ios - 是什么导致 SIGILL 在 iOS 上带有 ILL_ILLTRP 代码？

Question

我收到了我的 iOS 应用程序的崩溃报告，其中异常类型为 SIGILL，异常代码为 ILL_ILLTRP，这是我以前从未见过的。

我能找到的关于 ILL_ILLTRP 的唯一信息是在 signal.h 中，它说:

/*
 * When the signal is SIGILL or SIGFPE, si_addr contains the address of
 * the faulting instruction.
 * When the signal is SIGSEGV or SIGBUS, si_addr contains the address of
 * the faulting memory reference. Although for x86 there are cases of SIGSEGV
 * for which si_addr cannot be determined and is NULL.
 * If the signal is SIGCHLD, the si_pid field will contain the child process ID,
 *  si_status contains the exit value or signal and
 *  si_uid contains the real user ID of the process that sent the signal.
 */

/* Values for si_code */

/* Codes for SIGILL */
#if !defined(_POSIX_C_SOURCE) || defined(_DARWIN_C_SOURCE)
#define ILL_NOOP        0       /* if only I knew... */
#endif
#define ILL_ILLOPC      1       /* [XSI] illegal opcode */
#define ILL_ILLTRP      2       /* [XSI] illegal trap */
#define ILL_PRVOPC      3       /* [XSI] privileged opcode */
#define ILL_ILLOPN      4       /* [XSI] illegal operand -NOTIMP */
#define ILL_ILLADR      5       /* [XSI] illegal addressing mode -NOTIMP */
#define ILL_PRVREG      6       /* [XSI] privileged register -NOTIMP */
#define ILL_COPROC      7       /* [XSI] coprocessor error -NOTIMP */
#define ILL_BADSTK      8       /* [XSI] internal stack error -NOTIMP */

在 iOS(和 Swift 或 Obj-C)上，什么会导致“非法陷阱”发生？

作为引用，这里是崩溃线程的堆栈跟踪:

Incident Identifier: A450C98F-DDB4-4593-9C93-B4C17D3EB4E4
CrashReporter Key:   DB1695E0-C812-4087-9567-D4BD5D4D491C
Hardware Model:      iPhone8,1
Code Type:       ARM-64
Parent Process:  ??? [1]

Date/Time:       2019-05-26T17:01:50Z
Launch Time:     2019-05-26T17:01:37Z
OS Version:      iPhone OS 12.1.2 (16C101)
Report Version:  104

Exception Type:  SIGILL
Exception Codes: ILL_ILLTRP at 0x100c3343c
Crashed Thread:  0

Thread 0 Crashed:
0   CocoaLumberjack                      0x0000000100c3343c CocoaLumberjack.asyncLoggingEnabled.unsafeMutableAddressor : Swift.Bool (CocoaLumberjack.swift:73)
1   XXXApp                               0x0000000100762d08 XXXApp.XXXAppNavigationContext.append(XXXApp.XXXAppNavigationPathComponent) -> () (XXXAppNavigationContext.swift:0)
2   XXXApp                               0x0000000100763a4c merged @objc XXXApp.XXXAppNavigationContext.append(XXXApp.XXXAppNavigationPathComponent) -> () + 44
3   XXXApp                               0x000000010071ae80 -[XXXAppTableViewController viewWillAppear:] (XXXAppTableViewController.m:35)
4   XXXApp                               0x0000000100708360 -[XXXAppGroupTableViewController viewWillAppear:] (XXXAppGroupTableViewController.m:83)
5   UIKitCore                            0x00000001b3224f28 -[UIViewController _setViewAppearState:isAnimating:] + 580
6   UIKitCore                            0x00000001b322560c -[UIViewController __viewWillAppear:] + 136
7   XXXApp                               0x00000001006d3ff8 -[XXXAppTabBarViewController sendAppearanceTransitionsToViewControllers:] (XXXAppTabBarViewController.m:441)
8   XXXApp                               0x00000001006d3d88 -[XXXAppTabBarViewController scrollViewDidScroll:] (XXXAppTabBarViewController.m:426)
9   XXXApp                               0x00000001006d1458 -[XXXAppTabBarViewController viewDidLayoutSubviews] (XXXAppTabBarViewController.m:159)
10  UIKitCore                            0x00000001b3c8f944 -[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 1736
11  QuartzCore                           0x000000018ac4db74 -[CALayer layoutSublayers] + 180
12  QuartzCore                           0x000000018ac52b2c CA::Layer::layout_if_needed(CA::Transaction*) + 320
13  UIKitCore                            0x00000001b3c7acc8 -[UIView(Hierarchy) layoutBelowIfNeeded] + 544
14  UIKitCore                            0x00000001b318bd0c -[UINavigationController _layoutViewController:] + 1292
15  UIKitCore                            0x00000001b3186400 -[UINavigationController _layoutTopViewController] + 232
16  UIKitCore                            0x00000001b31845d0 -[UINavigationController navigationTransitionView:didEndTransition:fromView:toView:] + 776
17  UIKitCore                            0x00000001b3c4a7d4 -[UINavigationTransitionView _notifyDelegateTransitionDidStopWithContext:] + 416
18  UIKitCore                            0x00000001b3c4aa90 -[UINavigationTransitionView _cleanupTransition] + 584
19  UIKitCore                            0x00000001b3c58950 -[UIViewAnimationState sendDelegateAnimationDidStop:finished:] + 308
20  UIKitCore                            0x00000001b3c5438c +[UIViewAnimationState popAnimationState] + 332
21  UIKitCore                            0x00000001b3c4a518 -[UINavigationTransitionView transition:fromView:toView:] + 1860
22  UIKitCore                            0x00000001b318cb1c -[UINavigationController _startTransition:fromViewController:toViewController:] + 2652
23  UIKitCore                            0x00000001b318d0f8 -[UINavigationController _startDeferredTransitionIfNeeded:] + 1180
24  UIKitCore                            0x00000001b318e3f8 -[UINavigationController __viewWillLayoutSubviews] + 160
25  UIKitCore                            0x00000001b31705e8 -[UILayoutContainerView layoutSubviews] + 220
26  UIKitCore                            0x00000001b3c8f7dc -[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 1376
27  QuartzCore                           0x000000018ac4db74 -[CALayer layoutSublayers] + 180
28  QuartzCore                           0x000000018ac52b2c CA::Layer::layout_if_needed(CA::Transaction*) + 320
29  QuartzCore                           0x000000018abb144c CA::Context::commit_transaction(CA::Transaction*) + 336
30  QuartzCore                           0x000000018abdfd7c CA::Transaction::commit() + 604
31  UIKitCore                            0x00000001b380fa3c _afterCACommitHandler + 252
32  CoreFoundation                       0x00000001865e07cc __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 28
33  CoreFoundation                       0x00000001865db460 __CFRunLoopDoObservers + 408
34  CoreFoundation                       0x00000001865dba00 __CFRunLoopRun + 1260
35  CoreFoundation                       0x00000001865db1f0 CFRunLoopRunSpecific + 432
36  GraphicsServices                     0x0000000188854584 GSEventRunModal + 96
37  UIKitCore                            0x00000001b37e6d40 UIApplicationMain + 208
38  XXXApp                               0x00000001006c96e4 main (main.m:16)
39  libdyld.dylib                        0x000000018609abb4 start + 0

Answer 1

我试图了解发生了什么。我没有解决方案，但有一些想法:

堆栈跟踪(第 0 行)表明崩溃发生在第 73 行的 CocoaLumberjack swift 代码中，其中 Bool var asyncLoggingEnabled 应该使用 unsafeMutableAddressor 访问。
显然，这是指令

public var asyncLoggingEnabled = true

在第 73 行的代码中。

我相信这个 var 是使用 UnsafeMutablePointer ( docs ) 访问的。在这里，应用程序是

... responsible for handling the life cycle of any memory you work with through unsafe pointers to avoid leaks or undefined behavior.

特别是，

Many pointer operations must only be applied to pointers with memory in a specific state—you must keep track of the state of the memory you are working with and understand the changes to that state that different operations perform. Memory can be untyped and uninitialized, bound to a type and uninitialized, or bound to a type and initialized to a value. Finally, memory that was allocated previously may have been deallocated, leaving existing pointers referencing unallocated memory.

我认为您的应用程序崩溃是因为用于访问 asyncLoggingEnabled 的指针指向处于非法状态的内存。
如果发生这种情况，应该执行系统陷阱来处理这种情况，但只有安装了针对此类异常的陷阱处理程序才能执行。如果不是这种情况，将执行一个非法陷阱(异常代码:ILL_ILLTRP)来处理所有未处理的陷阱。

根据执行历史，内存可能偶然也处于合法状态。因此，崩溃可能发生也可能不发生。

简而言之，我认为这是 CocoaLumberjack 中的一个错误。