Need help symbolicating debug output in XCode

I'm using XCode 11.6 trying to get to the bottom of a Safari App Extension crash. I get an exception when I have the extension tab open and open a new Safari tab in the browser. That being said, my debugger when running locally does break, but does so in raw hex encoded gibberish which I'm not able to figure out how to read, understand, symbolicate, etc. because this isn't a "crash log" or in the same format either.

It notes, Thread <n>: EXC_BAD_ACCESS (code=1, address=0x10) in the debugger, and highlights line 26 from the below (this thread in the debug view is in com.apple.NSXPCConnection.user.endpoint)

Code Block binary
SafariServices`__72-[SFSafariWindow openTabWithURL:makeActiveIfPossible:completionHandler:]_block_invoke:
  0x7fff41c3cf37 <+0>:  pushq %rbp
  0x7fff41c3cf38 <+1>:  movq  %rsp, %rbp
  0x7fff41c3cf3b <+4>:  pushq %r15
  0x7fff41c3cf3d <+6>:  pushq %r14
  0x7fff41c3cf3f <+8>:  pushq %rbx
  0x7fff41c3cf40 <+9>:  pushq %rax
  0x7fff41c3cf41 <+10>: movq  %rdi, %r15
  0x7fff41c3cf44 <+13>: movq  %rsi, %rdi
  0x7fff41c3cf47 <+16>: callq *0x4cf1011b(%rip)     ; (void *)0x00007fff6e7ce6d0: objc_retain
  0x7fff41c3cf4d <+22>: movq  %rax, %r14
  0x7fff41c3cf50 <+25>: movq  0x20(%r15), %rdi
  0x7fff41c3cf54 <+29>: movq  0x4cf17415(%rip), %rsi  ; "_extensionContext"
  0x7fff41c3cf5b <+36>: callq *0x4cf100f7(%rip)     ; (void *)0x00007fff6e7ce800: objc_msgSend
  0x7fff41c3cf61 <+42>: movq  %rax, %rdi
  0x7fff41c3cf64 <+45>: callq 0x7fff41c3dc76      ; symbol stub for: objc_retainAutoreleasedReturnValue
  0x7fff41c3cf69 <+50>: movq  %rax, %rbx
  0x7fff41c3cf6c <+53>: movq  0x4cf17125(%rip), %rsi  ; "set_extensionContext:"
  0x7fff41c3cf73 <+60>: movq  %r14, %rdi
  0x7fff41c3cf76 <+63>: movq  %rax, %rdx
  0x7fff41c3cf79 <+66>: callq *0x4cf100d9(%rip)     ; (void *)0x00007fff6e7ce800: objc_msgSend
  0x7fff41c3cf7f <+72>: movq  %rbx, %rdi
  0x7fff41c3cf82 <+75>: callq *0x4cf100d8(%rip)     ; (void *)0x00007fff6e7d0660: objc_release
  0x7fff41c3cf88 <+81>: movq  0x28(%r15), %rdi
  0x7fff41c3cf8c <+85>: movq  %r14, %rsi
-> 0x7fff41c3cf8f <+88>: callq *0x10(%rdi)
  0x7fff41c3cf92 <+91>: movq  %r14, %rdi
  0x7fff41c3cf95 <+94>: addq  $0x8, %rsp
  0x7fff41c3cf99 <+98>: popq  %rbx
  0x7fff41c3cf9a <+99>: popq  %r14
  0x7fff41c3cf9c <+101>: popq  %r15
  0x7fff41c3cf9e <+103>: popq  %rbp
  0x7fff41c3cf9f <+104>: jmpq  *0x4cf100bb(%rip)     ; (void *)0x00007fff6e7d0660: objc_release
  0x7fff41c3cfa5 <+110>: movq  %rax, %r15
  0x7fff41c3cfa8 <+113>: movq  %rbx, %rdi
  0x7fff41c3cfab <+116>: callq *0x4cf100af(%rip)     ; (void *)0x00007fff6e7d0660: objc_release
  0x7fff41c3cfb1 <+122>: jmp  0x7fff41c3cfb6      ; <+127>
  0x7fff41c3cfb3 <+124>: movq  %rax, %r15
  0x7fff41c3cfb6 <+127>: movq  %r14, %rdi
  0x7fff41c3cfb9 <+130>: callq *0x4cf100a1(%rip)     ; (void *)0x00007fff6e7d0660: objc_release
  0x7fff41c3cfbf <+136>: movq  %r15, %rdi
  0x7fff41c3cfc2 <+139>: callq 0x7fff41c3db8c      ; symbol stub for: _Unwind_Resume
  0x7fff41c3cfc7 <+144>: ud2   


How the heck do I use this? I can debug and step through all this nonsense from my swift code and get to the line that throws the exception, the only things in my watch are Registers for Exception State, Floating Point and General Purpose.
Up vote post of bwchad Down vote post of bwchad
1.3k views
Posted by
bwchad
Reply
Add a Comment

Replies

If you detect from the process (Debug > Detach) it should crash and thus generate a crash report. It would be nice to see what that said.

As to what this “gibberish” means, this is a disassembly of the routine that crashed. You’re seeing this because you don’t have source code for that routine.

The routine in question, __72-[SFSafariWindow openTabWithURL:makeActiveIfPossible:completionHandler:]_block_invoke, is a block (if you’re familiar with Swift, read “local closure”) defined within the -[SFSafariWindow openTabWithURL:makeActiveIfPossible:completionHandler:] method. SFSafariWindow is a public class in the SafariServices framework and, much to my surprise, this method is public as well.

The crash at +88 is because this routine has tried to call a completely bogus function pointer. I believe that this is the function pointer associated with the block passed in via the completionHandler parameter, but it’s hard to be sure without see a full crash report.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment
Thanks Quinn! I did run the app locally outside of the debugger and have the full crash report, can be found here also: https://github.com/bitwarden/browser/issues/1338.

Crash log:

safari_2020-07-22-155821_Chads-MacBook-Pro.crash


Posted by
bwchad
Up vote reply of bwchad Down vote reply of bwchad
Add a Comment
Actually, thanks to your reply Quinn I was able to track down the culprit of the crash, https://github.com/bitwarden/browser/pull/1339... Now if only I could figure out the same for https://github.com/bitwarden/browser/issues/1021.
Posted by
bwchad
Up vote reply of bwchad Down vote reply of bwchad
Add a Comment

I was able to track down the culprit of the crash

Yay!

Now if only I could figure out the same for …

Feel free to start a new thread to discuss that. Make sure to tag it with Debugging in addition to any API-specific tags you think might be relevant.

Also, FYI, I can’t access either of the GitHub links you posted. The first one requires authentication and the second one 404s.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment