I'm looking at a crash report provided by Apple
Hardware Model: iPhone4,1
Version: ??? (???)
Code Type: ARM (Native)
Parent Process: launchd [1]
Date/Time: 2012-11-18 16:03:44.951 -0600
OS Version: iOS 6.0.1 (10A523)
Report Version: 104
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x51fe5264
Crashed Thread: 0
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libobjc.A.dylib 0x352925b0 objc_msgSend + 16
1 MYAPP 0x0006573a -[MyViewController(Images) didReceiveImage:context:etag:expires:] + 42
2 MYAPP 0x0004fb26 -[MyImageTask didReceiveImage:] + 98
3 Foundation 0x361ac8e8 __NSThreadPerformPerform
4 CoreFoundation 0x3b37d680 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
5 CoreFoundation 0x3b37cee4 __CFRunLoopDoSources0
6 CoreFoundation 0x3b37bcb2 __CFRunLoopRun
7 CoreFoundation 0x3b2eeeb8 CFRunLoopRunSpecific
8 CoreFoundation 0x3b2eed44 CFRunLoopRunInMode
9 GraphicsServices 0x396bc2e6 GSEventRunModal
10 UIKit 0x3452e2f4 UIApplicationMain
11 MYAPP 0x0004934a main + 70
12 MYAPP 0x000492fc start + 36
The funny thing is when I use atos to lookup the line of code that corresponds to address locations 0x0006573a and 0x0004fb26 I get completely different match. The atos output is not even from the same class that's mentioned in the crash log (MyViewController, MyImageTask). Instead atos points me to totally benign lines of code in a completely unrelated class. I verified again that I'm working with the exact dSYM and IPA that I submitted to Apple.
My atos command
/Applications/Xcode.app/Contents/Developer/usr/bin/atos -arch armv7 -o MYAPP.app/MYAPP 0x0004fb26
Same result with /usr/bin/atos and for armv7s.
Has anyone else experienced this issue? Can you please advise? Thanks.
A simpler alternative: you can use the atos -l flag to make it do the maths for you.
Say you've got the following line in your crash log that you want to symbolicate:
5 MyApp 0x0044e89a 0x29000 + 4348058
The first hex number is the stack address, and the second hex number is the load address. You can ignore the last number. You don't need to worry about slide addresses either.
To symbolicate, do the following:
atos -o MyApp.app/MyApp -arch armv7 -l 0x29000 0x0044e89a
If you can't find your MyApp.app/MyApp file, rename your '.ipa' file to a '.zip', unzip it, and it'll be in the Payload folder.
And if you're not sure which architecture to use (for example, armv7 or armv7s), scroll to the 'Binary Images' part of the crash file and you can find it in there.
Cheers
You have to calculate the address to use with atos, you can't just use the one in the stacktrace.
symbol address = slide + stack address - load address
The slide value is the value of vmaddr in LC_SEGMENT cmd (Mostly this is 0x1000). Run the following to get it:
otool -arch ARCHITECTURE -l "APP_BUNDLE/APP_EXECUTABLE" | grep -B 3 -A 8 -m 2 "__TEXT"
Replace ARCHITECTURE with the actual architecture the crash report shows, e.g. armv7.
Replace APP_BUNDLE/APP_EXECUTABLE with the path to the actual executable.
The stack address is the hex value from the crash report.
The load address can be is the first address showing in the Binary Images section at the very front of the line which contains your executable. (Usually the first entry).
Since in the past value of the slide was equal to value of the load address this always worked. But since Apple introduced Address space layout randomization beginning with iOS 4.3 (in different variations), the apps loading address is randomized for security reasons.
Simply use dwarfdump:
dwarfdump --arch armv7 myApp.dSYM --lookup 0xaabbccdd | grep 'Line table'
No need to do any calculations at all.
(From Get symbol by address (symbolicating binary, iOS build)).
For whom that certain times doesn't have the value for Load Address like this:
Jan 14 11:02:39 Dennins-iPhone AppName[584] <Critical>: Stack Trace: (
0 CoreFoundation 0x2c3084b7 <redacted> + 150
1 libobjc.A.dylib 0x39abec8b objc_exception_throw + 38
2 CoreFoundation 0x2c21cc35 CFRunLoopRemoveTimer + 0
3 AppName 0x0005a7db AppName + 272347
I've created a simple bash to help me debug:
#! /bin/bash
read -p "[Path] [App Name] [Stack Address] [DecimalSum] " path appName stackAddress decimalSum
loadAddress=`echo "obase=16;ibase=10;$((stackAddress-decimalSum))" | bc`
atos -o $path/Payload/$appName.app/$appName -l $loadAddress $stackAddress -arch armv7
It just reads the path for the app, the app name, the stack address, and the value after "+" signal (the decimal value) and then find the value for load address to run atos command.
Related
Tring to make a "hello, world" style program to see if I can use Swift on the web by running it through emscripten to get asm.js output.
The problem is that when I compile it, its bitcode tries to link dynamic libraries. It doesn't seem like it should need to do this, or it seems like someone who understands how all these pieces fit together could tell me how to provide the file it needs (I'm willing to implement some of the functions it depends on in JavaScript, if necessary).
I have a more comprehensive explanation of the environment here, but this is the basics:
The file:
$ cat f.swift
var message = 1
Compile it to bitcode:
$ xcrun swiftc -emit-bc f.swift -o f.bc
Fail to compile the bitcode to asm.js:
$ emcc f.bc
WARNING: Linking two modules of different data layouts: '/Users/josh/.emscripten_cache/libc.bc' is 'e-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-p:32:32:32-v128:32:128-n32-S128' whereas '/Users/josh/deleteme/swift-play/f.bc' is 'e-m:o-i64:64-f80:128-n8:16:32:64-S128'
WARNING: Linking two modules of different target triples: /Users/josh/.emscripten_cache/libc.bc' is 'asmjs-unknown-emscripten' whereas '/Users/josh/deleteme/swift-play/f.bc' is 'x86_64-apple-darwin13.2.0'
Unknown specifier in datalayout string
UNREACHABLE executed at /Users/clb/emscripten-fastcomp/lib/IR/DataLayout.cpp:300!
0 opt 0x00000001086d04ae llvm::sys::PrintStackTrace(__sFILE*) + 46
1 opt 0x00000001086d07bb PrintStackTraceSignalHandler(void*) + 27
2 opt 0x00000001086d0b4c SignalHandler(int) + 412
3 libsystem_platform.dylib 0x00007fff8b0e35aa _sigtramp + 26
4 libsystem_platform.dylib 0x00007fff6492d380 _sigtramp + 3649347056
5 opt 0x00000001086d07eb raise + 27
6 opt 0x00000001086d08a2 abort + 18
7 opt 0x000000010865a7a6 llvm::llvm_unreachable_internal(char const*, char const*, unsigned int) + 198
8 opt 0x0000000108416b74 llvm::DataLayout::parseSpecifier(llvm::StringRef) + 2804
9 opt 0x0000000108415c57 llvm::DataLayout::init(llvm::StringRef) + 471
10 opt 0x000000010749b47e llvm::DataLayout::DataLayout(llvm::StringRef) + 158
11 opt 0x0000000107482ba5 llvm::DataLayout::DataLayout(llvm::StringRef) + 37
12 opt 0x000000010747943c main + 3756
13 libdyld.dylib 0x00007fff8a2865fd start + 1
Stack dump:
0. Program arguments: /Users/josh/code/emsdk_portable/clang/e1.25.0_64bit/opt /var/folders/7g/mbft22555w3_2nqs_h1kbglw0000gn/T/tmp93OFuV/a.out.bc -strip-debug -internalize -internalize-public-api-list=main,malloc,free -globaldce -pnacl-abi-simplify-preopt -pnacl-abi-simplify-postopt -enable-emscripten-cxx-exceptions -o /var/folders/7g/mbft22555w3_2nqs_h1kbglw0000gn/T/tmp93OFuV/a.out.bc.opt.bc
Traceback (most recent call last):
File "/Users/josh/code/emsdk_portable/emscripten/1.25.0/emcc", line 1224, in <module>
shared.Building.llvm_opt(final, link_opts)
File "/Users/josh/code/emsdk_portable/emscripten/1.25.0/tools/shared.py", line 1357, in llvm_opt
assert os.path.exists(target), 'Failed to run llvm optimizations: ' + output
AssertionError: Failed to run llvm optimizations:
Looks like you're out of luck here. The IR compiler is generating is not standard - it includes some private Apple changes which were not upstreamed (in particular, the data layout string is non-standard at least).
And no, it is not trying to link any dynamic libraries. It tries to link statically (at LLVM IR level) all necessary stuff, in particular, C standard library.
I have a project in XCode 4.3.1 written for ARC so I do not mess with retain counts at all.
When I run the project either in the simulator or on the device, it runs fine. If I run it under the profiler for allocations and leaks, it runs fine.
However, if I archive the project and distribute it for Ad Hoc and load the .ipa file, the app will crash with console messages:
<Notice>: Quilters_AppP(1812,0x3f85cd98) malloc: *** error for object 0x1109a910: pointer being freed was not allocated
<Notice>: *** set a breakpoint in malloc_error_break to debug
I set a breakpoint in malloc_error_debug but since the error occurs in the released version, I never see the debugger.
Here's where it gets really weird: Now that I have added some NSLog statements, the problem will not reproduce.
Here is the log:
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x00000000, 0x00000000
Crashed Thread: 0
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libsystem_kernel.dylib 0x34f5432c __pthread_kill + 8
1 libsystem_c.dylib 0x36e50208 pthread_kill + 48
2 libsystem_c.dylib 0x36e49298 abort + 88
3 libsystem_c.dylib 0x36e0437a free + 374
4 libobjc.A.dylib 0x36583d72 object_dispose + 14
5 CoreFoundation 0x350b6618 -[NSObject dealloc] + 76
6 CoreFoundation 0x350b6736 -[__NSArrayI dealloc] + 162
7 libobjc.A.dylib 0x3658316e _objc_rootRelease + 30
8 libobjc.A.dylib 0x36584e50 objc_release + 32
9 libobjc.A.dylib 0x36583ea6 (anonymous namespace)::AutoreleasePoolPage::pop(void*) + 218
10 libobjc.A.dylib 0x36583dc2 _objc_autoreleasePoolPop + 6
11 CoreFoundation 0x350b0cf8 _CFAutoreleasePoolPop + 12
12 UIKit 0x3218ee34 _wrapRunLoopWithAutoreleasePoolHandler + 36
13 CoreFoundation 0x35134b14 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 12
14 CoreFoundation 0x35132d50 __CFRunLoopDoObservers + 252
15 CoreFoundation 0x351330aa __CFRunLoopRun + 754
16 CoreFoundation 0x350b649e CFRunLoopRunSpecific + 294
17 CoreFoundation 0x350b6366 CFRunLoopRunInMode + 98
18 GraphicsServices 0x363b2432 GSEventRunModal + 130
19 UIKit 0x321ace76 UIApplicationMain + 1074
20 Quilters_AppP 0x0003505c main (main.m:17)
21 Quilters_AppP 0x00034af4 0x33000 + 6900
Please help me catch this elusive bug. The app is targeted for 4.3/armv7.
You can set breakpoints and debug an iOS app using the Project's Release Build settings (which are often quite different from the Debug Build settings). Just modify either your Build settings or your Run/Test Schemes to do so. Then clean, build and device debug.
I had a similar problem. Your double loop described mine exactly. I had an array being defined nested between two while loops. In debug mode it was fine but when built for release it crashed with the exact same error.
Turns out that in Xcode 4.x.x you can add -O0 to the compiler flag of the file that is giving you problems (Under your project settings -> build phases -> compile sources) and it will turn off compiler optimization just for that single file. Worked like a charm for me.
Drew
It seems that the problem was not in the application code but in the compiler code. The error must be either in the ARC pre-compiler or the compiler itself.
This is a compiler error; specifically in optimization. Code for testing is not optimized and code for release is optimized for "fastest, smallest". When I removed optimization for the release version, the problem went away.
The application code that triggered this is a managed object context access...
- (NSArray *) fetchForGroup:(Group *)group
{
NSArray *array = [group.polygons allObjects];
return array;
}
which is performed inside a double loop. When a condition is met in the inner loop, the function is exited via "return". The array from this call is double-freed. - Dan
I've recently converted to using ARC. However, i'm having a weird crash now, and the crashlogs are really unhelpful. During one of my application initialization processes (getting data from server, parsing it, setting up views), i get a bad_access. This is the error log from the device:
Incident Identifier: 7CE05452-7C5D-424A-8529-AE7B17C9FEBC
CrashReporter Key: b743ede30ce737293cf7444f67bb8a7b590c2fd9
Hardware Model: iPhone3,1
Process: BoreBeta [231]
Path: /var/mobile/Applications/52A15437-459A-4160-95C4-BF5DF5C98C15/BoreBeta.app/BoreBeta
Identifier: BoreBeta
Version: ??? (???)
Code Type: ARM (Native)
Parent Process: launchd [1]
Date/Time: 2011-08-18 14:53:41.800 +0200
OS Version: iPhone OS 5.0 (9A5288d)
Report Version: 104
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x80000004
Crashed Thread: 0
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 CoreFoundation 0x3758e380 CFRelease + 28
1 CoreFoundation 0x375a93ec -[__NSArrayM dealloc] + 116
2 libobjc.A.dylib 0x30a4e0be _objc_rootRelease + 30
3 libobjc.A.dylib 0x30a4fdb0 objc_release + 32
4 libobjc.A.dylib 0x30a4ee06 (anonymous namespace)::AutoreleasePoolPage::pop(void*) + 218
5 libobjc.A.dylib 0x30a4ed22 _objc_autoreleasePoolPop + 6
6 CoreFoundation 0x3759f050 _CFAutoreleasePoolPop + 12
7 Foundation 0x337cd460 -[NSAutoreleasePool release] + 120
8 UIKit 0x33b8d948 _UIApplicationHandleEvent + 6664
9 GraphicsServices 0x30ff8ef4 PurpleEventCallback + 876
10 CoreFoundation 0x3760a9c4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 32
11 CoreFoundation 0x3760a966 __CFRunLoopDoSource1 + 134
12 CoreFoundation 0x3760958c __CFRunLoopRun + 1364
13 CoreFoundation 0x375ab036 CFRunLoopRunSpecific + 294
14 CoreFoundation 0x375aaefe CFRunLoopRunInMode + 98
15 UIKit 0x33b8b758 -[UIApplication _run] + 544
16 UIKit 0x33b8898a UIApplicationMain + 1074
17 BoreBeta 0x00002d8a main (main.m:14)
18 BoreBeta 0x000027f8 start + 32
Thread 1 name: Dispatch queue: com.apple.libdispatch-manager
Thread 1:
0 libsystem_kernel.dylib 0x3140d214 kevent + 24
1 libdispatch.dylib 0x376aaf60 _dispatch_mgr_invoke + 708
2 libdispatch.dylib 0x376aac7e _dispatch_mgr_thread + 30
Etcetera, i believe this is the only helpful part. When i let it crash from running in XCode, i see it crashes in main, and i don't get to see any calltrace, apart from main, UIApplicationMain and CFRelease on top..
In the past, i would look through my code for overreleasing objects, but i doubt this is the case because i'm now using ARC. How do you fix errors like this?
Edit: the code for parsing the data is on a seperate thread using GCD, and that's where my only #autoreleasepool lives.
Also, when running with NSZombieEnabled, i'm getting the NSArrayM release call. Unfortunately, that's the same we read in the crash log, so still no real progress here i'm afraid...
Edit: Ok. Once i fixed all my other memory errors without ARC, i got this error once again. So apparently it's not ARC-related...
Known bug introduced relatively recently.
Fixed in a future release (Note that Xcode 4.2 is under NDA, but llvm-commits is not). The commit message is available here. The commit message is slightly vague, but it should cover the case you are seeing -- if that is not the case upon the next compiler release (or you could build one yourself, if so motivated), please immediately file a bug and post the bug # here.
Have you just recently upgraded to Xcode 4.2 beta 5? That seems to cause some random issues with ARC such as that, we sara very similar crash and had to revert back to 4.2 beta 4.
Look on the Apple developer forums for more detail.
I also get this when failing to return an object in a method that has a return type. When the method exits, it throws up EXC_BAD_ACCESS in objc_release.
In my app i got crash report
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x00000000
Crashed Thread: 7
In Thread 7 :
Thread 7 Crashed:
0 CoreFoundation 0x3728ba96 0x37278000 + 80534
1 CFNetwork 0x36617b84 0x36616000 + 7044
2 CFNetwork 0x36617af6 0x36616000 + 6902
3 MusicBandApp 0x0000bbfc 0x1000 + 44028
4 MusicBandApp 0x0000b740 0x1000 + 42816
5 Foundation 0x33b88382 0x33b6b000 + 119682
6 Foundation 0x33bfa5c6 0x33b6b000 + 587206
7 libsystem_c.dylib 0x3579530a 0x35762000 + 209674
8 libsystem_c.dylib 0x35796bb4 0x35762000 + 215988
but can"t show particular crash file name & line number.
How can sybolicate this crash report.
We need a file called symbolitecrash to process this file. This file can be located in /Developer/Platforms/iPhoneOS.platform/Developer/Library/PrivateFrameworks/DTDeviceKit.framework/Versions/A/Resources
Open the Terminal.
Copy symbolitecrash file to the default location shown when the terminal is opened.
eg. Terminal window :-
Last login: Wed Jun 22 15:28:21 on ttys000
UserMM:~ user$
Here, the default location is the directory "user".
Running this script with the -h option provides the minimal help:
UserMM:~ user$ symbolitecrash -h
usage:
/usr/local/bin/symbolicatecrash [-Ah] [-o ] LOGFILE [SYMBOL_PATH ...]
Symbolicates a crashdump LOGFILE which may be "-" to refer to stdin. By default,
all heuristics will be employed in an attempt to symbolicate all addresses.
Additional symbol files can be found under specified directories.
Options:
-A Only symbolicate the application, not libraries
-o If specified, the symbolicated log will be written to OUTPUT_FILE (defaults to stdout)
-h Display this message
-v Verbose
Place the .crash file in the same location where symbolitecrash file is copied.
To add symbols to the crash log you need the dSYM file generated by the linker when you compiled your application for AppStore. In other words, when you build for AppStore you should keep the dSYM package in a safe place backed up by Time Machine. This is very important. You should keep a copy of the dSYM for each version of your application ever shipped. If you have the package, translating code offsets to function names with line numbers has never been easier:
$ symbolicatecrash MiMo_2011-06-22-143801_Anands-Ipod.crash myApp.app.dSYM > myApp_2011-06-22-143801_Anands-Ipod1.crash
myApp_2011-06-22-143801_Anands-Ipod1.crash is the new crash file generated in the same location.
Here is the result:
Thread 0 Crashed:
0 libobjc.A.dylib 0x300c87ec objc_msgSend + 20
1 myApp 0x00006434 -[BoardView setSelectedPiece:] (BoardView.m :321)
I also described how to do this step by step in this post
It worked fine for me:
Crash Symbolized http://k.minus.com/jk4X2obwZMI7j.png
I am new one to develop iphone App. so help me to found out error in crash log. In crash log contains only library or framework. Help me to found out crash line .
Check the crash log and find the memory address where it is crashed .
(see MyApp 0x35626f5a 0x1000 + 22516)
Crash log:
0 WebCore 0x35626e8a 0x3023d000 + 23455
1 Foundation 0x3565ebf8 0x3023d000 + 56767
... ... ...
17 MyApp 0x35626f5a 0x1000 + 22516
Steps to analyze crash report:
Copy the .app file and the .dSYM file that was created at the time of release to a folder (say CrashTest).
Open the Crash report.
Open 'Terminal' application and go to the folder (CrashTest) created above (using CD command).
Use this command :atos -arch armv7 -o 'app_name.app'/'app_name' 'crashed_memory_location'.
(crashed_memory_location ->The memory location should be the one at which the app crashed as per the report).
Eg : atos -arch armv7 -o MyApp.app/MyApp 0x35626f5a
This would show you the exact line, method name which resulted in crash.
o/p format : [classname functionName:]; and line number
Eg : +[MyController formatMyAddress:] (in MyApp) (MyController.m:401)
Did u view a debug build or release build?
Release builds do not contain all the information about the crash.