When I analyse a app memory problem, I found its maps (cat /proc/pid/maps) like this:
903 5fec1000-5fec2000 r--s 00001000 b3:10 98 /system/app/PacProcessor.apk
904 5fec2000-5fec3000 r--s 00000000 b3:10 98 /system/app/PacProcessor.apk
905 5fec3000-5fed7000 r--s 00560000 b3:10 125 /system/app/iReader.apk
906 5fed7000-5ff09000 r--s 0019a000 b3:10 125 /system/app/iReader.apk
907 5ff09000-5ff0b000 r--s 00043000 b3:10 81 /system/app/Galaxy4.apk
908 5ff0b000-5ff0c000 r--s 00042000 b3:10 81 /system/app/Galaxy4.apk
It seems this app loads other app's code into its stack.
How can I avoid this kind memory allocation ?
From proc manual on Linux:
/proc/[pid]/maps
A file containing the currently mapped memory regions and their access permissions. See
mmap(2) for some further information about memory mappings.
Related
Recently, my app gets large native memory after monkey, i can not reproduced manually, so i just can analyse through Android profiler.it shows 255264K memory in swap on native heap, but i can not see it in android profiler, so i refer to smap file. i can see a large malloc with 129M on swap.
Pss Private Private SwapPss Heap Heap Heap
Total Dirty Clean Dirty Size Alloc Free
------ ------ ------ ------ ------ ------ ------
Native Heap 75741 75496 220 255264 374656 331568 43087
Dalvik Heap 6606 5536 1032 0 18020 5748 12272
Dalvik Other 6844 6844 0 36
Stack 52 52 0 24
Ashmem 14 12 0 0
Gfx dev 17488 16652 836 0
Other dev 21 4 16 0
.so mmap 19382 224 14992 1063
.jar mmap 8 8 0 0
.apk mmap 19678 32 17360 20
.ttf mmap 7134 0 5752 0
.dex mmap 13703 0 8668 8
.oat mmap 2786 0 712 0
.art mmap 4541 3844 344 108
Other mmap 1997 4 1688 0
EGL mtrack 29388 29388 0 0
GL mtrack 19036 19036 0 0
Unknown 2227 2144 76 549
TOTAL 483718 159276 51696 257072 392676 337316 55359
9c800000-a4c00000 rw-p 00000000 00:00 0
[anon:libc_malloc]
Name: [anon:libc_malloc]
Size: 135168 kB
Rss: 5296 kB
Pss: 5296 kB
Shared_Clean: 0 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 5296 kB
Referenced: 4788 kB
Anonymous: 5296 kB
AnonHugePages: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 129872 kB
SwapPss: 129872 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Locked: 0 kB
now, my question is:
1.how can i get more information about this memory?
2.does 129M memory malloc at a time? how can application get so many momery for one time.
3.why this memory malloc on swap directly?
enter image description here
In order to get a detailed information about memory consumption, you can actually use "Android Profiler". You can get a detailed information about various components that may be using / storing memory of the application.
I would like to read value from the Android runtime shared library in my application.
Since Android 5, when the new runtime was introduced and libart.so has first appeared, I am doing it successfully with this code:
std::unique_ptr<void, int(*)(void*)> handle {
dlopen("libart.so", RTLD_NOW | RTLD_GLOBAL),
&dlclose
};
constexpr char THREAD_KEY_NAME[] = "_ZN3art6Thread17pthread_key_self_E";
key_ = static_cast<pthread_key_t *>(dlsym(handle.get(), THREAD_KEY_NAME));
LOG("Current thread: ", key_);
I'm testing this code on Android N simulator, and it fails! dlsym returns:
undefined symbol: _ZN3art6Thread17pthread_key_self_E
I think "OK, there is no symbol now", so I pull the libart.so from simulator and see:
% ./i686-linux-android-nm ~/Desktop/libart.so | grep pthread_key
00736ea0 B _ZN3art6Thread17pthread_key_self_E
hmm...
% ./i686-linux-android-objdump -T ~/Desktop/libart.so | grep pthread_key
00736ea0 g DO .bss 00000004 Base .protected _ZN3art6Thread17pthread_key_self_E
hmm..
% ./i686-linux-android-readelf -a ~/Desktop/libart.so | grep pthread_key_self
%
OK, empty there :(
So, while I'm not fully expert in these things, i have some questions:
Why is readelf output is empty? There is some flags i forgot?
What does .protected means in objdump output? I have read some things about it but don't really understand. May be you can get good explanation?
Why dlsym returns error on new versions of Android? What the difference?
BTW, I dumped /proc/self/maps file for my application on both Android versions and grep libart.so gives me:
Android L (which works fine):
b40f3000-b45f3000 r-xp 00000000 1f:00 777 /system/lib/libart.so
b45f3000-b45fb000 r--p 004ff000 1f:00 777 /system/lib/libart.so
b45fb000-b45fc000 rw-p 00507000 1f:00 777 /system/lib/libart.so
Android N (does not work):
aaef1000-aaef2000 r-xp 00000000 fd:00 729 /system/fake-libs/libart.so
aaef2000-aaef3000 r--p 00000000 fd:00 729 /system/fake-libs/libart.so
aaef3000-aaef4000 rw-p 00001000 fd:00 729 /system/fake-libs/libart.so
abc53000-ac373000 r-xp 00000000 fd:00 1034 /system/lib/libart.so
ac374000-ac37c000 r--p 00720000 fd:00 1034 /system/lib/libart.so
ac37c000-ac37e000 rw-p 00728000 fd:00 1034 /system/lib/libart.so
Thanks for any information!
upd: I see there is two libart.so on Android N, and /system/fake-libs/libart.so is empty. I suppose there is a problem, but dlopen("/system/lib/libart.so", ...) does not works :(
In Android N you can not open some private so file(https://developer.android.com/about/versions/nougat/android-7.0-changes.html#ndk)
But you can open libart.so for Android-N use this:
https://github.com/crmulliner/adbi/blob/master/hijack/hijack.c
or
https://github.com/avs333/Nougat_dlfunctions
I have a ubifs system image (https://www.dropbox.com/s/txgye8mu5r3og5y/system.img?dl=0) for a mediatek tablet device and am trying to add and remove some files.
I'm stuck trying to mount/extract files from the image.
Here are the steps I have tried so far on Debian Jessie with kernel 4.1.0-0.bpo.2-amd64:
I tried:
https://github.com/jrspruitt/ubi_reader
$ ubireader_display_info ./system.img
UBI File
---------------------
Min I/O: 16384
LEB Size: 4161536
PEB Size: 4194304
Total Block Count: 122
Data Block Count: 120
Layout Block Count: 2
Internal Volume Block Count: 0
Unknown Block Count: 0
First UBI PEB Number: 0
Image: 1101756791
---------------------
Image Sequence Num: 1101756791
Volume Name:system
PEB Range: 0 - 121
Volume: system
---------------------
Vol ID: 0
Name: system
Block Count: 120
Volume Record
---------------------
alignment: 1
crc: 3336263623
data_pad: 0
errors:
flags: autoresize
name: system
name_len: 6
padding:
rec_index: 0
reserved_pebs: 248
upd_marker: 0
vol_type: dynamic
But when I try and extract files using ubireader_extract_files I get the correct number of files but the resulting files are garbage.
Next I dismantled the tablet to work out what nand flash it was using to try and use nandsim following this post:
https://web.archive.org/web/20150109021228/http://www.linux-mtd.infradead.org/faq/ubifs.html#L_ubifs_extract
to emulate the nand and found out it was using SanDisk SDTNRGAMA 64G 3.3V 8-bit which has id bytes of 0x45,0xde,0x94,0x93,0x76,0x50 - from the following post:
http://lists.infradead.org/pipermail/linux-mtd/2014-January/051330.html
Running the following causes a segfault - on earlier kernels the id_bytes option is not recognized:
`modprobe nandsim id_bytes=0x45,0xde,0x94,0x93,0x76,0x50 cache_file=./test.img`
which gives the following segfault:
[ 142.734637] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 142.734637] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 142.734640] nand: device found, Manufacturer ID: 0x45, Chip ID: 0xde
[ 142.734641] nand: SanDisk SDTNRGAMA 64G 3.3V 8-bit
[ 142.734644] nand: 8192 MiB, MLC, erase size: 4096 KiB, page size: 16384, OOB size: 1280
[ 142.734650] nand: No oob scheme defined for oobsize 1280
[ 142.734672] ------------[ cut here ]------------
[ 142.734674] kernel BUG at /build/linux-PoJsUp/linux-4.1.6/drivers/mtd/nand/nand_base.c:3952!
[ 142.734677] invalid opcode: 0000 [#1] SMP
[ 142.734680] Modules linked in: nandsim(+) nand nand_ecc nand_bch bch nand_ids mtd cfg80211 rfkill joydev nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc iosf_mbi coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel hid_generic aes_x86_64 lrw irda gf128mul glue_helper psmouse vmw_balloon crc_ccitt ablk_helper serio_raw vmw_vmci cryptd battery pcspkr 8250_fintek acpi_cpufreq processor thermal_sys ac shpchp evdev i2c_piix4 fuse parport_pc ppdev lp parport autofs4 usbhid hid ext4 crc16 mbcache jbd2 sr_mod cdrom ata_generic sg sd_mod crc32c_intel ata_piix uhci_hcd ehci_pci ehci_hcd usbcore e1000 usb_common button libata vmwgfx ttm mptspi scsi_transport_spi mptscsih drm_kms_helper mptbase scsi_mod drm
[ 142.734731] CPU: 0 PID: 1235 Comm: modprobe Not tainted 4.1.0-0.bpo.2-amd64 #1 Debian 4.1.6-1~bpo8+1
[ 142.734733] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/20/2012
[ 142.734735] task: ffff88007aaf54f0 ti: ffff880079134000 task.ti: ffff880079134000
[ 142.734737] RIP: 0010:[<ffffffffa05d5ff0>] [<ffffffffa05d5ff0>] nand_scan_tail+0xa40/0xac0 [nand]
[ 142.734743] RSP: 0018:ffff880079137c58 EFLAGS: 00010296
[ 142.734745] RAX: 000000000000002c RBX: ffff880077093450 RCX: 0000000000000006
[ 142.734746] RDX: 000000000000002c RSI: 0000000000000246 RDI: ffff88007f60ea10
[ 142.734748] RBP: ffff880077093000 R08: 00000000000094d8 R09: 00000000000044aa
[ 142.734750] R10: 0000000000000086 R11: 20726f662064656e R12: ffff880077093860
[ 142.734751] R13: 0000000000000000 R14: ffffffffa05ec200 R15: ffff88007b67ad40
[ 142.734754] FS: 00007fe945772700(0000) GS:ffff88007f600000(0000) knlGS:0000000000000000
[ 142.734756] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 142.734757] CR2: 00007f57a6920040 CR3: 00000000790fa000 CR4: 00000000000406f0
[ 142.734870] Stack:
[ 142.734873] 0000000000000000 0000000000000000 ffff880077093000 ffffffffa05ef54a
[ 142.734877] 0000000000000000 0000000000000018 ffff880079137cd8 ffff880079137c98
[ 142.734879] 0000000000000000 ffffffff81814080 ffff880077211760 ffffffffa05ef000
[ 142.734882] Call Trace:
[ 142.734889] [<ffffffffa05ef54a>] ? ns_init_module+0x54a/0x1000 [nandsim]
[ 142.734896] [<ffffffffa05ef000>] ? 0xffffffffa05ef000
[ 142.734902] [<ffffffff81002148>] ? do_one_initcall+0xd8/0x210
[ 142.734907] [<ffffffff815723c1>] ? do_init_module+0x5a/0x1c2
[ 142.734912] [<ffffffff810f2316>] ? load_module+0x2026/0x24e0
[ 142.734915] [<ffffffff810ede60>] ? store_uevent+0x40/0x40
[ 142.734919] [<ffffffff810ee9d5>] ? copy_module_from_fd.isra.45+0xb5/0x140
[ 142.734923] [<ffffffff810f299d>] ? SyS_finit_module+0x7d/0xa0
[ 142.734928] [<ffffffff815792b2>] ? system_call_fast_compare_end+0xc/0x6b
[ 142.734930] Code: 00 00 30 10 5d a0 e9 f8 f6 ff ff 48 c7 83 88 03 00 00 30 19 5d a0 e9 3c f7 ff ff 89 c6 48 c7 c7 b8 9c 5d a0 31 c0 e8 33 c2 f9 e0 <0f> 0b 48 c7 83 40 03 00 00 40 bb 5d a0 e9 14 f6 ff ff 48 c7 83
[ 142.734959] RIP [<ffffffffa05d5ff0>] nand_scan_tail+0xa40/0xac0 [nand]
[ 142.734964] RSP <ffff880079137c58>
[ 142.734975] ---[ end trace 0270ba33a10a2b05 ]---
So, in short - I need help. I'm not massively familiar with ubi/ubifs method and cannot find any sane well written guides which show you have to mount/extract files from an existing image.
Update: su is installed on the tablet, and I set selinux to permissive mode:
adb shell su -c setenforce 0
from: https://source.android.com/devices/tech/security/selinux/validate.html
Update 03Oct15:
Ran the mdtinfo -a on the tablet and got the following result:
mtd16
Name: system
Type: nand
Eraseblock size: 4194304 bytes, 4.0 MiB
Amount of eraseblocks: 256 (1073741824 bytes, 1024.0 MiB)
Minimum input/output unit size: 16384 bytes
Sub-page size: 16384 bytes
OOB size: 1280 bytes
Character device major/minor: 90:32
Bad blocks are allowed: true
Device is writable: true
Using the information above I tried to create a blank ubifs image on my pc, I get the error that the LEB is too large! Looks like I have a limit of 2MiB on the LEB size!
$ mkfs.ubifs -m 16384 -e 4MiB -c 256 -o ./image.img
Error: too large LEB size 4194304
It looks like that ubi image is using a different compression type for the data. If you run ubireader_extract_files -v system.img the -v is for very verbose, the UBIFS data nodes have a compression type of 3 (compr_type: 3) as far as I know 1 and 2 are the only valid options, LZO and ZLIB respectively. Perhaps they used a custom compression, or somehow it got the wrong number associated with it. But it explains why the files and directories extract okay, but the data is scrambled.
Just in case someone else finds this post. I managed to find a workaround which involved editing the boot.img using mtk-tools to mount the root partition in rw mode rather than ro. (Look in init.rc in the root of boot.img and change any mount options for /system to rw).
I them managed to edit the root image, power down the tablet and then used MTK Droid Tools to image the partition.
I'm trying to write a port scanner, I managed to get the open ports using sockets.
My problem is how to know which apps are listening on open ports.
Android is based on a Linux kernel, therefore you can do this using the same approach that works under Linux. See https://stackoverflow.com/a/2359643/441899 for a description of how to do that. Additionally you would need to determine from a Linux process what the app running in that process is (see Android - How to get the processName or packageName by using PID? for this). Note that your app would have to be running as root to access the files in /proc that it would need to in order to find this information.
cat /proc/net/tcp
this will give you a list about the android opening ports.e.g.
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
0: 0100007F:13AD 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 3336108 1 0000000000000000 100 0 0 10 0
1: 0100007F:1F90 00000000:0000 0A 00000000:00000000 00:00000000 00000000 10252 0 3579923 1 0000000000000000 100 0 0 10 0
2: 6400A8C0:A90E 6800A8C0:1F90 04 00000001:00000000 00:00000000 00000005 0 0 0 1 0000000000000000 326 4 29 1 5
3: 6400A8C0:A91E 6800A8C0:1F90 04 00000001:00000000 00:00000000 00000005 0 0 0 1 0000000000000000 326 4 29 1 5
4: 6400A8C0:84F2 66DFC2DC:01BB 09 00000001:00000001 00:00000000 00000005 0 0 0 1 0000000000000000 665 4 24 1 5
so we know uid =10252 is the APP listening the port 1F90( which is 8080)
cat /data/system/packages.list | grep 10252 (the pid you found )
com.target.app 10252 0 /data/user/0/com.target.app default:targetSdkVersion=29 3002,3003 0 1
refer to : https://stackoverflow.com/a/38793457/445908
I have notice that Android NDK (r6b in my case) produce unreasonable big resulting .so files. For example, in my case I have ~150-200 lines of C++ code (6 native methods and 3 C++ simplest classes) and this native code produce 60kb (!) .so with enabled exceptions and RTTI or 12kb .so with disabled exceptions and RTTI. Just to check I have compile hello-jni example included in NDK package and get 10kb .so for single-line native method from this example.
In my opinion it is somehow unreasonable overhead for mobile platform (on my desktop the comparable by size code produce ~10-15 times less .so).
Are there tricks I should know to reduce the binaries size ?
Why there is such overhead for C-only code ?
And why there is even bigger overhead for C++ code with enabled exceptions and RTTI ?
Update #1: readelf output for hello-jni example from NDK
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: ARM
Version: 0x1
Entry point address: 0xc18
Start of program headers: 52 (bytes into file)
Start of section headers: 9344 (bytes into file)
Flags: 0x5000002, has entry point, Version5 EABI
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 5
Size of section headers: 40 (bytes)
Number of section headers: 19
Section header string table index: 18
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .hash HASH 000000d4 0000d4 0001a4 04 A 2 0 4
[ 2] .dynsym DYNSYM 00000278 000278 000420 10 A 3 3 4
[ 3] .dynstr STRTAB 00000698 000698 0004aa 00 A 0 0 1
[ 4] .rel.dyn REL 00000b44 000b44 000048 08 A 2 0 4
[ 5] .rel.plt REL 00000b8c 000b8c 000030 08 A 2 6 4
[ 6] .plt PROGBITS 00000bbc 000bbc 00005c 04 AX 0 0 4
[ 7] .text PROGBITS 00000c18 000c18 001518 00 AX 0 0 4
[ 8] .rodata PROGBITS 00002130 002130 000014 01 AMS 0 0 4
[ 9] .ARM.extab PROGBITS 00002144 002144 000024 00 A 0 0 4
[10] .ARM.exidx ARM_EXIDX 00002168 002168 0000e0 00 AL 7 0 4
[11] .init_array INIT_ARRAY 00003248 002248 000008 00 WA 0 0 1
[12] .fini_array FINI_ARRAY 00003250 002250 00000c 00 WA 0 0 1
[13] .dynamic DYNAMIC 0000325c 00225c 0000e8 08 WA 3 0 4
[14] .got PROGBITS 00003344 002344 000040 04 WA 0 0 4
[15] .bss NOBITS 00003390 002384 000010 00 WA 0 0 16
[16] .comment PROGBITS 00000000 002384 000036 00 0 0 1
[17] .ARM.attributes ARM_ATTRIBUTES 00000000 0023ba 000029 00 0 0 1
[18] .shstrtab STRTAB 00000000 0023e3 00009b 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
EXIDX 0x002168 0x00002168 0x00002168 0x000e0 0x000e0 R 0x4
LOAD 0x000000 0x00000000 0x00000000 0x02248 0x02248 R E 0x1000
LOAD 0x002248 0x00003248 0x00003248 0x0013c 0x00158 RW 0x1000
DYNAMIC 0x00225c 0x0000325c 0x0000325c 0x000e8 0x000e8 RW 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
Section to Segment mapping:
Segment Sections...
00 .ARM.exidx
01 .hash .dynsym .dynstr .rel.dyn .rel.plt .plt .text .rodata .ARM.extab .ARM.exidx
02 .init_array .fini_array .dynamic .got .bss
03 .dynamic
04
Dynamic section at offset 0x225c contains 25 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libstdc++.so]
0x00000001 (NEEDED) Shared library: [libm.so]
0x00000001 (NEEDED) Shared library: [libc.so]
0x00000001 (NEEDED) Shared library: [libdl.so]
0x0000000e (SONAME) Library soname: [libhello-jni.so]
0x00000010 (SYMBOLIC) 0x0
0x00000019 (INIT_ARRAY) 0x3248
0x0000001b (INIT_ARRAYSZ) 8 (bytes)
0x0000001a (FINI_ARRAY) 0x3250
0x0000001c (FINI_ARRAYSZ) 12 (bytes)
0x00000004 (HASH) 0xd4
0x00000005 (STRTAB) 0x698
0x00000006 (SYMTAB) 0x278
0x0000000a (STRSZ) 1194 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000003 (PLTGOT) 0x3344
0x00000002 (PLTRELSZ) 48 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0xb8c
0x00000011 (REL) 0xb44
0x00000012 (RELSZ) 72 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x00000016 (TEXTREL) 0x0
0x6ffffffa (RELCOUNT) 7
0x00000000 (NULL) 0x0
Relocation section '.rel.dyn' at offset 0xb44 contains 9 entries:
Offset Info Type Sym.Value Sym. Name
00000c24 00000017 R_ARM_RELATIVE
00003254 00000017 R_ARM_RELATIVE
00003368 00000017 R_ARM_RELATIVE
0000336c 00000017 R_ARM_RELATIVE
00003374 00000017 R_ARM_RELATIVE
00003378 00000017 R_ARM_RELATIVE
00003380 00000017 R_ARM_RELATIVE
00003370 00001015 R_ARM_GLOB_DAT 00000000 __cxa_call_unexpected
0000337c 00003215 R_ARM_GLOB_DAT 00000000 __gnu_Unwind_Find_exid
Relocation section '.rel.plt' at offset 0xb8c contains 6 entries:
Offset Info Type Sym.Value Sym. Name
00003350 00000d16 R_ARM_JUMP_SLOT 00000000 __cxa_begin_cleanup
00003354 00001216 R_ARM_JUMP_SLOT 00000000 memcpy
00003358 00001416 R_ARM_JUMP_SLOT 00000000 __cxa_finalize
0000335c 00001f16 R_ARM_JUMP_SLOT 00000000 abort
00003360 00002a16 R_ARM_JUMP_SLOT 00000000 __cxa_type_match
00003364 00003216 R_ARM_JUMP_SLOT 00000000 __gnu_Unwind_Find_exid
There are no unwind sections in this file.
Symbol table '.dynsym' contains 66 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000c18 0 SECTION LOCAL DEFAULT 7
2: 00003390 0 SECTION LOCAL DEFAULT 15
3: 00001c64 36 FUNC GLOBAL DEFAULT 7 ___Unwind_ForcedUnwind
4: 00001668 164 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_RaiseExcepti
5: 00001b20 0 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Save_VFP
6: 00001c40 36 FUNC GLOBAL DEFAULT 7 _Unwind_Resume_or_Rethrow
7: 00002248 0 NOTYPE GLOBAL DEFAULT ABS __exidx_end
8: 000011c0 8 FUNC GLOBAL DEFAULT 7 __aeabi_unwind_cpp_pr0
9: 00001d4c 44 FUNC GLOBAL DEFAULT 7 _Unwind_GetRegionStart
10: 00001c40 36 FUNC GLOBAL DEFAULT 7 ___Unwind_Resume_or_Rethr
11: 000033a0 0 NOTYPE GLOBAL DEFAULT ABS _bss_end__
12: 00001c88 36 FUNC GLOBAL DEFAULT 7 _Unwind_Backtrace
13: 00000000 0 NOTYPE WEAK DEFAULT UND __cxa_begin_cleanup
14: 00001b04 20 FUNC GLOBAL DEFAULT 7 __restore_core_regs
15: 00001b40 0 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Save_VFP_D_1
16: 00000000 0 NOTYPE WEAK DEFAULT UND __cxa_call_unexpected
17: 00000cf0 8 FUNC GLOBAL DEFAULT 7 _Unwind_GetCFA
18: 00000000 0 FUNC GLOBAL DEFAULT UND memcpy
19: 00000c8c 76 FUNC GLOBAL DEFAULT 7 _Unwind_VRS_Set
20: 00000000 0 FUNC GLOBAL DEFAULT UND __cxa_finalize
21: 00003250 0 NOTYPE GLOBAL DEFAULT 12 __FINI_ARRAY__
22: 00003384 0 NOTYPE GLOBAL DEFAULT ABS __bss_start__
23: 00001404 212 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Backtrace
24: 00003390 4 OBJECT GLOBAL DEFAULT 15 __dso_handle
25: 00001b30 0 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Save_VFP_D
26: 00001798 876 FUNC GLOBAL DEFAULT 7 _Unwind_VRS_Pop
27: 000011b0 8 FUNC WEAK DEFAULT 7 __aeabi_unwind_cpp_pr2
28: 00001c88 36 FUNC GLOBAL DEFAULT 7 ___Unwind_Backtrace
29: 00002168 0 NOTYPE GLOBAL DEFAULT ABS __exidx_start
30: 00001bf8 36 FUNC GLOBAL DEFAULT 7 ___Unwind_RaiseException
31: 00000000 0 FUNC GLOBAL DEFAULT UND abort
32: 00001c1c 36 FUNC GLOBAL DEFAULT 7 ___Unwind_Resume
33: 00001b48 0 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Restore_WMMX
34: 00001b18 0 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Restore_VFP
35: 00001c1c 36 FUNC GLOBAL DEFAULT 7 _Unwind_Resume
36: 00000cfc 32 FUNC GLOBAL DEFAULT 7 _Unwind_DeleteException
37: 00000cf8 4 FUNC GLOBAL DEFAULT 7 _Unwind_Complete
38: 000033a0 0 NOTYPE GLOBAL DEFAULT ABS __bss_end__
39: 00003248 0 NOTYPE GLOBAL DEFAULT 11 __INIT_ARRAY__
40: 00001d78 888 FUNC GLOBAL DEFAULT 7 __gnu_unwind_execute
41: 00001b28 0 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Restore_VFP_
42: 00000000 0 NOTYPE WEAK DEFAULT UND __cxa_type_match
43: 0000172c 108 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Resume
44: 00001b38 0 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Restore_VFP_
45: 00001bf8 36 FUNC GLOBAL DEFAULT 7 _Unwind_RaiseException
46: 00003384 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
47: 000033a0 0 NOTYPE GLOBAL DEFAULT ABS __end__
48: 000015f4 28 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_ForcedUnwind
49: 0000170c 32 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Resume_or_Re
50: 00000000 0 FUNC WEAK DEFAULT UND __gnu_Unwind_Find_exidx
51: 00001b04 20 FUNC GLOBAL DEFAULT 7 restore_core_regs
52: 00001be4 0 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Save_WMMXC
53: 00001d04 8 FUNC GLOBAL DEFAULT 7 _Unwind_GetTextRelBase
54: 00000c29 24 FUNC GLOBAL DEFAULT 7 Java_com_example_hellojni
55: 00001d14 56 FUNC GLOBAL DEFAULT 7 _Unwind_GetLanguageSpecif
56: 00000c40 76 FUNC GLOBAL DEFAULT 7 _Unwind_VRS_Get
57: 00001bd0 0 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Restore_WMMX
58: 000020f0 64 FUNC GLOBAL DEFAULT 7 __gnu_unwind_frame
59: 00001c64 36 FUNC GLOBAL DEFAULT 7 _Unwind_ForcedUnwind
60: 00003384 0 NOTYPE GLOBAL DEFAULT ABS _edata
61: 000033a0 0 NOTYPE GLOBAL DEFAULT ABS _end
62: 00001b8c 0 FUNC GLOBAL DEFAULT 7 __gnu_Unwind_Save_WMMXD
63: 000011b8 8 FUNC WEAK DEFAULT 7 __aeabi_unwind_cpp_pr1
64: 00001d0c 8 FUNC GLOBAL DEFAULT 7 _Unwind_GetDataRelBase
65: 00003384 0 NOTYPE GLOBAL DEFAULT 14 __data_start
Histogram for bucket list length (total of 37 buckets):
Length Number % of total Coverage
0 5 ( 13.5%)
1 14 ( 37.8%) 22.2%
2 9 ( 24.3%) 50.8%
3 6 ( 16.2%) 79.4%
4 2 ( 5.4%) 92.1%
5 1 ( 2.7%) 100.0%
No version information found in this file.
Attribute Section: aeabi
File Attributes
Tag_CPU_name: "5TE"
Tag_CPU_arch: v5TE
Tag_ARM_ISA_use: Yes
Tag_THUMB_ISA_use: Thumb-1
Tag_ABI_PCS_wchar_t: 4
Tag_ABI_FP_denormal: Needed
Tag_ABI_FP_exceptions: Needed
Tag_ABI_FP_number_model: IEEE 754
Tag_ABI_align8_needed: Yes
Tag_ABI_align8_preserved: Yes, except leaf SP
Tag_ABI_enum_size: int
You may see the difference from one provided by #Joel F, and especially stuff about stack unwinding (for C++ exceptions ?)
Update #2
The problem is in toolchain included in NDK r6b and in particular it is about of linker. Thanks to #Joel F for glues about previous NDK release. I have installed the NDK r5c alongside of NDK r6b and compare results. Compilers produce the same object files by both toolchains but after linking results are different.
EDIT 3
I was able to reproduce the 10KB hello-jni binary with NDK r6b. I found an awful hack here. Basically put this line in one of your files:
char __aeabi_unwind_cpp_pr0[0];
But your code will be lacking exception handling (which I thought was the point of -fno-exceptions....)
Anyways, this brings libhello-jni.so down to 2228 bytes for me. Still larger than r5c, but a lot less than 10KB.
EDIT 2
Yes it seems like you have a lot of C++ related overhead in your readelf output. Perhaps they changed something between r5c and r6b? There is no C++ code in r5c's hello-jni.c.
I have 160 lines of C code that NDK r5c reduces to a 3.8KB .so. Try the following to see what is responsible for the size:
/path/to/ndk/toolchains/arm-linux-androideabi-4.4.3/prebuilt/<platform>/bin/arm-linux-androideabi-readelf -a libmylib.so
EDIT
I built the hello-jni example with NDK r5c and the resulting libhello-jni.so file is 1588 bytes.
Build command:
ndk-build V=1
Build output: http://pastebin.com/AdRDVbnF (apparently SO has limits on line length or something).
Output from readelf -a libhello-jni.so:
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: ARM
Version: 0x1
Entry point address: 0x2dc
Start of program headers: 52 (bytes into file)
Start of section headers: 1108 (bytes into file)
Flags: 0x5000002, has entry point, Version5 EABI
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 5
Size of section headers: 40 (bytes)
Number of section headers: 12
Section header string table index: 11
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .hash HASH 000000d4 0000d4 00004c 04 A 2 0 4
[ 2] .dynsym DYNSYM 00000120 000120 0000e0 10 A 3 2 4
[ 3] .dynstr STRTAB 00000200 000200 0000db 00 A 0 0 1
[ 4] .text PROGBITS 000002dc 0002dc 00002c 00 AX 0 0 4
[ 5] .rodata PROGBITS 00000308 000308 000014 00 A 0 0 4
[ 6] .ARM.exidx ARM_EXIDX 0000031c 00031c 000008 00 AL 4 0 4
[ 7] .dynamic DYNAMIC 00001324 000324 000088 08 WA 3 0 4
[ 8] .got PROGBITS 000013ac 0003ac 00000c 04 WA 0 0 4
[ 9] .comment PROGBITS 00000000 0003b8 000012 00 0 0 1
[10] .ARM.attributes ARM_ATTRIBUTES 00000000 0003ca 000029 00 0 0 1
[11] .shstrtab STRTAB 00000000 0003f3 000061 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
EXIDX 0x00031c 0x0000031c 0x0000031c 0x00008 0x00008 R 0x4
LOAD 0x000000 0x00000000 0x00000000 0x00324 0x00324 R E 0x1000
LOAD 0x000324 0x00001324 0x00001324 0x00094 0x00094 RW 0x1000
DYNAMIC 0x000324 0x00001324 0x00001324 0x00088 0x00088 RW 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
Section to Segment mapping:
Segment Sections...
00 .ARM.exidx
01 .hash .dynsym .dynstr .text .rodata .ARM.exidx
02 .dynamic .got
03 .dynamic
04
Dynamic section at offset 0x324 contains 12 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libc.so]
0x00000001 (NEEDED) Shared library: [libstdc++.so]
0x00000001 (NEEDED) Shared library: [libm.so]
0x00000001 (NEEDED) Shared library: [libdl.so]
0x0000000e (SONAME) Library soname: [libhello-jni.so]
0x00000010 (SYMBOLIC) 0x0
0x00000004 (HASH) 0xd4
0x00000005 (STRTAB) 0x200
0x00000006 (SYMTAB) 0x120
0x0000000a (STRSZ) 219 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000000 (NULL) 0x0
There are no relocations in this file.
There are no unwind sections in this file.
Symbol table '.dynsym' contains 14 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 000002dc 0 SECTION LOCAL DEFAULT 4
2: 00000324 0 NOTYPE GLOBAL DEFAULT ABS __exidx_end
3: 00000000 0 FUNC GLOBAL DEFAULT UND __aeabi_unwind_cpp_pr0
4: 000013b8 0 NOTYPE GLOBAL DEFAULT ABS _bss_end__
5: 000013b8 0 NOTYPE GLOBAL DEFAULT ABS __bss_start__
6: 0000031c 0 NOTYPE GLOBAL DEFAULT ABS __exidx_start
7: 000013b8 0 NOTYPE GLOBAL DEFAULT ABS __bss_end__
8: 000013b8 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
9: 000013b8 0 NOTYPE GLOBAL DEFAULT ABS __end__
10: 000002dd 44 FUNC GLOBAL DEFAULT 4 Java_com_example_hellojni
11: 000013b8 0 NOTYPE GLOBAL DEFAULT ABS _edata
12: 000013b8 0 NOTYPE GLOBAL DEFAULT ABS _end
13: 000013b8 0 NOTYPE GLOBAL DEFAULT 8 __data_start
Histogram for bucket list length (total of 3 buckets):
Length Number % of total Coverage
0 0 ( 0.0%)
1 0 ( 0.0%) 0.0%
2 1 ( 33.3%) 16.7%
3 0 ( 0.0%) 16.7%
4 1 ( 33.3%) 50.0%
5 0 ( 0.0%) 50.0%
6 1 ( 33.3%) 100.0%
No version information found in this file.
Attribute Section: aeabi
File Attributes
Tag_CPU_name: "5TE"
Tag_CPU_arch: v5TE
Tag_THUMB_ISA_use: Thumb-1
Tag_ABI_PCS_wchar_t: 4
Tag_ABI_FP_denormal: Needed
Tag_ABI_FP_exceptions: Needed
Tag_ABI_FP_number_model: IEEE 754
Tag_ABI_align8_needed: Yes
Tag_ABI_align8_preserved: Yes, except leaf SP
Tag_ABI_enum_size: int
Tag_ABI_optimization_goals: Aggressive Debug
The NDK toolchain supports C++ exceptions, since NDK r5, however all C++ sources are compiled with -fno-exceptions support by default, for compatibility reasons with previous releases.
To enable it, use the '-fexceptions' C++ compiler flag. This can be done by adding the following to every module definition in your Android.mk:
LOCAL_CPPFLAGS += -fexceptions
More simply, add a single line to your Application.mk, the setting will automatically apply to all your project's NDK modules:
APP_CPPFLAGS += -fexceptions
follow this page
But in NDK r6b, this FLAG is open by default, and can not close.
Don't use c++ exceptions if you want to have a lightweight mobile program. There's a reason c++ features were limited in early versions of the ndk. Android itself uses the subset of c++ that was thought cost effective on a mobile platform, and thats more or less what was originally supported.
Also be sure you are not doing a debug build with symbols included - that could be your hello-jni bloat.