[AC-1190] 3.5.0.GA Crashing on iOS

GitHub Issue	n/a
Type	Bug
Priority	n/a
Status	Closed
Resolution	Needs more info
Resolution Date	2015-02-03T15:05:45.000+0000
Affected Version/s	n/a
Fix Version/s	n/a
Components	n/a
Labels	n/a
Reporter	Mark Catley
Assignee	Shuo Liang
Created	2015-01-15T03:01:42.000+0000
Updated	2016-03-08T07:37:33.000+0000

Description

I am attempting to get our Titanium Classic app working on 3.5.0.GA and it is crashing a lot. The stacktrace isn't exactly the same every time it crashes, but it is close. Here is the stacktrace (from the simulator):

(lldb) bt
* thread #7: tid = 0x3c1429, 0x0000000101e7721f WorkPlanbool TI::JSObject::putDirectInternal<(TI::JSObject::PutMode)1>(TI::VM&, TI::PropertyName, TI::TiValue, unsigned int, TI::PutPropertySlot&, TI::JSCell*) + 1647, name = 'KrollContext<kroll$1>', stop reason = EXC_BAD_ACCESS (code=1, address=0xffffffffffffffe8)
    frame #0: 0x0000000101e7721f WorkPlanbool TI::JSObject::putDirectInternal<(TI::JSObject::PutMode)1>(TI::VM&, TI::PropertyName, TI::TiValue, unsigned int, TI::PutPropertySlot&, TI::JSCell*) + 1647
    frame #1: 0x0000000101e761b3 WorkPlanTI::putDescriptor(TI::ExecState*, TI::JSObject*, TI::PropertyName, TI::PropertyDescriptor const&, unsigned int, TI::PropertyDescriptor const&) + 435
    frame #2: 0x0000000101e752d7 WorkPlanTI::JSObject::defineOwnNonIndexProperty(TI::ExecState*, TI::PropertyName, TI::PropertyDescriptor const&, bool) + 551
    frame #3: 0x0000000101e6ec00 WorkPlanTI::JSObject::defineOwnProperty(TI::JSObject*, TI::ExecState*, TI::PropertyName, TI::PropertyDescriptor const&, bool) + 80
    frame #4: 0x0000000101e7a9fe WorkPlanTiObjectSetProperty + 494
  * frame #5: 0x0000000101b4a4dc WorkPlan-[KrollObject noteObject:forTiString:context:](self=0x00007fd0fe8b89c0, _cmd=0x000000010208c74e, storedJSObject=0x000000011e925c50, keyString=0x000000011e821060, jsContextRef=0x00000001168c83b8) + 284 at KrollObject.m:1227
    frame #6: 0x0000000101b45cc6 WorkPlanKrollGetProperty(jsContext=0x00000001168c83b8, object=0x000000011ebdf630, prop=0x000000011e821060, exception=0x0000000115e6b138) + 1462 at KrollObject.m:239
    frame #7: 0x0000000101e2e997 WorkPlanTI::JSCallbackObject<TI::JSDestructibleObject>::getOwnPropertySlot(TI::JSObject*, TI::ExecState*, TI::PropertyName, TI::PropertySlot&) + 487
    frame #8: 0x0000000101db779a WorkPlanTI::TiValue::get(TI::ExecState*, TI::PropertyName, TI::PropertySlot&) const + 362
    frame #9: 0x0000000101df8cf2 WorkPlanoperationGetById + 114
    frame #10: 0x000007b8e5791b76
    frame #11: 0x000007b8e57919f8
    frame #12: 0x000007b8e57919f8
    frame #13: 0x000007b8e57919f8
    frame #14: 0x000007b8e57919f8
    frame #15: 0x000007b8e57919f8
    frame #16: 0x0000000101ee7c0e WorkPlanllint_op_call + 153
    frame #17: 0x0000000101ee7c0e WorkPlanllint_op_call + 153
    frame #18: 0x0000000101ee7c0e WorkPlanllint_op_call + 153
    frame #19: 0x0000000101ee7c0e WorkPlanllint_op_call + 153
    frame #20: 0x0000000101ee7cc4 WorkPlanllint_op_construct + 153
    frame #21: 0x0000000101ee7cc4 WorkPlanllint_op_construct + 153
    frame #22: 0x000007b8e56f275d
    frame #23: 0x0000000101ee7bda WorkPlanllint_op_call + 101
    frame #24: 0x0000000101ee7c0e WorkPlanllint_op_call + 153
    frame #25: 0x000007b8e56f275d
    frame #26: 0x0000000101ee7bda WorkPlanllint_op_call + 101
    frame #27: 0x0000000101ee7c0e WorkPlanllint_op_call + 153
    frame #28: 0x0000000101ee7cc4 WorkPlanllint_op_construct + 153
    frame #29: 0x0000000101ee7c0e WorkPlanllint_op_call + 153
    frame #30: 0x000007b8e56f275d
    frame #31: 0x0000000101ee7c0e WorkPlanllint_op_call + 153
    frame #32: 0x0000000101ee7c0e WorkPlanllint_op_call + 153
    frame #33: 0x0000000101ee3fc5 WorkPlancallToJavaScript + 191
    frame #34: 0x0000000101dd6df0 WorkPlanTI::JITCode::execute(TI::VM*, TI::ProtoCallFrame*, TI::Register*) + 48
    frame #35: 0x000007b8e56f275d
    frame #36: 0x0000000101ee7bda WorkPlanllint_op_call + 101
    frame #37: 0x0000000101ee7d38 WorkPlanllint_op_call_varargs + 87
    frame #38: 0x0000000101ee7d38 WorkPlanllint_op_call_varargs + 87
    frame #39: 0x0000000101ee3fc5 WorkPlancallToJavaScript + 191
</pre></code>
<code><pre>
(lldb) bt
* thread #7: tid = 0x3c762b, 0x000000010879f820 WorkPlanTI::JSCallbackObject<TI::JSDestructibleObject>::getOwnPropertySlot(TI::JSObject*, TI::ExecState*, TI::PropertyName, TI::PropertySlot&) + 112, name = 'KrollContext<kroll$1>', stop reason = EXC_BAD_ACCESS (code=1, address=0x10)
    frame #0: 0x000000010879f820 WorkPlanTI::JSCallbackObject<TI::JSDestructibleObject>::getOwnPropertySlot(TI::JSObject*, TI::ExecState*, TI::PropertyName, TI::PropertySlot&) + 112
    frame #1: 0x00000001087ee11c WorkPlanTI::JSObject::get(TI::ExecState*, TI::PropertyName) const + 236
    frame #2: 0x00000001087eb6b6 WorkPlanTiObjectGetProperty + 182
  * frame #3: 0x00000001084bb677 WorkPlan-[KrollObject objectForTiString:context:](self=0x00007f8597829680, _cmd=0x00000001089fe3e5, keyString=0x0000000118e91090, jsContextRef=0x000000011d23f468) + 183 at KrollObject.m:1264
    frame #4: 0x00000001084b67b5 WorkPlanKrollGetProperty(jsContext=0x000000011d23f468, object=0x000000012060ff10, prop=0x000000011d5015d0, exception=0x000000011c7b3138) + 165 at KrollObject.m:198
    frame #5: 0x000000010879f997 WorkPlanTI::JSCallbackObject<TI::JSDestructibleObject>::getOwnPropertySlot(TI::JSObject*, TI::ExecState*, TI::PropertyName, TI::PropertySlot&) + 487
    frame #6: 0x000000010872879a WorkPlanTI::TiValue::get(TI::ExecState*, TI::PropertyName, TI::PropertySlot&) const + 362
    frame #7: 0x0000000108769cf2 WorkPlanoperationGetById + 114
    frame #8: 0x000006b9956db443
    frame #9: 0x000006b9956de5ee
    frame #10: 0x000006b9956df049
    frame #11: 0x000006b9956df3d8
    frame #12: 0x000006b9956df3d8
    frame #13: 0x0000000108858c0e WorkPlanllint_op_call + 153
    frame #14: 0x0000000108858c0e WorkPlanllint_op_call + 153
    frame #15: 0x0000000108858c0e WorkPlanllint_op_call + 153
    frame #16: 0x0000000108858c0e WorkPlanllint_op_call + 153
    frame #17: 0x0000000108858cc4 WorkPlanllint_op_construct + 153
    frame #18: 0x0000000108858cc4 WorkPlanllint_op_construct + 153
    frame #19: 0x000006b99560f9de
    frame #20: 0x0000000108858bda WorkPlanllint_op_call + 101
    frame #21: 0x0000000108858c0e WorkPlanllint_op_call + 153
    frame #22: 0x000006b99560f9de
    frame #23: 0x0000000108858bda WorkPlanllint_op_call + 101
    frame #24: 0x0000000108858c0e WorkPlanllint_op_call + 153
    frame #25: 0x0000000108858cc4 WorkPlanllint_op_construct + 153
    frame #26: 0x0000000108858c0e WorkPlanllint_op_call + 153
    frame #27: 0x000006b99560f9de
    frame #28: 0x0000000108858c0e WorkPlanllint_op_call + 153
    frame #29: 0x0000000108858c0e WorkPlanllint_op_call + 153
    frame #30: 0x0000000108854fc5 WorkPlancallToJavaScript + 191
    frame #31: 0x0000000108747df0 WorkPlanTI::JITCode::execute(TI::VM*, TI::ProtoCallFrame*, TI::Register*) + 48
    frame #32: 0x000006b99560f9de
    frame #33: 0x0000000108858bda WorkPlanllint_op_call + 101
    frame #34: 0x0000000108858d38 WorkPlanllint_op_call_varargs + 87
    frame #35: 0x0000000108858d38 WorkPlanllint_op_call_varargs + 87
    frame #36: 0x0000000108854fc5 WorkPlancallToJavaScript + 191

The only frame I can inspect in the debugger is [KrollObject objectForTiString:context: ... if I try to inspect keyString in the debugger it appears to be __EX\1\0 most of the time, but it has also been __EX\2EC\0. I don't know if that means anything to anyone. I got it to fail once where the keyString was a key string from my codebase. The string appeared to have some stuff after the key name and the before the null terminator ie it should have been "nodeName" and it was "nodeName" then 65320, 65535, 65535, 65535, 8072, 7107, 1, 0. Possibly indicates memory corruption? The crash is occurring at a point in the code when it's deserializing a large chunk of XML and turing it into JS objects. It wouldn't surprise me if the JS allocator is under a lot of load when it's crashing.

Attachments

File	Date	Size
WorkPlan.build.log	2015-01-15T22:47:02.000+0000	2655162
WorkPlan.crash.log	2015-01-16T02:46:50.000+0000	503471

Comments

Shuo Liang 2015-01-15

Please provide the full output from studio console when you build the app. Thanks
Mark Catley 2015-01-15

I have attached the log.
Shuo Liang 2015-01-16

Based on your log, I only can see the error about "you can't use push notification with a simulator". Actually, we would suggest you test your push notification service in physical device, not in simulator. So please try to test it with actual IOS device.
Mark Catley 2015-01-16

I thought you just wanted the build log? I can give you the log of the actual crash if you like.
Mark Catley 2015-01-16

I have attached the crashlog. It doesn't have any information in it though.
Mauro Parra-Miranda 2015-02-03

Hello, this doesn't include a testcase, so we can't reproduce this one. Please read this guide: http://docs.appcelerator.com/titanium/3.0/#!/guide/How_to_Submit_a_Bug_Report we recommend you to provide a testcase in the form of app.js with instructions on how to reproduce your issue. Best Regards

JSON Source