Re: Segmentation fault while loading Cocoa NIB

[Fred Kiefer]

On my system the segmenation fault happens a bit earlier. I get it when
closing the company window.

Program received signal SIGSEGV, Segmentation fault.
0xb76a52d7 in malloc_usable_size () from /lib/libc.so.6
(gdb) bt
#0  0xb76a52d7 in malloc_usable_size () from /lib/libc.so.6
#1  0xb6e9b94e in ?? () from /usr/X11R6/lib/libGL.so.1
#2  0xb78fae33 in _NS_owned_void_p_release (table=0x8213e80,
p=0x8470958) at NSCallBacks.m:99
#3  0xb7908bf6 in GSIMapFreeNode (map=0x8213e80, node=0x8214378)
    at ../Headers/Additions/GNUstepBase/GSIMap.h:425
#4  0xb7908b4d in GSIMapRemoveKey (map=0x8213e80, key=
      {addr = 138029104, obj = 0x83a2830, nso = 0x83a2830, cls =
0x83a2830, sel = 0x83a2830, schr = 48 '0', uchr = 48 '0', ssht = 10288,
usht = 10288, sint = 138029104, uint = 138029104, slng = 138029104, ulng
= 138029104, ptr = 0x83a2830, cptr = 0x83a2830, str = 0x83a2830 " #��",
cstr = 0x83a2830 " #��", s8 = 48 '0', u8 = 48 '0', s16 = 10288, u16 =
10288, s32 = 138029104, u32 = 138029104, s64 = 138029104, u64 = 138029104})
    at ../Headers/Additions/GNUstepBase/GSIMap.h:1041
#5  0xb7908a95 in NSMapRemove (table=0x8213e80, key=0x83a2830) at
NSConcreteMapTable.m:809
#6  0xb7d68d91 in +[GSKeyValueBinding unbindAllForObject:]
(self=0xb7f4c080, _cmd=0xb7f9eb30,
    anObject=0x83a2830) at NSKeyValueBinding.m:257
#7  0xb7e34187 in -[NSView dealloc] (self=0x83a2830, _cmd=0xb7f2b5d8) at
NSView.m:570
#8  0xb7d1d796 in -[NSControl dealloc] (self=0x83a2830, _cmd=0xb7f923c8)
at NSControl.m:117
#9  0xb7e1e7bd in -[NSTextField dealloc] (self=0x83a2830,
_cmd=0xb7baede8) at NSTextField.m:113
#10 0xb799b777 in -[NSObject release] (self=0x83a2830, _cmd=0xb7f9ea18)
at NSObject.m:1872
#11 0xb7e356a1 in -[NSView removeSubview:] (self=0x83f48b8,
_cmd=0xb7f9ec00, aView=0x83a2830)
    at NSView.m:893
---Type <return> to continue, or q <return> to quit---
#12 0xb7e35356 in -[NSView removeFromSuperviewWithoutNeedingDisplay]
(self=0x83a2830, _cmd=0xb7f9eb40)
    at NSView.m:835
#13 0xb7e341d9 in -[NSView dealloc] (self=0x83f48b8, _cmd=0xb7baede8) at
NSView.m:574
#14 0xb799b777 in -[NSObject release] (self=0x83f48b8, _cmd=0xb7f9ea18)
at NSObject.m:1872
#15 0xb7e356a1 in -[NSView removeSubview:] (self=0x8369148,
_cmd=0xb7f9ec00, aView=0x83f48b8)
    at NSView.m:893
#16 0xb7e35356 in -[NSView removeFromSuperviewWithoutNeedingDisplay]
(self=0x83f48b8, _cmd=0xb7f9eb40)
    at NSView.m:835
#17 0xb7e341d9 in -[NSView dealloc] (self=0x8369148, _cmd=0xb7baede8) at
NSView.m:574
#18 0xb799b777 in -[NSObject release] (self=0x8369148, _cmd=0xb7fa5010)
at NSObject.m:1872
#19 0xb7e47a54 in -[NSWindow dealloc] (self=0x8369048, _cmd=0xb7baede8)
at NSWindow.m:767
#20 0xb799b777 in -[NSObject release] (self=0x8369048, _cmd=0xb7b71318)
at NSObject.m:1872
#21 0xb78904e4 in -[GSArray dealloc] (self=0x81f6238, _cmd=0xb7baede8)
at GSArray.m:129
#22 0xb799b777 in -[NSObject release] (self=0x81f6238, _cmd=0xb7b832b0)
at NSObject.m:1872
#23 0xb78ebab2 in -[NSAutoreleasePool emptyPool] (self=0x80e7758,
_cmd=0xb7b83318)
    at NSAutoreleasePool.m:441
#24 0xb78eb8a9 in -[NSAutoreleasePool dealloc] (self=0x80e7758,
_cmd=0xb7b83310)
    at NSAutoreleasePool.m:343
#25 0xb78eb85e in -[NSAutoreleasePool release] (self=0x80e7758,
_cmd=0xb7f09a18)
    at NSAutoreleasePool.m:336
---Type <return> to continue, or q <return> to quit---
#26 0xb7cb9ed6 in -[NSApplication run] (self=0x8181938, _cmd=0xb7eff020)
at NSApplication.m:1481
#27 0xb7c99dcd in NSApplicationMain (argc=1, argv=0xbfffe044) at
Functions.m:74
#28 0x0804ac12 in main (argc=1407551829, argv=0xe804ec83) at main.m:13


Looks like it it the key value binding, so clearly my fault. I will
investigate this later.

Cheers
Fred


Andy Balholm wrote:
> Thank you for looking into this bug. Here is the source for the project
> as it was just before I removed the user defaults controller from
> CompanyInfo.nib.
> 
> 
> 
> To show the Company Info window, select Edit Company Info... from the
> file menu (with a document open). To get the crash, close that window
> and then open it again.
> 
> As far as I know, no other objects in the NIB reference the user
> defaults controller.
> 
> I have also discovered another bug relating to this NIB. The bindings
> that it contains seem to be read-only; if there is data in the model
> objects, it is displayed, but any changes I make in the text fields are
> not reflected in the model.
> 
> Here's a sample data file too:
> 
> 
> 
> Andy Balholm
> (509) 276-9718
> andy@balholm.com
> 
> 
> 
> On Jun 18, 2009, at 12:37 PM, Fred Kiefer wrote:
> 
>> Hi Andy,
>>
>> thank you for the bug report and the analysis you did yourself. In
>> general it really helps to have the source code and of course the NIB
>> files to dig into such a problem.
>>
>> The decoding code for NSUserDefaultsController is rather simple:
>>
>> - (id) initWithCoder: (NSCoder *)aDecoder
>> {
>>  if ([aDecoder allowsKeyedCoding])
>>    if ([aDecoder decodeBoolForKey: @"NSSharedInstance"])
>>      {
>>        RELEASE(self);
>>        return [NSUserDefaultsController sharedUserDefaultsController];
>>      }
>>
>>  return [super initWithCoder: aDecoder];
>> }
>>
>> I don't expect that this itself is causing the problem. Maybe another
>> object is having a reference to this object and the code there doesn't
>> properly handle the case the the decoded object gets replaced by another
>> one. I would need to look at the NIB file (best in XML format) to
>> further analyse this.
>>
>> Fred
>>
>>
>>
>> Andy Balholm wrote:
>>> I sent this message a while ago. Since then I investigated further with
>>> GDB and discovered that the segmentation fault happens while the shared
>>> user defaults controller is being unarchived from the NIB. For this
>>> particular program, the NIB didn't need to have a user defaults
>>> controller in it. (IB put it in without asking.) But someone may want to
>>> look into the problem in general.
>>>
>>> There is also another crash that occurs only under FreeBSD, but not
>>> under Windows, in the same circumstances. It says that virtual memory is
>>> exhausted.
>>>
>>> Andy Balholm
>>> (509) 276-9718
>>> andy@balholm.com
>>>
>>>
>>>
>>> Begin forwarded message:
>>>
>>>> From: Andy Balholm <andy@balholm.com>
>>>> Date: June 16, 2009 4:29:48 PM PDT
>>>> To: bug-gnustep@gnu.org
>>>> Subject: Segmentation fault while loading Cocoa NIB
>>>>
>>>> I am developing an application to run under MacOS and GNUstep. The
>>>> windows are stored as Cocoa NIBs. One of the windows causes a crash
>>>> the second or third time it loads when I'm running the program under
>>>> GNUstep for either Windows or FreeBSD. (The main document window is
>>>> fine, though.) It does not crash under MacOS, so I suppose it would be
>>>> considered a bug in GNUstep rather than in my program.
>>>>
>>>> It doesn't seem to matter whether I save the NIB as format version 2
>>>> or format version 3 in Interface Builder. The crash still happens.
>>>>
>>>> Under Windows, I'm using gnustep-core version 0.23.0. Under FreeBSD,
>>>> I'm using sources from Subversion downloaded on Saturday (Jun 13).
>>>>
>>>> Here is the stack trace I got with gdb under FreeBSD:
>>>>
>>>> #0  0x28865a64 in objc_msg_lookup () from /usr/lib/libobjc.so.3
>>>> #1  0x285c919d in GSIArraySetItemAtIndex (array=0x2933a900, item={addr
>>>> = 692693272, obj = 0x2949a918, nso = 0x2949a918}, index=115) at
>>>> GSIArray.h:502
>>>> #2  0x285c8d0e in -[NSKeyedUnarchiver(Private) _decodeObject:]
>>>> (self=0x28ece248, _cmd=0x28801ac8, index=115) at
>>>> NSKeyedUnarchiver.m:226
>>>> #3  0x285c86c5 in -[NSKeyedUnarchiver(Internal)
>>>> _decodeArrayOfObjectsForKey:] (self=0x28ece248, _cmd=0x287ce5f8,
>>>> aKey=0x287cdad8) at NSKeyedUnarchiver.m:114
>>>> #4  0x284e5d4e in -[GSPlaceholderArray initWithCoder:]
>>>> (self=0x28d3b8d8, _cmd=0x28801b08, aCoder=0x28ece248) at GSArray.m:1133
>>>> #5  0x285c8ca1 in -[NSKeyedUnarchiver(Private) _decodeObject:]
>>>> (self=0x28ece248, _cmd=0x28801ac8, index=121) at
>>>> NSKeyedUnarchiver.m:219
>>>> #6  0x285cb8db in -[NSKeyedUnarchiver decodeObjectForKey:]
>>>> (self=0x28ece248, _cmd=0x2845e0b8, aKey=0x2845c450) at
>>>> NSKeyedUnarchiver.m:600
>>>> #7  0x283575ff in -[NSIBObjectData initWithCoder:] (self=0x28ecf928,
>>>> _cmd=0x28801b08, coder=0x28ece248) at GSNibLoading.m:1680
>>>> #8  0x285c8ca1 in -[NSKeyedUnarchiver(Private) _decodeObject:]
>>>> (self=0x28ece248, _cmd=0x28801ac8, index=1) at NSKeyedUnarchiver.m:219
>>>> #9  0x285cb8db in -[NSKeyedUnarchiver decodeObjectForKey:]
>>>> (self=0x28ece248, _cmd=0x28469988, aKey=0x28469484) at
>>>> NSKeyedUnarchiver.m:600
>>>> #10 0x2836bbd4 in -[GSNibLoader
>>>> loadModelData:externalNameTable:withZone:] (self=0x28d75f28,
>>>> _cmd=0x284699d8, data=0x28eba668, context=0x28ecab88, zone=0x2883a320)
>>>> at GSNibLoader.m:73
>>>> #11 0x2836bf43 in -[GSNibLoader
>>>> loadModelFile:externalNameTable:withZone:] (self=0x28d75f28,
>>>> _cmd=0x283a49a0, fileName=0x28e1c828, context=0x28ecab88,
>>>> zone=0x2883a320) at GSNibLoader.m:133
>>>> #12 0x2816dd6f in +[NSBundle(NSBundleAdditions)
>>>> loadNibFile:externalNameTable:withZone:] (self=0x287e1da0,
>>>> _cmd=0x28434570, fileName=0x28e1c828, context=0x28ecab88,
>>>> zone=0x2883a320) at NSBundleAdditions.m:205
>>>> #13 0x282e8049 in -[NSWindowController loadWindow] (self=0x28e3b6a8,
>>>> _cmd=0x28434490) at NSWindowController.m:467
>>>> #14 0x282e75ea in -[NSWindowController window] (self=0x28e3b6a8,
>>>> _cmd=0x28434408) at NSWindowController.m:301
>>>> #15 0x282e70af in -[NSWindowController setDocumentEdited:]
>>>> (self=0x28e3b6a8, _cmd=0x283c02b0, flag=0 '\000') at
>>>> NSWindowController.m:210
>>>> #16 0x281aee29 in -[NSDocument addWindowController:] (self=0x28e1c588,
>>>> _cmd=0x804be00, windowController=0x28e3b6a8) at NSDocument.m:319
>>>> #17 0x08048e15 in -[MyDocument showCompanyInfoWindow:]
>>>> (self=0x28e1c588, _cmd=0x28d1ac08, sender=0x2939a1f8) at
>>>> MyDocument.m:43
>>>> #18 0x286efa8f in L10 () from
>>>> /usr/GNUstep/System/Library/Libraries/libgnustep-base.so.1.19
>>>> #19 0x28e1c588 in ?? ()
>>>> #20 0x28d1ac08 in ?? ()
>>>> #21 0x2939a1f8 in ?? ()
>>>> #22 0x288710f0 in ?? () from /usr/lib/libobjc.so.3
>>>> #23 0x28e00000 in ?? ()
>>>> #24 0x0804f438 in ?? ()
>>>> #25 0x0804f540 in ?? ()
>>>> #26 0x2886aea0 in objc_free () from /usr/lib/libobjc.so.3
>>>> #27 0x286ae70d in GSFFCallInvokeWithTargetAndImp (_inv=0x28e48fd8,
>>>> anObject=0x28e1c588, imp=0x8048c60 <-[MyDocument
>>>> showCompanyInfoWindow:]>) at GSFFCallInvocation.m:709
>>>> #28 0x286aeaec in -[GSFFCallInvocation invokeWithTarget:]
>>>> (self=0x28e48fd8, _cmd=0x283977e8, anObject=0x28e1c588) at
>>>> GSFFCallInvocation.m:779
>>>> #29 0x2813dc3f in -[NSApplication sendAction:to:from:]
>>>> (self=0x28e1c4c8, _cmd=0x283e2dd0, aSelector=0x28d1ac08, aTarget=0x0,
>>>> sender=0x2939a1f8) at NSApplication.m:2087
>>>> #30 0x2820d871 in -[NSMenu performActionForItemAtIndex:]
>>>> (self=0x293d39c8, _cmd=0x283e5798, index=9) at NSMenu.m:1242
>>>> #31 0x282171d5 in -[NSMenuView trackWithEvent:] (self=0x293af6c8,
>>>> _cmd=0x283e5818, event=0x28e3b3d8) at NSMenuView.m:1633
>>>> #32 0x28217354 in -[NSMenuView mouseDown:] (self=0x293af6c8,
>>>> _cmd=0x28433190, theEvent=0x28e3b568) at NSMenuView.m:1678
>>>> #33 0x282df26e in -[NSWindow sendEvent:] (self=0x28d03a08,
>>>> _cmd=0x283977a0, theEvent=0x28e3b568) at NSWindow.m:3588
>>>> #34 0x2813d5dd in -[NSApplication sendEvent:] (self=0x28e1c4c8,
>>>> _cmd=0x283976e0, theEvent=0x28e3b568) at NSApplication.m:1963
>>>> #35 0x2813c019 in -[NSApplication run] (self=0x28e1c4c8,
>>>> _cmd=0x2838cc60) at NSApplication.m:1465
>>>> #36 0x2811b4c1 in NSApplicationMain (argc=1, argv=0xbfbfe824) at
>>>> Functions.m:74
>>>> #37 0x0804ac9e in main (argc=Error accessing memory address 0x160001:
>>>> Bad address.
>>>>
>>>> I would be glad to send you the application source if it would help
>>>> you find the problem.
>>>>
>>>> Andy Balholm
>>>> (509) 276-9718
>>>> andy@balholm.com
>>
>>
>