<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="12" style="border: 1px #c9c399 solid; border-radius: 6px; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://git.reviewboard.kde.org/r/120057/">https://git.reviewboard.kde.org/r/120057/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<p style="margin-top: 0;">On September 5th, 2014, 11:55 a.m. UTC, <b>David Edmundson</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">I'm not very happy with this. I'm sure it works, but it's a workaround without knowing the root problem (or at least I'm not convinced we do). It almost certainly is not memory corruption, and blind patching isn't a good longterm strategy. </p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">I imagine the case will be:<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
- widget is made (with QGraphicsScene that corana inherits from having size 0,0)<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
- we run this FolderView::constraintsEvent<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
- corona resizes<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
- folderview doesn't see it has resized<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
or something along these lines</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Can you test what path we take in Corona::screenGeometry? and what the sceneRect is at the point this runs?</p></pre>
</blockquote>
<p>On September 5th, 2014, 12:06 p.m. UTC, <b>David Edmundson</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">forgot to say: Thanks for looking into this, it's really appreciated.</p></pre>
</blockquote>
<p>On September 5th, 2014, 1:31 p.m. UTC, <b>Mark Harmstone</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">You're welcome, no problem.</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Blind patching might not be a good idea in general, but I think it's worth bearing in mind that this fixes a major usability bug, and one that for two years has proven nearly impossible to debug, let alone fix. Plus it obviously doesn't break anything - and, by way of comparison, the comment a few lines above it has read "FIXME: a pretty horrible hack" for a couple of years now...</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">I'm almost certain this is a memory corruption issue, though. If you insert a line "volatile QRect r3(r);" just before DesktopCorona::availableScreenRect returns, and put a breakpoint on the return, gdb says that when this bug is triggered, r3 and r differ. (Specifically, r = {x1 = 0, y1 = 0, x2 = 1919, y2 = 1079}, as it should be, but r3 = {x1 = 0, y1 = 0, x2 = 1919, y2 = 0}, which is what is actually returned.)<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
I've uploaded a disassembly of DesktopCorona::availableScreenRect, as compiled by gcc -O2, to http://burntcomma.com/dc.txt. There's a couple of "volatile" debugging lines there, which is why the line numbering doesn't match up exactly. I don't understand assembly all that well - certainly not well enough to diagnose and fix the problem in gcc, if there is one - but it looks like r.bottom() is being stored in DWORD PTR [rsp+0x3c]. Even though there's nothing wrong with the C++ code (as far as I can see), this is then being clobbered within the foreach loop, for some reason.</p></pre>
</blockquote>
<p>On September 5th, 2014, 1:50 p.m. UTC, <b>David Edmundson</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">well that's me close to happy. Good investigation :)</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Any chance you can put a breakdown just after<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
QRect r3(r)</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">and type <br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
"watch r3.y2"</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">we can see who does the clobbering.</p></pre>
</blockquote>
<p>On September 5th, 2014, 7:08 p.m. UTC, <b>Mark Harmstone</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">If I set a watchpoint for r3.y2, it only triggers on the definition line itself:</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Old value = 1079<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
New value = 0<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
0x00007ffff7b915fc in DesktopCorona::availableScreenRect (this=<optimized out>, id=0)<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
at /var/tmp/portage/kde-base/plasma-workspace-4.11.11/work/plasma-workspace-4.11.11/plasma/desktop/shell/desktopcorona.cpp:358<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
358 volatile QRect r3(r);</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">The assembly line there is mov rax,QWORD PTR [rsp+0x80].</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">If I comment out the volatiles and set a watch for r.y2, it doesn't trigger at all - gdb thinks r is unaltered by the loop, as it should be.</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">It looks like the bug is actually that the y2 of QRects can get clobbered on assignment - as far as I can see, the availRect that FolderView::updateScreenRegion gets isn't actually r, but a copy made in DesktopCorona::qt_static_metacall.</p></pre>
</blockquote>
</blockquote>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Interestingly old value is the correct value, so we're saying in the one call<br style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;" />
QRect r3(r) it sets the correct value, and then unsets it?</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">It should be a copy, as we exit availableScreenRegion It does make sense that that part of the memory is getting messed up <em style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: normal;">after</em> we exit availableScreenRect, as it won't be on the stack anymore.</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">I was under the impression you were saying things break before we hit "return r" or are you saying all QRect(const QRect &other) calls are broken?</p></pre>
<br />
<p>- David</p>
<br />
<p>On September 5th, 2014, 11:25 a.m. UTC, Mark Harmstone wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="12" style="border: 1px #888a85 solid; border-radius: 6px; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tr>
<td>
<div>Review request for Plasma and Ignat Semenov.</div>
<div>By Mark Harmstone.</div>
<p style="color: grey;"><i>Updated Sept. 5, 2014, 11:25 a.m.</i></p>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Bugs: </b>
<a href="http://bugs.kde.org/show_bug.cgi?id=294795">294795</a>
</div>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt;">Repository: </b>
kde-baseapps
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Fixes bug 294795. See there for further details.</p></pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">The patch fixes a race condition, meaning it is difficult to reproduce. However, with the patch applied I have not been able to reproduce it after dozens of reboots on a handful of different machines. Plus the scrollbar issue was always accompanied by the toolbox changing position, which still happens sporadically - strongly implying that the scrollbar is fixed.</p></pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>plasma/applets/folderview/folderview.cpp <span style="color: grey">(f56cab1fee8848c551d3687dbd480ed1ed5ac591)</span></li>
</ul>
<p><a href="https://git.reviewboard.kde.org/r/120057/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>