Crash with "illegal opcode" - how to debug this issue?


Graham Cox
 

Hi all,

We’ve received a number of reports from users of a crash due to a SIGILL as follows:

Exception Type: SIGILL
Exception Codes: ILL_ILLOPC at 0x7fff32837454
Crashed Thread: 0


Thread 0 Crashed:
0 com.apple.AppKit 0x00007fff32837454 -[NSApplication _crashOnException:] + 109
1 com.apple.AppKit 0x00007fff32e03cb1 __65+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayRefresh]_block_invoke + 858
2 com.apple.CoreFoundation 0x00007fff34f8f467 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23

This seems to be an “illegal opcode” being encountered.

I’m at a loss to reproduce it so far, and I’m not sure why our latest build should be experiencing this given the few changes it has compared to the previous version.

What’s a good way to start trying to investigate this issue? Is it possible it’s a compiler issue? I’m using Xcode 9.3.1. ‘illegal opcode’ suggests bad code at the CPU level, but I can’t see how that can happen by writing high-level code or by memory corruption at runtime, since code is protected. Only an errant compiler could write a bad opcode, surely? And if so, that would explain why it’s suddenly an issue, since this is the only build we’ve shipped built in this version of Xcode.

—Graham


Jack Brindle
 

Graham - did you ever get a response?
This looks to me like you are doing an animation which has completed and is trying to call back to your completion block. For some reason the completion block is mis-formed and is resulting in the execution of bad or non-code. I would look at your animation methods and make sure the completion blocks are formed and set up properly.

Jack

On May 24, 2018, at 5:30 PM, Graham Cox <graham@mapdiva.com> wrote:

Hi all,

We’ve received a number of reports from users of a crash due to a SIGILL as follows:

Exception Type: SIGILL
Exception Codes: ILL_ILLOPC at 0x7fff32837454
Crashed Thread: 0


Thread 0 Crashed:
0 com.apple.AppKit 0x00007fff32837454 -[NSApplication _crashOnException:] + 109
1 com.apple.AppKit 0x00007fff32e03cb1 __65+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayRefresh]_block_invoke + 858
2 com.apple.CoreFoundation 0x00007fff34f8f467 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23

This seems to be an “illegal opcode” being encountered.

I’m at a loss to reproduce it so far, and I’m not sure why our latest build should be experiencing this given the few changes it has compared to the previous version.

What’s a good way to start trying to investigate this issue? Is it possible it’s a compiler issue? I’m using Xcode 9.3.1. ‘illegal opcode’ suggests bad code at the CPU level, but I can’t see how that can happen by writing high-level code or by memory corruption at runtime, since code is protected. Only an errant compiler could write a bad opcode, surely? And if so, that would explain why it’s suddenly an issue, since this is the only build we’ve shipped built in this version of Xcode.

—Graham





Jon Gotow
 

On May 25, 2018, at 12:37 PM, Jack Brindle <jackbrindle@me.com> wrote:

Graham - did you ever get a response?
This looks to me like you are doing an animation which has completed and is trying to call back to your completion block. For some reason the completion block is mis-formed and is resulting in the execution of bad or non-code. I would look at your animation methods and make sure the completion blocks are formed and set up properly.
And that the block isn't being deallocated prematurely somehow.

- Jon


Graham Cox
 

No other response so far…

That particular crash is just one example. There are numerous crash reports with the same basic crash, but not always in a CATransaction callback, though that is a very common one.

Perhaps it’s simply a memory issue with something freed prematurely. It’s the most straightforward explanation, if not the most straightforward thing to track down. I’ll proceed on that basis - it’s just that such bugs don’t usually show up in this form.

—Graham

On 26 May 2018, at 4:37 am, Jack Brindle <jackbrindle@me.com> wrote:

Graham - did you ever get a response?
This looks to me like you are doing an animation which has completed and is trying to call back to your completion block. For some reason the completion block is mis-formed and is resulting in the execution of bad or non-code. I would look at your animation methods and make sure the completion blocks are formed and set up properly.

Jack