Fix potential deadlock when generating a crash report

[robinmacharg]

Goal

An issue has been identified that can lead to an app deadlocking when reporting a crash.

The sequence of events is:

1. Some program component accesses dyld and takes a lock out.
2. A crash is reported.
3. Bugsnag, as part of its normal crash reporting behaviour, suspends all but a few critical threads, including the thread that holds the dyld lock.
4. Bugsnag attempts to read the Mach binary images loaded into the app. This also attempts to take out a lock but is unable to, leading to deadlock.

This PR fixes this issue.

Design

There are two main mechanisms by which a program may find out about dyld behaviour: by direct querying (e.g. _dyld_get_image_header() etc., used by the KSCrash component of Bugsnag prior to this issue) and by callback (_dyld_register_func_for_add_image() etc.). This change modifies the KSCrash component to use callbacks and caches information about loaded binary images for when a crash does occur. Thus, when threads are suspended and a crash report is generated no additional calls to dyld need to be made and deadlock is avoided.

Changeset

dyld binary image capture was moved from BSG_KSCrashReport.c to BSG_KSCrash.m. A static cache is used. An additional .m file contains functions to ease bridging between Objective C and C.

Tests

TBD

Review

Outstanding Questions

• This pull request is ready for:
  • Initial review of the intended approach, not yet feature complete
  • Structural review of the classes, functions, and properties modified
  • Final review
  • Release

• The correct target branch has been selected (master for fixes, next for
  features)
• If this is intended for release have all of the pre-release checks been considered?
• Consistency across platforms for structures or concepts added or modified
• Consistency between the changeset and the goal stated above
• Internal consistency with the rest of the library - is there any overlap between existing interfaces and any which have been added?
• Usage friction - is the proposed change in usage cumbersome or complicated?
• Performance and complexity - are there any cases of unexpected O(n^3) when iterating, recursing, flat mapping, etc?
• Concurrency concerns - if components are accessed asynchronously, what issues will arise
• Thoroughness of added tests and any missing edge cases
• Idiomatic use of the language

[fractalwrench]

This approach seems reasonable from an initial review - I've left a few inline comments going through it, and I haven't attempted to run the code yet. One thing to consider would be running Instruments to give a very basic benchmark on initialization performance, so we can quantify how many milliseconds this approach is adding.

[fractalwrench]

Potentially worth registering bsg_mach_binary_image_removed first. This avoids the case where some binary image is removed on another thread while the bsg_mach_binary_image_added callback is executed for the first time.

[fractalwrench]

Potentially worth putting this before bsg_kscrash_install, or at least initialising an empty array of binary images to prevent against the case where a crash occurs during/at the same time as initialisation.

[fractalwrench]

spelling nit: biunary ->binary

[fractalwrench]

Encapsulating this info in a struct works well 👍

[fractalwrench]

Using an Objective-C object makes me a bit nervous - as if dyld continues to execute this callback during a signal crash, then it could hang the process.

Would it be possible to initialise a C array to start with, then allocate more memory as required?

[fractalwrench]

Will this method need any form of synchronization if images are loaded/unloaded on different threads? Or is that a non-issue?

[fractalwrench]

My gut feel is that this function could be done away with if the structs are stored as a C array

[robinmacharg]

This PR is superseded by #580. All noted issues have been addressed there.