I have what I think might be a bug in the objc-267 runtime but I  
can't pin it down because I can't get the project to build properly
(objc-266 still builds for me though).  The problem is consistently  
repeatable and requires substantial setup.  From what I can tell the  
problem is that _objc_remove_pending_class_refs_in_image is not  
actually removing the pending class references when a image is  
unloaded.  I will probably file a bug report but I wanted to get some  
feedback first.

My situation is this: there is a main program that loads modules  
(bundle type) with objective-c classes in them (modules A, B and C).  
Both A and B contain class references to a class in C which I will  
call TestClass.  Because of these dependencies, functions with  
__attribute__ ((constructor)) and __attribute__ ((destructor)) in A  
and B ensure that C is loaded when needed and unloaded when not  
needed according to a reference count (because the linker will not  
let bundle type modules have dynamic links to other modules).  First  
I decide to load A into program which causes C to also be loaded.  
There is a short period of time where the class reference in A to  
TestClass is unresolved and so pendClassReference() is called.  When  
module C is loaded the class reference to TestClass is resolved and  
the pending class reference is removed.  Then I decide to load B into  
the program which happens without event because TestClass is already  
in the classHash and connected and so class reference to TestClass in  
B is correctly hooked up.  Now I decide to unload module A.  This  
action does not cause C to be unloaded because B is dependent on C as  
well.  Then after that I  decide to also unload B which first causes  
C to be unloaded because the reference count has determined that it  
is no longer needed.  When C is being unloaded a pending class  
reference for TestClass is created for the reference to it present in  
B.  Then right after C is done unloading fully the unloading of B  
starts.  This is where I think that things might be going wrong.  In  
the process of unloading B the objective-C runtime calls  
_objc_remove_pending_class_refs_in_image and rightly so because there  
is not point in the future in trying to fixup a pending class  
reference in a module that no longer exists in memory (unfortunately  
that actually happens later).  This function should remove the  
pending class reference that was just created when module C was  
unloaded.  The problem is that from what I can tell it does not  
actually remove it.  The code for  
_objc_remove_pending_class_refs_in_image is pretty straightforward  
and looks to me like it should be doing its job but I havn't been  
able to think of a way to get in there and see exactly what it is  
doing yet (I might eventually break down and trudge through the  
assembly when it is running though). When I load module A again it  
crashes in resolve_references_to_class in the while loop when it  
attempts to fix up the pending reference to TestClass in module B  
which for some reason did not get removed.  Because module B had  
already been unloaded it tries to access bad memory and crashes like  
clockwork every time.

I have a lot of debugging output turned on  
(OBJC_PRINT_CLASS_CONNECTION, etc...) so I have a pretty good idea of  
what is happening in certain places but not everything.  Anybody have  
any insights into why it isn't removing those pending references?  
Thanks!

Spencer Nielsen
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Objc-language mailing list      (Objc-language@list...)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/objc-language/subscriber%40opensubscriber.com

This email sent to subscriber@open...