前言
最近遇到一个崩溃,都是一些基础问题没注意引起的。查找问题的时候还是花了一些时间,感觉还是有必要记录一下。
崩溃堆栈
Operating system: iOS
10.3.2 14F89
CPU: arm64
2 CPUs
Crash reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash address: 0x70747488
Process uptime: 17380 seconds
Thread 23 (crashed)
0 libobjc.A.dylib!objc_retain + 0x10
x0 = 0x0000000174af0000 x1 = 0x00000001969e0453
x2 = 0x00000000000001e8 x3 = 0x0000000000000001
x4 = 0x0000000000000001 x5 = 0x0000000000000001
x6 = 0x0000000000000000 x7 = 0x0000000000000000
x8 = 0x0000000370747468 x9 = 0x0000000000000000
x10 = 0x0000000111621c00 x11 = 0x00000171000001ff
x12 = 0x0000000111622130 x13 = 0x000005a1011a12d5
x14 = 0x0000000000000004 x15 = 0x0000000000000b2d
x16 = 0x000000018e7dca80 x17 = 0x0000000100124ee8
x18 = 0x0000000000000000 x19 = 0x00000001b4a6d500
x20 = 0x00000001057ae808 x21 = 0x000000016e1630e0
x22 = 0x00000001057ae620 x23 = 0x000000016e1630e0
x24 = 0xffffffffffffffff x25 = 0x00000001b6037360
x26 = 0x0000000008000000 x27 = 0x00000001b6037330
x28 = 0x0000000000000000 fp = 0x000000016e162d40
lr = 0x000000018e7dcb10 sp = 0x000000016e162d20
pc = 0x000000018e7e81a0
Found by: given as instruction pointer in context
1 libobjc.A.dylib!objc_getProperty + 0x8c
fp = 0x000000016e162e10 lr = 0x00000001001238a0
sp = 0x000000016e162d50 pc = 0x000000018e7dcb10
Found by: previous frame's frame pointer
2 QingYu!__48-[BSWebImageView _loadCacheImageIfNeed:success:]_block_invoke [BSWebImageView.m : 222 + 0xc]
fp = 0x000000016e162e30 lr = 0x000000018ec229e0
sp = 0x000000016e162e20 pc = 0x00000001001238a0
Found by: previous frame's frame pointer
3 libdispatch.dylib!_dispatch_call_block_and_release + 0x14
fp = 0x000000016e162e50 lr = 0x000000018ec229a0
sp = 0x000000016e162e40 pc = 0x000000018ec229e0
Found by: previous frame's frame pointer
4 libdispatch.dylib!_dispatch_client_callout + 0xc
fp = 0x000000016e162ec0 lr = 0x000000018ec32bac
sp = 0x000000016e162e60 pc = 0x000000018ec229a0
Found by: previous frame's frame pointer
5 libdispatch.dylib!_dispatch_root_queue_drain + 0x374
fp = 0x000000016e162ee0 lr = 0x000000018ec327d0
sp = 0x000000016e162ed0 pc = 0x000000018ec32bac
Found by: previous frame's frame pointer
6 libdispatch.dylib!_dispatch_worker_thread3 + 0x78
fp = 0x000000016e162f70 lr = 0x000000018ee2b100
sp = 0x000000016e162ef0 pc = 0x000000018ec327d0
Found by: previous frame's frame pointer
7 libsystem_pthread.dylib!_pthread_wqthread + 0x444
fp = 0x0000000000000000 lr = 0x000000018ee2acac
sp = 0x000000016e162f80 pc = 0x000000018ee2b100
Found by: previous frame's frame pointer
8 libsystem_pthread.dylib!start_wqthread + 0x0
fp = 0x0000000000000000 lr = 0x0000000000000000
sp = 0x000000016e162f80 pc = 0x000000018ee2acac
Found by: previous frame's frame pointer
初步分析
从崩溃堆栈看到是 EXC_BAD_ACCESS , 非法地址访问。就是我们常说的野指针访问。第一反应就是对象已经释放了。
相关代码
if (self.asyncLoadImage) {
WEAKIFYSELF;
CGSize viewSize = weak_self.bounds.size;
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_LOW, 0), ^{
if (![urlRequest.URL.absoluteString isEqualToString:weak_self.request.absoluteString]) {
return;
}
UIImage *cachedImage = [UIImage imageWithContentsOfFile:imageFilePath];
if (weak_self.needResizeImage) {
if (weak_self.needResizeImage && !CGSizeEqualToSize(CGSizeZero,viewSize) ) {
//TODO: need resize callback.
cachedImage = [UIImage reSizeImage:cachedImage toSize:viewSize];
}
}
崩溃指向有问题的代码行是 :
if (![urlRequest.URL.absoluteString isEqualToString:weak_self.request.absoluteString]) {
第一反应都是认为 self 对象出问题了。但 self 是弱指针,销毁后会置空,而且空调用是没问题的。因此,我们就怀疑 self.request 对象,会不会是因为属性定义成 assign 导致的呢?
@property (nonatomic, strong) NSURL *request;
request 属性定义就强引用, 理论上应该也不会有问题才对。难道在访问他的时候,突然间销毁了?
后来我们注意到访问属性的地方是在一个global queue 里面, 而修改 self.request的操作 却在主线程。并且修改的方式是通过 私有变量 的方式修改 _request = urlRequest.URL;
这种操作实际上是执行
1, [_request release]
2, _request = urlRequest;
因为是多线程原因,在执行了第一步后发生线层切换, 此时 _request 对象 是野指针状态,其他任意一个线程对它的任何操作都有可能会出问题。
解决问题
1,把属性修饰符改成 atom @property (atomic, strong) NSURL *request;
2,修改属性值的地方改成 属性方式修改 self.request = urlRequest