Bug 33497 - LLVM ARM64 Builds Crash with EXC_BREAKPOINT on iOS 9
Summary: LLVM ARM64 Builds Crash with EXC_BREAKPOINT on iOS 9
Status: RESOLVED FIXED
Alias: None
Product: iOS
Classification: Xamarin
Component: Mono runtime / AOT compiler ()
Version: XI 8.10
Hardware: Macintosh Mac OS
: High critical
Target Milestone: 9.0 (iOS9)
Assignee: Zoltan Varga
URL:
Depends on:
Blocks:
 
Reported: 2015-08-30 17:29 UTC by Frank A. Krueger
Modified: 2015-09-07 12:41 UTC (History)
6 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Frank A. Krueger 2015-08-30 17:29:41 UTC
The ARM64 LLVM build of my app crashes on iOS 9.0 (13A4325c) while the ARM7 LLVM build works fine.

Distressfully, I don't get a good error report and the OS just says EXC_BREAKPOINT.

This code is built using the iOS 8 SDK.

Miguel, Zoltan, Rolf, and Sebastian have access to the code. Just build under these same circumstances and hopefully it will repro. https://github.com/praeclarum/Calca

Or let me know a better log to get you.


== CRASH ==

Incident Identifier: 1F59D5C4-4093-4A64-A405-3BCF52FC9E06
CrashReporter Key:   fe6318a0adb6b4a37416903734dad8a600184d24
Hardware Model:      iPhone7,1
Process:             Calca [4879]
Path:                /private/var/mobile/Containers/Bundle/Application/125C1D35-596E-4B8F-B4DC-BFDC6A7961FE/Calca.app/Calca
Identifier:          com.kruegersystems.calca.ios
Version:             13101 (1.3.1)
Code Type:           ARM-64 (Native)
Parent Process:      launchd [1]

Date/Time:           2015-08-30 14:14:53.53 -0700
Launch Time:         2015-08-30 14:14:45.45 -0700
OS Version:          iOS 9.0 (13A4325c)
Report Version:      105

Exception Type:  EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x00000001836797b4
Triggered by Thread:  0

Filtered syslog:
None found

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   CoreFoundation                	0x00000001836797b4 __CFRunLoopDoTimer + 1712
1   CoreFoundation                	0x00000001836794d0 __CFRunLoopDoTimer + 972
2   CoreFoundation                	0x0000000183676b8c __CFRunLoopRun + 1520
3   CoreFoundation                	0x00000001835a58a0 CFRunLoopRunSpecific + 384
4   GraphicsServices              	0x000000018e600088 GSEventRunModal + 180
5   UIKit                         	0x0000000188c3a0d4 UIApplicationMain + 204
6   Calca                         	0x00000001002607bc 0x1000e4000 + 1558460
7   Calca                         	0x0000000100293ae8 0x1000e4000 + 1768168
8   Calca                         	0x000000010016e384 0x1000e4000 + 566148
9   Calca                         	0x0000000100376b34 0x1000e4000 + 2698036
10  Calca                         	0x00000001008d5cf4 0x1000e4000 + 8330484
11  Calca                         	0x0000000100925c2c 0x1000e4000 + 8657964
12  Calca                         	0x0000000100929ecc 0x1000e4000 + 8675020
13  Calca                         	0x000000010098daec 0x1000e4000 + 9083628
14  Calca                         	0x0000000100754238 0x1000e4000 + 6750776
15  libdyld.dylib                 	0x000000019895a8b8 start + 4


== CONSOLE ==

Aug 30 14:14:45 Precious-XV Calca[4879] <Warning>: Found new TLS offset at 224
Aug 30 14:14:45 Precious-XV Calca[4879] <Warning>: WARNING: The runtime version supported by this application is unavailable.
Aug 30 14:14:45 Precious-XV Calca[4879] <Warning>: Using default runtime: v4.0.30319
Aug 30 14:14:46 Precious-XV Calca[4879] <Warning>: Culture set to: en-US
Aug 30 14:14:46 Precious-XV Calca[4879] <Warning>: Initializing File System
Aug 30 14:14:46 Precious-XV Calca[4879] <Warning>: START iCLOUD QUERY
Aug 30 14:14:46 Precious-XV locationd[70] <Notice>: Gesture EnabledForTopClient: 1 (MessagesSpringBoardCalled)
Aug 30 14:14:47 Precious-XV Calca[4879] <Warning>: File System Initialized
Aug 30 14:14:51 Precious-XV nanoappregistryd[4716] <Notice>: (Note ) NanoAppRegistry: Received XPC event <OS_xpc_dictionary: <dictionary: 0x12f56a9e0> { count = 3, contents =
"_State" => <uint64: 0x12f56ad80>: 0
"XPCEventName" => <string: 0x12f569e00> { length = 19, contents = "ApplicationsChanged" }
"Notification" => <string: 0x12f56a590> { length = 44, contents = "com.apple.LaunchServices.ApplicationsChanged" }
}>
Aug 30 14:14:53 Precious-XV SpringBoard[843] <Warning>: HW kbd: Failed to set (null) as keyboard focus
Aug 30 14:14:53 Precious-XV SpringBoard[843] <Warning>: HW kbd: Failed to set (null) as keyboard focus
Aug 30 14:14:53 Precious-XV diagnosticd[3334] <Error>: error evaluating process info - pid: 4879, puniqueid: 4879
Aug 30 14:14:53 Precious-XV com.apple.xpc.launchd[1] (UIKitApplication:com.kruegersystems.calca.ios[0xf378][4879]) <Notice>: Service exited due to signal: Trace/BPT trap: 5
Aug 30 14:14:53 Precious-XV ReportCrash[4881] <Notice>: Formulating report for corpse[4879] Calca
Aug 30 14:14:53 Precious-XV SpringBoard[843] <Warning>: Application 'UIKitApplication:com.kruegersystems.calca.ios[0xf378]' crashed.
Aug 30 14:14:53 Precious-XV UserEventAgent[26] <Warning>: 5864590775324: id=com.kruegersystems.calca.ios pid=4879, state=0
Aug 30 14:14:53 Precious-XV ReportCrash[4881] <Warning>: saved type '109_Calca' report (4 of max 25) as /var/mobile/Library/Logs/CrashReporter/Calca_2015-08-30-141453_Precious-XV.ips


=== Xamarin Studio ===

Version 5.9.5 (build 10)
Installation UUID: fce13fdd-e8e3-48ef-99f1-4acbb06f0240
Runtime:
	Mono 4.0.3 ((detached/d6946b4)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 400030020

=== Apple Developer Tools ===

Xcode 6.4 (7720)
Build 6E35b

=== Xamarin.iOS ===

Version: 8.10.4.46 (Enterprise Edition)
Hash: 2c66d2f
Branch: master
Build date: 2015-08-04 13:52:25-0400

=== Xamarin.Android ===

Version: 5.1.5.3 (Enterprise Edition)
Android SDK: /Users/fak/Library/Developer/Xamarin/android-sdk-mac_x86
	Supported Android versions:
		2.3   (API level 10)
		4.0.3 (API level 15)
		4.3   (API level 18)
		4.4   (API level 19)
		5.0   (API level 21)
		5.1   (API level 22)
Java SDK: /usr
java version "1.8.0_20-ea"
Java(TM) SE Runtime Environment (build 1.8.0_20-ea-b23)
Java HotSpot(TM) 64-Bit Server VM (build 25.20-b22, mixed mode)

=== Xamarin Android Player ===

Version: Unknown version
Location: /Applications/Xamarin Android Player.app

=== Xamarin.Mac ===

Version: 2.0.2.111 (Enterprise Edition)

=== Build Information ===

Release ID: 509050010
Git revision: 48d16bc4f12ce3938964fc7c3d72fdc6887ad4ad
Build date: 2015-08-18 16:55:24-04
Xamarin addins: c2d51b360ad9f59e689046d47030df27de28f94a

=== Operating System ===

Mac OS X 10.10.5
Darwin muon.local 14.5.0 Darwin Kernel Version 14.5.0
    Wed Jul 29 02:26:53 PDT 2015
    root:xnu-2782.40.9~1/RELEASE_X86_64 x86_64
Comment 1 Zoltan Varga 2015-08-30 17:39:45 UTC
It references the Praeclarum.iOS.Shared project which is not in the same repo.
Comment 2 Frank A. Krueger 2015-08-30 18:01:33 UTC
I have confirmed that it still crashes on the newest iOS 9 SDK and Xamarin 8.99

Incident Identifier: 923DA77A-75D9-4A64-B585-88CEDCAB28E3
CrashReporter Key:   fe6318a0adb6b4a37416903734dad8a600184d24
Hardware Model:      iPhone7,1
Process:             Calca [4923]
Path:                /private/var/mobile/Containers/Bundle/Application/C4C6345D-911A-4926-A4CC-7E5B8DECDCF3/Calca.app/Calca
Identifier:          com.kruegersystems.calca.ios
Version:             13101 (1.3.1)
Code Type:           ARM-64 (Native)
Parent Process:      launchd [1]

Date/Time:           2015-08-30 14:58:40.40 -0700
Launch Time:         2015-08-30 14:58:17.17 -0700
OS Version:          iOS 9.0 (13A4325c)
Report Version:      105

Exception Type:  EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x00000001836797b4
Triggered by Thread:  0

Filtered syslog:
None found

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   CoreFoundation                	0x00000001836797b4 __CFRunLoopDoTimer + 1712
1   CoreFoundation                	0x00000001836794d0 __CFRunLoopDoTimer + 972
2   CoreFoundation                	0x0000000183676b8c __CFRunLoopRun + 1520
3   CoreFoundation                	0x00000001835a58a0 CFRunLoopRunSpecific + 384
4   GraphicsServices              	0x000000018e600088 GSEventRunModal + 180
5   UIKit                         	0x0000000188c3a0d4 UIApplicationMain + 204
6   Calca                         	0x0000000100227fd4 wrapper_managed_to_native_UIKit_UIApplication_UIApplicationMain_int_string___intptr_intptr + 324
7   Calca                         	0x00000001001b0f04 Xamarin_iOS_UIKit_UIApplication_Main_string___string_string + 156
8   Calca                         	0x000000010004c024 Calca_Calca_iOS_Application_Main_string__ + 28
9   Calca                         	0x00000001003e4824 wrapper_runtime_invoke_object_runtime_invoke_dynamic_intptr_intptr_intptr_intptr + 244
10  Calca                         	0x000000010088cb50 mono_jit_runtime_invoke (mini-runtime.c:2325)
11  Calca                         	0x00000001008df254 mono_runtime_invoke (object.c:2783)
12  Calca                         	0x00000001008e343c mono_runtime_exec_main (object.c:4038)
13  Calca                         	0x000000010095b8a8 xamarin_main (monotouch-main.m:407)
14  Calca                         	0x000000010070ba70 main (main.arm64.m:51)
15  libdyld.dylib                 	0x000000019895a8b8 start + 4


=== Xamarin Studio ===

Version 5.9.5 (build 18)
Installation UUID: fce13fdd-e8e3-48ef-99f1-4acbb06f0240
Runtime:
	Mono 4.0.3 ((detached/d6946b4)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 400030020

=== Apple Developer Tools ===

Xcode 7.0 (8208.9)
Build 7A192o

=== Xamarin.iOS ===

Version: 8.99.4.220 (Enterprise Edition)
Hash: 52034fb
Branch: master
Build date: 2015-08-26 23:50:57-0400

=== Xamarin.Android ===

Version: 5.1.5.3 (Enterprise Edition)
Android SDK: /Users/fak/Library/Developer/Xamarin/android-sdk-mac_x86
	Supported Android versions:
		2.3   (API level 10)
		4.0.3 (API level 15)
		4.3   (API level 18)
		4.4   (API level 19)
		5.0   (API level 21)
		5.1   (API level 22)
Java SDK: /usr
java version "1.8.0_20-ea"
Java(TM) SE Runtime Environment (build 1.8.0_20-ea-b23)
Java HotSpot(TM) 64-Bit Server VM (build 25.20-b22, mixed mode)

=== Xamarin Android Player ===

Version: Unknown version
Location: /Applications/Xamarin Android Player.app

=== Xamarin.Mac ===

Version: 2.0.2.111 (Enterprise Edition)

=== Build Information ===

Release ID: 509050018
Git revision: e9148b1cfc781f8e7751f88540c6d65cca5be410
Build date: 2015-08-24 11:44:21-04
Xamarin addins: 3b908d565411f1a7425b67926ede4359e7000172

=== Operating System ===

Mac OS X 10.10.5
Darwin muon.local 14.5.0 Darwin Kernel Version 14.5.0
    Wed Jul 29 02:26:53 PDT 2015
    root:xnu-2782.40.9~1/RELEASE_X86_64 x86_64
Comment 3 Frank A. Krueger 2015-08-30 18:05:18 UTC
Zoltan: Please checkout 

https://github.com/praeclarum/Praeclarum

in parallel to Calca.

Sorry about that, keep meaning to use submodules.
Comment 4 Frank A. Krueger 2015-08-30 18:14:01 UTC
Also the best repro is:

1. Create a new document
2. Bang on the keyboard for a second

100% repro but does require input.
Comment 5 Zoltan Varga 2015-08-31 14:12:23 UTC
I can't reproduce this.
Comment 6 Frank A. Krueger 2015-08-31 18:10:10 UTC
I have no problem reproducing the bug.

Are there any log files I can send you?

Let me refine the repro steps:

1. Build the app for Release (should be ARM64, either SDK)
2. Run on an iOS 9 device (I use a 6 plus)
3. Start the app
4. Switch to iCloud (I don't think this is necessary)
5. Tap the + in the upper right
6. Choose "New Calculation"
7. Type numbers and - and ( symbols using the keyboard extension.
8. Usually when you get to a symbol it crashes
Comment 7 Zoltan Varga 2015-08-31 18:14:33 UTC
Can anybody else reproduce this ?
Comment 8 Sebastien Pouliot 2015-09-01 10:03:30 UTC
@Zoltan how did you change your build for the entitlements ?

In any case I could remove the Enttitlements.plist (from the "iOS Bundle Signing") and I could reproduce the crash (without using iCloud and the required entitlements).

Still there's nothing useful (from the mono runtime) in the device logs prior to the crash.

Sep  1 09:54:18 Mercure com.apple.xpc.launchd[1] (UIKitApplication:com.kruegersystems.calca.ios[0x7b09][9739]) <Notice>: Service exited due to signal: Trace/BPT trap: 5
Sep  1 09:54:18 Mercure SpringBoard[5200] <Warning>: Application 'UIKitApplication:com.kruegersystems.calca.ios[0x7b09]' crashed.

The crash report I get looks identical to the ones above:
https://gist.github.com/spouliot/2bba3431c73d9321e8c5

The xcode7 branch uses the same mono[-extensions] revisions as maccore/master (and c6).
Comment 9 Zoltan Varga 2015-09-01 18:02:23 UTC
I can reproduce it now. The crash seems to happen on the UI thread:

* thread #1: tid = 0x1e0f, 0x00000001862897b4 CoreFoundation`<redacted> + 1712, queue = 'com.apple.main-thread', stop reason = EXC_BREAKPOINT (code=1, subcode=0x1862897b4)
  * frame #0: 0x00000001862897b4 CoreFoundation`<redacted> + 1712
    frame #1: 0x0000000186286b8c CoreFoundation`<redacted> + 1520
    frame #2: 0x00000001861b58a0 CoreFoundation`CFRunLoopRunSpecific + 384
    frame #3: 0x0000000191210088 GraphicsServices`GSEventRunModal + 180
    frame #4: 0x000000018b84a0d4 UIKit`UIApplicationMain + 204
    frame #5: 0x0000000100288d94 Calca`wrapper_managed_to_native_UIKit_UIApplication_UIApplicationMain_int_string___intptr_intptr(param0=0, param1=0x00000001014aeba8, param2=0, param3=5760353040) + 324

And it happens because it runs into a hw breakpoint instruction:

    0x1862897a4: 0x91074108   add    x8, x8, #464
    0x1862897a8: 0xb00013a9   adrp   x9, 629
    0x1862897ac: 0x91298d29   add    x9, x9, #2659
    0x1862897b0: 0xf9000509   str    x9, [x8, #8]
->  0x1862897b4: 0xd4200020   brk    #0x1
    0x1862897b8: 0xa9bf7bfd   stp    x29, x30, [sp, #-16]!
    0x1862897bc: 0x910003fd   mov    x29, sp
    0x1862897c0: 0xaa0003e8   mov    x8, x0
    0x1862897c4: 0xb4000088   cbz    x8, 0x1862897d4           ; <+28>
    0x1862897c8: 0xaa0103e0   mov    x0, x1

It looks like some kind of assert etc. in the ios system code. The register x9 set just before the breakpoint points to this text:

0x1864fea63: A CFRunLoopTimer with an interva
0x1864fea83: l of 0 is set to repeat\0<unknown
0x1864feaa3:  function>\0CFRunLoopSource\0<CFRu
0x1864feac3: nLoopSource context>{version = %
0x1864feae3: ld, info = %p, callout = %s (%p)
0x1864feb03: }\0<CFRunLoopSource %p [%p]>{sign
0x1864feb23: alled = %s, valid = %s, order = 
0x1864feb43: %ld, context = %@}\0CFRunLoopObse
0x1864feb63: rver\0<CFRunLoopObserver context 
0x1864feb83: %p>\0<CFRunLoopObserver %p [%p]>{
0x1864feba3: valid = %s, activities = 0x%lx, 
0x1864febc3: repeats = %s, order = %ld, callo
0x1864febe3: ut = %s (%p), context = %@}\0CFRu
0x1864fec03: nLoopTimer\0<CFRunLoopTimer conte
0x1864fec23: xt %p>\0<CFRunLoopTimer %p [%p]>{
0x1864fec43: valid = %s, firing = %s, interva
0x1864fec63: l = %0.09g, tolerance = %0.09g, 
0x1864fec83: next fire date = %0.09g (%0.09g 
0x1864feca3: @ %lld), callout = %s (%
Comment 10 Rolf Bjarne Kvinge [MSFT] 2015-09-02 03:22:17 UTC
This sounds related to bug #29726, where we didn't properly preserve registers.
Comment 11 Frank A. Krueger 2015-09-04 15:42:03 UTC
Is there anything I can do to help find a fix?

Should I scour my code for potentially bad NSTimer uses? Or is this indeed a codegen issue? (Which I assumed because it works on ARM7.)
Comment 12 Zoltan Varga 2015-09-04 15:52:49 UTC
It is a codegen issue.
Comment 13 Zoltan Varga 2015-09-04 16:40:23 UTC
Should be fixed by the mono-extensions dump on maccore master 3f26de65d72235040067c5afe88fc79d752dffe9/maccore cycle6 2c7c491ef12b14ac3c439c6c3080b8a377e053b4.
Comment 14 Miguel de Icaza [MSFT] 2015-09-05 21:24:16 UTC
I created a lane for a hot fix, it should show up here:

https://wrench.internalx.com/Wrench/index.aspx?lane=macios-mac-macios-cycle5-c5sr4-33497

Once the bulid comes out, we have a hotfix for Frank.
Comment 16 Frank A. Krueger 2015-09-07 12:30:05 UTC
Thanks Miguel, I was just about to ask!!