TestFlight has been giving me some SIGSEGV crash reports.
I found a way to pinpoint the exact problem. However, to do this, I need to perform one last TFLog exactly at the moment this crashes, which will contain important information to help me find the culprit code (because TestFlight's backtrace is currently useless to me).
I imagine that this is indeed possible - after all, TestFlight is capable of sending the crash report upon, well, crashing. But, where? Where can I put my TFLog?
You can install a SIGSEGV handler using sigaction. From the handler, you can log what you need, then kill the app (e.g. with abort()).
Example:
void sigsegv_handler(int signo, siginfo_t *info, void *ucontext) {
/* Inspect info to see where the crash occurred */
}
/* in main() or another suitable entry point */
struct sigaction sa;
sa.sa_sigaction = sigsegv_handler;
sigfillset(&sa.sa_mask);
sa.sa_flags = SA_SIGINFO;
sigaction(SIGSEGV, &sa, NULL);
Note that sigsegv_handler can access globals, etc. but may not be able to easily access local variables of the crashing stack frame. If you clarify what you need to log, it may be possible to work out how to extract that information from within the SIGSEGV handler.
Note too that some functions are technically not safe to call from a SIGSEGV handler. However, given that the entire app is about to die, you aren't likely to make things significantly worse by calling these functions (unless they cause a deadlock because you attempt to reacquire a lock, for example). Significantly, however, you will want to avoid calling malloc or free in the signal handler because your program may have crashed inside either one, and you definitely don't want to cause a second segfault from within your signal handler.
Related
For metric collection threads, we want them to never crash the app. For crashes from those threads, we want catch them and report to the server without crashing the app.
On Android or Java based app, we can set uncaught exception handler for a particular thread or a thread group. See the following example.
Is there similar mechanism on iOS platform for Objective runtime level uncaught exceptions? Is there any example code as reference?
val pipelineThread = Thread({
try {
intArrayOf(1, 2, 3, 4, 5).asList()
.parallelStream()
.map { e ->
e + 1
}.map {
throw RuntimeException("Pipeline map error.")
}.collect(Collectors.toList())
} catch (e: RuntimeException) {
// Exceptions thrown from pipeline will be handled in the same way
// as regular statements, even if it is parallel stream.
throw StreamPipelineException("Java parallel stream.", e)
}
}, "PipelineThread")
with(pipelineThread) {
setUncaughtExceptionHandler { p0, p1 ->
assert(p0.name.contentEquals("PipelineThread"))
assert(p1 is StreamPipelineException)
assert(p1.cause is RuntimeException)
assert(p1.message.contentEquals("Java parallel stream."))
}
}
I only find the top-level handler setting method.
For metric collection threads, we want them to never crash the app.
On Mac, you should move those threads into a separate process. This is how web browsers ensure that bugs impacting one tab do not impact other tabs or crash the whole browser. Usually the best tool for communicating between those processes is XPC.
On iOS, you will need to write your metric collection code carefully to avoid mistakes and not crash. You cannot spawn other processes directly in iOS today. (I keep hoping some day it will be possible. The OS can handle it. Third-party apps just aren't allowed to.)
NSSetUncaughtExceptionHandler is not intended to prevent crashes. It just gives a mechanism to record a little data or clean up certain things before crashing. Even in those cases, it must be used extremely carefully, since the system is in an undefined state during an uncaught exception. While in principle it's possible to write exception-safe Objective-C, the core frameworks are generally not. After raising an exception, there is no promise what state the system is in, and preconditions may be violated. As the docs note:
The Cocoa frameworks are generally not exception-safe. The general pattern is that exceptions are reserved for programmer error only, and the program catching such an exception should quit soon afterwards.
Assuming you're using NSThread or NSOperation for your "metric collection threads," you can create something similar to Java's approach using this, but I don't recommend it:
- (void)main {
#try {
... your code ...
} #catch ( NSException *e ) {
// Handle the exception and end the thread/operation
}
}
I don't recommend this because it can create difficult-to-solve bugs in distant parts of the program because the frameworks are not exception-safe. But I've seen it in enough production code to know it often works well enough. You have to decide if "app crashes and user relaunches it" is worse than "app doesn't crash but now behaves kind of weird and maybe corrupts some user data, but maybe doesn't."
But many Objective-C crashes are not due to exceptions in any case. They are due to signals, most commonly because of memory violations. In this case, the system is in an even less stable state. Even allocating or releasing memory may be invalid. (I once made the mistake of allocating memory in a signal handler, and deadlocked the program in a tight busy-loop. The Mac actually got hot. It would have been better to have just crashed.) For more, see How to prevent EXC_BAD_ACCESS from crashing an app?
Java incurs a lot of overhead, including a full virtual machine and extra bounds checks, to make it possible to catch the vast majority of error conditions (even ones you can't really recover from). It's a trade-off. It's still possible to have Java code that is not exception-safe and can fail to work correctly once an exception has been thrown, and it sometimes would be nice if Java would just crash and show you where the error is rather than programmers quietly swallowing the errors... but that's a different rant. Sometimes the sandbox makes things very nice.
Objective-C is built directly on C and allows accessing raw memory. If you do that incorrectly, it's undefined behavior and just about anything can happen, though usually the OS will kill the program. So even though it's possible to catch some kinds of exceptions, you cannot prevent all crashes.
Is there a way to take action, thus execute code, when an iOS application crashes? Specifically, I would like to save the core data storage. Is this possible? I would say that this is possible since, for example, Firebase has to send information online for making crashlytics work. How can this be achieved? Thanks
Yes, but it is very difficult, and "save core data storage" would be far too much (and very dangerous, to boot).
Most crashes result from a signal (often SIGSEGV, but also SIGABRT, SIGILL or others), and you can install a signal handler to run code in that case. However, that code must be very, very carefully written because you will be in a special execution state. There are a small number of C functions you are permitted to use (see the man page for sigaction for the list). Most notably, you can't allocate memory. Allocating memory in a signal catching function can deadlock the program in a tight spinlock (done that myself when I tried to write my own crash handler in my more naive days; it's really bad).
The way that crash handlers like Crashlytics do it is that they do as little as possible during the signal handler, mostly just writing the stack trace to storage (using pre-allocated buffers). When you restart, they see that there's an unhandled stack trace from a previous run, and then they do all the complicated stuff like uploading it to a server, or displaying UI, or whatever.
But even if you could write to Core Data in the middle of a signal handler, you would never want to do that. During a signal handler, the system is in an undefined state. Various invariants may not currently hold (such as whether the object graph is consistent). The fact that you're crashing this way indicates that something illegal has happened. The last thing you should do in that state is take data that is highly untrustworthy and overwrite the good data on disk.
Description
I would like to catch all exceptions that are occurring in iOS app and log them to file and eventually send them to back-end server used by the app.
I've been reading about this topic and found usage of signals sent by device and handling them, but I'm not sure if it's gonna break App Store Review guidelines or it may introduce additional issues.
I've added following to AppDelegate:
NSSetUncaughtExceptionHandler { (exception) in
log.error(exception)
}
signal(SIGABRT) { s in
log.error(Thread.callStackSymbols.prettified())
exit(s)
}
signal(SIGILL) { s in
log.error(Thread.callStackSymbols.prettified())
exit(s)
}
signal(SIGSEGV) { s in
log.error(Thread.callStackSymbols.prettified())
exit(s)
}
Questions
Is this good approach, any other way?
Will it break App Store Review guidelines because of usage of exit()
Is it better to use kill(getpid(), SIGKILL) instead of exit()?
Resources
https://github.com/zixun/CrashEye/blob/master/CrashEye/Classes/CrashEye.swift
https://www.plcrashreporter.org/
https://chaosinmotion.blog/2009/12/02/a-useful-little-chunk-of-iphone-code/
former Crashlytics iOS SDK maintainer here.
The code you've written above does have a number of technical issues.
The first is there are actually very few functions that are defined as safe to invoke inside a signal handler. man sigaction lists them. The code you've written is not signal-safe and will deadlock from time to time. It all will depend on what the crashed thread is doing at the time.
The second is you are attempting to just exit the program after your handler. You have to keep in mind that signals/exception handlers are process-wide resources, and you might not be the only one using them. You have to save pre-existing handlers and then restore them after handling. Otherwise, you can negatively affect other systems the app might be using. As you've currently written this, even Apple's own crash reporter will not be invoked. But, perhaps you want this behavior.
Third, you aren't capturing all threads stacks. This is critical information for a crash report, but adds a lot of complexity.
Fourth, signals actually aren't the lowest level error system. Not to be confused with run time exceptions (ie NSException) mach exceptions are the underlying mechanism used to implement signals on iOS. They are a much more robust system, but are also far more complex. Signals have a bunch of pitfalls and limitations that mach exceptions get around.
These are just the issues that come to me off the top of my head. Crash reporting is tricky business. But, I don't want you to think it's magic, of course it's not. You can build a system that works.
One thing I do want to point out, is that crash reporters give you no feedback on failure. So, you might build something that works 25% of the time, and because you are only seeing valid reports, you think "hey, this works great!". Crashlytics had to put in effort over many years to identify the causes of failure and try to mitigate them. If this is all interesting to you, you can check out a talk I did about the Crashlytics system.
Update:
So, what would happen if you ship this code? Well, sometimes you'll get useful reports. Sometimes, your crash handling code will itself crash, which will cause an infinite loop. Sometimes your code will deadlock, and effectively hang your app.
Apple has made exit public API (for better or worse), so you are absolutely within the rules to use it.
I would recommend continuing down this road for learning purposes only. If you have a real app that you care about, I think it would be more responsible to integrate an existing open-source reporting system and point it to a backend server that you control. No 3rd parties, but also no need to worry about doing more harm than good.
Conclusion
It is possible to create custom crash reporter but it is definitely not recommended because there is a lot going on in background that could be easily forgotten and can introduce a lot of undefined behaviors. Even usage of third party frameworks can be troublesome but it is generally better way to go.
Thanks to everyone for providing information regarding this topic.
Answers to questions
Is this good approach, any other way?
Approach I mentioned in original question will have influence on Apple's own crash reporter and it introduces undefined behavior because of bad handling of signals. UNIX signals are not covering every error and API handling work with async signal safe functions. Mach exception handling which is used by Apple's crash reporter is better option but it is more complex.
Will usage of exit() break Apple App Store review?
No. Usage of exit() is more related to the normal operation of app. If app is crashing anyway, calling exit() isn't problem.
Is it better to use kill(getpid(), SIGKILL) instead of exit()?
Quote from Eskimo:
You must not call exit. There’s two problems with doing that:
exit is not async signal safe. In fact, exit can run arbitrary code
via handlers registered with atexit. If you want to exit the process,
call _exit.
Exiting the process is a bad idea anyway, because it will either
prevent the Apple crash reporter from running or cause it to log
incorrect state (the state of your signal handler rather than the
state of the crashed thread).
A better solution is to unregister your signal handler (set it to
SIG_DFL) and then return
Additional details (full context)
Since I cross posted this questions to Apple's official support forum and got really long and descriptive answer from well known Eskimo I would like to share it with anyone who decides to go same path as I did and starts researching this approach.
Quote from Eskimo
Before we start I’d like you to take look at my shiny new Implementing
Your Own Crash Reporter post. I’ve been meaning to write this up for
a while, and your question has give me a good excuse to allocate the
time.
You wrote:
I've got a requirement to catch all exceptions that are occuring in
iOS app and log them to file and eventually send them to back-end
server used by the app.
I strongly recommend against doing this. My Implementing Your Own
Crash Reporter post explains why this is so hard. It also has some
suggestions for how to avoid problems, but ultimately there’s no way
to implement a third-party crash reporter that’s reliable, binary
compatible, and sufficient to debug complex problems
With that out of the way, let’s look at your specific questions:
Is this good approach at all?
No. The issue is that your minimalist crash reporter will disrupt the
behaviour of the Apple crash reporter. The above-mentioned post
discusses this problem in gory detail.
Will it break App Store Review guidelines because of usage of exit()?
No. iOS’s prohibition against calling exit is all about the normal
operation of your app. If your app is crashing anyway, calling exit
isn’t a problem.
However, calling exit will exacerbate the problem I covered in the
previous point.
Is it better to use kill(getpid(), SIGKILL) instead?
That won’t improve things substantially.
callStackSymbols are not symbolicated, is there a way to symbolicate
callStackSymbols?
No. On-device symbolication is extremely tricky and should be
avoided. Again, I go into this in detail in the post referenced
above.
Share and Enjoy
Since links can break I will also quote post.
Implementing Your Own Crash Reporter
I often get questions about third-party crash reporting. These
usually show up in one of two contexts:
Folks are trying to implement their own crash reporter.
Folks have implemented their own crash reporter and are trying to debug a problem based on the report it generated.
This is a complex issue and this post is my attempt to untangle some
of that complexity.
If you have a follow-up question about anything I've raised here,
please start a new thread in .
IMPORTANT All of the following is my own direct experience. None of it should be considered official DTS policy. If you have questions
that need an official answer (perhaps you’re trying to convince your
boss that implementing your own crash reporter is a very bad idea :-),
you should open a DTS tech support
incident and we can
discuss things there.
Share and Enjoy — Quinn “The Eskimo!” Apple Developer Relations,
Developer Technical Support, Core OS/Hardware let myEmail = "eskimo"
+ "1" + "#apple.com"
Scope
First, I can only speak to the technical side of this issue. There
are other aspects that are beyond my remit:
I don’t work for App Review, and only they can give definitive answers about what will or won’t be allowed on the store.
Doing your own crash reporter has significant privacy implications.
IMPORTANT If you implement your own crash reporter, discuss the privacy impact with a lawyer.
This post assumes that you are implementing your own crash reporter.
A lot of folks use a crash reporter from another third party. From my
perspective these are the same thing. If you use a custom crash
reporter, you are responsible for its behaviour, both good and bad,
regardless of where the actual code came from.
Note If you use a crash reporter from another third party, run the tests outlined in Preserve the Apple Crash Report to verify that
it’s working well.
General Advice
I strongly advise against implementing your own crash reporter. It’s very easy to implement a basic crash reporter that works well
enough to debug simple problems. It’s impossible to create a good
crash reporter, one that’s reliable, binary compatible, and sufficient
to debug complex problems.
“Impossible?”, I hear you ask, “That’s a very strong word for Quinn to
use. He’s usually a lot more circumspect.” And yes, that’s true, I
usually am more circumspect, but in this case I’m extremely
confident of this conclusion.
There are two fundamental problems with implementing your own crash
reporter:
On iOS (and the other iOS-based platforms, watchOS and tvOS) your crash reporter must run inside the crashed process. That means it can
never be 100% reliable. If the process is crashing then, by
definition, it’s in an undefined state. Attempting to do real work in
that state is just asking for problems 1.
To get good results your crash reporter must be intimately tied to system implementation details. These can change from release to
release, which invalidates the assumptions made by your crash
reporter. This isn’t a problem for the Apple crash reporter because
it ships with the system. However, a crash reporter that’s built in
to your product is always going to be brittle.
I’m speaking from hard-won experience here. I worked for DTS during
the PowerPC-to-Intel transition, and saw a lot of folks with custom
crash reporters struggle through that process.
Still, this post exists because lots of folks ignore my general
advice, so the subsequent sections contain advice about specific
technical issues.
WARNING Do not interpret any of the following as encouragement to implement your own crash reporter. I strongly advise against that.
However, if you ignore my advice then you should at least try to
minimise the risk, which is what the rest of this document is about.
1 On macOS it’s possible for your crash reporter to run out of
process, just like the Apple crash reporter. However, that presents
its own problems: When running out of process you can’t access various
bits of critical state for the crashed process without being tightly
bound to implementation details that are not considered API.
Preserve the Apple Crash Report
You must ensure that your crash reporter doesn’t disrupt the Apple
crash reporter. Some fraction of your crashes will not be caused by
your code but by problems in framework code, and a poorly written
crash reporter will disrupt the Apple crash reporter and make it
harder to diagnose those issues.
Additionally, when dealing with really hard-to-debug problems, you
really need the more obscure info that’s shown in the Apple crash
report. If you disrupt that info, you end up making the hard problems
harder.
To avoid these issues I recommend that you test your crash reporter’s
impact on the Apple crash reporter. The basic idea is:
Create a program that generates a set of specific crashes.
Run through each crash.
Verify that your crash reporter produces sensible results.
Verify that the Apple crash reporter also produces sensible results.
With regards step 1, your test suite should include:
An un-handled language exception thrown by your code
An un-handled language exception thrown by the OS (accessing an NSArray out of bounds is an easy way to get this)
A memory access exception
An illegal instruction exception
A breakpoint exception
Make sure to test all of these cases on both the main thread and a
secondary thread.
With regards step 4, check that the resulting Apple crash report
includes correct values for:
The exception info
The crashed thread
That thread’s state
Any application-specific info, and especially the last exception backtrace
Signals
Many third-party crash reporters use UNIX signals to catch the crash.
This is a shame because using Mach exception handling, the mechanism
used by the Apple crash reporter, is generally a better option.
However, there are two reasons to favour UNIX signals over Mach
exception handling:
On iOS-based platforms your crash reporter must run in-process, and doing in-process Mach exception handling is not feasible.
Folks are a lot more familiar with UNIX signals. Mach exception handling, and Mach messaging in general, is pretty darned obscure.
If you use UNIX signals for your crash reporter, be aware that this
API has some gaping pitfalls. First and foremost, your signal handler
can only use async signal safe functions 1. You can find a list
of these functions in the sigaction man
page
2.
WARNING This list does not include malloc. This means that a crash reporter’s signal handler cannot use Objective-C or Swift, as
there’s no way to constrain how those language runtimes allocate
memory. That means you’re stuck with C or C++, but even there you
have to be careful to comply with this constraint.
The Operative: It’s worse than you know.
Many crash reports use functions like backtrace (see its man
page)
to get a backtrace from their signal handler. There’s two problems
with this:
backtrace is not an async signal safe function.
backtrace uses a naïve algorithm that doesn’t deal well with cross signal handler stack frames [3].
The latter example is particularly worrying, because it hides the
identity of the stack frame that triggered the signal.
If you’re going to backtrace out of a signal, you must use the crashed
thread’s state (accessible via the handlers uapparameter) to start
your backtrace.
Apropos that, if your crash reporter wants to log the state of the
crashed thread, that’s the place to get it.
Finally, there’s the question of how to exit from your signal handler.
You must not call exit. There’s two problems with doing that:
exit is not async signal safe. In fact, exit can run arbitrary code via handlers registered with atexit. If you want to exit the
process, call _exit.
Exiting the process is a bad idea anyway, because it will either prevent the Apple crash reporter from running or cause it to log
incorrect state (the state of your signal handler rather than the
state of the crashed thread).
A better solution is to unregister your signal handler (set it to
SIG_DFL) and then return. This will cause the crashed process to
continue execution, crash again, and generate a crash report via the
Apple crash reporter.
1 While the common signals caught by a crash reporter are not
technically async signals (except SIGABRT), you still have to treat
them as async signals because they can occur on any thread at any
time.
2 It’s reasonable to extend this list to other routines that are
implemented as thin shims on a system call. For example, I have no
qualms about calling vm_read (see below) from a signal handler.
[3] Cross signal handler stack frames are pushed on to the stack by
the kernel when it runs a signal handler on a thread. As there’s no
API to learn about the structure of these frames, there’s no way to
backtrace across one of these frames in isolation. I’m happy to go
into details but it’s really not relevant to this discussion. If
you’re interested, start a new thread in and we can chat there.
Reading Memory
A signal handler must be very careful about the memory it touches,
because the contents of that memory might have been corrupted by the
crash that triggered the signal. My general rule here is that the
signal handler can safely access:
Its code
Its stack
Its arguments
Immutable global state
In the last point, I’m using immutable to mean immutable after
startup. I think it’s reasonable to set up some global state when
the process starts, before installing your signal handler, and then
rely on it in your signal handler.
Changing any global state after the signal handler is installed is
dangerous, and if you need to do that you must be careful to ensure
that your signal handler sees a consistent state, even though a crash
might occur halfway through your change.
Note that you can’t protect this global state with a mutex because
mutexes are not async signal safe (and even if they were you’d
deadlock if the mutex was held by the thread that crashed). You
should be able to use atomic operations for this, but atomic
operations are notoriously hard to use correctly (if I had a dollar
for every time I’ve pointed out to a developer they’re using atomic
operations incorrectly, I’d be very badly paid (-: but that’s still a
lot of developers!).
If your signal handler reads other memory, it must take care to avoid
crashing while doing that read. There’s no BSD-level API for this
1, so I recommend that you use vm_read.
1 The traditional UNIX approach for doing this is to install a
signal handler to catch any memory exceptions triggered by the read,
but now we’re talking signal handling within a signal handler and
that’s just silly.
Writing Files
If your want to write a crash report from your signal handler, you
must use low-level UNIX APIs (open, write, close) because only
those low-level APIs are documented to be async signal safe. You must
also set up the path in advance because the standard APIs for
determining where to write the file (NSFileManager, for example) are
not async signal safe.
Offline Symbolication
Do not attempt to do symbolication from your signal handler. Rather,
write enough information to your crash report to support offline
symbolication. Specifically:
The addresses to symbolicate
For each Mach-O image in the process:
The image path
The image UUID
The image load address
You can get most of the Mach-O image information using the APIs in
<mach-o/dyld.h> 1. Be aware, however, that these APIs are not
async signal safe. You’ll need to get this information in advance and
cache it for your signal handler to record.
This is complicated by the fact that the list of Mach-O images can
change as you process loads and unloads code. This requires you to
share mutable state with your signal handler, which is exactly what I
recommend against in Reading Memory.
Note You can learn about images loading and unloading using _dyld_register_func_for_add_image
and_dyld_register_func_for_remove_image respectively.
1 I believe you’ll need to parse the Mach-O load commands to get the
image UUID.
I am looking for ways to override the responder/handler for EXC_BAD_ACCESS. This is how I've set the handler for signal crashes or NSException which works fine:
NSSetUncaughtExceptionHandler(newExceptionHandler)
signal(SIGABRT, newSignalHandler)
signal(SIGILL, newSignalHandler)
I tried this but this is not getting called:
signal(EXC_BAD_ACCESS, newSignalHandler)
Any idea?
As Carl mentions, intercepting crashing events on iOS (and macOS) is fraught with peril for variety of reasons. I was the Crashlytics SDK maintainer for a while, and I would recommend strongly against doing it.
But, it definitely is possible.
One thing that seems to trip people up a lot is the relationship between signals, exceptions (ObjC or C++), and mach exceptions. These are all very different things.
On iOS (and tvOS, macOS) the events that terminate a process are mach exceptions. These are the low-level events that you can, in fact, intercept. When you see that EXC_ prefix, you know you're looking at a mach exception. I believe these are all defined in mach/exception.h.
Now, iOS has an interesting implementation where if there are no mach exception handlers, the OS translates the event into a unix signal. The signal function can be used to intercept these. Since EXC_BAD_ACCESS is not a unix signal, it is not a valid argument to the signal function. But, you can add handlers to those signals listed, and they will give you roughly the same information.
Mach exceptions are a significantly more powerful and safer mechanism for intercepting these kinds of events. Unfortunately, they also require a dramatically more complex handling system. Signals have all kinds of problems, but they are a lot easier to use.
I would be interested to know what you're trying to do, in case perhaps there's a better way of achieving what you are after.
Again, I'd avoid going down this road. It just isn't worth your time. It is challenging to get things working at all, and when you do, you'll be lulled into a false sense of security. You might even think things are working right, because the times your code goes completely wrong, you'll never know and you'll just get weird reports from users of random hangs from time to time.
If you are not using an existing crash reporter (they are very hard to write on your own, when dealing with corrupted memory and the like), you might look to their sources to see which signals they are handling. For example, PLCrashReporter's PLCrashReporter.m hooks onto SIGABRT, SIGBUS, SIGFPE, SIGILL, SIGSEGV, and SIGTRAP, which seems to be the usual list for crash handlers. EXC_BAD_ACCESS should turn into either SIGBUS or SIGSEGV. Writing re-entrant code correctly in signal handlers is extremely difficult (can't use any ObjC or really most C APIs in there), so be careful -- though I guess if you are already crashing, can't do much more harm. But the more careful you are, the more exceptions you will handle without crashing further.
I had a rather interesting exc_bad_access crash today. After a lot of digging, I came up with the following information (running in simulator):
If I just ran the code, the app would randomly crash at a random point while loading data into my managed object. From what I could tell, it was always crashing when I loaded data into the managed object -- not on the sections that converted from my JSON dict to data to the object actually used (from strings and NSNulls to ints/floats and nils)
Random crashes are, of course, evil, so I tried to step through the process in the debugger, but that didn't prove practical -- I was processing a LOT of objects, so stepping through them one-by-one just didn't work. So I decided to add some NSLogs to track the process and try to spot a pattern that way.
Instantly solved the crash.
Just one NSLog, anywhere in the process, prevented the crash.
I eventually tracked my way up the stack trace and found the actual issue: I was accessing the managed object in a threaded environment, but NOT from within the associated MOC's performBlockAndWait: method. At that point, the crash was incredibly obvious to me -- I'm shocked I didn't have more issues earlier. I'm willing to bet that between having a 'small' test data set of 2-3 objects and having debug code in there with NSLogs, the error was pretty effectively masked earlier... but the question remains:
Why does an NSLog prevent the app from crashing? How on earth could a piece of code without side effects change the execution of the rest of the app? This makes no sense!
Amazingly enough, this is a fairly common situation: I have seen it more than once when enabling logging in a seemingly unrelated place would instantly solve a timing issue somewhere else.
The reason for this is that NSLog, just like many other output functions, has internal synchronization. There is a mutex somewhere that protects access to the internal buffers of NSLog, either in the NSLog itself or in one of the I/O libraries that it uses. This synchronization enables callers to use NSLog from multiple threads. It is this synchronization that changes the timing of your program, affecting a race condition and ultimately solving a crash.
Why does an NSLog prevent the app from crashing? How on earth could a
piece of code without side effects change the execution of the rest of
the app? This makes no sense!
Indeed this makes a sense. Really.
A single NSLog forces to print something to your console, it takes some fraction of seconds and in between your processing on somethread gets finished and the crash (might be due to un-availability of input is) no-more.
Your error may be due to async call. Your next process starts before finishing previous one. And your next process need data from previos process. NSLog consumes some time.