ios开发 try-catch引起的野指针问题排查
<div id="navCategory"><h5 class="catalogue">目录</h5><ul class="first_class_ul"><li>1、野指针问题</li><li>2、崩溃栈</li><li>3、场景复现代码</li><li>4、问题分析</li><li>5、上报可能引起野指针崩溃栈</li></ul></div><p class="maodian"></p><h2>1、野指针问题</h2><blockquote><p>【EXC_BAD_ACCESS (SIGSEGV) / KERN_INVALID_ADDRESS]</p></blockquote>
<blockquote><p>Possible zombie in call: Function: objc_releaseParam 1: 0x157f2a740 Originated at or in a subcall of unknown, cannot find symb</p></blockquote>
<p>如有以下崩溃栈可以怀疑是在<code>dealloc</code>中直接或间接使用了<code>@try{} @catch{}</code></p>
<p class="maodian"></p><h2>2、崩溃栈</h2>
<div class="jb51code"><pre class="brush:cpp;">libobjc.A.dylib _objc_release()
CoreFoundation -()
CoreFoundation -()
libobjc.A.dylib AutoreleasePoolPage::releaseUntil(objc_object**)()
libobjc.A.dylib _objc_autoreleasePoolPop()
......
......
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202209/20220913084242045.png" /></p>
<p class="maodian"></p><h2>3、场景复现代码</h2>
<div class="jb51code"><pre class="brush:cpp;">#import "ViewController.h"
@interface TestExpectionObj : NSObject
@end
@implementation TestExpectionObj
- (void)dealloc {
@try {
;
} @catch (NSException *exception) {
NSLog(@"%@", exception);
}
}
@end
@implementation ViewController
- (void)viewDidLoad {
;
// Do any additional setup after loading the view.
;
}
@end
</pre></div>
<p class="maodian"></p><h2>4、问题分析</h2>
<p>在<code>dealloc</code>使用<code>try-catch</code>并触发catch时,会生成<code>NSException</code>对象,exception结构如下</p>
<div class="jb51code"><pre class="brush:cpp;">exception : NSException {
userInfo: NSDictionary {
NSTargetObjectUserInfoKey = "<TestExpectionObj: 0x6000038ac3e0>";
}
}
</pre></div>
<p>故<code>exception</code>会强引用<code>TestExpectionObj</code>对象,并且<code>exception</code>一般都是类方法生成会自动加入到<code>AutoreleasePool</code>,所以<code>dealloc</code>执行完后<code>TestExpectionObj</code>对象已经释放(因为在<code>dealloc</code>方法中在强引用当前对象没法终止当前对象的释放,引用计数增加与否已无意义),所以<code>exception.userInfo</code>中的<code>TestExpectionObj</code>对变成野对象。</p>
<p>当<code>AutoreleasePool</code>到达周期释放时就对调用release exception & userInfo,字典<code>userInfo</code>释放时会也会相应的释放key/value,故<code>NSTargetObjectUserInfoKey = "<TestExpectionObj: 0x6000038ac3e0>"</code>又调用一次<code>release</code>,因为之前已经<code>dealloc</code>完毕,所以这次就会触发重复释放崩溃引起野指针问题,</p>
<p>但如果<code>exception</code>在<code>TestExpectionObj</code>对象的<code>dealloc</code>方法执行完之前释放就不会出现问题。</p>
<p class="maodian"></p><h2>5、上报可能引起野指针崩溃栈</h2>
<div class="jb51code"><pre class="brush:cpp;">#import <JRSwizzle/JRSwizzle.h>
@implementation NSException (ExceptionTestSunztObj)
+ (void)load {
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
[self jr_swizzleMethod:NSSelectorFromString(@"dealloc")
withMethod:@selector(intercept_dealloc)
error:nil];
});
}
- (void)intercept_dealloc {
BOOL isContainDealloc = NO;
NSMutableString *symblos = ;
for (NSString *sym in self.callStackSymbols) {
;
if ("]) {
isContainDealloc = YES;
}
}
// 把 symblos上报给自己的APM平台
;
;
if (isContainDealloc) {
// 本地log打印,需符号化
TTLocalLog("NSException:throws:dealloc:ttReport", {
@"name": self.name?:@"",
@"reason": self.reason?:@"",
@"callStackSymbols": symblos
});
// 延迟保证数据写完在释放
__unsafe_unretained NSException *demoSelf = self;
dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(1.0 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
;
});
return;
}
;
}
@end
</pre></div>
<p>注:在<code>dealloc</code>中使用<code>@try{} @catch{}</code>可能会引起难以排查的野指针崩溃</p>
<p>使用<code>@try-@catch</code>后</p>
<div class="jb51code"><pre class="brush:plain;">[<TestExpectionObj 0x600000714220> setValue:forUndefinedKey:]: this class is not key value coding-compliant for the key testKey.
(
0 CoreFoundation 0x0000000102a93604 __exceptionPreprocess + 242
1 libobjc.A.dylib 0x0000000102943a45 objc_exception_throw + 48
2 CoreFoundation 0x0000000102a9329c - + 0
3 Foundation 0x00000001034f2354 - + 315
4 ExpectionDemo 0x00000001023cae52 - + 50
5 libobjc.A.dylib 0x00000001029417b7 _ZN11objc_object17sidetable_releaseEbb + 177
6 ExpectionDemo 0x00000001023caf58 - + 72
7 UIKitCore 0x000000010f3ce3bc - + 88
8 UIKitCore 0x000000010f3d2dbf - + 1193
9 UIKitCore 0x000000010f3d319a - + 27
10UIKitCore 0x000000010fbdb00a - + 305
11UIKitCore 0x000000010fbda6fe - + 230
12UIKitCore 0x000000010fbdb6d6 - + 409
13UIKitCore 0x000000010fbee204 - + 47
14UIKitCore 0x000000010fe605f6 - + 202
15UIKitCore 0x000000010ef0fb8f + + 1591
16UIKitCore 0x000000010fb98fbd - + 1299
17UIKitCore 0x000000010fb99471 - + 301
18UIKitCore 0x000000010f613afe - + 355
19FrontBoardServices 0x0000000107090cdd - + 415
20FrontBoardServices 0x00000001070bd216 __94-_block_invoke.180 + 102
21FrontBoardServices 0x000000010709f0ef - + 209
22FrontBoardServices 0x00000001070bcdf5 __94-_block_invoke + 352
23libdispatch.dylib 0x0000000103c0ba5b _dispatch_client_callout + 8
24libdispatch.dylib 0x0000000103c0e93b _dispatch_block_invoke_direct + 295
25FrontBoardServices 0x00000001070e3da3 __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ + 30
26FrontBoardServices 0x00000001070e3c99 - + 174
27FrontBoardServices 0x00000001070e3dcb - + 19
28CoreFoundation 0x0000000102a004a7 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
29CoreFoundation 0x0000000102a0039f __CFRunLoopDoSource0 + 180
30CoreFoundation 0x00000001029ff8ce __CFRunLoopDoSources0 + 340
31CoreFoundation 0x00000001029f9f68 __CFRunLoopRun + 871
32CoreFoundation 0x00000001029f9704 CFRunLoopRunSpecific + 562
33GraphicsServices 0x00000001071e3c8e GSEventRunModal + 139
34UIKitCore 0x000000010fb9765a - + 928
35UIKitCore 0x000000010fb9c2b5 UIApplicationMain + 101
36ExpectionDemo 0x00000001023cb1be main + 110
37dyld 0x00000001025e6f21 start_sim + 10
38??? 0x00000001091ce4fe 0x0 + 4447855870
)
</pre></div>
<p>这种崩溃信息使用<code>NSSetUncaughtExceptionHandler()</code>是抓不到的</p>
<p>以上就是ios开发 try-catch引起的野指针问题排查的详细内容,更多关于ios开发try-catch野指针的资料请关注琼殿技术社区其它相关文章!</p>
<div class="art_xg">
<b>您可能感兴趣的文章:</b><ul><li>Java中try-catch-finally执行顺序你知道吗</li><li>java异常:异常处理--try-catch结构详解</li><li>Java try-catch-finally异常处理机制详解</li><li>C语言指针详解之野指针</li><li>C语言基础野指针与空指针示例分析</li><li>C语言 野指针与空指针专篇解读</li></ul>
</div>
</div>
<!--endmain-->
頁:
[1]