命令的作用
在console中打印出内存地址对象的创建栈,效果如下:
(lldb) mallocstack 0x115a43740
frame #0 : 0x1a8a07368 libsystem_malloc.dylib`calloc + 40
frame #1 : 0x1a7b4445c libobjc.A.dylib`class_createInstance + 76
frame #2 : 0x1a7b55bb8 libobjc.A.dylib`_objc_rootAlloc + 52
frame #3 : 0x10183dd90 TestApp`-[HTYBottomView buttonImage] + 80
frame #4 : 0x10183a348 TestApp`-[HTYBottomView setupView] + 232
frame #5 : 0x10183a1ec TestApp`-[HTYBottomView initWithCoder:] + 164
frame #6 : 0x18c5d3fb4 UIKit`-[UIClassSwapper initWithCoder:] + 248
frame #7 : 0x18c771d24 UIKit`UINibDecoderDecodeObjectForValue + 680
frame #8 : 0x18c771a64 UIKit`-[UINibDecoder decodeObjectForKey:] + 104
例子适用场景
有时候在console中会看到一些直接用内存地址表示的对象。举个例子,像这些layout warnings
2017-07-22 09:50:16.832586+0800 TestApp[20583:2520440] [LayoutConstraints] Unable to simultaneously satisfy constraints.
2017-07-22 09:55:45.391041+0800 TestApp[20813:2526791] [LayoutConstraints] Unable to simultaneously satisfy constraints.
Probably at least one of the constraints in the following list is one you don't want.
Try this:
(1) look at each constraint and try to figure out which you don't expect;
(2) find the code that added the unwanted constraint or constraints and fix it.
(
"<MASLayoutConstraint:0x1c44b0da0 UIImageView:0x115a43740.width == 44>",
"<MASLayoutConstraint:0x1c02a90c0 UIButton:0x115b4ed90.left == HTYBottomView:0x115b4dd80.left + 130>",
"<MASLayoutConstraint:0x1c02a8fa0 UIButton:0x115b4ed90.right == HTYBottomView:0x115b4dd80.right>",
"<MASLayoutConstraint:0x1c44ace40 UIImageView:0x115a43740.left == HTYBottomView:0x115b4dd80.left + 16>",
"<MASLayoutConstraint:0x1c44b0ec0 UIImageView:0x115a43740.centerX == HTYBottomView:0x115b4dd80.centerX>"
)
Will attempt to recover by breaking constraint
<MASLayoutConstraint:0x1c44b0da0 UIImageView:0x115a43740.width == 44>
Make a symbolic breakpoint at UIViewAlertForUnsatisfiableConstraints to catch this in the debugger.
The methods in the UIConstraintBasedLayoutDebugging category on UIView listed in <UIKit/UIView.h> may also be helpful.
如果想知道某个内存地址对应的Class和它的创建栈,可以这样做:
Xcode的方式
1. 开启Logging Malloc Stack
2. 开启Xcode的Debug Memory Graph,通过搜索UI控件的内存地址定位到UI Debugger里的UI控件,然后在Backtrace查看到UI控件的创建栈,定位到是哪个UI控件,再哪里创建的。
通过上面的定位过程,可以解决问题,但是效率不高,步骤比较多。如果可以在console里就直接把内存对象的创建栈打印出来,不就方便多了吗?
LLDB的方式 - Xcode功能对应的代码实现
1. 新建Symbolick Breakpoint,把控制Logging Malloc Stack开关的变量打印出来
Symbol:getenv
Action:po (char*)$arg1
Automatically continue after evaluating actions: √
...
"MallocStackLogging"
...
这样,可以找到MallocStackLogging变量
2. 新建Symbolick Breakpoint,定位MallocStackLogging变量的相关库
Symbol:getenv
Condition:((int)strcmp("MallocStackLogging",$arg1)==0)
Action:bt
Automatically continue after evaluating actions: X
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 3.1
* frame #0: 0x0000000117368a26 libsystem_c.dylib`getenv
frame #1: 0x00000001165e96f3 libobjc.A.dylib`environ_init + 464
frame #2: 0x00000001165ecb0c libobjc.A.dylib`_objc_init + 32
frame #3: 0x000000011727287b libdispatch.dylib`_os_object_init + 13
这样,可以找到对应的动态库是libsystem_malloc.dylib。
3. 打印出libsystem_malloc.dylib的所有方法
(lldb) image dump symtab libsystem_malloc.dylib
...
[ 254] 254 X Code 0x0000000000015187 0x00000001174a0187 0x00000000000001f7 0x000f0000 __mach_stack_logging_get_frames
...
这个,很可疑
关于__mach_stack_logging_get_frames
贴到Google,官网的heap.py例子就出来了。
def dump_stack_history_entries(options, result, addr, history):
# malloc_stack_entry *get_stack_history_for_address (const void * addr)
expr_prefix = '''
typedef int kern_return_t;
typedef struct $malloc_stack_entry {
uint64_t address;
uint64_t argument;
uint32_t type_flags;
uint32_t num_frames;
uint64_t frames[512];
kern_return_t err;
} $malloc_stack_entry;
'''
single_expr = '''
#define MAX_FRAMES %u
typedef unsigned task_t;
$malloc_stack_entry stack;
stack.address = 0x%x;
stack.type_flags = 2;
stack.num_frames = 0;
stack.frames[0] = 0;
uint32_t max_stack_frames = MAX_FRAMES;
stack.err = (kern_return_t)__mach_stack_logging_get_frames (
(task_t)mach_task_self(),
stack.address,
&stack.frames[0],
max_stack_frames,
&stack.num_frames);
if (stack.num_frames < MAX_FRAMES)
stack.frames[stack.num_frames] = 0;
else
stack.frames[MAX_FRAMES-1] = 0;
stack''' % (options.max_frames, addr)
其中,这段代码正是我们想要的 - 打印对象的创建栈。
材料都全了,拼拼凑凑,debug->改->debug->改...,Python脚本就出来啦。把它的path放到~/.lldbinit里
command script import ~/Documents/source_code/lldb/mallocstack.py
然后就可以开始用了。
(lldb) mallocstack 0x115a43740
frame #0 : 0x1a8a07368 libsystem_malloc.dylib`calloc + 40
frame #1 : 0x1a7b4445c libobjc.A.dylib`class_createInstance + 76
frame #2 : 0x1a7b55bb8 libobjc.A.dylib`_objc_rootAlloc + 52
frame #3 : 0x10183dd90 TestApp`-[HTYBottomView buttonImage] + 80
frame #4 : 0x10183a348 TestApp`-[HTYBottomView setupView] + 232
frame #5 : 0x10183a1ec TestApp`-[HTYBottomView initWithCoder:] + 164
frame #6 : 0x18c5d3fb4 UIKit`-[UIClassSwapper initWithCoder:] + 248
frame #7 : 0x18c771d24 UIKit`UINibDecoderDecodeObjectForValue + 680
frame #8 : 0x18c771a64 UIKit`-[UINibDecoder decodeObjectForKey:] + 104
frame #9 : 0x18c5d3c58 UIKit`-[UIRuntimeConnection initWithCoder:] + 188
frame #10: 0x18c771d24 UIKit`UINibDecoderDecodeObjectForValue + 680
frame #11: 0x18c771e9c UIKit`UINibDecoderDecodeObjectForValue + 1056
frame #12: 0x18c771a64 UIKit`-[UINibDecoder decodeObjectForKey:] + 104
frame #13: 0x18c5d2f98 UIKit`-[UINib instantiateWithOwner:options:] + 1168
frame #14: 0x18c3d32cc UIKit`-[UIViewController _loadViewFromNibNamed:bundle:] + 372
frame #15: 0x18c195dd4 UIKit`-[UIViewController loadView] + 176
frame #16: 0x18c076dd8 UIKit`-[UIViewController loadViewIfRequired] + 184
frame #17: 0x18c076d08 UIKit`-[UIViewController view] + 28
frame #18: 0x18c1fb6a0 UIKit`-[UINavigationController _startCustomTransition:] + 892
frame #19: 0x18c11e634 UIKit`-[UINavigationController _startDeferredTransitionIfNeeded:] + 696
frame #20: 0x18c11e254 UIKit`-[UINavigationController __viewWillLayoutSubviews] + 156
frame #21: 0x18c11e15c UIKit`-[UILayoutContainerView layoutSubviews] + 188
frame #22: 0x18c0744f0 UIKit`-[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 1224
frame #23: 0x18b590a84 QuartzCore`-[CALayer layoutSublayers] + 148
frame #24: 0x18b584d70 QuartzCore`CA::Layer::layout_if_needed(CA::Transaction*) + 296
frame #25: 0x18b584c2c QuartzCore`CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 32
frame #26: 0x18b4fb88c QuartzCore`CA::Context::commit_transaction(CA::Transaction*) + 276
frame #27: 0x18b522ae4 QuartzCore`CA::Transaction::commit() + 520
frame #28: 0x18c069d78 UIKit`_afterCACommitHandler + 256
frame #29: 0x1851fc6e4 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 32
frame #30: 0x1851fa18c CoreFoundation`__CFRunLoopDoObservers + 412
frame #31: 0x1851fa670 CoreFoundation`__CFRunLoopRun + 1076
frame #32: 0x18511503c CoreFoundation`CFRunLoopRunSpecific + 436
frame #33: 0x19596af94 GraphicsServices`GSEventRunModal + 100
frame #34: 0x18c0da86c UIKit`UIApplicationMain + 208
frame #35: 0x101b07aa4 TestApp`main + 124
frame #36: 0x1a88a7d1c libdyld.dylib`start + 4
frame #37: 0x0 None`None
frame #38: 0x1b2336981 libsystem_pthread.dylib`_thread + 1
能不能更方便些?
Xcode开启Loggin Malloc Stack的功能,只能在程序运行前进行设置。如果当程序已经在运行中时,也可以动态开关,那不就更方便了。
在libsystem_malloc.dylib里再捞一捞,
...
[ 359] 359 X Code 0x000000000000e887 0x0000000117499887 0x00000000000000f9 0x000f0000 turn_off_stack_logging
[ 360] 360 X Code 0x000000000000ca2c 0x0000000117497a2c 0x00000000000001d4 0x000f0000 turn_on_stack_logging
...
这2个,就是吧
幸运的是,libmalloc是开源的,dive到stack_logging.h,可以发现
typedef enum {
stack_logging_mode_none = 0,
stack_logging_mode_all,
stack_logging_mode_malloc,
stack_logging_mode_vm,
stack_logging_mode_lite
} stack_logging_mode_type;
extern boolean_t turn_on_stack_logging(stack_logging_mode_type mode);
extern void turn_off_stack_logging();
这样,通过在console中调用turn_on_stack_logging(2)和turn_off_stack_logging,就可以动态开关Logging Malloc Stack功能了。
附带:完整的Python脚本
import lldb
import os
import shlex
import optparse
def handle_command(debugger, command, result, dict):
'''
mallocstack for po malloc stack
'''
command_args = shlex.split(command)
parser = get_options()
try:
(options, args) = parser.parse_args(command_args)
except:
result.SetError(parser.usage)
return
implementation(debugger, result, options, args)
def implementation(debugger, result, options, args):
cleanCommand = args[0]
frame = debugger.GetSelectedTarget().GetProcess().GetSelectedThread().GetSelectedFrame()
target = debugger.GetSelectedTarget()
script = get_script(cleanCommand, options)
sbval = frame.EvaluateExpression(script, get_expression_options())
if sbval.error.fail:
result.AppendMessage(str(sbval.error))
return
val = lldb.value(sbval)
addresses = []
for i in range(val.count.sbvalue.unsigned):
address = val.addresses[i].sbvalue.unsigned
loadAddr = target.ResolveLoadAddress(address).GetLoadAddress(target)
addresses.append(loadAddr)
retString = get_stack_trace_from_addresses(addresses, target)
frame.EvaluateExpression('free(' + str(val.addresses.sbvalue.unsigned) + ')', get_expression_options())
result.AppendMessage(retString)
def get_stack_trace_from_addresses(frameAddresses, target):
frame_string = ''
for index, frameAddr in enumerate(frameAddresses):
addr = target.ResolveLoadAddress(frameAddr)
symbol = addr.symbol
name = symbol.name
offset_str = ''
offset = addr.GetLoadAddress(target) - addr.symbol.addr.GetLoadAddress(target)
if offset > 0:
offset_str = '+ {}'.format(offset)
frame_string += 'frame #{:<2}: {} {}`{} {}\n'.format(index, hex(addr.GetLoadAddress(target)), addr.module.file.basename, name, offset_str)
return frame_string
def get_expression_options():
expr_options = lldb.SBExpressionOptions()
expr_options.SetUnwindOnError(True)
expr_options.SetLanguage (lldb.eLanguageTypeObjC_plus_plus)
expr_options.SetCoerceResultToId(True)
expr_options.SetGenerateDebugInfo(True)
return expr_options
def get_script(addr, options):
script = '''
typedef int kern_return_t;
typedef struct $malloc_stack_entry {
uint64_t address;
uint64_t argument;
uint32_t type_flags;
uint32_t num_frames;
uint64_t frames[512];
kern_return_t err;
} $malloc_stack_entry;
#define MAX_FRAMES %u
typedef unsigned task_t;
$malloc_stack_entry stack;
stack.address = 0x%x;
stack.type_flags = 2;
stack.num_frames = 0;
stack.frames[0] = 0;
uint32_t max_stack_frames = MAX_FRAMES;
stack.err = (kern_return_t)__mach_stack_logging_get_frames (
(task_t)mach_task_self(),
stack.address,
&stack.frames[0],
max_stack_frames,
&stack.num_frames);
if (stack.num_frames < MAX_FRAMES)
stack.frames[stack.num_frames] = 0;
else
stack.frames[MAX_FRAMES-1] = 0;
stack''' % (100, addr)
return script
def get_options():
usage = "usage: %prog [options] <address>"
description = '''mallocstack for po malloc stack.'''
parser = optparse.OptionParser(
description=description,
prog="mallocstack",
usage=usage
)
return parser
if __name__ == '__main__':
lldb.debugger = lldb.SBDebugger.Create()
handle_command.__doc__ = get_options().format_help()
lldb.debugger.HandleCommand(
'command script add -f %s.handle_command mallocstack' %
__name__)
print '"mallocstack" commands have been installed, use the "--help" options for detailed help.'
网友评论