What Happened to __crashreporter_info__?
Seth Willits (in 2022):
The new “ips” crash reports in macOS do not contain
assert()information!(Assertion failed: (myVar != nil), function fooBarTest(), file code.m, line 100)Problematic because symbolication is often finicky, so it takes a LOT more work to find which
assert()failed.[…]
I don’t know whether it’s the “log” that’s to blame or that the
___crashreporter_info__symbol is no longer supported, but even manually writing to it doesn’t show up in the log anymore.
I’m seeing this problem, too. My extra crash log information is not showing up on macOS 12.4 through 14.1 beta. It did work with previous versions of Monterey.
I’m seeing the same issue.
__crashreporter_info__apparently still not working on macOS 13.6.
Previously:
Update (2023-11-22): Slava Egorov (via Saagar Jha):
Yeah, it’s really mysterious. I even stepped through it instruction by instruction. There is nothing too magical about it - it just stores string pointer into a special struct in section __DATA.__crash_info. But only the default value seems to reach crash dump.
My current theory is that it gets filtered somewhere (maybe for privacy reasons or security?). But have no idea how to debug that given that I can’t attach myself to whatever daemon that writes these logs. And I doubt it’s open source either.
-[OSACrashReport _regionAtAddress:immutableCheck:] checks if the string is coming from an “immutable region” and if not will shunt the message into a “sensitive” version of the application specific info that is only logged on Apple Internal builds
The check appears to be (does the page not have VM_PROT_WRITE && is the address from the shared cache). abort_report_np will never work because it always copies its string (it does a sprintf). CRSetCrashLogMessage *can* work but you need to hand it something ReportCrash likes
I’ve analyzed this very problem in the last couple weeks and I’ve found out that abort(), which is called my assert() correctly provides data via __crashreporter_info__. But that already happened even in 10.14. the difference seems the be that this is now the only information that’s shown in a crash report.
Technically it seems as if each image has its own crash info section and happily writes to it. But only the image where assert() is located, has its info written to the crash-log.