08-26 09:40:49.508 17205-17205/? A/DEBUG: pid: 14073, tid: 14124, name: Thread-2  >>> org.cocos2d.demo <<<\

2022-08-26 09:40:49.508 17205-17205/? A/DEBUG: uid: 10563\

2022-08-26 09:40:49.508 17205-17205/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xb\

2022-08-26 09:40:49.508 17205-17205/? A/DEBUG: Cause: null pointer dereference\

2022-08-26 09:40:49.508 17205-17205/? A/DEBUG:     x0  00000073a7a46900  x1  000000734f8eaac8  x2  000000734c5e1f1c  x3  0000000000000000\

2022-08-26 09:40:49.508 17205-17205/? A/DEBUG:     x4  00000073a7b421c0  x5  000000734c65ff58  x6  000000743f998000  x7  00000000027e360c\

2022-08-26 09:40:49.509 17205-17205/? A/DEBUG:     x8  0000000000000002  x9  000000000000a4f8  x10 00000000080423b5  x11 0000000000000008\

2022-08-26 09:40:49.509 17205-17205/? A/DEBUG:     x12 0000000000000008  x13 0000000000000000  x14 000000734f8ec290  x15 0000000000000400\

2022-08-26 09:40:49.509 17205-17205/? A/DEBUG:     x16 000000734d715be0  x17 000000734c5ab880  x18 000000734f644000  x19 000000734f8eaac8\

2022-08-26 09:40:49.509 17205-17205/? A/DEBUG:     x20 00000073a7a46900  x21 00000073368dd748  x22 00000073368dd9c8  x23 00000073ad646040\

2022-08-26 09:40:49.509 17205-17205/? A/DEBUG:     x24 0000000000000000  x25 0000007209700000  x26 0000000000000000  x27 0000000000000020\

2022-08-26 09:40:49.509 17205-17205/? A/DEBUG:     x28 0000000000000000  x29 000000734f8eaa20\

2022-08-26 09:40:49.509 17205-17205/? A/DEBUG:     sp  000000734f8eaa20  lr  000000734c65dd2c  pc  000000734c5ab8d0\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG: backtrace:\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG:       #00 pc 00000000018238d0  /data/app/org.cocos2d.demo-5rakGAeEXemy2kfDr2JLCA==/lib/arm64/libcocos.so (v8::internal::GlobalHandles::IterateYoungStrongAndDependentRoots(v8::internal::RootVisitor*)+80) (BuildId: ea70ecea55db4a64c34890df3221023c42bada8c)\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG:       #01 pc 00000000018d5d28  /data/app/org.cocos2d.demo-5rakGAeEXemy2kfDr2JLCA==/lib/arm64/libcocos.so (v8::internal::ScavengerCollector::CollectGarbage()+2068) (BuildId: ea70ecea55db4a64c34890df3221023c42bada8c)\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG:       #02 pc 000000000184daf0  /data/app/org.cocos2d.demo-5rakGAeEXemy2kfDr2JLCA==/lib/arm64/libcocos.so (v8::internal::Heap::Scavenge()+524) (BuildId: ea70ecea55db4a64c34890df3221023c42bada8c)\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG:       #03 pc 000000000184b354  /data/app/org.cocos2d.demo-5rakGAeEXemy2kfDr2JLCA==/lib/arm64/libcocos.so (v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags)+692) (BuildId: ea70ecea55db4a64c34890df3221023c42bada8c)\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG:       #04 pc 00000000018492f4  /data/app/org.cocos2d.demo-5rakGAeEXemy2kfDr2JLCA==/lib/arm64/libcocos.so (v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags)+1800) (BuildId: ea70ecea55db4a64c34890df3221023c42bada8c)\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG:       #05 pc 0000000001854c3c  /data/app/org.cocos2d.demo-5rakGAeEXemy2kfDr2JLCA==/lib/arm64/libcocos.so (v8::internal::Heap::AllocateRawWithLightRetrySlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment)+64) (BuildId: ea70ecea55db4a64c34890df3221023c42bada8c)\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG:       #06 pc 0000000001854ccc  /data/app/org.cocos2d.demo-5rakGAeEXemy2kfDr2JLCA==/lib/arm64/libcocos.so (v8::internal::Heap::AllocateRawWithRetryOrFailSlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment)+40) (BuildId: ea70ecea55db4a64c34890df3221023c42bada8c)\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG:       #07 pc 000000000182e034  /data/app/org.cocos2d.demo-5rakGAeEXemy2kfDr2JLCA==/lib/arm64/libcocos.so (v8::internal::Factory::NewFillerObject(int, bool, v8::internal::AllocationType, v8::internal::AllocationOrigin)+132) (BuildId: ea70ecea55db4a64c34890df3221023c42bada8c)\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG:       #08 pc 0000000001e8846c  /data/app/org.cocos2d.demo-5rakGAeEXemy2kfDr2JLCA==/lib/arm64/libcocos.so (v8::internal::Runtime_AllocateInYoungGeneration(int, unsigned long*, v8::internal::Isolate*)+136) (BuildId: ea70ecea55db4a64c34890df3221023c42bada8c)\

2022-08-26 09:40:49.553 17205-17205/? A/DEBUG:       #09 pc 0000000001cc7968  /data/app/org.cocos2d.demo-5rakGAeEXemy2kfDr2JLCA==/lib/arm64/libcocos.so (BuildId: ea70ecea55db4a64c34890df3221023c42bada8c)\

2022-08-26 09:40:50.751 1515-1515/? E//system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_05\

2022-08-26 09:40:50.774 4126-4147/? E/hypnusd: configHypnusGov mSugovConfigs is null!!!\

由于2.x版本creator我们已经用了很多产品,哪些地方会出现原生crash,我们基本上都有记录,而这次的崩溃堆栈没有遇到过。

所以最初分析后,摆在我们面前有两个较快捷的方案

  1. 升级到3.6.0 ,然而实际测试效果依旧如此,还是会不定时崩。

  2. 另一个较为大胆的想法(基于上述堆栈分析是gc扫描崩溃,正好也多了个cppgc),给3.5.2的v8库降级(替换掉静态库,并修改了部分jswrapper),重新构建so打包运行。

    结果达到了初步预期,测试人员一天测下来没有再反馈有崩溃现象。

由于是v8 internal库的内容,我们无法确认具体是ScriptEngine用到哪一块api导致了崩溃。

只是反馈,供官方参考, 暂时给不了合理的建议方案(继续升v8还是选择降级)

#2

崩溃的机型范围是怎么样的?是特定机型会出现,还是通用问题?
只在线上出现?还是自己测试也能复现?

#3

不是特定机型,我们测了有2个机型会崩,meizu M15,Oppo A11s 机型性能较好点的没崩。

测试阶段可以复现

#4

好的,我们会更新一个 v9.1 的最后一个稳定的补丁版本到这里,到时候麻烦验证一下。
我看 v8 的的改动,是有修复 gc 相关的一些问题。

#5

v8更新到9.1.269.40并重新编译了,可以替换文件测试
链接:夸克网盘分享

#6

好的,我试试替换一下

#7

依然有崩溃,但问题不一样

以下是崩溃堆栈和符号表分析结果

SIGSEGV(SEGV_MAPERR)
    0xb
    #00    pc 0000000001351368    /data/app/xxxxxx.yyyy.zzzz-1/lib/arm64/libcocos2dcpp20220809.so [arm64-v8a::5ed1ac764f35a82544fe4c765b51d0a2]
    #01    pc 0000000001404140    /data/app/xxxxxx.yyyy.zzzz-1/lib/arm64/libcocos2dcpp20220809.so [arm64-v8a::5ed1ac764f35a82544fe4c765b51d0a2]
    #02    pc 000000000137b28c    /data/app/xxxxxx.yyyy.zzzz-1/lib/arm64/libcocos2dcpp20220809.so [arm64-v8a::5ed1ac764f35a82544fe4c765b51d0a2]
    #03    pc 0000000001378af0    /data/app/xxxxxx.yyyy.zzzz-1/lib/arm64/libcocos2dcpp20220809.so [arm64-v8a::5ed1ac764f35a82544fe4c765b51d0a2]
    #04    pc 0000000001376ac4    /data/app/xxxxxx.yyyy.zzzz-1/lib/arm64/libcocos2dcpp20220809.so [arm64-v8a::5ed1ac764f35a82544fe4c765b51d0a2]
    #05    pc 00000000013823dc    /data/app/xxxxxx.yyyy.zzzz-1/lib/arm64/libcocos2dcpp20220809.so [arm64-v8a::5ed1ac764f35a82544fe4c765b51d0a2]
    #06    pc 000000000138246c    /data/app/xxxxxx.yyyy.zzzz-1/lib/arm64/libcocos2dcpp20220809.so [arm64-v8a::5ed1ac764f35a82544fe4c765b51d0a2]
    #07    pc 000000000135b8d8    /data/app/xxxxxx.yyyy.zzzz-1/lib/arm64/libcocos2dcpp20220809.so [arm64-v8a::5ed1ac764f35a82544fe4c765b51d0a2]
    #08    pc 00000000019b4cfc    /data/app/xxxxxx.yyyy.zzzz-1/lib/arm64/libcocos2dcpp20220809.so [arm64-v8a::5ed1ac764f35a82544fe4c765b51d0a2]
    #09    pc 00000000017f5e08    /data/app/xxxxxx.yyyy.zzzz-1/lib/arm64/libcocos2dcpp20220809.so [arm64-v8a::5ed1ac764f35a82544fe4c765b51d0a2]
    java:

  0000000001351368   _ZN2v88internal13GlobalHandles35IterateYoungStrongAndDependentRootsEPNS0_11RootVisitorE
  0000000001404140    _ZN2v88internal18ScavengerCollector14CollectGarbageEv
  000000000137b28c    _ZN2v88internal4Heap8ScavengeEv
  0000000001378af0     _ZN2v88internal4Heap24PerformGarbageCollectionENS0_16GarbageCollectorENS_15GCCallbackFlagsE
  00000000017f5e08      

...
Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit
#8

方便提供下复现的demo ?

#9

好,稍后用夸克网盘给你

#10

想文一下附表表命令行是怎么样的?
G:\Java\SDK\ndk\21.4.7075529\toolchains\llvm\prebuilt\windows-x86_64\bin\llvm-addr2line.exe -e G:\Project\Mf\Mf\build\android_xp\proj\build\xp\intermediates\merged_native_libs\release\out\lib\arm64-v8a\libcocos.so -f -C -a 0x0134f64968 0x0134f5abe8 0x0135108744 0x0134fa4e2c 0x0134c38048 0x0000d7a528
我好像无法解析出来。不知道是lib路径错误还是addr2line的路错误