Archive for the 'dtrace' Category

When analyzing an Objective-C application with Dtrace, one big challenge is how to introspect any objective-c objects that are passed as parameters into the various trace points.

While you can use the Objective-C provider (documented on the dtrace man page) to trace particular methods of specific classes, it doesn’t really help for actually introspecting an instance or class.

By “introspecting”, I mean “printing out the damned class name”, for example.

Full monty on the click through.

Read the rest of this entry »

In Leopard, Apple added a new tool to the developer tool suite called Instruments. It is a timeline based debugging and performance analysis tool. With a full suite of tools to analyze all kinds of dimensions of performance, correlating all data onto a timeline that can be inspected and navigated at will. And it remembers prior runs so you can compare results before and after changes.

And it fully consumes dtrace.

Clicking through the screenshot at right will show a run of Instruments with a single analysis instrument active.

I created a custom instrument that encapsulates the dtrace script I discussed in Objective-C: Using dtrace to trace messages-to-nil.

I ran the resulting instrument against TextEdit.

What can’t be conveyed by that screenshot is exactly how “live” the data can be examined. You can click and drag on the timeline to select a subset of the run, details of the selected instrument are shown in the table in bottom right, and any given row can be selected to show the backtrace active at the time the sample was taken.

I didn’t want to clutter up the screenshot with lots of data and, thus, didn’t demonstrate the awesomeness that is being able to relate data across multiple instruments, correlated by time.

That’ll be in the next Mac OS X / Software related post.

Click on through for an explanation with screenshots as to exactly how to convert the dtrace script to an instrument.

Read the rest of this entry »

Update: There are [at least] two different Objective-C messagers. objc_msgSend() and objc_msgSend_stret(). All of what is written here applies to both however objc_msgSend_stret() is the problematic one when it comes to messages to nil; it is the one used to return structures and, thus, the one that does not necessarily guarantee a zero return.

In my last post on the subject, Adrian Milliner posted a short dtrace script that would log the backtrace for all invocations of objc_msgSend where the first paramater — the target — was nil.

The script is as follows:

pid$1::objc_msgSend:entry
/arg0==0/
{
  ustack();
}

Once saved to a file (in this case objc-nil-trace.d, the trace can be applied to any running Cocoa process via:

sudo dtrace -s objc-nil-trace.d <pid>

The <pid> argument should, obviously, be the process ID of the process to be traced.

It works well enough and is certainly faster than a conditional breakpoint in GDB (likely, orders of magnitude faster), but it is far from a complete solution.

Read the rest of this entry »

This post will make this post useful.

Jim Correia had asked the lazytwitter how to log all method invocations against nil objects.

Some background:

Objective-C is a “nil eats messages” language. That is, if you invoke a method on an object reference that is nil, the runtime will eat the method. It is mostly invisible, only causing outright failures for certain return types that are larger than a pointer — structs, floats, doubles, etc… — at which point, the return value is undefined. Actually, the return value behavior for message to nil isn’t quite that simple.

Regardless of whether you think “nil eats messages” is the correct behavior, that it exists means that you’ll invariably be caught in a situation where a receiver is surprisingly nil. When this happens, it can be a pain to debug for a number of reasons.

Read the rest of this entry »

Jim Correia recently tweeted a query asking if it were possible to log all attempts to message through nil in Objective-C.

It is, but not through public API. But that isn’t the subject of this particular post (it’ll be the next post).

In the process of writing up a general solution to Jim’s query, it reminded me of a new feature in Objective-C 2.0 that can be a tremendously handy debugging and exploration hack.

Classes in Objective-C 2.0 can dynamically resolve methods by implementing one or both of the following methods:

+ (BOOL)resolveClassMethod:(SEL)sel;
+ (BOOL)resolveInstanceMethod:(SEL)sel;

The intended purpose of said methods is to allow code to provide an implemention of a method on demand. If the resolver methods can provide an implementation, it uses the function…

BOOL class_addMethod(Class cls, SEL name, IMP imp, const char *types);

… to add an implementation of the requested method to the class. If not, they return NO and the normal forward-or-fail mechanisms kick in.

You can easily create a proxy class that will log a method whenever it is invoked. The simplest form is as follows:

@interface LogEmAsTheyAreInvoked
@end

@implementation LogEmAsTheyAreInvoked
+ (BOOL)resolveInstanceMethod:(SEL)name
{
    NSLog(@"Instance resolving %@", NSStringFromSelector(name));
    return NO;
}

+ (BOOL)resolveClassMethod:(SEL)name
{
    NSLog(@"Class resolving %@", NSStringFromSelector(name));
    return NO;
}
@end

Of course, this is pretty much useless. Without an implementation of…

- (NSMethodSignature *)methodSignatureForSelector:(SEL)aSelector;

… the runtime will rapidly decide that all viability is defunct, thus aborting your process. Even the most basic of services, such as allocation, cannot be handled directly. If you need to allocate an instance of the above, use something like:

class_createInstance(objc_getClass("LogEmAsTheyAreInvoked"), 0)

If you want to be particularly tricky, you could supply the proxied class’s instance size instead of the zero and then plug in the method implementations from the original class into the proxied class as each method is invoked. Behavior that tests the class hierarchy may be surprising.

On the slightly less tricky front, you could also create functionality like NSProxy and have the instance of LogEmAsTheyAreInvoked wrap — proxy — some instance of some class. Then it is just a matter of forwarding the method invocations, as desired (which could also directly be used for logging but lacks the nice & automatic “only invoked once” nature of the above methods).

In any case, a neat hack. One of many possible hacks in this vein and not the most general purpose of ‘em. Potentially useful for debugging. Your mileage may vary.