[LLVMbugs] [Bug 14584] Double release generated by ARC optimization pass

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Tue Jan 15 22:32:51 PST 2013 

http://llvm.org/bugs/show_bug.cgi?id=14584

Michael Gottesman <mgottesman at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #9 from Michael Gottesman <mgottesman at apple.com> 2013-01-16 00:32:51 CST ---
Got it to work. (I had a brain slip and was using -Os instead of -O3 so I was
failing to reproduce for a minute).

Also as a note (for future reference) to get your test to crash I needed to use
this:

#import <Foundation/Foundation.h>

static void __attribute__((noinline)) ThrowFunc(id obj)
{
  [NSException raise:@"Foo" format:@"Foo"];
}

int main()
{
  id obj = [NSObject new];
  {
    BOOL ok;
    {
      id obj2 = obj;
      @try {
        ThrowFunc(obj2);
        ok = YES;
      } @catch(...) {
        ok = NO;
      }
    }
    if (!ok) {
      NSLog(@"Failed");
    }
  }
  NSLog(@"BOOM? %@", obj);
}

The important part is accessing obj after it has been prematurely released so
you get this beautiful stack trace:

2013-01-15 22:26:41.536 a.out[39847:707] *** Terminating app due to uncaught
exception 'NSInvalidArgumentException', reason: '*** -[NSTimeZone name]: method
sent to an uninitialized time zone object'
*** First throw call stack:
(
    0   CoreFoundation                      0x00007fff88fb50a6
__exceptionPreprocess + 198
    1   libobjc.A.dylib                     0x00007fff837613f0
objc_exception_throw + 43
    2   CoreFoundation                      0x00007fff8905aa92
-[__NSPlaceholderTimeZone name] + 130
    3   CoreFoundation                      0x00007fff890602a5 -[NSTimeZone
description] + 37
    4   Foundation                          0x00007fff85233243
_NSDescriptionWithLocaleFunc + 91
    5   CoreFoundation                      0x00007fff88f28fd0
__CFStringAppendFormatCore + 13952
    6   CoreFoundation                      0x00007fff88f72a9b
_CFStringCreateWithFormatAndArgumentsAux + 107
    7   CoreFoundation                      0x00007fff88fe08f0 _CFLogvEx + 112
    8   Foundation                          0x00007fff8526a625 NSLogv + 79
    9   Foundation                          0x00007fff8526a5be NSLog + 148
    10  a.out                               0x000000010b769e06 main + 54
    11  libdyld.dylib                       0x00007fff83a4a7e1 start + 0
    12  ???                                 0x0000000000000001 0x0 + 1
)

It makes it easier to debug if I can actually see it blow up = p.

The bug is fixed in r172599.

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list