- Build AOSP in debug mode (maybe optional)
$ export TARGET_BUILD_TYPE=debug $ export HOST_BUILD_TYPE=debug - Use
engproduct type, e.g.$ lunch aosp_oriole-eng - After building and booting, run adb as root (maybe optional)
$ adb root - Find the service process id (It is very probable that the service is backed by an Android package run by zygote.). In our case, we are interested about
com.bluetooth.android$ adb shell ps -A | grep "bluetooth" bluetooth 714 1 10990032 7836 binder_wait_for_work 0 S [email protected] bluetooth 3477 702 15958900 189200 do_epoll_wait 0 S com.android.bluetooth - Run
lldbclientusing the process id.aosp$ lldbclient.py -p 3477 - It should start lldb with possibly lots of threads getting paused (stopped).
Process 3477 stopped * thread #1, name = 'droid.bluetooth', stop reason = signal SIGSTOP frame #0: 0x0000007656fe02b8 -> 0x7656fe02b8: cmn x0, #0x1, lsl #12 ; =0x1000 0x7656fe02bc: cneg x0, x0, hi 0x7656fe02c0: b.hi 0x7656fdeb78 0x7656fe02c4: ret ... thread #70, name = 'Binder:3477_7', stop reason = signal SIGSTOP frame #0: 0x0000007656fdf2f8 -> 0x7656fdf2f8: cmn x0, #0x1, lsl #12 ; =0x1000 0x7656fdf2fc: cneg x0, x0, hi 0x7656fdf300: b.hi 0x7656fdeb78 0x7656fdf304: ret Cannot read termcap database; using dumb terminal settings. (lldb) - It is possible that you get (stupid) errors from this script. Here are two recommendations.
- Try to use the latest versions of
lldbclientand its depedencygdbrunnerobtained from cs.android.com (it should be compatible for different versions of AOSP). - Try to debug the script yourself. It is not doing super complicated stuff. It fetches some information about the target proccess and then passes appropriate parameters to
lldbalong with useful general settings, e.g. symbol file paths, for it. Any error is about this fetching mechanism. You should be able to fix, customize, or even skip them.
- Try to use the latest versions of
- You are debugging the service now. Go ahead, set breakpoints, inspect, and
continue.
Wish you luck with finding the bug!