Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-5335] iOS: registeredProxies mutated during -[KrollBridge didReceiveMemoryWarning:]

GitHub Issuen/a
TypeBug
PriorityHigh
StatusClosed
ResolutionFixed
Resolution Date2011-09-22T10:45:38.000+0000
Affected Version/sRelease 1.7.2
Fix Version/sSprint 2011-38, Release 1.8.0
ComponentsiOS
Labelsbranch-5062
ReporterStephen Tramer
AssigneeStephen Tramer
Created2011-09-22T05:29:04.000+0000
Updated2011-12-10T10:53:35.000+0000

Description

We have a little bit of a problem with memory warnings in KrollBridge. Apparently, registeredProxies can be mutated while the fast iteration in -[KrollBridge didReceiveMemoryWarning:] is proceeding (see http://networkpx.blogspot.com/2009/07/analyzing-objective-cs-for-in-loop-fast.html for a description of how fast enumeration is unrolled, and judge for yourself how "smart" the OS is about preempting this at EXACTLY the wrong time to disrupt the mutationsPtr). And yes: jetsam apparently doesn't interact with any kind of scheduling to ensure that only an application's main thread is being run. This crash report is evidence enough of that. Wish we could have a good, hard, reproducible test case for Apple so they could try and fix this (is there really precedence for a watchdog application taking over kernel scheduling?) Anyway, here we go...
Incident Identifier: EA23A633-B2EE-48EF-916D-B1B83BEDBEB4
CrashReporter Key:   38cb7cb670efe80e40368cb85b5503770ed373ae
Hardware Model:      iPad1,1
Process:         tiapplication [924]
Path:            /var/mobile/Applications/10B644A6-1147-4754-BED5-DDC27F30259F/tiapplication.app/tiapplication
Identifier:      tiapplication
Version:         ??? (???)
Code Type:       ARM (Native)
Parent Process:  launchd [1]

Date/Time:       2011-09-21 18:14:03.062 +0200
OS Version:      iPhone OS 4.2.1 (8C148)
Report Version:  104

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x00000000, 0x00000000
Crashed Thread:  0

Thread 0 Crashed:
0   libSystem.B.dylib             	0x30d7c2d4 __kill + 8
1   libSystem.B.dylib             	0x30d7c2c4 kill + 4
2   libSystem.B.dylib             	0x30d7c2b6 raise + 10
3   libSystem.B.dylib             	0x30d90d72 abort + 50
4   libstdc++.6.dylib             	0x34981a20 __gnu_cxx::__verbose_terminate_handler() + 376
5   libobjc.A.dylib               	0x34a83594 _objc_terminate + 104
6   libstdc++.6.dylib             	0x3497fdf2 __cxxabiv1::__terminate(void (*)()) + 46
7   libstdc++.6.dylib             	0x3497fe46 std::terminate() + 10
8   libstdc++.6.dylib             	0x3497ff16 __cxa_throw + 78
9   libobjc.A.dylib               	0x34a824c4 objc_exception_throw + 64
10  CoreFoundation                	0x3587c12c -[NSObject(NSObject) doesNotRecognizeSelector:] + 96
11  CoreFoundation                	0x35823aa2 ___forwarding___ + 502
12  CoreFoundation                	0x35823858 _CF_forwarding_prep_0 + 40
13  tiapplication                       	0x00091b3a -[TiProxy toString:] (TiProxy.m:1137)
14  tiapplication                       	0x00091bcc -[TiProxy description] (TiProxy.m:1145)
15  CoreFoundation                	0x3580e63e -[NSObject(NSObject) _copyDescription] + 18
16  CoreFoundation                	0x3580e564 CFCopyDescription + 80
17  CoreFoundation                	0x3588bcec __CFBasicHashStandardCopyKeyDescription + 8
18  CoreFoundation                	0x3588d224 __CFBasicHashCopyDescription_block_invoke_1 + 236
19  CoreFoundation                	0x357e60f4 CFBasicHashApply + 124
20  CoreFoundation                	0x3588d65c CFBasicHashCopyDescription + 680
21  CoreFoundation                	0x3588d768 __CFBasicHashCopyDescription + 44
22  CoreFoundation                	0x35855092 __CFDictionaryCopyDescription + 2
23  CoreFoundation                	0x3580e5a2 CFCopyDescription + 142
24  CoreFoundation                	0x3587a2be __NSFastEnumerationMutationHandler + 138
25  libobjc.A.dylib               	0x34a88486 objc_enumerationMutation + 18
26  tiapplication                       	0x00033008 -[KrollBridge didReceiveMemoryWarning:] (KrollBridge.mm:224)
27  Foundation                    	0x3117561c _nsnote_callback + 136
28  CoreFoundation                	0x3580111c __CFXNotificationPost_old + 396
29  CoreFoundation                	0x35800dbc _CFXNotificationPostNotification + 112
30  Foundation                    	0x31164d1c -[NSNotificationCenter postNotificationName:object:userInfo:] + 64
31  Foundation                    	0x3116e23a -[NSNotificationCenter postNotificationName:object:] + 18
32  UIKit                         	0x342aada2 -[UIApplication _performMemoryWarning] + 42
33  UIKit                         	0x342ab9c4 -[UIApplication _receivedMemoryNotification] + 120
34  UIKit                         	0x342a8770 _memoryStatusChanged + 36
35  CoreFoundation                	0x358310c6 __CFNotificationCenterDarwinCallBack + 18
36  CoreFoundation                	0x35817be0 __CFMachPortPerform + 204
37  CoreFoundation                	0x3580f6f8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 20
38  CoreFoundation                	0x3580f6bc __CFRunLoopDoSource1 + 160
39  CoreFoundation                	0x35801f76 __CFRunLoopRun + 514
40  CoreFoundation                	0x35801c80 CFRunLoopRunSpecific + 224
41  CoreFoundation                	0x35801b88 CFRunLoopRunInMode + 52
42  GraphicsServices              	0x320c84a4 GSEventRunModal + 108
43  GraphicsServices              	0x320c8550 GSEventRun + 56
44  UIKit                         	0x341dc322 -[UIApplication _run] + 406
45  UIKit                         	0x341d9e8c UIApplicationMain + 664
46  tiapplication                       	0x00003bb8 main (main.m:36)
47  tiapplication                       	0x0000345c 0x1000 + 9308
Thread 3:
0   libSystem.B.dylib             	0x30d31398 pread + 20
1   libsqlite3.dylib              	0x3617afaa _sqlite3_purgeEligiblePagerCacheMemory + 218
2   libsqlite3.dylib              	0x3617ccb6 _sqlite3_purgeEligiblePagerCacheMemory + 7654
3   libsqlite3.dylib              	0x361727d8 sqlite3_db_status + 996
4   libsqlite3.dylib              	0x36189062 sqlite3_extended_errcode + 18502
5   libsqlite3.dylib              	0x361890fa sqlite3_extended_errcode + 18654
6   libsqlite3.dylib              	0x36189126 sqlite3_extended_errcode + 18698
7   libsqlite3.dylib              	0x36189168 sqlite3_extended_errcode + 18764
8   libsqlite3.dylib              	0x36189246 sqlite3_extended_errcode + 18986
9   libsqlite3.dylib              	0x36192e80 sqlite3_column_bytes16 + 5752
10  libsqlite3.dylib              	0x361b0c48 fts3DbExec + 21492
11  libsqlite3.dylib              	0x36171de4 sqlite3_step + 56
12  tiapplication                       	0x0002abe8 -[PLSqliteResultSet next] (PLSqliteResultSet.m:147)
13  tiapplication                       	0x000a7b52 -[TiDatabaseProxy execute:] (TiDatabaseProxy.m:153)
14  CoreFoundation                	0x35825cfc __invoking___ + 60
15  CoreFoundation                	0x35825bce -[NSInvocation invoke] + 102
16  tiapplication                       	0x0003a622 -[KrollMethod call:] (KrollMethod.m:247)
17  tiapplication                       	0x0003984e KrollCallAsFunction (KrollMethod.m:42)
18  tiapplication                       	0x00171c80 TI::TiCallbackObject<TI::TiObject>::call(TI::TiExcState*, TI::TiObject*, TI::TiValue, TI::ArgList const&) (TiCallbackObjectFunctions.h:396)
19  tiapplication                       	0x0015d550 TI::Interpreter::privateExecute(TI::Interpreter::ExecutionFlag, TI::RegisterFile*, TI::TiExcState*, TI::TiValue*) (Interpreter.cpp:3645)
20  tiapplication                       	0x0015f966 TI::Interpreter::execute(TI::FunctionExecutable*, TI::TiExcState*, TI::TiFunction*, TI::TiObject*, TI::ArgList const&, TI::ScopeChainNode*, TI::TiValue*) (Interpreter.cpp:815)
21  tiapplication                       	0x00169718 TI::TiFunction::call(TI::TiExcState*, TI::TiValue, TI::ArgList const&) (TiFunction.cpp:146)
22  tiapplication                       	0x001447fa TI::call(TI::TiExcState*, TI::TiValue, TI::CallType, TI::CallData const&, TI::TiValue, TI::ArgList const&) (CallData.cpp:46)
23  tiapplication                       	0x00170594 TiObjectCallAsFunction (TiObjectRef.cpp:449)
24  tiapplication                       	0x000403fa -[KrollObject triggerEvent:withObject:thisObject:] (KrollObject.m:1528)
25  tiapplication                       	0x00034ec0 -[KrollEvent invoke:] (KrollContext.mm:658)
26  tiapplication                       	0x00035ec6 -[KrollContext invoke:] (KrollContext.mm:895)
27  tiapplication                       	0x00036baa -[KrollContext main] (KrollContext.mm:1207)
28  Foundation                    	0x3116c192 -[NSThread main] + 38
29  Foundation                    	0x31165242 __NSThread__main__ + 966
30  libSystem.B.dylib             	0x30d7d886 _pthread_start + 242
31  libSystem.B.dylib             	0x30d72a88 thread_start + 0
The problem is so dependent on OS scheduling, memory conditions, core availability, jetsam behavior, and possibly even iOS version, that it is nearly impossible to reproduce. The bug description and summary was worked backwards from the crash report.

Comments

  1. Stephen Tramer 2011-09-22

    The real problem, of course, is that we can't suspend/block our OWN threads as soon as a memory warning comes in. We need to have a discussion about memory management infrastructure vs. threading.
  2. Thomas Huelbert 2011-12-10

    qe cannot test - closing

JSON Source