V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
iOS 开发实用技术导航
NSHipster 中文版
http://nshipster.cn/
cocos2d 开源 2D 游戏引擎
http://www.cocos2d-iphone.org/
CocoaPods
http://cocoapods.org/
Google Analytics for Mobile 统计解决方案
http://code.google.com/mobile/analytics/
WWDC
https://developer.apple.com/wwdc/
Design Guides and Resources
https://developer.apple.com/design/
Transcripts of WWDC sessions
http://asciiwwdc.com
Cocoa with Love
http://cocoawithlove.com/
Cocoa Dev Central
http://cocoadevcentral.com/
NSHipster
http://nshipster.com/
Style Guides
Google Objective-C Style Guide
NYTimes Objective-C Style Guide
Useful Tools and Services
Charles Web Debugging Proxy
Smore
changhogliang
V2EX  ›  iDev

使用 Address Sanitizer 发现了一个 bug,日志该怎么看,如何去找到问题出在哪里?

  •  
  •   changhogliang · 2016-12-14 10:57:21 +08:00 · 8962 次点击
    这是一个创建于 2960 天前的主题,其中的信息可能已经有所发展或是发生改变。

    xcode 的日志如下:

    ==581==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x000117e1ea68 at pc 0x000100d2500c bp 0x00016e045830 sp 0x00016e045828 READ of size 8 at 0x000117e1ea68 thread T3

        #0 0x100d2500b in __64+[NetworkObserver injectIntoAllNSURLConnectionDelegateClasses]_block_invoke (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/iosapp+0x100c5d00b)
        #1 0x1017a521b in _dispatch_client_callout (/usr/lib/system/introspection/libdispatch.dylib+0x121b)
        #2 0x1017a604b in dispatch_once_f (/usr/lib/system/introspection/libdispatch.dylib+0x204b)
        #3 0x100d24913 in +[NetworkObserver injectIntoAllNSURLConnectionDelegateClasses] (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/iosapp+0x100c5c913)
        #4 0x100d239fb in +[NetworkObserver setEnabled:] (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/iosapp+0x100c5b9fb)
        #5 0x100d70a73 in __26+[AP startWithAppID:]_block_invoke (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/iosapp+0x100ca8a73)
        #6 0x100d8489f in __47-[ConnectionQueue connectHostWithCompletion:]_block_invoke_2 (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/iosapp+0x100cbc89f)
        #7 0x18e752617 in <redacted> (/System/Library/Frameworks/CFNetwork.framework/CFNetwork+0x3617)
        #8 0x18e769317 in <redacted> (/System/Library/Frameworks/CFNetwork.framework/CFNetwork+0x1a317)
        #9 0x18ec157e3 in <redacted> (/System/Library/Frameworks/Foundation.framework/Foundation+0xe57e3)
        #10 0x18eb5a357 in <redacted> (/System/Library/Frameworks/Foundation.framework/Foundation+0x2a357)
        #11 0x18eb4a953 in <redacted> (/System/Library/Frameworks/Foundation.framework/Foundation+0x1a953)
        #12 0x18ec17b8f in <redacted> (/System/Library/Frameworks/Foundation.framework/Foundation+0xe7b8f)
        #13 0x10191f097 in asan_dispatch_call_block_and_release (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib+0x3b097)
        #14 0x1017a521b in _dispatch_client_callout (/usr/lib/system/introspection/libdispatch.dylib+0x121b)
        #15 0x1017b2b53 in _dispatch_queue_serial_drain (/usr/lib/system/introspection/libdispatch.dylib+0xeb53)
        #16 0x1017a8ce3 in _dispatch_queue_invoke (/usr/lib/system/introspection/libdispatch.dylib+0x4ce3)
        #17 0x1017b4e6b in _dispatch_root_queue_drain (/usr/lib/system/introspection/libdispatch.dylib+0x10e6b)
        #18 0x1017b4bb7 in _dispatch_worker_thread3 (/usr/lib/system/introspection/libdispatch.dylib+0x10bb7)
        #19 0x18d1e52c7 in _pthread_wqthread (/usr/lib/system/libsystem_pthread.dylib+0x12c7)
        #20 0x18d1e4db3 in start_wqthread (/usr/lib/system/libsystem_pthread.dylib+0xdb3)```
    </br>
    0x000117e1ea68 is located 0 bytes to the right of 123496-byte region [0x000117e00800,0x000117e1ea68)
    allocated by thread T3 here:
    ``` #0 0x1019206f7 in wrap_malloc (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib+0x3c6f7)
        #1 0x100d24f9f in __64+[NetworkObserver injectIntoAllNSURLConnectionDelegateClasses]_block_invoke (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/iosapp+0x100c5cf9f)
        #2 0x1017a521b in _dispatch_client_callout (/usr/lib/system/introspection/libdispatch.dylib+0x121b)
        #3 0x1017a604b in dispatch_once_f (/usr/lib/system/introspection/libdispatch.dylib+0x204b)
        #4 0x100d24913 in +[NetworkObserver injectIntoAllNSURLConnectionDelegateClasses] (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/iosapp+0x100c5c913)
        #5 0x100d239fb in +[NetworkObserver setEnabled:] (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/iosapp+0x100c5b9fb)
        #6 0x100d70a73 in __26+[AP startWithAppID:]_block_invoke (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/iosapp+0x100ca8a73)
        #7 0x100d8489f in __47-[ConnectionQueue connectHostWithCompletion:]_block_invoke_2 (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/iosapp+0x100cbc89f)
        #8 0x18e752617 in <redacted> (/System/Library/Frameworks/CFNetwork.framework/CFNetwork+0x3617)
        #9 0x18e769317 in <redacted> (/System/Library/Frameworks/CFNetwork.framework/CFNetwork+0x1a317)
        #10 0x18ec157e3 in <redacted> (/System/Library/Frameworks/Foundation.framework/Foundation+0xe57e3)
        #11 0x18eb5a357 in <redacted> (/System/Library/Frameworks/Foundation.framework/Foundation+0x2a357)
    #12 0x18eb4a953 in <redacted> (/System/Library/Frameworks/Foundation.framework/Foundation+0x1a953)
        #13 0x18ec17b8f in <redacted> (/System/Library/Frameworks/Foundation.framework/Foundation+0xe7b8f)
        #14 0x10191f097 in asan_dispatch_call_block_and_release (/var/containers/Bundle/Application/98800CF8-BBF8-4B69-A29F-A988509D1600/iosapp.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib+0x3b097)
        #15 0x1017a521b in _dispatch_client_callout (/usr/lib/system/introspection/libdispatch.dylib+0x121b)
        #16 0x1017b2b53 in _dispatch_queue_serial_drain (/usr/lib/system/introspection/libdispatch.dylib+0xeb53)
        #17 0x1017a8ce3 in _dispatch_queue_invoke (/usr/lib/system/introspection/libdispatch.dylib+0x4ce3)
        #18 0x1017b4e6b in _dispatch_root_queue_drain (/usr/lib/system/introspection/libdispatch.dylib+0x10e6b)
        #19 0x1017b4bb7 in _dispatch_worker_thread3 (/usr/lib/system/introspection/libdispatch.dylib+0x10bb7)
        #20 0x18d1e52c7 in _pthread_wqthread (/usr/lib/system/libsystem_pthread.dylib+0x12c7)
        #21 0x18d1e4db3 in start_wqthread (/usr/lib/system/libsystem_pthread.dylib+0xdb3)
    
    

    Thread T3 created by T1 here: <empty stack="">
    Thread T1 created by T0 here:

        #1 0x1028c53eb in GPUTools::Interpose::DYInitInterpose(DYGuestAppClient* (*)(), int) (/Developer/Library/PrivateFrameworks/GPUToolsCore.framework/GPUToolsCore+0x113eb)
        #2 0x10187595b  (<unknown module>)
        #3 0x101875b83  (<unknown module>)
        #4 0x101870f2b  (<unknown module>)
        #5 0x10186ff4f  (<unknown module>)
        #6 0x101870003  (<unknown module>)
        #7 0x101862463  (<unknown module>)
        #8 0x1018668f3  (<unknown module>)
        #9 0x101861043  (<unknown module>) ```
    
        SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __64+[NetworkObserver injectIntoAllNSURLConnectionDelegateClasses]_block_invoke
    Shadow bytes around the buggy address:<br><br>
    0x0001431c3cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br>
    0x0001431c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br>
    0x0001431c3d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br>
    0x0001431c3d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br>
     0x0001431c3d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br>
    =>0x0001431c3d40: 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa fa<br>
    0x0001431c3d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa<br>
    0x0001431c3d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa<br>
    0x0001431c3d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa<br>
    0x0001431c3d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa<br>
    0x0001431c3d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa<br>
    Shadow byte legend (one shadow byte represents 8 application bytes):<br>
      Addressable:           00<br>
      Partially addressable: 01 02 03 04 05 06 07<br>
      Heap left redzone:       fa<br>
      Heap right redzone:      fb<br>
      Freed heap region:       fd<br>
      Stack left redzone:      f1<br>
      Stack mid redzone:       f2<br>
      Stack partial redzone:   f4<br>
      Stack after return:      f5<br>
      Stack use after scope:   f8<br>
      Global redzone:          f9<br>
      Global init order:       f6<br>
      Poisoned by user:        f7<br>
      Container overflow:      fc<br>
      Array cookie:            ac<br>
      Intra object redzone:    bb<br>
      ASan internal:           fe<br>
      Left alloca redzone:     ca<br>
      Right alloca redzone:    cb<br><br>
    ==581==ABORTING<br>
    Warning: hit breakpoint while running function, skipping commands and conditions to prevent recursion.warning: could not load any Objective-C class information from the dyld shared cache. This will significantly reduce the quality of type information available.
    AddressSanitizer report breakpoint hit. Use 'thread info -s' to get extended information about the report.
    
    

    崩溃的线程:

    * thread #5: tid = 0x14006, 0x0000000101929470 libclang_rt.asan_ios_dynamic.dylib`__asan::AsanDie(), queue = 'NSOperationQueue 0x114563b50 :: NSOperation 0x10b9be650 (QOS: DEFAULT)', stop reason = Heap buffer overflow detected
        frame #0: 0x0000000101929470 libclang_rt.asan_ios_dynamic.dylib`__asan::AsanDie()
        frame #1: 0x000000010192cf2c libclang_rt.asan_ios_dynamic.dylib`__sanitizer::Die() + 44
        frame #2: 0x0000000101928280 libclang_rt.asan_ios_dynamic.dylib`__asan::ScopedInErrorReport::~ScopedInErrorReport() + 336
        frame #3: 0x0000000101928018 libclang_rt.asan_ios_dynamic.dylib`__asan::ScopedInErrorReport::~ScopedInErrorReport() + 12
        frame #4: 0x0000000101927b94 libclang_rt.asan_ios_dynamic.dylib`__asan_report_error + 3216
        frame #5: 0x0000000101928534 libclang_rt.asan_ios_dynamic.dylib`__asan_report_load8 + 44
      * frame #6: 0x0000000100d2500c iosapp`__64+[NetworkObserver injectIntoAllNSURLConnectionDelegateClasses]_block_invoke(.block_descriptor=<unavailable>) + 1632 at NetworkObserver.m:190
        frame #7: 0x00000001017a521c libdispatch.dylib`_dispatch_client_callout + 16
        frame #8: 0x00000001017a604c libdispatch.dylib`dispatch_once_f + 116
        frame #9: 0x0000000100d24914 iosapp`+[NetworkObserver injectIntoAllNSURLConnectionDelegateClasses] [inlined] _dispatch_once(predicate=0x00000001011c2760, block=(iosapp`__64+[NetworkObserver injectIntoAllNSURLConnectionDelegateClasses]_block_invoke at NetworkObserver.m:162)) + 124 at once.h:68
        frame #10: 0x0000000100d24898 iosapp`+[NetworkObserver injectIntoAllNSURLConnectionDelegateClasses](self=NetworkObserver, _cmd="injectIntoAllNSURLConnectionDelegateClasses") + 832 at NetworkObserver.m:162
        frame #11: 0x0000000100d239fc iosapp`+[NetworkObserver setEnabled:](self=NetworkObserver, _cmd="setEnabled:", enabled=YES) + 240 at NetworkObserver.m:89
        frame #12: 0x0000000100d70a74 iosapp`__26+[AP startWithAppID:]_block_invoke(.block_descriptor=<unavailable>, success=YES) + 236 at AP.m:61
        frame #13: 0x0000000100d848a0 iosapp`__47-[ConnectionQueue connectHostWithCompletion:]_block_invoke_2(.block_descriptor=<unavailable>, data=<unavailable>, response=<unavailable>, error=<unavailable>) + 1096 at RAConnectionQueue.m:175
        frame #14: 0x000000018e752618 CFNetwork`__75-[__NSURLSessionLocal taskForClass:request:uploadFile:bodyData:completion:]_block_invoke + 32
        frame #15: 0x000000018e769318 CFNetwork`__49-[__NSCFLocalSessionTask _task_onqueue_didFinish]_block_invoke + 296
        frame #16: 0x000000018ec157e4 Foundation`__NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK__ + 16
        frame #17: 0x000000018eb5a358 Foundation`-[NSBlockOperation main] + 96
        frame #18: 0x000000018eb4a954 Foundation`-[__NSOperationInternal _start:] + 620
        frame #19: 0x000000018ec17b90 Foundation`__NSOQSchedule_f + 228
        frame #20: 0x000000010191f098 libclang_rt.asan_ios_dynamic.dylib`asan_dispatch_call_block_and_release + 264
        frame #21: 0x00000001017a521c libdispatch.dylib`_dispatch_client_callout + 16
        frame #22: 0x00000001017b2b54 libdispatch.dylib`_dispatch_queue_serial_drain + 1136
        frame #23: 0x00000001017a8ce4 libdispatch.dylib`_dispatch_queue_invoke + 672
        frame #24: 0x00000001017b4e6c libdispatch.dylib`_dispatch_root_queue_drain + 584
        frame #25: 0x00000001017b4bb8 libdispatch.dylib`_dispatch_worker_thread3 + 140
        frame #26: 0x000000018d1e52c8 libsystem_pthread.dylib`_pthread_wqthread + 1288
    
    

    xcode 停留的位置:

     Class *classes = NULL;
            int numClasses = objc_getClassList(NULL, 0);
    
            if (numClasses > 0) {
                classes = (__unsafe_unretained Class *)malloc(sizeof(Class) * numClasses);
                numClasses = objc_getClassList(classes, numClasses);
                for (NSInteger classIndex = 0; classIndex < numClasses; ++classIndex) {
                    Class class = classes[classIndex];
    
                    if (class == [NetworkObserver class] ||
                        class == [ConnectionQueue class] ||
                        class == [HTTPProtocol class]) {
                        continue;
                    }
    

    最后停留在 Class class = classes[classIndex];问题可能出在哪里?

    5 条回复    2016-12-14 15:42:20 +08:00
    TJT
        1
    TJT  
       2016-12-14 12:25:03 +08:00
    这种是典型的数组越界吧, numClasses 重新赋值了,应该是这里出错了。
    changhogliang
        2
    changhogliang  
    OP
       2016-12-14 12:41:35 +08:00
    @TJT 看了下断点, classIndex 的值为 15437 , numClasses 为 15441.显然没有越界。
    cute
        3
    cute  
       2016-12-14 15:05:22 +08:00
    试试这样呢

    unsigned int numClasses;
    Class *classes = objc_copyClassList(&numClasses);
    for (unsigned int i = 0; i < numClasses; i++) {
    Class cls = classes[i];
    NSLog(@"class name: %s", class_getName(cls));
    }
    free(classes);
    changhogliang
        4
    changhogliang  
    OP
       2016-12-14 15:16:53 +08:00
    @cute 谢谢,已经解决了, iOS 子线程的默认堆栈为 512k ,比较小,子线程做了很多操作,特别是这个比较大的数组,导致溢出,我在这里重新开了个线程,问题解决了。
    cute
        5
    cute  
       2016-12-14 15:42:20 +08:00
    @changhogliang 学习了
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1708 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 16:41 · PVG 00:41 · LAX 08:41 · JFK 11:41
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.