Global std::string causing crash on iOS

Question

I've submitted this as a bug to Apple, but just for confirmation, here is the test code:

#include <string>

std::string home_directory;

std::string BuildPath(const std::string directory, const std::string path)
{
  if(home_directory.compare(directory) == 0)
    printf("In home directory\n");

  return directory + "/" + path;
}

int main(int, char* [])
{
  home_directory = "home";
  printf("Home: '%s'\n", home_directory.c_str());
  printf("BuildPath: '%s'\n", BuildPath("base", "path").c_str());
}

When built with the latest XCode 5.1, iOS SDK 7.1 and LLVM 5.1, using libstdc++ for the C++ standard library, this crashes somewhere in the std::string implementation on the return line from the BuildPath function when run on an iOS 5.1 device.

The output is

Home: 'home'
CrashTest(1242) malloc: *** error for object 0x2fe2ac80: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug

The stack crawl:

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x00000000, 0x00000000
Crashed Thread:  0

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   libsystem_kernel.dylib          0x34fb8848 __kill + 8
1   libsystem_c.dylib               0x36eae2ae abort + 110
2   libsystem_c.dylib               0x36e6937a free + 374
3   libstdc++.6.dylib               0x3481a93a operator delete(void*) + 6
4   libstdc++.6.dylib               0x34806138 std::string::_Rep::_M_dispose(std::allocator<char> const&) + 68
5   libstdc++.6.dylib               0x34806c04 std::string::reserve(unsigned long) + 156
6   libstdc++.6.dylib               0x34806daa std::string::append(char const*, unsigned long) + 70
7   CrashTest                       0x00094a30 BuildPath(std::string, std::string) (basic_string.h:2121)
8   CrashTest                       0x00094bda main (main.cpp:25)
9   CrashTest                       0x0009499c start + 32

With optimisation levels of -O1 or less, or using libc++ as the standard library, it works as expected. It also works as expected on iOS 6 or 7. When built with the previous release of XCode (5.0.2, iOS SDK 7.0 and LLVM 5.0) it works fine regardless of optimisation settings.

Commenting out the comparison with the global string also avoids the crash.

Can anyone see any issues with my code? If not, any theories for the cause of the crash? Perhaps a new LLVM optimisation that triggers a bug in the libstdc++ runtime in iOS 5.1?

Another option I can think of is that the optimizer is generating invalid code. That would be much more of a worry.

Answer 1

Apple released a new GM seed for Xcode 5.1.1. In the release notes they say they fixed a couple crashes:

Fixed a compiled code crash on when targeting iOS 5.1.1. (16485980)!

Fixed a compiled code crash when using ARC and C++. (16368824)

http://adcdownload.apple.com//Developer_Tools/xcode_5.1.1_gm_seed/release_notes_xcode_5.1.1_gm_seed.pdf