I presented this as an Apple error, but just for confirmation, here is the test code:
#include <string> std::string home_directory; std::string BuildPath(const std::string directory, const std::string path) { if(home_directory.compare(directory) == 0) printf("In home directory\n"); return directory + "/" + path; } int main(int, char* []) { home_directory = "home"; printf("Home: '%s'\n", home_directory.c_str()); printf("BuildPath: '%s'\n", BuildPath("base", "path").c_str()); }
When building using the latest Xcode 5.1, iOS SDK 7.1, and LLVM 5.1, using libstdC ++ for the C ++ standard library, this crashes somewhere in the std :: string implementation on the return line from the BuildPath function when running on the iOS 5.1 device.
Output signal
Home: 'home' CrashTest(1242) malloc: *** error for object 0x2fe2ac80: pointer being freed was not allocated *** set a breakpoint in malloc_error_break to debug
Stack scan:
Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x00000000, 0x00000000 Crashed Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libsystem_kernel.dylib 0x34fb8848 __kill + 8 1 libsystem_c.dylib 0x36eae2ae abort + 110 2 libsystem_c.dylib 0x36e6937a free + 374 3 libstdc++.6.dylib 0x3481a93a operator delete(void*) + 6 4 libstdc++.6.dylib 0x34806138 std::string::_Rep::_M_dispose(std::allocator<char> const&) + 68 5 libstdc++.6.dylib 0x34806c04 std::string::reserve(unsigned long) + 156 6 libstdc++.6.dylib 0x34806daa std::string::append(char const*, unsigned long) + 70 7 CrashTest 0x00094a30 BuildPath(std::string, std::string) (basic_string.h:2121) 8 CrashTest 0x00094bda main (main.cpp:25) 9 CrashTest 0x0009499c start + 32
With optimization levels of -O1 or less, or using libC ++ as the standard library, it works as expected. It also works as expected on iOS 6 or 7. When it is built with a previous version of Xcode (5.0.2, iOS SDK 7.0 and LLVM 5.0), it works great regardless of optimization settings.
A comparison with the global string also avoids a crash.
Can anyone see any problems with my code? If not, any theories about the cause of the accident? Perhaps a new LLVM optimization that triggers an error in the libstdc ++ runtime in iOS 5.1?
Another option I can think of is that the optimizer generates the wrong code. That would be a lot more worrying.