Can't launch my app when use the dynamical lib of mimalloc in IOS

[gaxlin]

Log is:

ul 7 15:32:32 iPhone ReportCrash[17738] : Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_PROTECTION_FAILURE at 0x000000016fcd7fb0
Triggered by Thread: 0

Jul 7 15:32:32 iPhone ReportCrash[17738] : Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 dyld 0x00000001200bf1bc 0x1200a8000 + 94652
1 dyld 0x00000001200bf480 0x1200a8000 + 95360
2 dyld 0x00000001200c0750 0x1200a8000 + 100176
3 dyld 0x00000001200abf64 0x1200a8000 + 16228
4 libdyld.dylib 0x00000001809f4ba0 0x1809f4000 + 2976
5 libmimalloc.1.7.dylib 0x00000001019ce030 0x1019b8000 + 90160
6 libmimalloc.1.7.dylib 0x00000001019cc15c 0x1019b8000 + 82268
7 libmimalloc.1.7.dylib 0x00000001019c89a8 0x1019b8000 + 68008
8 libmimalloc.1.7.dylib 0x00000001019c92dc 0x1019b8000 + 70364
9 libmimalloc.1.7.dylib 0x00000001019c8678 0x1019b8000 + 67192
10 libsystem_malloc.dylib 0x0000000180b3d458 0x180b3c000 + 5208
11 libsystem_malloc.dylib 0x0000000180b419dc 0x180b3c000 + 23004
12 dyld 0x00000001200c7860 0x1200a8000 + 129120

[daanx]

The mimalloc version v1.7.3 and v2.0.3 have much improved support for macOS -- perhaps this also fixes the problem on iOS?

[victorstewart]

@daanx i just tried v2.0.3 on iOS15

if MI_OSX_ZONE + MI_OSX_INTERPOSE are turned on, the zones crash upon application boot:

but if you turn off MI_OSX_ZONE and leave MI_OSX_INTERPOSE on, the application boots properly and it seems to finally work now!

Edit: this is via linking the object file

[daanx]

Ah it is great to hear that it starts working on iOS :-).
But those malloc_zones are a never ending source of trouble :-(. The zone_size definition in the debugger, is that the one from mimalloc (in alloc-overrride-osx.c) ?

I see I defined it as:

static size_t zone_size(malloc_zone_t* zone, const void* p) {
  MI_UNUSED(zone);
  //if (!mi_is_in_heap_region(p)){ return 0; } // not our pointer, bail out
  return mi_usable_size(p);
}

Can you comment out the line that checks if it is a valid pointer and see if it starts working? I was perhaps a bit too positive there :-)

[victorstewart]

if i uncomment out that line, then the program doesn't finish booting... failing in zone_size still via realloc.

and with MI_OSX_ZONE=OFF, i'm now getting one weird EXC_BAD_ACCESS when calling some iOS library function, via...

#0	0x00000001006dce44 in _mi_malloc_generic(mi_heap_s*, unsigned long) ()
#1	0x00000001006deb00 in operator new(unsigned long) ()
#2	0x0000000187906004 in swift::Demangle::__runtime::TypeDecoder<(anonymous namespace)::DecodedMetadataBuilder>::decodeMangledType(swift::Demangle::__runtime::Node*) ()
#3	0x00000001879039b8 in swift_getTypeByMangledNodeImpl(swift::MetadataRequest, swift::Demangle::__runtime::Demangler&, swift::Demangle::__runtime::Node*, void const* const*, std::__1::function<swift::TargetMetadata<swift::InProcess> const* (unsigned int, unsigned int)>, std::__1::function<swift::TargetWitnessTable<swift::InProcess> const* (swift::TargetMetadata<swift::InProcess> const*, unsigned int)>) ()
#4	0x00000001879035bc in swift::swift_getTypeByMangledNode(swift::MetadataRequest, swift::Demangle::__runtime::Demangler&, swift::Demangle::__runtime::Node*, void const* const*, std::__1::function<swift::TargetMetadata<swift::InProcess> const* (unsigned int, unsigned int)>, std::__1::function<swift::TargetWitnessTable<swift::InProcess> const* (swift::TargetMetadata<swift::InProcess> const*, unsigned int)>) ()
#5	0x0000000187903fd8 in swift_getTypeByMangledNameImpl(swift::MetadataRequest, __swift::__runtime::llvm::StringRef, void const* const*, std::__1::function<swift::TargetMetadata<swift::InProcess> const* (unsigned int, unsigned int)>, std::__1::function<swift::TargetWitnessTable<swift::InProcess> const* (swift::TargetMetadata<swift::InProcess> const*, unsigned int)>) ()
#6	0x0000000187900940 in swift::swift_getTypeByMangledName(swift::MetadataRequest, __swift::__runtime::llvm::StringRef, void const* const*, std::__1::function<swift::TargetMetadata<swift::InProcess> const* (unsigned int, unsigned int)>, std::__1::function<swift::TargetWitnessTable<swift::InProcess> const* (swift::TargetMetadata<swift::InProcess> const*, unsigned int)>) ()
#7	0x0000000187900f90 in swift_stdlib_getTypeByMangledNameUntrusted ()
#8	0x00000001879014b4 in getObjCClassByMangledName(char const*, objc_class**) ()
#9	0x000000019b0c8090 in look_up_class ()
#10	0x00000001843c8fc8 in -[NSXPCInterface setProtocol:] ()
#11	0x00000001843dacbc in +[NSXPCInterface interfaceWithProtocol:] ()
#12	0x000000018a1deafc in -[NSXPCStoreConnection createConnectionWithOptions:] ()
#13	0x000000018a12eea8 in -[NSXPCStoreConnection initForStore:] ()
#14	0x000000018a12ecb0 in -[NSXPCStoreConnectionManager initForStore:] ()
#15	0x000000018a212188 in -[NSXPCStore initWithPersistentStoreCoordinator:configurationName:URL:options:] ()
#16	0x000000018a17b49c in __91-[NSPersistentStoreCoordinator addPersistentStoreWithType:configuration:URL:options:error:]_block_invoke ()
#17	0x000000018a157c5c in gutsOfBlockToNSPersistentStoreCoordinatorPerform ()
#18	0x0000000101dba700 in _dispatch_client_callout ()
#19	0x0000000101dcbac8 in _dispatch_lane_barrier_sync_invoke_and_complete ()
#20	0x000000018a2ddc5c in _perform ()
#21	0x000000018a1a7000 in -[NSPersistentStoreCoordinator addPersistentStoreWithType:configuration:URL:options:error:] ()
#22	0x000000019648c9b8 in -[PLPersistentContainer _configureXPCPersistentStoreCoordinator:error:] ()
#23	0x000000019644d304 in -[PLPersistentContainer newSharedPersistentStoreCoordinator] ()
#24	0x00000001963d54a0 in __57-[PLPersistentContainer sharedPersistentStoreCoordinator]_block_invoke ()
#25	0x00000001fa85ec10 in PLResultWithUnfairLock ()
#26	0x00000001963ce43c in -[PLPersistentContainer sharedPersistentStoreCoordinator] ()
#27	0x00000001963d2f08 in -[PLPhotoLibraryBundle newChangeHandlingContainer] ()
#28	0x000000019688d300 in __60-[PLPhotoLibraryBundle initWithLibraryURL:bundleController:]_block_invoke.42 ()
#29	0x00000001fa86a2c8 in __27-[PLLazyObject objectValue]_block_invoke ()
#30	0x00000001fa85ec10 in PLResultWithUnfairLock ()
#31	0x00000001fa85d2c4 in -[PLLazyObject objectValue] ()
#32	0x00000001963ce124 in -[PLManagedObjectContext initWithConcurrencyType:libraryBundle:] ()
#33	0x0000000196429de4 in +[PLManagedObjectContext contextForPhotoLibrary:automaticallyMerges:automaticallyPinToFirstFetch:name:] ()
#34	0x000000019645e5e0 in -[PLPhotoLibrary _loadClientDatabaseContextWithOptions:error:] ()
#35	0x000000019645bbe8 in -[PLPhotoLibrary _loadDatabaseContextWithOptions:error:] ()
#36	0x0000000196449b98 in -[PLPhotoLibrary loadDatabaseWithOptions:error:] ()
#37	0x00000001963dfba0 in +[PLPhotoLibrary newPhotoLibraryWithName:loadedFromBundle:options:error:] ()
#38	0x0000000196134df0 in newPhotoLibrary ()
#39	0x000000019614f8e0 in __50-[PHPhotoLibrary initWithPhotoLibraryBundle:type:]_block_invoke_4 ()
#40	0x00000001fa86a2c8 in __27-[PLLazyObject objectValue]_block_invoke ()
#41	0x00000001fa85ec10 in PLResultWithUnfairLock ()
#42	0x00000001fa85d2c4 in -[PLLazyObject objectValue] ()
#43	0x000000019611ae5c in -[PHPhotoLibrary userInitiatedQueuePhotoLibrary] ()
#44	0x000000019614c418 in -[PHPhotoLibrary photoLibraryForCurrentQueueQoS] ()
#45	0x0000000196128f4c in -[PHPhotoLibrary(PXCPLStatus) managedObjectContextForCurrentQueueQoS] ()
#46	0x0000000196142a88 in -[PHQuery _createFetchRequestIncludingBasePredicate:] ()
#47	0x0000000196146264 in -[PHQuery fetchRequest] ()
#48	0x000000019612f2bc in -[PHFetchResult initWithQuery:oids:registerIfNeeded:usingManagedObjectContext:] ()
#49	0x000000019612c160 in -[PHFetchResult initWithQuery:] ()
#50	0x0000000196124cc0 in -[PHQuery executeQuery] ()
#51	0x00000001961506d8 in __34+[PHAsset fetchAssetsWithOptions:]_block_invoke ()
#52	0x000000019612e2dc in +[PHObject authorizationAwareFetchResultWithOptions:fetchBlock:] ()
#53	0x00000001006a491c in DeviceMediaLibrary::gatherPhotoAssets() at /xxx/Media Center/DeviceMediaLibrary.cpp:83
#54	0x00000001006a4a54 in invocation function for block in DeviceMediaLibrary::gatherAssets() at /xxx/Media Center/DeviceMediaLibrary.cpp:96
#55	0x0000000101db8a20 in _dispatch_call_block_and_release ()
#56	0x0000000101dba700 in _dispatch_client_callout ()
#57	0x0000000101dcd474 in _dispatch_lane_concurrent_drain ()
#58	0x0000000101dc35c8 in _dispatch_lane_invoke ()
#59	0x0000000101dbd068 in _dispatch_queue_override_invoke ()
#60	0x0000000101dce688 in _dispatch_root_queue_drain ()
#61	0x0000000101dcf08c in _dispatch_worker_thread2 ()
#62	0x00000001f26fd174 in _pthread_wqthread ()

[victorstewart]

@daanx
if you provide with a "How To" / any architectural knowledge needed i can fully debug it myself and then push a PR. rather than these back and forth haha. just need a point in the right direction.

[victorstewart]

turning on debug mode instead of EXEC_BAD_ACCESS it halts on an assertion

mimalloc: assertion failed: at "/xxx/libraries/mimalloc-2.0.3/src/alloc.c":75, mi_heap_malloc_small
  assertion: "heap->thread_id == 0 || heap->thread_id == _mi_thread_id()"

[anthonyalayo]

I am hitting the same issue.