1、野指针问题 【EXC_BAD_ACCESS (SIGSEGV) / KERN_INVALID_ADDRESS]
Possible zombie in call: Function: objc_releaseParam 1: 0x157f2a740 Originated at or in a subcall of unknown, cannot find symb
如有以下溃散栈可以怀疑是在dealloc
中直接或直接运用了@try{} @catch{}
2、溃散栈
0 libobjc.A.dylib _objc_release()
1 CoreFoundation -[__NSDictionaryI dealloc]()
2 CoreFoundation -[NSException dealloc]()
3 libobjc.A.dylib AutoreleasePoolPage::releaseUntil(objc_object**)()
4 libobjc.A.dylib _objc_autoreleasePoolPop()
......
......
3、场景复现代码
#import "ViewController.h"
@interface TestExpectionObj : NSObject
@end
@implementation TestExpectionObj
- (void)dealloc {
@try {
[self setValue:@"test" forKey:@"testKey"];
} @catch (NSException *exception) {
NSLog(@"%@", exception);
}
}
@end
@implementation ViewController
- (void)viewDidLoad {
[super viewDidLoad];
// Do any additional setup after loading the view.
[TestExpectionObj new];
}
@end
4、问题分析
在dealloc
运用try-catch
并触发catch时,会生成NSException
目标,exception结构如下
exception : NSException {
userInfo: NSDictionary {
NSTargetObjectUserInfoKey = "<TestExpectionObj: 0x6000038ac3e0>";
}
}
故exception
会强引证TestExpectionObj
目标,而且exception
一般都是类办法生成会自动加入到AutoreleasePool
,所以dealloc
履行完后TestExpectionObj
目标现已开释(因为在dealloc
办法中在强引证当时目标没法停止当时目标的开释,引证计数增加与否已无含义),所以exception.userInfo
中的TestExpectionObj
对变成野目标。
当AutoreleasePool
抵达周期开释时就对调用release exception & userInfo,字典userInfo
开释时会也会相应的开释key/value,故NSTargetObjectUserInfoKey = "<TestExpectionObj: 0x6000038ac3e0>"
又调用一次release
,因为之前现已dealloc
结束,所以这次就会触发重复开释溃散引起野指针问题,
但如果exception
在TestExpectionObj
目标的dealloc
办法履行完之前开释就不会出现问题。
5、上报可能引起野指针溃散栈
#import <JRSwizzle/JRSwizzle.h>
@implementation NSException (ExceptionTestSunztObj)
+ (void)load {
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
[self jr_swizzleMethod:NSSelectorFromString(@"dealloc")
withMethod:@selector(intercept_dealloc)
error:nil];
});
}
- (void)intercept_dealloc {
BOOL isContainDealloc = NO;
NSMutableString *symblos = [NSMutableString string];
for (NSString *sym in self.callStackSymbols) {
[symblos appendFormat:@"%@\n", sym];
if ([sym containsString:@" dealloc]"]) {
isContainDealloc = YES;
}
}
// 把 symblos上报给自己的APM渠道
[APM report:@"ttReportExceptionCallStackSymbols" withValue:symblos];
[APM report:@"ttReportExceptionReason" withValue:self.reason?:@"NULL"];
if (isContainDealloc) {
// 本地log打印,需符号化
TTLocalLog("NSException:throws:dealloc:ttReport", {
@"name": self.name?:@"",
@"reason": self.reason?:@"",
@"callStackSymbols": symblos
});
// 延迟保证数据写完在开释
__unsafe_unretained NSException *demoSelf = self;
dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(1.0 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
[demoSelf intercept_dealloc];
});
return;
}
[self intercept_dealloc];
}
@end
注:在dealloc
中运用@try{} @catch{}
可能会引起难以排查的野指针溃散
运用@try-@catch
后
[<TestExpectionObj 0x600000714220> setValue:forUndefinedKey:]: this class is not key value coding-compliant for the key testKey.
(
0 CoreFoundation 0x0000000102a93604 __exceptionPreprocess + 242
1 libobjc.A.dylib 0x0000000102943a45 objc_exception_throw + 48
2 CoreFoundation 0x0000000102a9329c -[NSException init] + 0
3 Foundation 0x00000001034f2354 -[NSObject(NSKeyValueCoding) setValue:forKey:] + 315
4 ExpectionDemo 0x00000001023cae52 -[TestExpectionObj dealloc] + 50
5 libobjc.A.dylib 0x00000001029417b7 _ZN11objc_object17sidetable_releaseEbb + 177
6 ExpectionDemo 0x00000001023caf58 -[ViewController viewDidLoad] + 72
7 UIKitCore 0x000000010f3ce3bc -[UIViewController _sendViewDidLoadWithAppearanceProxyObjectTaggingEnabled] + 88
8 UIKitCore 0x000000010f3d2dbf -[UIViewController loadViewIfRequired] + 1193
9 UIKitCore 0x000000010f3d319a -[UIViewController view] + 27
10 UIKitCore 0x000000010fbdb00a -[UIWindow addRootViewControllerViewIfPossible] + 305
11 UIKitCore 0x000000010fbda6fe -[UIWindow _updateLayerOrderingAndSetLayerHidden:actionBlock:] + 230
12 UIKitCore 0x000000010fbdb6d6 -[UIWindow _setHidden:forced:] + 409
13 UIKitCore 0x000000010fbee204 -[UIWindow _mainQueue_makeKeyAndVisible] + 47
14 UIKitCore 0x000000010fe605f6 -[UIWindowScene _makeKeyAndVisibleIfNeeded] + 202
15 UIKitCore 0x000000010ef0fb8f +[UIScene _sceneForFBSScene:create:withSession:connectionOptions:] + 1591
16 UIKitCore 0x000000010fb98fbd -[UIApplication _connectUISceneFromFBSScene:transitionContext:] + 1299
17 UIKitCore 0x000000010fb99471 -[UIApplication workspace:didCreateScene:withTransitionContext:completion:] + 301
18 UIKitCore 0x000000010f613afe -[UIApplicationSceneClientAgent scene:didInitializeWithEvent:completion:] + 355
19 FrontBoardServices 0x0000000107090cdd -[FBSScene _callOutQueue_agent_didCreateWithTransitionContext:completion:] + 415
20 FrontBoardServices 0x00000001070bd216 __94-[FBSWorkspaceScenesClient createWithSceneID:groupID:parameters:transitionContext:completion:]_block_invoke.180 + 102
21 FrontBoardServices 0x000000010709f0ef -[FBSWorkspace _calloutQueue_executeCalloutFromSource:withBlock:] + 209
22 FrontBoardServices 0x00000001070bcdf5 __94-[FBSWorkspaceScenesClient createWithSceneID:groupID:parameters:transitionContext:completion:]_block_invoke + 352
23 libdispatch.dylib 0x0000000103c0ba5b _dispatch_client_callout + 8
24 libdispatch.dylib 0x0000000103c0e93b _dispatch_block_invoke_direct + 295
25 FrontBoardServices 0x00000001070e3da3 __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ + 30
26 FrontBoardServices 0x00000001070e3c99 -[FBSSerialQueue _targetQueue_performNextIfPossible] + 174
27 FrontBoardServices 0x00000001070e3dcb -[FBSSerialQueue _performNextFromRunLoopSource] + 19
28 CoreFoundation 0x0000000102a004a7 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
29 CoreFoundation 0x0000000102a0039f __CFRunLoopDoSource0 + 180
30 CoreFoundation 0x00000001029ff8ce __CFRunLoopDoSources0 + 340
31 CoreFoundation 0x00000001029f9f68 __CFRunLoopRun + 871
32 CoreFoundation 0x00000001029f9704 CFRunLoopRunSpecific + 562
33 GraphicsServices 0x00000001071e3c8e GSEventRunModal + 139
34 UIKitCore 0x000000010fb9765a -[UIApplication _run] + 928
35 UIKitCore 0x000000010fb9c2b5 UIApplicationMain + 101
36 ExpectionDemo 0x00000001023cb1be main + 110
37 dyld 0x00000001025e6f21 start_sim + 10
38 ??? 0x00000001091ce4fe 0x0 + 4447855870
)
这种溃散信息运用NSSetUncaughtExceptionHandler()
是抓不到的