• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Mysterious crash in objc_msgSend in GC app
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mysterious crash in objc_msgSend in GC app

  • Subject: Re: Mysterious crash in objc_msgSend in GC app
  • From: Greg Parker <email@hidden>
  • Date: Tue, 27 Oct 2009 11:30:18 -0700
On Oct 27, 2009, at 10:43 AM, Sean McBride wrote:
Occasionally, my GC app crashes in objc_msgSend with none of my code in
the backtrace. This only happens to customers; I've never caught it in gdb.

I've read through Greg's awesome "So you crashed in objc_msgSend()"
article, but I still don't have a clue. :(


Shameless plug:
http://sealiesoftware.com/blog/archive/2008/09/22/objc_explain_So_you_crashed_in_objc_msgSend.html


I'm able to determine that the selector was from libobjc.A.dylib but I
don't know which (the uuid from dwarfdump does not match mine).

The bad address `0xfffffff7fa6d09cf ` looks like the inverse of a real pointer, so it's probably the isa pointer from a freed GC object.

(The first pointer inside a freed object is often used as a pointer to other free objects, but disguised so it doesn't look like a "real" pointer. This happens to be the same bytes that were used for the isa pointer while the object was alive. If objc_msgSend() is called on the deleted object, it will crash with characteristic invalid address. The GC allocator disguises these pointers by inverting them; the non-GC malloc disguises the pointer by inverting the top two and bottom two bits only.)

The selector is `_handleRecognitionDoneWithRecognitionResult:`, which is from NSSpeechRecognizer. It looks like NSSpeechRecognizer fixed a GC bug in Snow Leopard; do you have any similar crashes from Snow Leopard? My guess is no, because you would have seen the selector name included in Snow Leopard crash logs.

You may be able to reproduce this on your own (Leopard) machine by using speech recognition in your app. You may be able to work around this by keeping an extra strong reference or CFRetain() on your NSSpeechRecognizer objects.


--
Greg Parker     email@hidden     Runtime Wrangler


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Mysterious crash in objc_msgSend in GC app

      • From: "Sean McBride" <email@hidden>
      • 





References: 


 >Mysterious crash in objc_msgSend in GC app (From: "Sean McBride" <email@hidden>)






    

  • Prev by Date:
Re: Alternative to stringWithContentsOfURL

    • 

  • Next by Date:
Re: Using UISwitch within TabBar Application [iPhone]

    • 

  • Previous by thread:
Re: Mysterious crash in objc_msgSend in GC app

    • 

  • Next by thread:
Re: Mysterious crash in objc_msgSend in GC app

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •