Tracer seems to be working. Bugs in Carbon ?
It looks like the tracer is working. I ran a dummy Cocoa
application and that worked out OK! I then tried TextEdit.app. It
works alright so far, except that the background of the window is
brown... Check it out: I don't know, why that
artefact happens. Obviously the different malloc library
scheme is tripping something up... What I did was, I nm'ed all the
(Text) symbols in malloc.So in
/usr/lib/System.dylib and created a .c file that
defines them. I then record anything worthy with my tracer and do
the memory management with the brand spankin' new Mullocator
(my own mallocer). I couldn't figure out how to use the original
code in libSystem.dylib. I tried to create function
pointers to the "original" routines, but that didn't work out. It
looks like I would have needed to parse the original macho file.
That's for another project though... I then tried to launch
Safari and Preview with the tracer lib wedged in.
Both failed and crashed. Looking at the crash dumps and at the
allocation history though it appears, IF i intercept
everything, that there are bugs in those applications, that try to
access non allocated memory. But any judgement on this is way
premature.F.e. check out this dump: (gdb)
where Reading in symbols for main.m...done. Reading in symbols for
/SourceCache/Csu/Csu-45/crt.c...done. Reading in symbols for
start.s...done. #0 mulle_malloc_length_of_small_block
(block=0x144fddc) at MulleMalloc.subproj/mulle_malloc.c:938 #1
0x21003b00 in _mulle_msize (block=0x144fddc, self=0x210080d8) at
MulleMalloc.subproj/mulle_malloc.c:1550 #2 0x21003ca4 in
_mulle_safe_msize (block=0x144fddc, self=0x210080d8) at
MulleMalloc.subproj/mulle_malloc.c:1587 #3 0x21001808 in
mulle_msize (block=0x144fddc) at
MulleMalloc.subproj/mulle_malloc.h:149 #4 0x21000a8c in malloc_size
(ptr=0x144fddc) at malloc.c:198 #5 0x90223df8 in HGetState () #6
0x9023a700 in SetPL () #7 0x9022e008 in vCheckLoad () #8 0x90233d6c
in CheckLoad () #9 0x9023c9f8 in PreLoad () #10 0x90241e18 in
RMInsertMappedResourceFileInChain () #11 0x9024d54c in
FSOpenResourceFileMapped () #12 0x9014a938 in
__CF_FSOpenResourceFileMapped_internal () #13 0x9014a6d8 in
_CFBundleOpenResourceFile () #14 0x9014a9c8 in
_CFBundleOpenBundleGlobalResourceFile () #15 0x901502b0 in
CFBundleOpenBundleResourceFiles () #16 0x90267c70 in
openFrameworkResourceFiles () #17 0x901447b4 in
CFDictionaryApplyFunction () #18 0x90271694 in
insertFrameworkResources () #19 0x9022509c in StandardEntry () #20
0x9022c414 in GetResourceCommon () #21 0x96a83ef4 in
Localize(AppearanceGlobals*) () #22 0x96a00d6c in
GetAppearanceGlobals() () #23 0x969c0250 in SetupMDEFGlobals(short,
OpaqueMenuRef*, Rect*, Point, short*, StandardMenuDefGlobals*,
OpaqueGrafPtr**, bool*) () #24 0x969d5508 in StandardMDEF(short,
OpaqueMenuRef*, Rect*, Point, short*) () #25 0x969d0884 in
_CallMenuDef(MenuData*, short, Rect*, Point, short*) () #26
0x96a024c4 in SendMenuInit(MenuData*) () #27 0x969e1b90 in
MenuData::Initialize(OpaqueEventRef*) () #28 0x969d18a8 in
HIObject::HandleClassHIObjectEvent(OpaqueEventHandlerCallRef*,
OpaqueEventRef*, void*) () #29 0x969d180c in
HIObject::EventHook(OpaqueEventHandlerCallRef*, OpaqueEventRef*,
void*) () #30 0x969a2c54 in DispatchEventToHandlers () #31
0x969a2fbc in SendEventToEventTargetInternal () #32 0x969a63d0 in
SendEventToEventTargetWithOptions () #33 0x969cb8f0 in
HIObject::Create(__CFString const*, OpaqueEventRef*, HIObject**) ()
#34 0x969cea24 in HIObjectCreate () #35 0x969f2138 in
CreateMenuData(MenuDefSpec const*, short, unsigned char const*,
unsigned long, MenuData**) () #36 0x969b5b54 in
InternalGetRootMenu() () #37 0x969c82c4 in _GetMenuHandle(short) ()
#38 0x96a00ea8 in GetMenuHandle () #39 0x9315f874 in
GetUniqueCarbonMenuID () #40 0x9310a728 in CreateCarbonMenu () #41
0x93160edc in _NSAddMenuBarItems () #42 0x93160434 in
-[NSApplication finishLaunching] () #43 0x930b1be0 in
-[NSApplication run] () #44 0x9315fc58 in NSApplicationMain () #45
0x00003da8 in main (argc=1, argv=0xbffffd30) at main.m:13 #46
0x00003b2c in _start (argc=1, argv=0xbffffd30, envp=0xbffffd38) at
/SourceCache/Csu/Csu-45/crt.c:267 #47 0x000039ac in start ()
Current language: auto; currently c What's the problem here ? As you can see I am
asked for the size of a memory block 0x144fddc, the last bits of
the address are
11011100
. The allocation routine
always leaves the last 4 bits clear, so this memory area can not be
a valid memory block. And it's always either in
HModifyState
or HGetState
where this
problem occurs, it does look like these two routines are buggy.
Finally both Safari and Preview also crash in
HModifyState
.