Help me diagnose this crash
a lot of users of my app are sending in this crash but I'm unable to repeat it.. So I'm looking for tips on how I can troubleshoot it, here's the relevant section of the crash log:
Exception Type: EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes: 0x0000000000000001, 0x0000000000000000
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Application Specific Information:
objc[1535]: FREED(id): message retain sent to freed object=0x640ad0
Thread 0 Crashed: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x9116f4b4 _objc_error + 116
1 libobjc.A.dylib 0x9116f4ea __objc_error + 52
2 libobjc.A.dylib 0x9116d7dc _freedHandler + 58
3 ...my_company.my_app 0x00045635 -[MyObject mySelector] + 1494
4 com.apple.Foundation 0x90be18d4 __NSFireTimer + 141
5 com.apple.CoreFoundation 0x93a38adb __CFRunLoopRun + 8059
6 com.apple.CoreFoundation 0x93a36464 CFRunLoopRunSpecific + 452
7 com.apple.CoreFoundation 0x93a36291 CFRunLoopRunInMode + 97
8 com.apple.HIToolbox 0x92982e04 RunCurrentEventLoopInMode + 392
9 com.apple.HIToolbox 0x92982bb9 ReceiveNextEventCommon + 354
10 com.apple.HIToolbox 0x92982a3e BlockUntilNextEventMatchingListInMode + 81
11 com.apple.AppKit 0x9576e78d _DPSNextEvent + 847
12 com.apple.AppKit 0x9576dfce -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 156
13 com.apple.AppKit 0x95730247 -[NSApplication run] + 821
14 com.apple.AppKit 0x957282d9 NSApplicationMain + 574
15 ...my_company.my_app 0x00002042 start + 54
So, from this line:
3 ...my_company.my_app 0x00045635 -[MyObject mySelector] + 1494
I can deduce that in mySelector a message is being sent to an object that's already being released, but I've looked through the code and I just can't see it and there are too many other dependencies to post the code here.
So my questions are:
- What do the numbers at the end of each line indicate, in the above example it's 1494.
- On the preceding line there's a reference to __NSFireTimer - does this indicate that mySelector is being called by a NSTimer in my code?
- I've tried running my app with Zombies enabled, aside from sprinkling my code with checks that each object != nil in mySelector, what else can I do if I can't repeat the crash?
Any help on this would be greatly appreciated!
Bangy2 Answers
Use instruments to watch allocation. I found it helpful.
Hack SawI believe the numbers at the end of each line indicate the offset in terms of code bytes within the function at that point in the backtrace. A debugger would use this information to map the code offset to an actual line of source code (it needs debug information in the application to do this). In your case, the information is not particularly useful.
The reference to NSFireTimer means that your main thread's run loop has had a timer scheduled and it has fired calling [myObject mySelector]. I think from the stack trace we can assume that the timer has invoked "myObject" directly since there are no other intervening stack frames.
My guess would be that the object has been freed but it was the target of a scheduled timer in your main thread, which you have forgotten to remove.
How the object became freed in the first place depends on how your application is compiled. Does it use Garbage Collection, or does it rely on retain/release memory management?
If you are not using garbage collection, then you have probably missed a "retain" somewhere. Perhaps your object has been autoreleased and the runloop has cleaned it up when you didn't expect it to?
If you can identify the timer involved, you might want to consider disabling the timer in the dealloc or finalize method of your class. You could also add some logging there to show you when the object is freed.
OzBanditUser contributions licensed under CC BY-SA 3.0