RESOLVED FIXED 102223
[Qt] Fix asserion in tst_QObjectBridge::callQtInvokable() 
https://bugs.webkit.org/show_bug.cgi?id=102223
Summary [Qt] Fix asserion in tst_QObjectBridge::callQtInvokable()
Csaba Osztrogonác
Reported 2012-11-14 06:29:42 PST
tst_QObjectBridge::getSetChildren() asserts in debug mode: $ WebKitBuild/Debug/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge 2>&1 | c++filt QXcbConnection: Failed to get the primary output of the screen ********* Start testing of tst_QObjectBridge ********* Config: Using QTest library 5.0.0, Qt 5.0.0 PASS : tst_QObjectBridge::initTestCase() QDEBUG : tst_QObjectBridge::getSetStaticProperty() loaded the dummy plugin QDEBUG : tst_QObjectBridge::getSetStaticProperty() loaded the Generic plugin QDEBUG : tst_QObjectBridge::getSetStaticProperty() loaded the Linux plugin PASS : tst_QObjectBridge::getSetStaticProperty() XFAIL : tst_QObjectBridge::getSetDynamicProperty() can't delete properties Loc: [/home/oszi/WebKit/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge.cpp(970)] PASS : tst_QObjectBridge::getSetDynamicProperty() PASS : tst_QObjectBridge::getSetChildren() ASSERTION FAILED: m_heap->globalData()->apiLock().currentThreadIsHoldingLock() /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedAllocator.cpp(73) : void* JSC::MarkedAllocator::allocateSlowCase(size_t) 1 0x7fc550ac3b87 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::MarkedAllocator::allocateSlowCase(unsigned long)+0x5b) [0x7fc550ac3b87] 2 0x7fc5575730b6 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::MarkedAllocator::allocate(unsigned long)+0x3e) [0x7fc5575730b6] 3 0x7fc5575732da /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::MarkedSpace::allocateWithNormalDestructor(unsigned long)+0x32) [0x7fc5575732da] 4 0x7fc5575733ed /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::Heap::allocateWithNormalDestructor(unsigned long)+0x7f) [0x7fc5575733ed] 5 0x7fc550b5127e /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(void* JSC::allocateCell<JSC::JSFunction>(JSC::Heap&, unsigned long)+0xde) [0x7fc550b5127e] 6 0x7fc550b501fe /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(void* JSC::allocateCell<JSC::JSFunction>(JSC::Heap&)+0x1d) [0x7fc550b501fe] 7 0x7fc550cdeae2 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::JSFunction::create(JSC::ExecState*, JSC::JSGlobalObject*, int, WTF::String const&, long (*)(JSC::ExecState*), JSC::Intrinsic, long (*)(JSC::ExecState*))+0x102) [0x7fc550cdeae2] 8 0x7fc550d34a1f /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::setUpStaticFunctionSlot(JSC::ExecState*, JSC::HashEntry const*, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&)+0x1da) [0x7fc550d34a1f] 9 0x7fc550d3b616 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(bool JSC::getStaticFunctionSlot<JSC::NumberObject>(JSC::ExecState*, JSC::HashTable const*, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&)+0x8e) [0x7fc550d3b616] 10 0x7fc550d38315 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::NumberPrototype::getOwnPropertySlot(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)+0x59) [0x7fc550d38315] 11 0x7fc557578164 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)+0x8a) [0x7fc557578164] 12 0x7fc5575781a8 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)+0x3c) [0x7fc5575781a8] 13 0x7fc5575782e2 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::JSObject::get(JSC::ExecState*, JSC::PropertyName) const+0x56) [0x7fc5575782e2] 14 0x7fc550d01fbb /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(+0x7bbfbb) [0x7fc550d01fbb] 15 0x7fc550d02320 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::JSObject::defaultValue(JSC::JSObject const*, JSC::ExecState*, JSC::PreferredPrimitiveType)+0x1a2) [0x7fc550d02320] 16 0x7fc554288c49 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(JSC::JSObject::toPrimitive(JSC::ExecState*, JSC::PreferredPrimitiveType) const+0x37) [0x7fc554288c49] 17 0x7fc550d02ed8 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::JSObject::toNumber(JSC::ExecState*) const+0x28) [0x7fc550d02ed8] 18 0x7fc5542895e5 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(+0x22025e5) [0x7fc5542895e5] 19 0x7fc554289c50 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(JSC::Bindings::convertValueToQVariant(OpaqueJSContext const*, OpaqueJSValue const*, QMetaType::Type, int*, WTF::HashSet<OpaqueJSValue*, WTF::PtrHash<OpaqueJSValue*>, WTF::HashTraits<OpaqueJSValue*> >*, int, OpaqueJSValue const**)+0x124) [0x7fc554289c50] 20 0x7fc55428b812 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(JSC::Bindings::convertValueToQVariant(OpaqueJSContext const*, OpaqueJSValue const*, QMetaType::Type, int*, OpaqueJSValue const**)+0x60) [0x7fc55428b812] 21 0x7fc55428d9d6 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(+0x22069d6) [0x7fc55428d9d6] 22 0x7fc55428f0cd /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(JSC::Bindings::QtRuntimeMethod::call(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**)+0x1df) [0x7fc55428f0cd] 23 0x7fc5509d8f5e /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::JSCallbackFunction::call(JSC::ExecState*)+0x174) [0x7fc5509d8f5e] 24 0x7fc550c26c77 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(+0x6e0c77) [0x7fc550c26c77] 25 0x7fc550c29be4 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*)+0x74) [0x7fc550c29be4] 26 0x7fc550c2a15f /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::LLInt::genericCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind)+0x10e) [0x7fc550c2a15f] 27 0x7fc550c271f6 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(+0x6e11f6) [0x7fc550c271f6] 28 0x7fc550c2e586 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(+0x6e8586) [0x7fc550c2e586] QFATAL : tst_QObjectBridge::callQtInvokable() Received signal 11 FAIL! : tst_QObjectBridge::callQtInvokable() Received a fatal error. Loc: [Unknown file(0)] Totals: 4 passed, 1 failed, 0 skipped ********* Finished testing of tst_QObjectBridge *********
Attachments
Add attachment proposed patch, testcase, etc.
Csaba Osztrogonác
Comment 1 2012-11-14 06:32:16 PST
GDB backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff093fb91 in JSC::MarkedAllocator::allocateSlowCase (this=0x6e1e68, bytes=56) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedAllocator.cpp:73 73 ASSERT(m_heap->globalData()->apiLock().currentThreadIsHoldingLock()); (gdb) bt #0 0x00007ffff093fb91 in JSC::MarkedAllocator::allocateSlowCase (this=0x6e1e68, bytes=56) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedAllocator.cpp:73 #1 0x00007ffff73ef0b6 in JSC::MarkedAllocator::allocate (this=0x6e1e68, bytes=56) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedAllocator.h:78 #2 0x00007ffff73ef2da in JSC::MarkedSpace::allocateWithNormalDestructor (this=0x6e1e18, bytes=56) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedSpace.h:220 #3 0x00007ffff73ef3ed in JSC::Heap::allocateWithNormalDestructor (this=0x6e1cc8, bytes=56) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.h:399 #4 0x00007ffff09cd27e in JSC::allocateCell<JSC::JSFunction> (heap=..., size=56) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSCell.h:319 #5 0x00007ffff09cc1fe in JSC::allocateCell<JSC::JSFunction> (heap=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSCell.h:329 #6 0x00007ffff0b5aae2 in JSC::JSFunction::create (exec=0x7fffa14b00a8, globalObject=0x7fffa144d980, length=0, name=..., nativeFunction=0x7ffff0bb5d00 <numberProtoFuncValueOf>, intrinsic=JSC::NoIntrinsic, nativeConstructor=0x7ffff0b5a961 <JSC::callHostFunctionAsConstructor(JSC::ExecState*)>) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSFunction.cpp:71 #7 0x00007ffff0bb0a1f in JSC::setUpStaticFunctionSlot (exec=0x7fffa14b00a8, entry=0x797620, thisObj=0x7fffa140c380, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Lookup.cpp:82 #8 0x00007ffff0bb7616 in JSC::getStaticFunctionSlot<JSC::NumberObject> (exec=0x7fffa14b00a8, table=0x6e9470, thisObj=0x7fffa140c380, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Lookup.h:294 #9 0x00007ffff0bb4315 in JSC::NumberPrototype::getOwnPropertySlot (cell=0x7fffa140c380, exec=0x7fffa14b00a8, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/NumberPrototype.cpp:88 #10 0x00007ffff73f4164 in JSC::JSCell::fastGetOwnPropertySlot (this=0x7fffa140c380, exec=0x7fffa14b00a8, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:1203 #11 0x00007ffff73f41a8 in JSC::JSObject::getPropertySlot (this=0x7fffa140bee0, exec=0x7fffa14b00a8, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:1228 #12 0x00007ffff73f42e2 in JSC::JSObject::get (this=0x7fffa140bee0, exec=0x7fffa14b00a8, propertyName=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:1253 #13 0x00007ffff0b7dfbb in callDefaultValueFunction (exec=0x7fffa14b00a8, object=0x7fffa140bee0, propertyName=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:1309 #14 0x00007ffff0b7e320 in JSC::JSObject::defaultValue (object=0x7fffa140bee0, exec=0x7fffa14b00a8, hint=JSC::PreferNumber) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:1348 #15 0x00007ffff4104c49 in JSC::JSObject::toPrimitive (this=0x7fffa140bee0, exec=0x7fffa14b00a8, preferredType=JSC::PreferNumber) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:1440 #16 0x00007ffff0b7eed8 in JSC::JSObject::toNumber (this=0x7fffa140bee0, exec=0x7fffa14b00a8) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:1519 #17 0x00007ffff41055e5 in unwrapBoxedPrimitive (context=0x7fffa14b00a8, value=0x7fffa140bee0, obj=0x7fffa140bee0) at /home/oszi/WebKit/Source/WebCore/bridge/qt/qt_runtime.cpp:205 #18 0x00007ffff4105c50 in JSC::Bindings::convertValueToQVariant (context=0x7fffa14b00a8, value=0x7fffa140bee0, hint=QMetaType::Double, distance=0x7fffffff9e98, visitedObjects=0x7fffffff99a0, recursionLimit=199, exception=0x7fffffffa778) at /home/oszi/WebKit/Source/WebCore/bridge/qt/qt_runtime.cpp:320 #19 0x00007ffff4107812 in JSC::Bindings::convertValueToQVariant (context=0x7fffa14b00a8, value=0x7fffa140bee0, hint=QMetaType::Double, distance=0x7fffffff9e98, exception=0x7fffffffa778) at /home/oszi/WebKit/Source/WebCore/bridge/qt/qt_runtime.cpp:665 #20 0x00007ffff41099d6 in findMethodIndex (context=0x7fffa14b00a8, meta=0x63e040, signature=..., argumentCount=1, arguments=0x7fffffffa6d8, allowPrivate=false, vars=..., vvars=0x7fffffffa5e0, exception=0x7fffffffa778) at /home/oszi/WebKit/Source/WebCore/bridge/qt/qt_runtime.cpp:1072 #21 0x00007ffff410b0cd in JSC::Bindings::QtRuntimeMethod::call (context=0x7fffa14b00a8, function=0x7fffa140bf60, argumentCount=1, arguments=0x7fffffffa6d8, exception=0x7fffffffa778) at /home/oszi/WebKit/Source/WebCore/bridge/qt/qt_runtime.cpp:1243 #22 0x00007ffff0854f5e in JSC::JSCallbackFunction::call (exec=0x7fffa14b00a8) at /home/oszi/WebKit/Source/JavaScriptCore/API/JSCallbackFunction.cpp:72 #23 0x00007ffff0aa2c77 in handleHostCall (execCallee=0x7fffa14b00a8, pc=0xc7d340, callee=..., kind=JSC::CodeForCall) at /home/oszi/WebKit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1364 #24 0x00007ffff0aa5be4 in JSC::LLInt::setUpCall (execCallee=0x7fffa14b00a8, pc=0xc7d340, kind=JSC::CodeForCall, calleeAsValue=..., callLinkInfo=0xa7de10) at /home/oszi/WebKit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1408 #25 0x00007ffff0aa615f in JSC::LLInt::genericCall (exec=0x7fffa14b0058, pc=0xc7d340, kind=JSC::CodeForCall) at /home/oszi/WebKit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1464 #26 0x00007ffff0aa31f6 in llint_slow_path_call (exec=0x7fffa14b0058, pc=0xc7d340) at /home/oszi/WebKit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1470 #27 0x00007ffff0aaa586 in llint_op_call () from /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1 #28 0x00007fffa14b0058 in ?? () warning: (Internal error: pc 0x6eb020 in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x6eb01f in read in psymtab, but not in symtab.) warning: (Internal error: pc 0x6eb01f in read in psymtab, but not in symtab.) #29 0x00000000006eb020 in ?? (warning: (Internal error: pc 0x6eb01f in read in psymtab, but not in symtab.) ) warning: (Internal error: pc 0x6eb01f in read in psymtab, but not in symtab.) #30 0x00007fffffffab80 in ?? () #31 0x00007ffff0a518ef in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0) at /home/oszi/WebKit/Source/JavaScriptCore/interpreter/JSStackInlines.h:213 #32 0x00007ffff0a50558 in JSC::JITCode::execute (this=0x7fffa11bc0e0, stack=0x6eb020, callFrame=0x7fffa14b0058, globalData=0x6e1c70) at /home/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.h:134 #33 0x00007ffff0a4d624 in JSC::Interpreter::execute (this=0x6eb010, program=0x7fffa11bc0c0, callFrame=0x7fffa144db88, thisObj=0x7fffa1480380) at /home/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:979 #34 0x00007ffff0b32faf in JSC::evaluate (exec=0x7fffa144db88, source=..., thisValue=..., returnedException=0x7fffffffc1d0) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:75 #35 0x00007ffff408ffc0 in WebCore::JSMainThreadExecState::evaluate (exec=0x7fffa144db88, source=..., thisValue=..., exception=0x7fffffffc1d0) at /home/oszi/WebKit/Source/WebCore/bindings/js/JSMainThreadExecState.h:77 #36 0x00007ffff40b119f in WebCore::ScriptController::evaluateInWorld (this=0x9c98e0, sourceCode=..., world=0x6fcd30) at /home/oszi/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:141 #37 0x00007ffff40b12ac in WebCore::ScriptController::evaluate (this=0x9c98e0, sourceCode=...) at /home/oszi/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:158 #38 0x00007ffff4026b58 in WebCore::ScriptController::executeScript (this=0x9c98e0, sourceCode=...) at /home/oszi/WebKit/Source/WebCore/bindings/ScriptControllerBase.cpp:69 #39 0x00007ffff7af9443 in QWebFrame::evaluateJavaScript (this=0x924350, scriptSource=...) at /home/oszi/WebKit/Source/WebKit/qt/Api/qwebframe.cpp:1452 #40 0x0000000000410f78 in tst_QObjectBridge::evalJSV (this=0x7fffffffe250, s=...) at /home/oszi/WebKit/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge.cpp:657 #41 0x0000000000410eed in tst_QObjectBridge::evalJS (this=0x7fffffffe250, s=...) at /home/oszi/WebKit/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge.cpp:649 #42 0x0000000000417693 in tst_QObjectBridge::callQtInvokable (this=0x7fffffffe250) at /home/oszi/WebKit/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge.cpp:1060 #43 0x0000000000429209 in tst_QObjectBridge::qt_static_metacall (_o=0x7fffffffe250, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0x7fffffffd660) at .moc/release-shared/tst_qobjectbridge.moc:908 #44 0x00007fffe9378db1 in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5 #45 0x00007fffe937b1dc in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5 #46 0x00007fffe9d92d55 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtTest.so.5 #47 0x00007fffe9d93996 in QTest::qExec(QObject*, int, char**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtTest.so.5 #48 0x0000000000427734 in main (argc=1, argv=0x7fffffffe3c8) at /home/oszi/WebKit/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge.cpp:2237
Stephen
Comment 2 2013-04-23 14:16:16 PDT
You may want to take a look at this bug report: https://bugs.webkit.org/show_bug.cgi?id=113434 . I mentioned a patch in it. It works well in most of the cases.
Gábor Ábrahám
Comment 3 2013-07-12 04:38:48 PDT
It seems r134235 fix this bug.
Note You need to log in before you can comment on or make changes to this bug.