CoreFoundation object over-retained during finalization
CoreFoundation object over-retained during finalization
- Subject: CoreFoundation object over-retained during finalization
- From: email@hidden
- Date: Fri, 11 Mar 2011 16:21:36 +0000
I see the following in a crash report for a GC app:
== CRASH REPORT START
Exception Type: EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes: 0x0000000000000001, 0x0000000000000000
Crashed Thread: 2 Dispatch queue: Garbage Collection Work Queue
Application Specific Information:
objc[4128]: garbage collection is ON
fatal resurrection error for garbage block 0x10bbcf0(SecKeychain[304]): over-retained during finalization, refcount = 1
...
malloc: garbage block 0x10bbcf0(SecKeychain[304]) was over-retained during finalization, refcount = 1
This could be an unbalanced CFRetain(), or CFRetain() balanced with -release.
Break on auto_zone_resurrection_error() to debug.
KosmicTask(4128,0xb013d000) malloc: fatal resurrection error for garbage block 0x10bbcf0(SecKeychain[304]): over-retained during finalization, refcount = 1
== CRASH REPORT END
I interpret this to mean:
During the freeing of memory marked as collectable a SecKeychain object was found with a ref count of 1.
I cannot quite convince myself how this arises for a CF object in a GC envionment.
From reading the memory manage docs my best estimate of how this occurs is.
I allocate an opaque object of type SecKeychain pointed to by a SecKeychainRef.
CFRelease(SecKeychainRef) gets called somewhere. Retain count goes to 0. The object will now be collected when no longer rooted.
The object receives a further retain but no matching CFRelease().
The object becomes no longer referenced by another object, or the stack etc.
The object is collected and the positive retain count is encountered.
Is the above strictly correct or am I missing something?
The most pertinent bit of
http://developer.apple.com/library/mac/#documentation/cocoa/conceptual/GarbageCollection/Articles/gcCoreFoundation.html#//apple_ref/doc/uid/TP40006687-SW1
seems to be:
The difference between the garbage-collected environment and reference-counted environment is in the timing of the object’s deallocation. In a reference counted environment, when the object’s retain count drops to 0 it is deallocated immediately; in a garbage-collected environment, what happens when a Core Foundation object's retain count transitions from 1 to 0 depends on where it resides in memory:
If the object is in the malloc zone, it is deallocated immediately.
If the object is in the garbage collected zone, the last CFRelease() does not immediately free the object, it simply makes it eligible to be reclaimed by the collector when it is discovered to be unreachable—that is, once all strong references to it are gone. Thus as long as the object is still referenced from an object-type instance variable (that hasn't been marked as__weak), a register, the stack, or a global variable, it will not be collected.
Regards
Jonathan Mitchell
Developer
Mugginsoft LLP
http://www.mugginsoft.com
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden