Bug 102223 - [Qt] Fix asserion in tst_QObjectBridge::callQtInvokable()
Summary: [Qt] Fix asserion in tst_QObjectBridge::callQtInvokable()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 420+
Hardware: All All
: P1 Critical
Assignee: Nobody
URL:
Keywords: Qt, QtTriaged
Depends on:
Blocks: 38654 79668
  Show dependency treegraph
 
Reported: 2012-11-14 06:29 PST by Csaba Osztrogonác
Modified: 2013-07-12 04:38 PDT (History)
6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Csaba Osztrogonác 2012-11-14 06:29:42 PST 
tst_QObjectBridge::getSetChildren() asserts in debug mode:
$ WebKitBuild/Debug/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge 2>&1 | c++filt
QXcbConnection: Failed to get the primary output of the screen
********* Start testing of tst_QObjectBridge *********
Config: Using QTest library 5.0.0, Qt 5.0.0
PASS   : tst_QObjectBridge::initTestCase()
QDEBUG : tst_QObjectBridge::getSetStaticProperty() loaded the dummy plugin
QDEBUG : tst_QObjectBridge::getSetStaticProperty() loaded the Generic plugin
QDEBUG : tst_QObjectBridge::getSetStaticProperty() loaded the Linux plugin
PASS   : tst_QObjectBridge::getSetStaticProperty()
XFAIL  : tst_QObjectBridge::getSetDynamicProperty() can't delete properties
   Loc: [/home/oszi/WebKit/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge.cpp(970)]
PASS   : tst_QObjectBridge::getSetDynamicProperty()
PASS   : tst_QObjectBridge::getSetChildren()
ASSERTION FAILED: m_heap->globalData()->apiLock().currentThreadIsHoldingLock()
/home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedAllocator.cpp(73) : void* JSC::MarkedAllocator::allocateSlowCase(size_t)
1   0x7fc550ac3b87 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::MarkedAllocator::allocateSlowCase(unsigned long)+0x5b) [0x7fc550ac3b87]
2   0x7fc5575730b6 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::MarkedAllocator::allocate(unsigned long)+0x3e) [0x7fc5575730b6]
3   0x7fc5575732da /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::MarkedSpace::allocateWithNormalDestructor(unsigned long)+0x32) [0x7fc5575732da]
4   0x7fc5575733ed /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::Heap::allocateWithNormalDestructor(unsigned long)+0x7f) [0x7fc5575733ed]
5   0x7fc550b5127e /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(void* JSC::allocateCell<JSC::JSFunction>(JSC::Heap&, unsigned long)+0xde) [0x7fc550b5127e]
6   0x7fc550b501fe /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(void* JSC::allocateCell<JSC::JSFunction>(JSC::Heap&)+0x1d) [0x7fc550b501fe]
7   0x7fc550cdeae2 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::JSFunction::create(JSC::ExecState*, JSC::JSGlobalObject*, int, WTF::String const&, long (*)(JSC::ExecState*), JSC::Intrinsic, long (*)(JSC::ExecState*))+0x102) [0x7fc550cdeae2]
8   0x7fc550d34a1f /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::setUpStaticFunctionSlot(JSC::ExecState*, JSC::HashEntry const*, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&)+0x1da) [0x7fc550d34a1f]
9   0x7fc550d3b616 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(bool JSC::getStaticFunctionSlot<JSC::NumberObject>(JSC::ExecState*, JSC::HashTable const*, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&)+0x8e) [0x7fc550d3b616]
10  0x7fc550d38315 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::NumberPrototype::getOwnPropertySlot(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)+0x59) [0x7fc550d38315]
11  0x7fc557578164 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)+0x8a) [0x7fc557578164]
12  0x7fc5575781a8 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&)+0x3c) [0x7fc5575781a8]
13  0x7fc5575782e2 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebKit2.so.1(JSC::JSObject::get(JSC::ExecState*, JSC::PropertyName) const+0x56) [0x7fc5575782e2]
14  0x7fc550d01fbb /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(+0x7bbfbb) [0x7fc550d01fbb]
15  0x7fc550d02320 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::JSObject::defaultValue(JSC::JSObject const*, JSC::ExecState*, JSC::PreferredPrimitiveType)+0x1a2) [0x7fc550d02320]
16  0x7fc554288c49 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(JSC::JSObject::toPrimitive(JSC::ExecState*, JSC::PreferredPrimitiveType) const+0x37) [0x7fc554288c49]
17  0x7fc550d02ed8 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::JSObject::toNumber(JSC::ExecState*) const+0x28) [0x7fc550d02ed8]
18  0x7fc5542895e5 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(+0x22025e5) [0x7fc5542895e5]
19  0x7fc554289c50 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(JSC::Bindings::convertValueToQVariant(OpaqueJSContext const*, OpaqueJSValue const*, QMetaType::Type, int*, WTF::HashSet<OpaqueJSValue*, WTF::PtrHash<OpaqueJSValue*>, WTF::HashTraits<OpaqueJSValue*> >*, int, OpaqueJSValue const**)+0x124) [0x7fc554289c50]
20  0x7fc55428b812 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(JSC::Bindings::convertValueToQVariant(OpaqueJSContext const*, OpaqueJSValue const*, QMetaType::Type, int*, OpaqueJSValue const**)+0x60) [0x7fc55428b812]
21  0x7fc55428d9d6 /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(+0x22069d6) [0x7fc55428d9d6]
22  0x7fc55428f0cd /home/oszi/WebKit/WebKitBuild/Debug/lib/libWebCore.so.1(JSC::Bindings::QtRuntimeMethod::call(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**)+0x1df) [0x7fc55428f0cd]
23  0x7fc5509d8f5e /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::JSCallbackFunction::call(JSC::ExecState*)+0x174) [0x7fc5509d8f5e]
24  0x7fc550c26c77 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(+0x6e0c77) [0x7fc550c26c77]
25  0x7fc550c29be4 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*)+0x74) [0x7fc550c29be4]
26  0x7fc550c2a15f /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(JSC::LLInt::genericCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind)+0x10e) [0x7fc550c2a15f]
27  0x7fc550c271f6 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(+0x6e11f6) [0x7fc550c271f6]
28  0x7fc550c2e586 /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1(+0x6e8586) [0x7fc550c2e586]
QFATAL : tst_QObjectBridge::callQtInvokable() Received signal 11
FAIL!  : tst_QObjectBridge::callQtInvokable() Received a fatal error.
   Loc: [Unknown file(0)]
Totals: 4 passed, 1 failed, 0 skipped
********* Finished testing of tst_QObjectBridge *********
Comment 1 Csaba Osztrogonác 2012-11-14 06:32:16 PST 
GDB backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff093fb91 in JSC::MarkedAllocator::allocateSlowCase (this=0x6e1e68, bytes=56) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedAllocator.cpp:73
73          ASSERT(m_heap->globalData()->apiLock().currentThreadIsHoldingLock());
(gdb) bt
#0  0x00007ffff093fb91 in JSC::MarkedAllocator::allocateSlowCase (this=0x6e1e68, bytes=56) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedAllocator.cpp:73
#1  0x00007ffff73ef0b6 in JSC::MarkedAllocator::allocate (this=0x6e1e68, bytes=56) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedAllocator.h:78
#2  0x00007ffff73ef2da in JSC::MarkedSpace::allocateWithNormalDestructor (this=0x6e1e18, bytes=56) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedSpace.h:220
#3  0x00007ffff73ef3ed in JSC::Heap::allocateWithNormalDestructor (this=0x6e1cc8, bytes=56) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.h:399
#4  0x00007ffff09cd27e in JSC::allocateCell<JSC::JSFunction> (heap=..., size=56) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSCell.h:319
#5  0x00007ffff09cc1fe in JSC::allocateCell<JSC::JSFunction> (heap=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSCell.h:329
#6  0x00007ffff0b5aae2 in JSC::JSFunction::create (exec=0x7fffa14b00a8, globalObject=0x7fffa144d980, length=0, name=..., nativeFunction=0x7ffff0bb5d00 <numberProtoFuncValueOf>, intrinsic=JSC::NoIntrinsic,
    nativeConstructor=0x7ffff0b5a961 <JSC::callHostFunctionAsConstructor(JSC::ExecState*)>) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSFunction.cpp:71
#7  0x00007ffff0bb0a1f in JSC::setUpStaticFunctionSlot (exec=0x7fffa14b00a8, entry=0x797620, thisObj=0x7fffa140c380, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Lookup.cpp:82
#8  0x00007ffff0bb7616 in JSC::getStaticFunctionSlot<JSC::NumberObject> (exec=0x7fffa14b00a8, table=0x6e9470, thisObj=0x7fffa140c380, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Lookup.h:294
#9  0x00007ffff0bb4315 in JSC::NumberPrototype::getOwnPropertySlot (cell=0x7fffa140c380, exec=0x7fffa14b00a8, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/NumberPrototype.cpp:88
#10 0x00007ffff73f4164 in JSC::JSCell::fastGetOwnPropertySlot (this=0x7fffa140c380, exec=0x7fffa14b00a8, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:1203
#11 0x00007ffff73f41a8 in JSC::JSObject::getPropertySlot (this=0x7fffa140bee0, exec=0x7fffa14b00a8, propertyName=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:1228
#12 0x00007ffff73f42e2 in JSC::JSObject::get (this=0x7fffa140bee0, exec=0x7fffa14b00a8, propertyName=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:1253
#13 0x00007ffff0b7dfbb in callDefaultValueFunction (exec=0x7fffa14b00a8, object=0x7fffa140bee0, propertyName=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:1309
#14 0x00007ffff0b7e320 in JSC::JSObject::defaultValue (object=0x7fffa140bee0, exec=0x7fffa14b00a8, hint=JSC::PreferNumber) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:1348
#15 0x00007ffff4104c49 in JSC::JSObject::toPrimitive (this=0x7fffa140bee0, exec=0x7fffa14b00a8, preferredType=JSC::PreferNumber) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:1440
#16 0x00007ffff0b7eed8 in JSC::JSObject::toNumber (this=0x7fffa140bee0, exec=0x7fffa14b00a8) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:1519
#17 0x00007ffff41055e5 in unwrapBoxedPrimitive (context=0x7fffa14b00a8, value=0x7fffa140bee0, obj=0x7fffa140bee0) at /home/oszi/WebKit/Source/WebCore/bridge/qt/qt_runtime.cpp:205
#18 0x00007ffff4105c50 in JSC::Bindings::convertValueToQVariant (context=0x7fffa14b00a8, value=0x7fffa140bee0, hint=QMetaType::Double, distance=0x7fffffff9e98, visitedObjects=0x7fffffff99a0, recursionLimit=199, exception=0x7fffffffa778)
    at /home/oszi/WebKit/Source/WebCore/bridge/qt/qt_runtime.cpp:320
#19 0x00007ffff4107812 in JSC::Bindings::convertValueToQVariant (context=0x7fffa14b00a8, value=0x7fffa140bee0, hint=QMetaType::Double, distance=0x7fffffff9e98, exception=0x7fffffffa778)
    at /home/oszi/WebKit/Source/WebCore/bridge/qt/qt_runtime.cpp:665
#20 0x00007ffff41099d6 in findMethodIndex (context=0x7fffa14b00a8, meta=0x63e040, signature=..., argumentCount=1, arguments=0x7fffffffa6d8, allowPrivate=false, vars=..., vvars=0x7fffffffa5e0, exception=0x7fffffffa778)
    at /home/oszi/WebKit/Source/WebCore/bridge/qt/qt_runtime.cpp:1072
#21 0x00007ffff410b0cd in JSC::Bindings::QtRuntimeMethod::call (context=0x7fffa14b00a8, function=0x7fffa140bf60, argumentCount=1, arguments=0x7fffffffa6d8, exception=0x7fffffffa778)
    at /home/oszi/WebKit/Source/WebCore/bridge/qt/qt_runtime.cpp:1243
#22 0x00007ffff0854f5e in JSC::JSCallbackFunction::call (exec=0x7fffa14b00a8) at /home/oszi/WebKit/Source/JavaScriptCore/API/JSCallbackFunction.cpp:72
#23 0x00007ffff0aa2c77 in handleHostCall (execCallee=0x7fffa14b00a8, pc=0xc7d340, callee=..., kind=JSC::CodeForCall) at /home/oszi/WebKit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1364
#24 0x00007ffff0aa5be4 in JSC::LLInt::setUpCall (execCallee=0x7fffa14b00a8, pc=0xc7d340, kind=JSC::CodeForCall, calleeAsValue=..., callLinkInfo=0xa7de10) at /home/oszi/WebKit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1408
#25 0x00007ffff0aa615f in JSC::LLInt::genericCall (exec=0x7fffa14b0058, pc=0xc7d340, kind=JSC::CodeForCall) at /home/oszi/WebKit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1464
#26 0x00007ffff0aa31f6 in llint_slow_path_call (exec=0x7fffa14b0058, pc=0xc7d340) at /home/oszi/WebKit/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1470
#27 0x00007ffff0aaa586 in llint_op_call () from /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1
#28 0x00007fffa14b0058 in ?? ()
warning: (Internal error: pc 0x6eb020 in read in psymtab, but not in symtab.)

warning: (Internal error: pc 0x6eb01f in read in psymtab, but not in symtab.)

warning: (Internal error: pc 0x6eb01f in read in psymtab, but not in symtab.)

#29 0x00000000006eb020 in ?? (warning: (Internal error: pc 0x6eb01f in read in psymtab, but not in symtab.)

)
warning: (Internal error: pc 0x6eb01f in read in psymtab, but not in symtab.)

#30 0x00007fffffffab80 in ?? ()
#31 0x00007ffff0a518ef in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0) at /home/oszi/WebKit/Source/JavaScriptCore/interpreter/JSStackInlines.h:213
#32 0x00007ffff0a50558 in JSC::JITCode::execute (this=0x7fffa11bc0e0, stack=0x6eb020, callFrame=0x7fffa14b0058, globalData=0x6e1c70) at /home/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.h:134
#33 0x00007ffff0a4d624 in JSC::Interpreter::execute (this=0x6eb010, program=0x7fffa11bc0c0, callFrame=0x7fffa144db88, thisObj=0x7fffa1480380) at /home/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:979
#34 0x00007ffff0b32faf in JSC::evaluate (exec=0x7fffa144db88, source=..., thisValue=..., returnedException=0x7fffffffc1d0) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:75
#35 0x00007ffff408ffc0 in WebCore::JSMainThreadExecState::evaluate (exec=0x7fffa144db88, source=..., thisValue=..., exception=0x7fffffffc1d0) at /home/oszi/WebKit/Source/WebCore/bindings/js/JSMainThreadExecState.h:77
#36 0x00007ffff40b119f in WebCore::ScriptController::evaluateInWorld (this=0x9c98e0, sourceCode=..., world=0x6fcd30) at /home/oszi/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:141
#37 0x00007ffff40b12ac in WebCore::ScriptController::evaluate (this=0x9c98e0, sourceCode=...) at /home/oszi/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:158
#38 0x00007ffff4026b58 in WebCore::ScriptController::executeScript (this=0x9c98e0, sourceCode=...) at /home/oszi/WebKit/Source/WebCore/bindings/ScriptControllerBase.cpp:69
#39 0x00007ffff7af9443 in QWebFrame::evaluateJavaScript (this=0x924350, scriptSource=...) at /home/oszi/WebKit/Source/WebKit/qt/Api/qwebframe.cpp:1452
#40 0x0000000000410f78 in tst_QObjectBridge::evalJSV (this=0x7fffffffe250, s=...) at /home/oszi/WebKit/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge.cpp:657
#41 0x0000000000410eed in tst_QObjectBridge::evalJS (this=0x7fffffffe250, s=...) at /home/oszi/WebKit/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge.cpp:649
#42 0x0000000000417693 in tst_QObjectBridge::callQtInvokable (this=0x7fffffffe250) at /home/oszi/WebKit/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge.cpp:1060
#43 0x0000000000429209 in tst_QObjectBridge::qt_static_metacall (_o=0x7fffffffe250, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0x7fffffffd660) at .moc/release-shared/tst_qobjectbridge.moc:908
#44 0x00007fffe9378db1 in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5
#45 0x00007fffe937b1dc in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtCore.so.5
#46 0x00007fffe9d92d55 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtTest.so.5
#47 0x00007fffe9d93996 in QTest::qExec(QObject*, int, char**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r39/lib/libQtTest.so.5
#48 0x0000000000427734 in main (argc=1, argv=0x7fffffffe3c8) at /home/oszi/WebKit/Source/WebKit/qt/tests/qobjectbridge/tst_qobjectbridge.cpp:2237
Comment 2 Stephen 2013-04-23 14:16:16 PDT 
You may want to take a look at this bug report: https://bugs.webkit.org/show_bug.cgi?id=113434 . I mentioned a patch in it. It works well in most of the cases.
Comment 3 Gábor Ábrahám 2013-07-12 04:38:48 PDT 
It seems r134235 fix this bug.