Open Radar

 
Short description: pure C dylib crashes in dlopen except under Xcode

Summary:
We have an enterprise app that tries to dlopen a dylib that was created from command line tools from C source. When run from XCode, the dylib is opened, entry point found and executed. If we subsequently run using instruments automation or from the icon, there is a crash inside the dlopen.

This is Xcode 7.0.1, iOS 9.0.2.

Our product is a set of static libraries for various architectures including iOS, linux and windows. Our app is just for testing, and isn't intended for shipping. What we have done in previous Xcode/iOS was produce a dylib for each test with a known entry point renamed from "main".  At present this is just "return (0)". A third party tool, fruitstrap, is used to upload the dylib to the iPad.

Under Xcode, the app finds the dylib, then the entry point, jumps into the test and returns the result as expected. When we are testing the app, it is also built from command line with xcodebuild. What is observed now is that when we use "instruments" automation or the icon on the iPad to launch the app, it gets to the dlopen and crashes inside the dlopen.

Using the app as installed by the Xcode GUI, or fruitstrap installing the command line built version of the app gives the same behaviour.
In the code, prior to the dlopen, we successfully call dlopen_preflight and can stat the file. The dylib is code signed. We have also tried including the dylib in a resource bundle of the App so it is run out of the same folder as the App, but the dlopen crashes similarly. We've also seen this on architectures other than ARM64. We've seen this on earlier point release and beta os Xcode and iOS.

Looking at the crash log -:
Incident Identifier: 96D23263-E10D-44AE-9891-F58F626FC7C5
CrashReporter Key:   16ac0dd7a7e994396434b631442e434a570494af
Hardware Model:      iPad4,4
Process:             BSafeAppID [482]
Path:                /private/var/mobile/Containers/Bundle/Application/E09047FA-8043-4584-BE98-F3BF8A34DC0F/BSafeAppID.app/BSafeAppID
Identifier:          BSafeAppID
Version:             1 (1.0)
Code Type:           ARM-64 (Native)
Parent Process:      launchd [1]

Date/Time:           2015-10-21 11:00:04.04 +1000
Launch Time:         2015-10-21 11:00:04.04 +1000
OS Version:          iOS 9.0.2 (13A452)
Report Version:      105

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000
Triggered by Thread:  7
:
:
Thread 7 Crashed:
0   dyld                                0x00000001200a8e1c ImageLoader::trieWalk(unsigned char const*, unsigned char const*, char const*) + 108
1   dyld                                0x00000001200a44d0 ImageLoaderMegaDylib::hasDylib(char const*, unsigned int*) const + 40
2   dyld                                0x00000001200a44d0 ImageLoaderMegaDylib::hasDylib(char const*, unsigned int*) const + 40
3   dyld                                0x00000001200a5bd4 ImageLoaderMegaDylib::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 48
4   dyld                                0x00000001200a874c ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 260
5   dyld                                0x00000001200a7960 ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 144
6   dyld                                0x00000001200a7a14 ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 84
7   dyld                                0x000000012009d0f4 dyld::runInitializers(ImageLoader*) + 92
8   dyld                                0x00000001200a2668 dlopen + 860
9   libdyld.dylib                       0x000000019b77d6b0 dlopen + 76
10  BSafeAppID                          0x00000001000e802c 0x1000e0000 + 32812
11  BSafeAppID                          0x00000001000e7d14 0x1000e0000 + 32020
12  BSafeAppID                          0x00000001000e7144 0x1000e0000 + 28996
13  Foundation                          0x00000001875c3138 __NSThread__start__ + 1000
14  libsystem_pthread.dylib             0x000000019b963b3c _pthread_body + 156
15  libsystem_pthread.dylib             0x000000019b963aa0 _pthread_body + 0
16  libsystem_pthread.dylib             0x000000019b961030 thread_start + 4



I'm guessing the issue is in the generation of what we are trying to load is no longer suitable for XCode 7 or iOS 9, though it has worked on several earlier versions. The source for iostest_main.c is -:

int iostest_main(int argc, char *argv[])
{
        return (0);
}

where iostest_main is the symbol we look up when the dlopen succeeds.

The build lines look like -:
clang -fembed-bitcode -g -Os -Werror -Wall -arch arm64 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -Wstrict-prototypes -Wsign-compare -Wno-strict-aliasing -Wunreachable-code -Wuninitialized -c -DMES -DRCOM -DARMEL -DNO_ASM -DPTHREAD -D_REENTRANT -DCPU=ARMARCH4 -DR_OPT_LENDIAN -DR_OPT_EMBEDDED -DSSLC_SMALL_CODE -DPLATFORM_MACOSX -DR_OPT_HAVE_DLADDR -DNO_SPLIT iostest/iostest_main.c -o release/iostest_main.o

libtool -dynamic -undefined suppress -flat_namespace -dead_strip -noall_load -arch_only arm64 -syslibroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -read_only_relocs suppress -undefined dynamic_lookup -o release/iostest_main release/iostest_main.o

codesign --verbose -s "$DEVELOPER" release/iostest_main

codesign -v -v -d release/iostest_main

xcodebuild ONLY_ACTIVE_ARCH=NO VALID_ARCHS=arm64 ARCHS=arm64 CONFIGURATION_BUILD_DIR=$PWD/build CONFIGURATION_TEMP_DIR=$PWD/tmp -sdk iphoneos -project BSafeAppID/BSafeAppID.xcodeproj -configuration Debug build