General: DevForums subtopic: App & System Services > Core OS Core OS is a catch-all subtopic for low-level APIs that don’t fall into one of these more specific areas: Processes & Concurrency Resources Files and Storage Resources Networking Resources Network Extension Resources Security Resources Virtualization Resources Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

In an ObjC framework I'm developing (a dylib) that is loaded into JRE to be used via JNI (Zulu, Graal, or "native image" from Graal+ a JAR) I implemented a naive method that collects current memory footprint of the host process: It collects 5 numbers into a simple NSDictionary with NSString keys (physical footprint, default zone bytes used and allocated, and sums for used and allocated bytes for all zones. The code ran for some time, but at certain point my process started crashing horribly in this method -- at the last line, accessing the dictionary. Here's the code: -(NSDictionary *)memoryState { NSMutableDictionary *memoryState = [NSMutableDictionary dictionaryWithCapacity:8]; // obtain process current physical memory footprint, in bytes. task_vm_info_data_t info; mach_msg_type_number_t count = TASK_VM_INFO_COUNT; kern_return_t kr = task_info(mach_task_self(), TASK_VM_INFO, (task_info_t)&info, &count); [memoryState setObject:(kr == KERN_SUCCESS) ? @(info.phys_footprint) : [NSNull null] forKey:@"physical"]; // obtain process default zone's allocated memory, in bytes. malloc_zone_t *zone = malloc_default_zone(); if (zone!=nil) { malloc_statistics_t st; malloc_zone_statistics(zone, &st); [memoryState setObject:@(st.size_in_use) forKey:@"bytesInUseDefaultZone"]; [memoryState setObject:@(st.size_allocated) forKey:@"bytesAllocatedDefaultZone"]; } uint64_t zone_count = 0, size_in_use =0, size_allocated = 0; vm_address_t *zones = NULL; unsigned int zones_count = 0; kr = malloc_get_all_zones(mach_task_self(), NULL, &zones, &zones_count); if (kr == KERN_SUCCESS && zones != NULL && zones_count > 0) { for (unsigned int i = 0; i < zones_count; i++) { malloc_zone_t *zone = (malloc_zone_t *)zones[i]; if (!zone) continue; malloc_statistics_t st; malloc_zone_statistics(zone, &st); zone_count++; size_in_use += (uint64_t)st.size_in_use; size_allocated += (uint64_t)st.size_allocated; } [memoryState setObject:@(size_in_use) forKey:@"bytesInUseAllZones"]; [memoryState setObject:@(size_allocated) forKey:@"bytesAllocatedAllZones"]; } if (zones != NULL) { vm_deallocate(mach_task_self(), (vm_address_t)zones, zones_count * sizeof(vm_address_t)); } return [memoryState copy]; } my (JRE) process started crashing badly, at the last [memoryState copy]; with crash report I could not understand (looks like an infinite recursion or loop). Any debug log messages (os_log) for this memoryState, its items or its copy would crash the same. Finally I found that commenting out the vm_deallocate() call removes the crash. Sorry to say - I could NOT find anywhere in the documentation anything about malloc_get_all_zones() returned data, and whether I need to deallocate it after use. Some darn AI analyzer pointed out I "had a leak" and that "Apple documentation" which it didn't provide, requires that I thus release this data. 1 ) Do I really have to deallocate the returned "zones" ?? even if I do, something here is strange - zones is a malloc_zone_t ** -- how can it be casted to (vm_address_t)zones Where can I read actual documentation about these low level APIs and the correct use? Thanks!

I have this code in my Virutalization application let process = Process() process.executableURL = URL(fileURLWithPath: "/usr/sbin/diskutil") process.arguments = ["image", "create", "blank", "--fs", "none", "--format", "ASIF", "--size", "2GiB", url.path ] try process.run() process.waitUntilExit() if process.terminationStatus == 0 { print("✅ Disk image creation succeeded.") } else { print("❌ Disk image creation failed with exit code \(process.terminationStatus)") } } catch { print("Process failed to launch: \(error.localizedDescription)") return } this code was working fine until Tahoe 26.2. with the update of 26.3 the system freezes at process.waitUntilExit() The code never exits and i get beech balls. This is working fine with intel macs. i am getting the problem in apple silicon m4 mac mini. Any help would be appreciated.

I see this in Tahoe Beta release notes macOS now supports the Apple Sparse Image Format (ASIF). These space-efficient images can be created with the diskutil image command-line tool or the Disk Utility application and are suitable for various uses, including as a backing store for virtual machines storage via the Virtualization framework. See VZDiskImageStorageDeviceAttachment. (152040832) I'm developing a macOS app using the Virtualization framework and need to create disk images in the ASIF (Apple Sparse Image Format) to make use of the new feature in Tahoe Is there an official way to create/resize ASIF images programmatically using Swift? I couldn’t find any public API that supports this directly. Any guidance or recommendations would be appreciated. Thanks!

Rosetta 2 Deadlock on M4 Pro January 2026 Blizzard update causes a deadlock in Rosetta 2 on M4 chips. CodeWeavers (the developer of CrossOver) has analyzed the issue and identified it as a Rosetta translation failure, not a CrossOver application-level bug. Hardware: M4 Pro Mac Book Pro System: Tahoe 26.2 Impacted Software: CrossOver 25.1.1 Diablo II: Resurrected

I am learning about endpoint security and other system extensions, while I was handling ES_EVENT_TYPE_AUTH_IOKIT_OPEN event I realized that I cannot auth deny any bluetooth events. I tried to deny any open or execute events related to com.apple.bluetoothd but it did not work. I searched google and found out that I can use CoreBluetooth to control bluetooth. But when I get connected to bluetooth keyboard or mouse, didConnectPeripheral dose not get called or when I call [central cancelPeripheralConnection:peripheral] disconnection never happens. Is there any recommendation for handling or controlling events related to bluetooth connection?

iOS BLE Background Scanning Stops After Few Minutes to Hours Hi everyone, I'm developing a Flutter app using flutter_blue_plus that needs continuous BLE scanning in both foreground and background. Foreground scanning works perfectly, but background scanning stops after a few minutes (sometimes 1-2 hours). Current Implementation (iOS) Foreground Mode: Scans for 10 seconds with all target service UUIDs Batches and submits results every 10 seconds Works reliably ✅ Background Mode: Rotates through service UUIDs in batches of 7 Uses 1-minute batch intervals Maintains active location streaming (Geolocator.getPositionStream) Switches modes via AppLifecycleState observer // Background scanning setup await FlutterBluePlus.startScan( withServices: serviceUuids, // Batch of 7 UUIDs continuousUpdates: true, ); // Location streaming (attempt to keep app alive) LocationSettings( accuracy: LocationAccuracy.bestForNavigation, distanceFilter: 0, ); Lifecycle Management: AppLifecycleState.paused -> Start background mode AppLifecycleState.resumed -> Start foreground mode Questions: Is there a documented maximum duration for iOS background BLE scanning? My scanning stops inconsistently (few minutes to 2 hours). Does iOS require specific Background Modes beyond location updates to maintain BLE scanning? I have location streaming active but scanning still stops. Are there undocumented limitations when scanning with service UUIDs in background that might cause termination? Should I be using CoreBluetooth's state preservation/restoration instead of continuous scanning? Info.plist Configuration: <key>UIBackgroundModes</key> <array> <string>bluetooth-central</string> <string>location</string> </array> Additional Context: Total service UUIDs: ~20-50 (varies by company) Scanning in batches of 7 to work around potential limitations Android version works fine with foreground service Location permission: Always iOS 14+ target Any insights on iOS BLE background limitations or best practices would be greatly appreciated. Thanks!

At least on $ uname -r -v -m 25.2.0 Darwin Kernel Version 25.2.0: Tue Nov 18 21:09:55 PST 2025; root:xnu-12377.61.12~1/RELEASE_ARM64_T8103 arm64 running the Posix program test.c #include <errno.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> #include <sys/wait.h> #include <unistd.h> int main() { pid_t ch = fork(); if (ch == -1) { perror("fork"); return EXIT_FAILURE; } if (ch == 0) { return EXIT_SUCCESS; } if (setpgid(ch, ch) == -1) { perror("setpgid"); return EXIT_FAILURE; } siginfo_t stat; if (waitid(P_PID, ch, &stat, WEXITED | WNOWAIT) == -1) { perror("waitid"); return EXIT_FAILURE; } if (kill(-ch, SIGKILL) == -1) { perror("kill"); return EXIT_FAILURE; } return EXIT_SUCCESS; } as $ clang test.c $ ./a.out kill: Operation not permitted fails with EPERM even though the lifetime of the process group has not yet ended (due to the WNOWAIT).

I have an iOS app with a network extension that's using OSLog to log various bits of information that are useful for debugging. I'm currently trying to add a simple button that bundles up those logs with some other information and presents the user with a Share sheet so they can send it to support teams. I looked at OSLogStore but it only collects logs for the current process so the user clicking a button in my app wouldn't collect logs from my network extension. I would really like to avoid having to guide users through the process of creating and sharing a sysdiagnose but it seems like this might be the only option. How do other folks do this kind of thing? Is there a recommended way to do it?

My application installs a system extension. When I try to remove the app from the Applications folder (cmd + backspace) I get an error message: "The operation can’t be completed right now because another operation is in progress, such as moving or copying an item or emptying the Bin." According to systemextensionsctl the extension state is "terminating for uninstall but still running". I can see an error in the console logs: kernelmanagerd Failed to terminate dext com.my.driver-dk, error: Kernel request failed: (os/kern) invalid address (1) sysextd a category delegate declined to terminate extension with identifier: com.my.driver-dk sysextd failed to terminate extension with identifier: com.my.driver-dk: Optional(Error Domain=kernelmanagerd.KMError Code=38 "(null)") Issue occurs with macOS 13 - works fine with macOS 12 and macOS 11 What is the problem here? Have there been any changes in macOS in that regard?

I am developing an iOS App for a Bluetooth peripheral using SwiftUI with Swift 5 or 6. I have a few past attempts that got so far (connected to a peripheral), and some downloaded examples that connect to peripherals. Lately (last month or so), my current attempt never gets BleManager to start, and every attempt ends at my View that says 'please enable Bluetooth'. The Xcode console is totally blank with no print outputs. Coding Assistant suggested the init() in my @main structure could contain print("App initializing"), but even that never prints. Coding Assistant suggests: "• Open your project's Info.plist in Xcode. • Make sure UIApplicationSceneManifest is present and configured for SwiftUI, not referencing any storyboard. • Ensure UIMainStoryboardFile is not present (or blank)." but there is no info.plist because it is no longer required. Downloaded sample code runs and connects to peripherals, so Bluetooth is working on my iPhone and the Bluetooth device is accessible. My older attempts used to work, but now have the same problem. All attempts have "Enable Bluetooth to connect to Device" in the Privacy - Bluetooth Info.plist setting. Something is fundamentally wrong with many different code attempts. I have searched all the various settings for mention of SwiftUI or Storyboard, but not found them in working or failing projects. The downloaded code which works has minimum deployment iOS 14.0 and Swift Compiler Language Version Swift 5. My latest code attempt has minimum deployment iOS 16 and Swift 5. All code is target device iPhone (I am testing on iPhone 16e running iOS 26.2.1) and developing with Xcode 26.2 on MacBook Air M1 running the latest Tahoe. I do a Clean Build Folder before every test, and have tried re-starting both Mac and iPhone. How can my coding fail so spectacularly?

I am implementing BLE scanning and connection using CoreBluetooth in a Flutter application with native iOS Swift code. BLE scanning and connection work correctly in the foreground and for a short time after the app is sent to the background. However, after some time in the background, BLE scanning stops and the device is no longer discovered. The app appears to be suspended by iOS. Key Observation: When location services are actively in use (navigation arrow visible in the iOS status bar), BLE scanning and reconnection work reliably in the background. When location services are not actively running, BLE scanning stops in the background even though the app has “Always Allow” location permission. Expected Result BLE scanning and connection should continue to function in the background using the Bluetooth LE background mode, without relying on active location updates. Actual Result BLE scanning starts successfully App enters background After some time, scanning stops Device is no longer discovered BLE works again only if location services are actively running BLE Connection Behavior One-time scan connects successfully to a BLE medical device App is sent to background Existing connection does not disconnect However, new scans or reconnections fail once the app is suspended Relevant Native iOS Code (AppDelegate) import Flutter import UIKit import CoreBluetooth @main @objc class AppDelegate: FlutterAppDelegate { private var backgroundTaskID: UIBackgroundTaskIdentifier = .invalid override func application( _ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]? ) -> Bool { GeneratedPluginRegistrant.register(with: self) if let identifiers = launchOptions?[UIApplication.LaunchOptionsKey.bluetoothCentrals] as? [String] { print("App relaunched for BLE state restoration: \(identifiers)") } NotificationCenter.default.addObserver( self, selector: #selector(appDidEnterBackground), name: UIApplication.didEnterBackgroundNotification, object: nil ) return super.application(application, didFinishLaunchingWithOptions: launchOptions) } @objc private func appDidEnterBackground() { backgroundTaskID = UIApplication.shared.beginBackgroundTask { self.endBackgroundTask() } } private func endBackgroundTask() { if backgroundTaskID != .invalid { UIApplication.shared.endBackgroundTask(backgroundTaskID) backgroundTaskID = .invalid } } } Questions for DTS: Is it expected behavior that CoreBluetooth background scanning effectively stops once the app is suspended, even when the Bluetooth LE background mode is enabled? Why does BLE background scanning appear to work reliably only when location services are actively running? Is iOS internally associating BLE background execution with active location updates? For continuous BLE reconnection (medical device use case), is the recommended approach to rely solely on CoreBluetooth state restoration instead of continuous background scanning? Is it considered best practice to avoid long-running BLE scans in the background and instead wait for system-delivered BLE events? Additional Notes Issue is reproducible on real devices Not using private APIs or unsupported background execution methods Objective is to follow Apple-recommended, App Store–compliant behavior

Hello! I've been successfully using StartCalendarInterval in Launch[Agent|Daemon] *.plists for years. You know the deal: Mac is sleeping when CalendarInterval passes, then launchd runs the job when Mac is awoken. (This behavior is described at the bottom of an Apple doc from 2016 -- exactly how it worked before!) Recently, behavior has changed: with the computer asleep, when the date/time of the CalendarInterval passes, macOS runs the job! Even when "sleeping". However, it gets stranger: macOS will start a job when sleeping, but then suspend it in the middle. I wrote a timestamped log to check this behavior: I see job start, pause in the middle, then resume hours later when a user wakes the computer. This all makes me think that "sleep" on macOS in the past few years is now defined differently -- perhaps an Apple Silicon change? But I can't find documentation that covers this. Buried in a WWDC video, maybe? Has anyone else seen this change in launchctl calendar scheduled jobs?

Hi, I am trying to understand if I am able to get bluetooth scanning for advertisements (no service UUID) when the app is moved into the background and the screen goes to sleep. I am using swift on ios26.2 with a bluetooth class that uses the standard centralManager.scanForPeripherals to listen for particular Beacons. Testing on a real iPhone 15 this works fine whilst in the foreground, and also when on the lock screen. I am trying to get this to continue working in the background when the black screen sleep mode is on. I have the bluetooth 'Uses Bluetooth LE accessories' in the background modes (as well as Audio, Airplay..) and the necessary Bluetooth peripheral usage description, bluetooth always usage descriptions in info.plist. I launch a LiveActivity whilst the app is in the foreground and bluetooth has started scanning. From my understanding of core bluetooth with ios26 the LiveActivity should allow the scan to continue (without service UUIds and aggressive throttling) whilst the app is in the background. Well this seems to work fine.. if I press the side button the phone goes to the Lock Screen, and whilst on the Lock Screen the bluetooth is scanning fine and receiving beacon data. Similarly if the app is sent to the background behind a different foreground app it also works. As soon as the screen goes to sleep however (after only a few seconds of inactivity on the Lock Screen) then all bluetooth scanning stops. If I click back on the screen and bring the Lock Screen up, then scanning resumes again. Now is it possible to continue the scanning whilst the phone is in sleep mode (i.e. black screen)? Are there any additional acceptable steps to make the bluetooth scanning continue when the screen has gone to sleep. Or is it part of the design with core bluetooth that the 'continues in the background' feature only applies to the lock screen and when other active apps are brought to the foreground on an open phone. I want to understand the limitations of what can be achieved so I am not chasing unachievable objectives. Thanks

When using CBPeripheralManager in the peripheral role on iPhone 17 series devices (iPhone 17 Air, iPhone 17 Pro) running iOS 26.1 and above, the delegate method peripheralManager:central:didSubscribeToCharacteristic: is never called when a third-party BLE central device attempts to connect and subscribe to a characteristic. This functionality works correctly on all previous iPhone models and iOS versions. (This worked previously for the same iPhone 17 Air/Pro when running iOS 26.0.1.)

hello, how can I trap specific standard system registers of a vCPU in Hypervisor framework? like the ARM standard HSTR_EL2, which I don't see exposed in the headers.

I understand that private APIs are not permitted under Apple’s App Review Guidelines. However, our application requires I²C communication, and we are currently using the following APIs: IOAVServiceReadI2C IOAVServiceWriteI2C IOI2CSendRequest.These api's are not permitted by apple. I didnt found any alternative public api to achieve I²C communication. please suggest any public api's for the same or any chance to use this private api.

On a MacBook Pro, 16GB of RAM, 500 GB SSD, OS Sequoia 15.7.1, M3 chip, I am running some python3 code in a conda environment that requires lots of RAM and sure enough, once physical memory is almost exhausted, swapfiles of about 1GB each start being created, which I can see in /System/Volumes/VM. This folder has about 470 GB of available space at the start of the process (I can see this through get info) however, once about 40 or so swapfiles are created, for a total of about 40GB of virtual memory occupied (and thus still plenty of available space in VM), zsh kills the python process responsible for the RAM usage (notably, it does not kill another python process using only about 100 MB of RAM). The message received is "zsh: killed" in the tmux pane where the logging of the process is printed. All the documentation I was able to consult says that macOS is designed to use up to all available storage on the startup disk (which is the one I am using since I have only one disk and the available space aforementioned reflects this) for swapping, when physical RAM is not enough. Then why is the process killed long before the swapping area is exhausted? In contrast, the same process on a Linux machine (basic python venv here) just keeps swapping, and never gets killed until swap area is exhausted. One last note, I do not have administrator rights on this device, so I could not run dmesg to retrieve more precise information, I can only check with df -h how the swap area increases little by little. My employer's IT team confirmed that they do not mess with memory usage on managed profiles, so macOS is just doing its thing. Thanks for any insight you can share on this issue, is it a known bug (perhaps with conda/python environments) or is it expected behaviour? Is there a way to keep the process from being killed?

We recently migrated our entire product to Apple Unified Logging due to the various benefits it provides. However we immediately started hitting the "log quarantine" problem ("QUARANTINED DUE TO HIGH LOGGING VOLUME"). This is partly because we are indeed over logging in a few cases (which we have to work on fixing), but also partly because it's a complicated product with potentially hundreds of libraries, and some of the code can legitimately be very busy. For example we have a system extension that's implemented both as a NetworkExtension client and an EndpointSecurity client, if we were to log decent information about each network or file system event so we can troubleshoot something, they are bound to be high volume logs. Now when our app is running in a normal user environment, this is not a problem. We can disable certain heavy log levels, or at least disable persisting for certain logs (one of the benefits of Apple Unified Logging we really like is that it allows very flexible controls, log config command, OSLogPreferences, configuration profile, we can employ whatever that suits a specific case). But ultimately, the question is what if we end up with a troubleshooting case we don't know exactly where a problem is so we just need the full logs at debug level? And not only just enabled, but because we might not know when the issue can happen either we also need to persist the full set of logs for as long as possible? We will start hitting log quarantine again. Granted this is a very extreme case, but if worst comes to worst, how can we even do that with Apple Unified Logging? Is there an option that allows us to override the quarantine, if but temporarily? I've searched a few relevant forum posts, some of which described log quarantine but no one had mentioned any solution for it (besides having to stop logging so much from the app but as I explained we do have legitimate cases where log volume can still be huge). I've also read The Eskimo's "Your Friend the System Log" and browsed some of the troubleshooting config profiles provided by Apple hoping to discover some hidden payloads but found none so far. There is an OSLogRateLimit environment variable that I noticed if I run a launchctl print system/<a-launch-daemon-lable> and it's usually 64. Is this something relevant? And knowing Apple it's probably something that can't be tampered with?

This is stemmed from another forum post on Apple Unified Logging. A few additional questions were raised towards a relevant but different topic - activity tracing, starting a new post following The Eskimo's suggestion. The first question is on log capture from an activity chain. The related documentation stated something but very vaguely. https://developer.apple.com/documentation/os/generating-log-messages-from-your-code?language=objc#Choose-the-Appropriate-Log-Level-for-Each-Message If an activity object exists, the system captures information for the related process chain We had hoped that this would somewhat play into the "speculative logging" approach we had touched upon in the original post, in the sense that if we try to log an error or fault within an activity, then it helps to capture and persist other logs on the activity chain even though they are originally not meant to be. But unfortunately from our test it didn't seem to be behaving towards that understanding. Then our question is, if we may ask - what are the exact additional information the system captures "for the related process chain"? 2nd question - are activity objects always persisted and would they also contribute to log quarantine? Our thoughts were that if we can, we'd like to create an independent activity for each event we receive from the system so the logs on every event are automatically correlated (we have a use case described in FB21839588). However as demonstrated in the FB ticket, that would mean A LOT of events and hence a lot of os_activity_create. I noticed we do have a flag Signpost-Persisted to control persisting for signposts, but there isn't a control for activities. My assumption is that they (the activity objects themselves) are always to be persisted so they would indeed contribute to quarantine in the worst case, is that correct? (Although from log stats it looks like each individual activity object is tiny in terms of storage size, so maybe they are not a big concern themselves?) And finally we noticed this control flag Propagate-with-Activity used by some logging configuration files from Apple. We didn't find any official Apple documentation but some 3rd party MDM vendors mentioned something about Propagate-with-Activity Messages attached to the activity tree Messages are attached to the activity tree in Console and crash dumps Right now based on our observation messages are always attached to the activity tree in Console regardless, and we can't seem to be able to find anything to do between activities and crash dumps. Maybe this flag is obsolete?

I have a file that can not be removed. When I attempt rm -f /Applications/CrashPlan.app I get "Operation not permitted"Here is the scenario, CrashPlan.app was installed on the MacBook Pro (MacBookPro14,2) running 10.14.4. I found out it was an older version of CrashPlan so I downloaded the installer for the new version and ran it. The installed failed and left behind a file of size 0K.-rw-r--r--@ 1 root admin 0 Apr 11 11:43 CrashPlan.appI then tried to remove the 0K file in terminal with sudo rm -f /Applications/CrashPlan.app and that failed with operation not permitted. I then booted into Recovery mode and ran csrutil disable from terminal and rebooted.sudo rm -f /Applications/CrashPlan.app still failed with operation not permitted.I ran csrutil status in terminal to make sure that sip was disabled and got back: System Integrity Protection status: disabled.I tried booting into single user mode and mounted the drive and tried to rm from there and got the same result. So, from single user mode I did the following:mv /Applications /ApplicationsOLDmkdir /Applicationsmv /ApplicationsOLD/* /Applications/and got an error "Operation not permitted" for CrashPlan.apprebooted and was able to install the new version of CrashPlan, but now I have a folder /ApplicationsOLD that I can not get rid of.Any ideas?