Re: What is overwriting 'isa' with 0xbaddc0dedeadbead ?
Re: What is overwriting 'isa' with 0xbaddc0dedeadbead ?
- Subject: Re: What is overwriting 'isa' with 0xbaddc0dedeadbead ?
- From: Greg Parker <email@hidden>
- Date: Mon, 25 May 2015 20:08:37 -0700
On May 23, 2015, at 4:54 PM, Ken Thomases <email@hidden> wrote:
>
> On May 23, 2015, at 12:54 PM, Jens Alfke <email@hidden> wrote:
>
>> On May 23, 2015, at 9:20 AM, Greg Parker <email@hidden> wrote:
>>>
>>> free() does that sometimes. If zombies doesn't find anything then try guard malloc.
>>
>> Good suggestion! I’d forgotten about guard malloc. This changes the crash; now the parameter to objc_release points to unmapped memory, implying that the object has been dealloced:
>>
>> (lldb) p/x $rdi
>> (unsigned long) $2 = 0x000061000d5a3fd0
>> (lldb) x $rdi
>> error: memory read failed for 0x61000d5a3e00
>>
>> Still no clue what object this is/was, though. And it seems weird that it got freed instead of turned into a zombie, since I still have zombies enabled too.
>
> Set the environment variable MallocStackLoggingNoCompact=1 before running the app. When it crashes, use the malloc_history tool to see the allocation history of the object address. (gdb had an "info malloc-history" command. According to <http://lldb.llvm.org/lldb-gdb.html>, the equivalent for lldb is "command script import lldb.macosx.heap" once to introduce the command and then "malloc_info --stack-history <address>".)
You can also use the Allocations instrument to record and display allocation and retain/release history of individual objects. It should work fine alongside Guard Malloc.
--
Greg Parker email@hidden Runtime Wrangler
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden