复现一个偶现crash问题

[wuyouuuu]

使用以下代码测试必现crash

for (int i = 0; i < 10; i++) {
            new Thread(new Runnable() {
                @Override
                public void run() {
                    for (int j = 0; j < 100; j++) {
                        Method[] declaredMethods = View.class.getDeclaredMethods();
                    }
                }
            }).start();
        }
        Reflection.unseal(MainActivity.this);

crash堆栈

2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000002c82
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:     x0  0000000000002a82  x1  00000000708b6c08  x2  000000796884d508  x3  00000079566fef70
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:     x4  00000079566fed90  x5  0000007968b5a7c0  x6  00000079566fe700  x7  00000079566fe6f8
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:     x8  0000000000002c72  x9  0000000000000000  x10 0000000000000000  x11 b400007a8a6825d0
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:     x12 0000000000000420  x13 0000007a0a6ddbb0  x14 0000000000000000  x15 00000079566fef6c
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:     x16 0000000000000001  x17 00000079692ce830  x18 0000007953576000  x19 00000079566fef30
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:     x20 0000000000000008  x21 00000079566fef48  x22 00000000708b6c08  x23 0000000013400fc8
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:     x24 000000796884d508  x25 000000000000003e  x26 000000796884d50e  x27 000000000000106e
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:     x28 00000079566fee90  x29 00000079566fee00
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:     lr  000000796970e914  sp  00000079566fec70  pc  0000007969712dac  pst 0000000060001000
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: 21 total frames
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: backtrace:
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:       #00 pc 0000000000512dac  /apex/com.android.art/lib64/libart.so (void art::interpreter::ExecuteSwitchImplCpp<false>(art::interpreter::SwitchImplContext*)+37692) (BuildId: b221ddf9493596dec8a84b0692083bef)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:       #01 pc 00000000003795d8  /apex/com.android.art/lib64/libart.so (ExecuteSwitchImplAsm+8) (BuildId: b221ddf9493596dec8a84b0692083bef)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:       #02 pc 00000000000f84f4  /apex/com.android.art/javalib/core-oj.jar (java.lang.Class.getDeclaredMethods+0)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:       #03 pc 000000000037cbfc  /apex/com.android.art/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.__uniq.112435418011751916792819755956732575238.llvm.13156664521685854434)+356) (BuildId: b221ddf9493596dec8a84b0692083bef)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:       #04 pc 0000000000490fb8  /apex/com.android.art/lib64/libart.so (bool art::interpreter::DoCall<false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, bool, art::JValue*)+4100) (BuildId: b221ddf9493596dec8a84b0692083bef)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:       #05 pc 0000000000509d7c  /apex/com.android.art/lib64/libart.so (void art::interpreter::ExecuteSwitchImplCpp<false>(art::interpreter::SwitchImplContext*)+780) (BuildId: b221ddf9493596dec8a84b0692083bef)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG:       #06 pc 00000000003795d8  /apex/com.android.art/lib64/libart.so (ExecuteSwitchImplAsm+8) (BuildId: b221ddf9493596dec8a84b0692083bef)      

**猜测原因 豁免后第二处num_methods 变大导致数组越界 **