Request for iOS developers: Testing Swift-based apps for memory corruption using libmalloc

yyarashevich · 2023-07-18T16:01:23.435Z

The libmalloc provides self inspection facilities to detect corruption. Here is quote from man malloc.

...
ENVIRONMENT
     The following environment variables change the behavior of the allocation-related functions.
...
     MallocCheckHeapStart <s>         If set, specifies the number of allocations <s> to wait before begining periodic heap checks every <n> as specified by MallocCheckHeapEach.  If MallocCheckHeapStart is set but MallocCheckHeapEach is not
                                      specified, the default check repetition is 1000.

     MallocCheckHeapEach <n>          If set, run a consistency check on the heap every <n> operations.  MallocCheckHeapEach is only meaningful if MallocCheckHeapStart is also set.

     MallocCheckHeapSleep <t>         Sets the number of seconds to sleep (waiting for a debugger to attach) when MallocCheckHeapStart is set and a heap corruption is detected.  The default is 100 seconds.  Setting this to zero means not to
                                      sleep at all.  Setting this to a negative number means to sleep (for the positive number of seconds) only the very first time a heap corruption is detected.

     MallocCheckHeapAbort <b>         When MallocCheckHeapStart is set and this is set to a non-zero value, causes abort(3) to be called if a heap corruption is detected, instead of any sleeping.

...

When I enable the corruption checker via MallocCheckHeapStart=X (for my app it's 1000000), MallocCheckHeapEach=Y (for my app it's 1, but it could be 10, 100, or 1000 to lessen the slowdown of the app), MallocCheckHeapAbort=1, I consistently get corruption detected in a large app I'm working on within the first few minutes of the app launch. I've also asked a friend who works on a different large, legacy app - they report the same story - corruption is eventually detected.

The problem is, either libmalloc is providing false-positive detection or all Swift-based iOS apps are susceptible to subtle memory corruption bugs.

So, I kindly ask any developers who are developing for iOS: could you please check if your app can survive several minutes with libmalloc checks enabled without triggering the memory corruption check? I would recommend starting with these initial values:

MallocCheckHeapStart=100000
MallocCheckHeapEach=100
MallocCheckHeapAbort=1

If your app is running too slowly, you can adjust these values.

Thanks a lot in advance to anyone who has read this and tried it on their app!