The purpose of this article is to study Android technology, if there is infringement, contact the author will be deleted in time.

This post was synchronized from Wing’s local tavern

First, after ANR is generated in wechat, a testamp.txt file will be generated. Export via ADB

adb pull /data/anr/traces.txt ~/ 
Copy the code

There was this passage:

native: #05 pc 0043a419  /data/dalvik-cache/arm/system@[email protected] (Java_java_util_regex_Matcher_setInputImpl__JLjava_lang_String_2II+132)
  at java.util.regex.Matcher.setInputImpl(Native method)
  at java.util.regex.Matcher.resetForInput(Matcher.java:252)
  - locked <0x0ecefa84> (a java.util.regex.Matcher)
  at java.util.regex.Matcher.reset(Matcher.java:208)
  at java.util.regex.Matcher.reset(Matcher.java:177)
  at java.util.regex.Matcher.<init>(Matcher.java:90)
  at java.util.regex.Pattern.matcher(Pattern.java:297)
  at com.tencent.mm.ui.widget.celltextview.g.a.o(SourceFile:95)
  at com.tencent.mm.ui.widget.celltextview.g.a.dc(SourceFile:55)
  at com.tencent.mm.ui.widget.celltextview.f.b.a(SourceFile:76)
  at com.tencent.mm.ui.widget.celltextview.d.a.Cw(SourceFile:466)
  at com.tencent.mm.ui.widget.celltextview.d.a.Cp(SourceFile:92)
  at com.tencent.mm.ui.widget.celltextview.CellTextView.onMeasure(SourceFile:102)
  at android.view.View.measure(View.java:18794)
  at android.view.ViewGroup.measureChildWithMargins(ViewGroup.java:5951)
  at android.widget.LinearLayout.measureChildBeforeLayout(LinearLayout.java:1465)
  at android.widget.LinearLayout.measureVertical(LinearLayout.java:748)
  at android.widget.LinearLayout.onMeasure(LinearLayout.java:630)
  at android.view.View.measure(View.java:18794)
Copy the code

The cellTextView is locked when the cellTextView is regex.

So the o method of class A of the Debug CellTextView package,

I found a super complex re (partial position coding), so I preliminarily concluded that the re time may be too long. A unit test is written to test whether the re has a problem.

The experiment found that this regularity did not lead to a long time at all, with an average time of 0-1ms.

That means it’s not really the case here.

So will play on the upper, the breakpoint to com. Tencent. Mm. UI. The widget. Celltextview. F.B.A () method

Click the “let go” button to find that the program has fallen on the breakpoint for an infinite number of times.

Dig deeper and see why this leads to a loop.

Clues to 1:

Finding a judgment on a() method causes a jump to cond_6 and eventually goto_4 to call a() method.

Here is a

add-int/lit8 v4, v4, -0x1
Copy the code

In fact, he’s the equivalent of

i-1
Copy the code

Clues to the 2

Observe the WWK, width, and other attributes called after the a() method.

In combination with clues

Next, open jADX, decompile the class file into a Java file, and use clues to quickly locate the code. These logical code snippets are found as follows:

With Java code, all of a sudden it’s kind of nice, let’s repeat this logic.

You can see that there are two while loops, and you don’t care about the outer while, because you can see that it’s the inner while loop that’s really stuck.

The inner while loop first determines whether dVar2 is empty and whether dVar2’s text is empty.

Debug finds that dVar2 is a TextPaint class that draws text information (including font size, size, color, hyperlink style, etc.).

This loop does not exit as long as dVar2 is not empty. As you can see from the code, it is only possible to set dVar2 to empty if i4>0:

So what is i4, as you can see in the red box, i4 is the WWK property of A. I don’t know what this value is right now.

However, debug finds that the WWK is always equal to 0, that is, it does not meet the null condition of dVar2 inside the while, thus causing a while loop.

So, the root cause of anR is in this while.

Welcome to join qq group discussion Android technology: 425983695