Re: What is overwriting 'isa' with 0xbaddc0dedeadbead ?
Re: What is overwriting 'isa' with 0xbaddc0dedeadbead ?
- Subject: Re: What is overwriting 'isa' with 0xbaddc0dedeadbead ?
- From: Ken Thomases <email@hidden>
- Date: Sat, 23 May 2015 18:54:54 -0500
On May 23, 2015, at 12:54 PM, Jens Alfke <email@hidden> wrote:
> On May 23, 2015, at 9:20 AM, Greg Parker <email@hidden> wrote:
>>
>> free() does that sometimes. If zombies doesn't find anything then try guard malloc.
>
> Good suggestion! I’d forgotten about guard malloc. This changes the crash; now the parameter to objc_release points to unmapped memory, implying that the object has been dealloced:
>
> (lldb) p/x $rdi
> (unsigned long) $2 = 0x000061000d5a3fd0
> (lldb) x $rdi
> error: memory read failed for 0x61000d5a3e00
>
> Still no clue what object this is/was, though. And it seems weird that it got freed instead of turned into a zombie, since I still have zombies enabled too.
Set the environment variable MallocStackLoggingNoCompact=1 before running the app. When it crashes, use the malloc_history tool to see the allocation history of the object address. (gdb had an "info malloc-history" command. According to <http://lldb.llvm.org/lldb-gdb.html>, the equivalent for lldb is "command script import lldb.macosx.heap" once to introduce the command and then "malloc_info --stack-history <address>".)
The history of that address may include many objects being allocated and deallocated before the one that causes the crash. So, look backward from the end of the history for the last allocation event and then read forward to understand what happened to it.
Regards,
Ken
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden