Reading and Translating a DWARF'd iOS Crash Dump

So what the heck does it mean when a crash log has the following lines?

Thread 0 name:Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libobjc.A.dylib 0x35167c98 0x35165000 + 11416
1 CoreFoundation0x315b1cd6 0x315b0000 + 7382
2 CoreFoundation0x316620b8 0x315b0000 + 729272
3 CoreFoundation0x31663438 0x315b0000 + 734264
4 CoreFoundation0x315b9f98 0x315b0000 + 40856
5 CoreFoundation0x315c094e 0x315b0000 + 67918
6 Foundation0x34e9831a 0x34e81000 + 95002

Chances are, your released application has Debug symbols stripped (DWARF), but have no fear, the Developer tools come with the right script to help with this. It's called symbolicatecrash, and with Xcode 4+ it gets installed to:

/Developer/Platforms/iPhoneOS.platform/Developer/Library/PrivateFrameworks/DTDeviceKit.framework/Versions/A/Resources/symbolicatecrash

I've simply create an alias in my bash resource on login, but you may prefer a symbolic link. Hopefully you've kept a copy of the build when it was released, because the dYSM file contains the right mojo to add the symbols back. The following sample translates the often cryptic lines of a .crash file into something more understandable:

symbolicatecrash MyOopsAppWithABadBug.crash MyOopsAppWithABadBug.app.dSYM

The options are more clearly defined by adding the -h switch:

symbolicatecrash-h
usage:
   /Developer/Platforms/iPhoneOS.platform/Developer/Library/PrivateFrameworks/DTDeviceKit.framework/
Versions/A/Resources/symbolicatecrash [-Ah] [-o ] LOGFILE [SYMBOL_PATH ...]

Symbolicates a crashdump LOGFILE which may be "-" to refer to stdin. By default, all heuristics will be employed in an attempt to symbolicate all addresses. Additional symbol files can be found under specified directories.

Options:

-AOnly symbolicate the application, not libraries
-oIf specified, the symbolicated log will be written to OUTPUT_FILE (defaults to stdout)
 -hDisplay this message
 -vVerbose

Abracadabra! Those lines are easier to read now, but we have some work left to find the double-release or message sent to an object that is already evicted:

Thread 0 name:Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libobjc.A.dylib 0x34499c98 objc_msgSend + 16
1 CoreFoundation0x308e3cd6 CFRetain + 62
2 CoreFoundation0x309940b8 __CFBasicHashStandardRetainValue + 8
3 CoreFoundation0x30995438 __CFBasicHashAddValue + 100
4 CoreFoundation0x308ebf98 CFDictionarySetValue + 68
5 CoreFoundation0x308f294e -[__NSCFDictionary setObject:forKey:] + 54
6 Foundation0x341ca31a -[NSMutableDictionary(NSKeyValueCoding)setValue:forKey:] + 10

You can read more about the Debug and Symbolification process here: http://developer.apple.com/tools/xcode/symbolizingcrashdumps.html