search

facebookarchive / BOLT

Binary Optimization and Layout Tool - A linux command-line utility used for optimizing performance of binaries
2.51k stars 177 forks source link

A NullPtrException after BOLT on libart.so #293

Closed CcWeapon closed 2 years ago

CcWeapon commented 2 years ago

I use Bolt to optimize libart.so which is compiled by AOSP. Then I push libart.so.bolt to Android Phone, and runtime aborted at art::Runtime::Start(). The reason why runtime aborted is getSystemClassLoader() in java got a nullptrException. What puzzles me is why I've changed the c++ binaries to affect the running of java.

5-05 10:26:15.319 30272 30272 W zygote64: Ljava/lang/ClassLoader$SystemClassLoader; failed initialization: java.lang.NullPointerException: Attempt to invoke direct method 'java.lang.ClassLoader java.lang.ClassLoader.access$000()' on a null object reference
05-05 10:26:15.319 30272 30272 W zygote64:   at void java.lang.ClassLoader$SystemClassLoader.<clinit>() (ClassLoader.java:183)
05-05 10:26:15.319 30272 30272 W zygote64:   at java.lang.ClassLoader java.lang.ClassLoader.getSystemClassLoader() (ClassLoader.java:1098)
05-05 10:26:15.319 30272 30272 W zygote64: 
05-05 10:26:15.319 30272 30272 I zygote64: cc-debug 8 
05-05 10:26:15.319 30272 30272 I zygote64: cc-debug 5 
05-05 10:26:15.319 30272 30272 I zygote64: cc-debug 5 
05-05 10:26:15.319 30272 30272 F zygote64: runtime.cc:802] Check failed: system_class_loader.get() != nullptr 
05-05 10:26:15.324 30272 30385 I zygote64: cc-debug 8 
05-05 10:26:15.324 30272 30385 I zygote64: cc-debug 8 
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668] Runtime aborting...
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668] All threads:
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668] DALVIK THREADS (1):
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668] "main" prio=10 tid=1 Runnable
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   | group="" sCount=0 dsCount=0 flags=0 obj=0x12c00248 self=0x7553810800
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   | sysTid=30272 nice=-20 cgrp=default sched=0/0 handle=0x75da86c0d0
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   | state=R schedstat=( 306057810 4915624 50 ) utm=17 stm=13 core=7 HZ=100
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   | stack=0x7fd1738000-0x7fd173a000 stackSize=8192KB
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   | held mutexes= "abort lock" "mutator lock"(shared held)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #00 pc 0000000000431650  /apex/com.android.runtime/lib64/libart.so (art::DumpNativeStack(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, int, BacktraceMap*, char const*, art::ArtMethod*, void*, bool)+140)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #01 pc 00000000005271a4  /apex/com.android.runtime/lib64/libart.so (art::Thread::DumpStack(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, bool, BacktraceMap*, bool) const+508)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #02 pc 0000000000542370  /apex/com.android.runtime/lib64/libart.so (art::DumpCheckpoint::Run(art::Thread*)+844)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #03 pc 000000000053af70  /apex/com.android.runtime/lib64/libart.so (art::ThreadList::RunCheckpoint(art::Closure*, art::Closure*)+504)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #04 pc 000000000053a134  /apex/com.android.runtime/lib64/libart.so (art::ThreadList::Dump(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, bool)+500)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #05 pc 00000000004e3250  /apex/com.android.runtime/lib64/libart.so (art::Runtime::Abort(char const*)+1700)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #06 pc 000000000000c600  /system/lib64/libbase.so (android::base::LogMessage::~LogMessage()+684)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #07 pc 00000000004eb7e8  /apex/com.android.runtime/lib64/libart.so (art::Runtime::Start()+3164)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #08 pc 000000000039c3dc  /apex/com.android.runtime/lib64/libart.so (JNI_CreateJavaVM+752)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #09 pc 00000000001041d8  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::startVm(_JavaVM**, _JNIEnv**, bool)+7948)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #10 pc 00000000001049b8  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+592)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #11 pc 00000000000034e0  /system/bin/app_process64 (main+1168)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #12 pc 000000000006b050  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+108)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   (no managed stack frames)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668] 
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668] Aborting thread:
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668] "main" prio=10 tid=1 Runnable
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   | group="" sCount=0 dsCount=0 flags=0 obj=0x12c00248 self=0x7553810800
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   | sysTid=30272 nice=-20 cgrp=default sched=0/0 handle=0x75da86c0d0
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   | state=R schedstat=( 313495310 4915624 51 ) utm=18 stm=13 core=7 HZ=100
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   | stack=0x7fd1738000-0x7fd173a000 stackSize=8192KB
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   | held mutexes= "abort lock" "mutator lock"(shared held)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #00 pc 0000000000431650  /apex/com.android.runtime/lib64/libart.so (art::DumpNativeStack(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, int, BacktraceMap*, char const*, art::ArtMethod*, void*, bool)+140)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #01 pc 00000000005271a4  /apex/com.android.runtime/lib64/libart.so (art::Thread::DumpStack(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, bool, BacktraceMap*, bool) const+508)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #02 pc 00000000004f4b60  /apex/com.android.runtime/lib64/libart.so (art::AbortState::DumpThread(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, art::Thread*) const+60)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #03 pc 00000000004e36d0  /apex/com.android.runtime/lib64/libart.so (art::Runtime::Abort(char const*)+2852)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #04 pc 000000000000c600  /system/lib64/libbase.so (android::base::LogMessage::~LogMessage()+684)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #05 pc 00000000004eb7e8  /apex/com.android.runtime/lib64/libart.so (art::Runtime::Start()+3164)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #06 pc 000000000039c3dc  /apex/com.android.runtime/lib64/libart.so (JNI_CreateJavaVM+752)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #07 pc 00000000001041d8  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::startVm(_JavaVM**, _JNIEnv**, bool)+7948)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #08 pc 00000000001049b8  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+592)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #09 pc 00000000000034e0  /system/bin/app_process64 (main+1168)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   native: #10 pc 000000000006b050  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+108)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   (no managed stack frames)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668] Pending exception java.lang.ExceptionInInitializerError: 
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]   at java.lang.ClassLoader java.lang.ClassLoader.getSystemClassLoader() (ClassLoader.java:1098)
05-05 10:26:15.342 30272 30272 F zygote64: runtime.cc:668]

I'm trying to cut down on bolt. I set ignore for all func to avoid modifying the text section. I close all passes. Set the .data section not to be processed. Only a copy of the .eh_frame segment is now copied for binary modifications.

But it's no use. Who can help me? image-20220427142854233

yota9 commented 2 years ago

Hello, could you please try -use-gnu-stack option?

CcWeapon commented 2 years ago

Hello, could you please try -use-gnu-stack option?

I tried it and it didn't work.

Today, I found that patchELFGOT() caused the problem. However, the exact reason still needs to be found..