constant crashing in drawing code

Hi Folks,

I have one user who crashes constantly. The app is running 24/7 for me and hundreds of other people without difficulty, but this one fellow has it crash several times a day. It’s ALWAYS in low level drawing code. I’ve already had him replace the system fonts though one can never be completely sure if the user has successfully done what they set out to do. Here are some snippets from crash reports he’s sent me. The most recent:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x9a7964ab objc_msgSend + 27
1 com.apple.AppKit 0x983b21ca __NSGetMetaFontInstance + 1573
2 com.xojo.XojoFramework 0x00d7e83c 0xd7c000 + 10300
3 com.xojo.XojoFramework 0x00d8bab7 0xd7c000 + 64183
4 com.xojo.XojoFramework 0x00d89a19 0xd7c000 + 55833
5 com.xojo.XojoFramework 0x00d899c9 0xd7c000 + 55753
6 com.xojo.XojoFramework 0x00d89991 0xd7c000 + 55697
7 com.xojo.XojoFramework 0x00e9537e 0xd7c000 + 1151870
8 com.xojo.XojoFramework 0x00e945b0 0xd7c000 + 1148336
9 com.xojo.XojoFramework 0x00e94364 0xd7c000 + 1147748
10 com.xojo.XojoFramework 0x00e9391b 0xd7c000 + 1145115
11 com.xojo.XojoFramework 0x00e93b95 0xd7c000 + 1145749
12 com.xojo.XojoFramework 0x00dc42b3 0xd7c000 + 295603
13 com.xojo.XojoFramework 0x00dbf9c1 0xd7c000 + 276929
14 com.apple.AppKit 0x984f4371 -[NSView _drawRect:clip:] + 4033
15 com.apple.AppKit 0x984f173a -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 2482

still referencing a font there isn’t it.

Noe of this one is even in a xojo library, but trying to update or draw the toolbar in a window?

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x9a7964ab objc_msgSend + 27
1 com.apple.AppKit 0x984ac5ed -[NSToolbarItem isEnabled] + 78
2 com.apple.AppKit 0x984ec794 -[NSToolbarItem _applicableLabelIsEnabledAtIndex:forDisplayMode:isInPalette:] + 234
3 com.apple.AppKit 0x984ec58e -[NSToolbarItemViewer _updateEnableStateOfLabelViews] + 170
4 com.apple.AppKit 0x984ec4ad -[NSToolbarItemViewer viewWillDraw] + 35
5 com.apple.AppKit 0x984eb8f9 -[NSView viewWillDraw] + 1052
6 com.apple.AppKit 0x984eb8f9 -[NSView viewWillDraw] + 1052
7 com.apple.AppKit 0x984eb8f9 -[NSView viewWillDraw] + 1052
8 com.apple.AppKit 0x984ea4f8 -[NSView _sendViewWillDrawInRect:clipRootView:] + 1326
9 com.apple.AppKit 0x984cb4e3 -[NSView displayIfNeeded] + 829
10 com.apple.AppKit 0x984e974c -[NSWindow displayIfNeeded] + 324
11 com.apple.AppKit 0x98533365 _handleWindowNeedsDisplayOrLayoutOrUpdateConstraints + 1107
12 com.apple.AppKit 0x98ba315b __83-[NSWindow _postWindowNeedsDisplayOrLayoutOrUpdateConstraintsUnlessPostingDisabled]_block_invoke1381 + 58

this one, or similar things I’ve seen a lot in his crash reports:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x9a7964b4 objc_msgSend + 36
1 com.apple.CoreFoundation 0x9567ff0a CFRetain + 154
2 com.apple.CoreFoundation 0x956878ed -[__NSArrayM insertObject:atIndex:] + 669
3 com.apple.CoreFoundation 0x95687630 -[__NSArrayM addObject:] + 64
4 com.apple.CoreFoundation 0x956a66dd CFArrayAppendValue + 157
5 com.apple.CoreFoundation 0x957b1ffd __CFRunLoopDoTimers + 237
6 com.apple.CoreFoundation 0x956ef353 __CFRunLoopRun + 1779
7 com.apple.CoreFoundation 0x956ee9ea CFRunLoopRunSpecific + 394
8 com.apple.CoreFoundation 0x956ee84b CFRunLoopRunInMode + 123
9 com.apple.HIToolbox 0x9abadb5d RunCurrentEventLoopInMode + 259
10 com.apple.HIToolbox 0x9abad8e2 ReceiveNextEventCommon + 526
11 com.apple.HIToolbox 0x9abad6bd _BlockUntilNextEventMatchingListInModeWithFilter + 92
12 com.apple.AppKit 0x9838d349 _DPSNextEvent + 1602
13 com.apple.AppKit 0x9838c870 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 119

This one also happens frequently for him and is in xojo code:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.xojo.XojoFramework 0x00ed816b RuntimeObjectIsa + 139
1 com.xojo.XojoFramework 0x00e5df78 0xd7c000 + 925560
2 com.xojo.XojoFramework 0x00f0b251 VarType + 305
3 com.xojo.XojoFramework 0x00f05884 0xd7c000 + 1611908
4 com.xojo.XojoFramework 0x00f0554a VariantCompare + 30
5 com.xojo.XojoFramework 0x00f0551f VariantEqual + 24
6 com.xojo.XojoFramework 0x00e409b7 0xd7c000 + 805303
7 com.xojo.XojoFramework 0x00e40fa9 0xd7c000 + 806825
8 com.xojo.XojoFramework 0x00e4142c dictionaryValueSetter + 91
9 com.shed.xtension 0x0002bb66 Dictionary.=Value%%ovv + 54

but then we’re back to user interface code crashing:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x9a7ad83b _cache_flush + 58
1 libobjc.A.dylib 0x9a79dc59 flush_marked_caches + 135
2 libobjc.A.dylib 0x9a794a8c _read_images + 2089
3 libobjc.A.dylib 0x9a7939f1 map_images_nolock + 1499
4 libobjc.A.dylib 0x9a7933fd map_images + 53
5 dyld 0x8fe1e6ae dyld::notifyBatchPartial(dyld_image_states, bool, char const* ()(dyld_image_states, unsigned int, dyld_image_info const)) + 761
6 dyld 0x8fe1c1d1 dyld::notifyBatch(dyld_image_states) + 23
7 dyld 0x8fe28772 ImageLoader::link(ImageLoader::LinkContext const&, bool, bool, bool, ImageLoader::RPathChain const&) + 264
8 dyld 0x8fe1e905 dyld::link(ImageLoader*, bool, bool, ImageLoader::RPathChain const&) + 176
9 dyld 0x8fe261ef dlopen + 459
10 libdyld.dylib 0x97a29b75 dlopen + 70
11 com.apple.HIToolbox 0x9abe1287 InitShortcut + 57
12 com.apple.HIToolbox 0x9ad8e74e SetupMenuTracking(MenuSelectData&, unsigned char, Point, double, MenuData*, unsigned long, unsigned short, Rect const*, Rect const*, unsigned int, Rect const*, __CFString const*) + 249
13 com.apple.HIToolbox 0x9ad8b7df PopUpMenuSelectCore(MenuData*, Point, double, Point, unsigned short, unsigned int, Rect const*,

and removing a row from a list crashes

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 ??? 0xb000efda 0 + 2952851418
1 com.xojo.XojoFramework 0x00e99a6e 0xd7c000 + 1170030
2 com.xojo.XojoFramework 0x00e9794c 0xd7c000 + 1161548
3 com.xojo.XojoFramework 0x00ed098a RuntimeRemoveRow + 58

or even adding a row to the listbox can make his crash:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x9a7964b4 objc_msgSend + 36
1 com.apple.CoreFoundation 0x956a6fef CFGetTypeID + 111
2 com.apple.CoreGraphics 0x960c1776 assert_check_region + 36
3 com.apple.CoreGraphics 0x960f23d9 CGRegionCreateUnionWithRect + 26
4 com.apple.CoreGraphics 0x960f23b3 CGSUnionRegionWithRect + 41
5 com.apple.AppKit 0x983b9a38 -[NSRegion addRect:] + 480
6 com.apple.AppKit 0x983b9723 -[NSWindow _setNeedsDisplayInRect:] + 374
7 com.apple.AppKit 0x98b92f2f NSViewSetNeedsDisplayInRect + 441
8 com.apple.AppKit 0x9839d4b5 -[NSView setNeedsDisplayInRect:] + 35
9 com.xojo.XojoFramework 0x00dc1e16 0xd7b000 + 290326
10 com.xojo.XojoFramework 0x00d8e9dd 0xd7b000 + 80349
11 com.xojo.XojoFramework 0x00efbcf8 0xd7b000 + 1576184
12 com.xojo.XojoFramework 0x00e5c2e1 0xd7b000 + 922337
13 com.xojo.XojoFramework 0x00e5bd74 0xd7b000 + 920948
14 com.xojo.XojoFramework 0x00e96652 0xd7b000 + 1160786
15 com.xojo.XojoFramework 0x00ecf814 0xd7b000 + 1394708
16 com.xojo.XojoFramework 0x00ecf71b RuntimeListAddRow + 24

so something is seriously messed up on his system. Shall I insist that it’s still a corrupt font? All of these problems followed him during an upgrade to a new machine, so it’s got to be something that can be migrated.

But it occurs to me that I’ve learned one other thing in the thread about socket events firing while apple events were outstanding. We’re not supposed to actually do anything in the data available events of a socket, just manage the buffer and let the main thread handle it some other way. Is this likely to be causing these problems? Most of these updates are generated in response to received data on a socket. Could he be doing something or have the machine busy or somethign so that it’s more likely to receive the events from the socket in a state that you can’t update the UI without it causing problems? I could device a different queuing mechanism to get that data processed off the main thread instead of inside the event, but it would be non-trivial so I dont want to fight through that unless someone can tell me that yes, your UI can crash if you make updates from a sockets data available event.

Thanks for any insight or thoughts.

It seems unlikely. Some of these crashes are seriously weird.

I think it’s fairly safe to do things in socket events, as long as those things don’t end up running a nested event loop.

I doubt it.

Could you upload the full crash logs somewhere so that I can take a look?

Two things, Yosemite sucks in terms of stability.

Also make sure he’s not running any Unsanity haxies or the like, even some screen recording apps can cause weird crashes on machines.

Unsanity hasn’t been relevant for years :(.

Some people are still using them, or have APE installed still and it still causes grief, especially on Yosemite.

You should look at the first line showing code from your application. For example:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.xojo.XojoFramework 0x00ed816b RuntimeObjectIsa + 139
1 com.xojo.XojoFramework 0x00e5df78 0xd7c000 + 925560
2 com.xojo.XojoFramework 0x00f0b251 VarType + 305
3 com.xojo.XojoFramework 0x00f05884 0xd7c000 + 1611908
4 com.xojo.XojoFramework 0x00f0554a VariantCompare + 30
5 com.xojo.XojoFramework 0x00f0551f VariantEqual + 24
6 com.xojo.XojoFramework 0x00e409b7 0xd7c000 + 805303
7 com.xojo.XojoFramework 0x00e40fa9 0xd7c000 + 806825
8 com.xojo.XojoFramework 0x00e4142c dictionaryValueSetter + 91
9 com.shed.xtension 0x0002bb66 Dictionary.=Value%%ovv + 54 <— maybe an invalid value has been assigned here

Thanks folks. Eli, I’ve been fighting with that dictionary setter crash on his machine for months, it was rare but is getting more so. In this case, and all the others, a string key is used to set or get a string value. Nothing strange. I even added code a few weeks ago to verify that the text encoding on the string was correct and to define it as UTF8 if it was missing somehow and that hasn’t made any difference. I’ve outputted the values from his own data to a special log file in special testing and they are just simple text strings. I find no goofy characters or huge blocks of random data or anything odd. They aren’t even long strings, but things like a key of “UseSteps” and a value of “true” not even a boolean, just a string. That sort of thing.

Is it possible to crash in the dictionary code just by passing 2 strings to be placed in it? What else can I check these strings for that would be bad?

I wouldn’t be surprised if he had more than one thing going on, the bulk of his crashes lately have been in drawing code, even a few referencing OpenCL which I know little about other than it’s the system whereby your Mac offloads some work to the GPU.

Absolutely Joe, I”ll put the full reports up shortly.

The reason I ask about the socket events happening out of sync or something is because of a comment Greg O’Lone posted recently on another question I asked and he said "In your DataAvailable event, all you should be doing is copying data to a buffer. Then use a timer or other mechanism to pull data from the buffer.” and so I was starting to think that it’s akin to trying to update the UI from a thread other than the main one or some such. I do potentially a lot of processing in this app based on received data pumped from the data available event. I can certainly move that processing out to a delayed timer from the reception if this is the case.

[quote=172401:@Joe Ranieri]It seems unlikely. Some of these crashes are seriously weird…
Could you upload the full crash logs somewhere so that I can take a look?[/quote]

I’ve uploaded several of the more recent crash reports to here so you can see them in detail. They are just all over the place.

https://dl.dropboxusercontent.com/u/547252/crashlogs.txt

Thank you!

I interpret this line

Dictionary.=Value%%o<Dictionary>vv

as

Function MyDict.Value(o As Dictionary, v As Ptr) returns v As Ptr // v stands vor void I guess, so it becomes Sub MyDict.Value(o As Dictionary, v As Ptr) // exposed to us developers as Sub MyDict.Value(o As Dictionary, Assigns v As Ptr) // which becomes MyDict.Value(aDictionaryObject) = v // and if the first v stands for Nil too...
But I’m 100% unsure!

The specific method that is causing that crash is this, where “values” is a local property of the class that holds a regular Xojo dictionary. The method used to be just the simple values.value( key) = value but when this crash started I updated it to do the encoding checks to make sure I wasn’t passing something goofy. I don’t deal directly with any variants here at all, just strings. I could put them into variants before sending them to the dictionary, but I can’t imagine that should be necessary. I literally can’t create a nil string can I? When I’ve added logging to this method to try to trace I’ve always just gotten normal strings before the crash, never any empty strings or anything else.

Sub SetStringValue(key as string, value as string)
dim UTF8Key, UTF8Value as string

if key.Encoding = nil then
UTF8Key = DefineEncoding( key, encodings.utf8)
elseif key.Encoding <> Encodings.UTF8 then
UTF8Key = ConvertEncoding( key, encodings.UTF8)
else
UTF8Key = key
end if

if value.Encoding = nil then
UTF8Value = DefineEncoding( value, Encodings.utf8)
elseif value.Encoding <> Encodings.utf8 then
UTF8Value = ConvertEncoding( value, encodings.UTF8)
else
UTF8Value = value
end if

values.value( UTF8Key) = UTF8Value

End Sub

I gotta say, these are some of the weirdest crashes I’ve seen in a long time. The crash inside of dlopen almost certainly isn’t the Xojo runtime’s fault. I also don’t think it’s at all related to fonts or sockets. There seems to be serious memory corruption or perhaps something else going on here that I can’t easily explain.

None of the other applications on his system have problems?