Monday, June 13, 2011

Reading and Translating a DWARF'd iOS Crash Dump

So what the heck does it mean when a crash log has the following lines?
Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libobjc.A.dylib 0x35167c98 0x35165000 + 11416
1 CoreFoundation 0x315b1cd6 0x315b0000 + 7382
2 CoreFoundation 0x316620b8 0x315b0000 + 729272
3 CoreFoundation 0x31663438 0x315b0000 + 734264
4 CoreFoundation 0x315b9f98 0x315b0000 + 40856
5 CoreFoundation 0x315c094e 0x315b0000 + 67918
6 Foundation 0x34e9831a 0x34e81000 + 95002
Chances are, your Released application has Debug symbols stripped (DWARF), but have no fear, the Developer tools come with the right script to help with this. It's called symbolicatecrash, and with Xcode 4+ it gets installed to:

/Developer/Platforms/iPhoneOS.platform/Developer/Library/PrivateFrameworks/DTDeviceKit.framework/Versions/A/Resources/symbolicatecrash

I've simply create an alias in my bash resource on login, but you may prefer a symbolic link. Hopefully you've kept a copy of the build when it was released, because the dYSM file contains the right mojo to add the symbols back. The following sample translates the often cryptic lines of a .crash file into something more understandable:
symbolicatecrash MyOopsAppWithABadBug.crash MyOopsAppWithABadBug.app.dSYM
The options are more clearly defined by adding the -h switch:
symbolicatecrash  -h
usage:
/Developer/Platforms/iPhoneOS.platform/Developer/Library/PrivateFrameworks/DTDeviceKit.framework/
Versions/A/Resources/symbolicatecrash [-Ah] [-o
] LOGFILE [SYMBOL_PATH ...]

Symbolicates a crashdump LOGFILE which may be "-" to refer to stdin. By default,
all heuristics will be employed in an attempt to symbolicate all addresses.
Additional symbol files can be found under specified directories.

Options:

-A Only symbolicate the application, not libraries
-o If specified, the symbolicated log will be written to OUTPUT_FILE (defaults to stdout)
-h Display this message
-v Verbose
Abracadabra! Those lines are easier to read now, but we have some work left to find the double-release or message sent to an object that is already evicted:
Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libobjc.A.dylib 0x34499c98 objc_msgSend + 16
1 CoreFoundation 0x308e3cd6 CFRetain + 62
2 CoreFoundation 0x309940b8 __CFBasicHashStandardRetainValue + 8
3 CoreFoundation 0x30995438 __CFBasicHashAddValue + 100
4 CoreFoundation 0x308ebf98 CFDictionarySetValue + 68
5 CoreFoundation 0x308f294e -[__NSCFDictionary setObject:forKey:] + 54
6 Foundation 0x341ca31a -[NSMutableDictionary(NSKeyValueCoding)setValue:forKey:] + 10
You can read more about the Debug and Symbolification process here: http://developer.apple.com/tools/xcode/symbolizingcrashdumps.html