Can someone explain what do these options in Xcode do?
- Enable Scribble
- Enable Guard Edges
- Enable Guard Malloc
what they are and what they do and how useful can they be for debugging/testing?
thanks.
Asked
Active
Viewed 1.9k times
2 Answers
56
From the documentation.
- Enable Scribble. Fill allocated memory with 0xAA and deallocated memory with 0x55.
- Enable Guard Edges. Add guard pages before and after large allocations.
- Enable Guard Malloc. Use libgmalloc to catch common memory problems such as buffer overruns and use-after-free.
Scribble will make it rather obvious that you're using a memory block after it's free'd by overwriting any data that used to be in the memory block upon free.
Guard edges and Guard Malloc will help you find memory overruns and (to some extent) use-after-free by read and write protecting memory blocks to make your program crash more obviously if misusing memory.
progrmr
- 75,956
- 16
- 112
- 147
Joachim Isaksson
- 176,943
- 25
- 281
- 294
-
I ask this because sometimes I have crashes in my apps that I am trying to debug, and Xcode 4 points to " int retVal = UIApplicationMain(argc, argv, nil, @"AppDelegate"); " as the source of error. So I was trying to find ways to make it point to the correct line of error. – Duck Mar 06 '12 at 20:51
-
@DigitalRobot Even if they don't give 100% "protection", if it's a memory error, any of the options above will if enabled make it more likely that your program crashes closer to where the actual error is. – Joachim Isaksson Mar 06 '12 at 20:57
-
3Side question: is the choice of 0xAA and 0x55 completely arbitrary, or is there a reason? – whoKnows Jun 14 '15 at 18:49
-
@whoKnows Per this [now archived doc](https://developer.apple.com/library/archive/releasenotes/DeveloperTools/RN-MallocOptions/), reading an uninitialized pointer from scribbled memory will cause the program to reference the memory at 0xAAAAAAAA or 0x55555555, which are usually unallocated and will cause an immediate crash if the pointer is dereferenced for reading or writing. – ettore Jun 26 '18 at 00:53
-
6I know this was asked years ago but I have other explanations for these strange values. AA is 10101010 binary and 55 is it's negated value, 01010101. Writing one of the value ensure that all 8 bits are rewritten if the other value was in memory. Also, changing AA to 55 and vice-versa is done by simply xoring with FF, which is very fast. ANDing with 55 will give you 55 if the value is 55, and 0 if it's an AA, and vice-versa. There's a lot of things fast and easy to do with these values. I guess it's why they're common values for testing memory reading/writing. – Francis Pierot Sep 05 '18 at 10:45
-
I can understand the part where deallocated memory is filled with 0x55. Why allocated memory is filled with 0xAA? I'm trying to imagine these 5 steps: 1) program allocates memory M, 2) debugger fills M with 0xAA, 3) programs writes data into M, 4) program deallocates M, 5) debugger fills M with 0x55. If the steps are correct, is 0xAA for detecting illegal access between step 2 and 3? Thanks! – Bon Feb 11 '22 at 02:45
-
@Bon 0x55 and 0xAA are pointers to some memory that usually unused. That's why if your code will read (for allocated but not initialized) or write (for deallocated memory) to these addresses your program will crash. 1). Program allocates the memory M 2). It fills M with 0xAA 3). Your program reading memory M 4). Your program crashing 5). You can see that the address of memory that you trying to read is 0xAA – Yuriy Kolbasinskiy Jan 29 '23 at 13:06
6
The "documentation" link above is to Xcode in general, but more specifically RN-MallocOptions covers these (and other) options in detail.
Jim Kubicek shows a nice example in Debugging Smashed Memory in Obj-C, including the important "How do I enable these in Xcode?" question:
Open the ‘Edit Scheme’ window and navigate to the Diagnostics tab. You’ll want to turn on “Enable Scribble” and “Malloc Stack”. ... in short, “Enabled Scribble” will cause the allocator to write 0xAA to newly allocated memory and write 0x55 to deallocated memory. “Malloc Stack” will log the allocation and free history of your memory.
If you've read this far, you'll probably be interested in Apple's Technical Notes:
