Review Request 126725: prevent crash-on-exit in KSelectAction::~KSelectAction
René J.V. Bertin
rjvbertin at gmail.com
Wed Jan 13 18:49:54 UTC 2016
> On Jan. 12, 2016, 10:49 p.m., David Faure wrote:
> > Can I see the backtrace, with a description of how this gets triggered? I'm not sure the issue is fully understood (as shown by the use of "might" in the description...).
> >
> > Is the action being destroyed by clicking into a submenu of the action? Otherwise I don't get the relation with the fix.
>
> René J.V. Bertin wrote:
> A CrashReporter backtrace I still had logged:
>
> ```
> Exception Type: EXC_BAD_ACCESS (SIGSEGV)
> Exception Codes: EXC_I386_GPFLT
>
> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
> 0 org.qt-project.QtCore 0x000000010cbac886 QObject::property(char const*) const + 150 (qlist.h:105)
> 1 libqcocoa.dylib 0x000000011189e37a QCocoaMenuItem::~QCocoaMenuItem() + 58 (qcocoamenuitem.mm:109)
> 2 libqcocoa.dylib 0x000000011189e52e QCocoaMenuItem::~QCocoaMenuItem() + 14 (qcocoamenuitem.mm:106)
> 3 org.qt-project.QtWidgets 0x000000010b2989bd QMenu::actionEvent(QActionEvent*) + 749 (qmenu.cpp:3224)
> 4 org.qt-project.QtWidgets 0x000000010b1643d0 QWidget::event(QEvent*) + 1232 (qwidget.cpp:9044)
> 5 org.qt-project.QtWidgets 0x000000010b296bdc QMenu::event(QEvent*) + 1164 (qmenu.cpp:2678)
> 6 org.qt-project.QtWidgets 0x000000010b12653b QApplicationPrivate::notify_helper(QObject*, QEvent*) + 251 (qapplication.cpp:3716)
> 7 org.qt-project.QtWidgets 0x000000010b1298f4 QApplication::notify(QObject*, QEvent*) + 8212 (qapplication.cpp:3681)
> 8 org.qt-project.QtCore 0x000000010cb7b433 QCoreApplication::notifyInternal(QObject*, QEvent*) + 115 (qthread_p.h:291)
> 9 org.qt-project.QtWidgets 0x000000010b1582ed QWidget::removeAction(QAction*) + 125 (qcoreapplication.h:224)
> 10 org.qt-project.QtWidgets 0x000000010b11c711 QAction::~QAction() + 97 (qaction.cpp:566)
> 11 org.qt-project.QtWidgets 0x000000010b16d16c QWidgetAction::~QWidgetAction() + 444 (qwidgetaction.cpp:122)
> 12 libKF5WidgetsAddons.5.dylib 0x000000010acddd80 KSelectAction::~KSelectAction() + 64 (kselectaction.cpp:99)
> 13 org.qt-project.QtCore 0x000000010cba3d75 QObjectPrivate::deleteChildren() + 245 (qobject.cpp:1943)
> 14 org.qt-project.QtWidgets 0x000000010b153ee1 QWidget::~QWidget() + 1441 (qwidget.cpp:1658)
> 15 0x00000001093c16bb Bin::~Bin() + 1067 (bin.cpp:456)
> 16 0x00000001093c181e Bin::~Bin() + 14 (bin.cpp:438)
> 17 0x0000000109443d3e Core::~Core() + 62 (core.cpp:43)
> 18 0x000000010940c95f MainWindow::~MainWindow() + 207 (mainwindow.cpp:549)
> 19 0x000000010940cd45 MainWindow::~MainWindow() + 21 (mainwindow.cpp:542)
> 20 org.qt-project.QtCore 0x000000010cba4748 QObject::event(QEvent*) + 776 (qobject.cpp:4455)
> 21 org.qt-project.QtWidgets 0x000000010b164d26 QWidget::event(QEvent*) + 3622 (qwidget.cpp:9105)
> 22 org.qt-project.QtWidgets 0x000000010b26c45f QMainWindow::event(QEvent*) + 911 (qmainwindow.cpp:1495)
> 23 libKF5XmlGui.5.dylib 0x000000010a81e810 KMainWindow::event(QEvent*) + 624 (kmainwindow.cpp:829)
> 24 libKF5XmlGui.5.dylib 0x000000010a856398 KXmlGuiWindow::event(QEvent*) + 24 (kxmlguiwindow.cpp:118)
> 25 org.qt-project.QtWidgets 0x000000010b12653b QApplicationPrivate::notify_helper(QObject*, QEvent*) + 251 (qapplication.cpp:3716)
> 26 org.qt-project.QtWidgets 0x000000010b1298f4 QApplication::notify(QObject*, QEvent*) + 8212 (qapplication.cpp:3681)
> 27 org.qt-project.QtCore 0x000000010cb7c0db QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) + 971 (qthread_p.h:291)
> 28 org.qt-project.QtCore 0x000000010cb7ba2c QCoreApplication::exec() + 412 (qcoreapplication.cpp:1240)
> 29 0x00000001093f3761 main + 10257 (main.cpp:118)
> 30 libdyld.dylib 0x00007fff8508c5fd start + 1
> ```
>
> When I say crash-on-exit, I mean that the crash occurs after selecting the Quit menu item, or closing the main window.
Here's a backtrace obtained in the debugger:
```
* thread #1: tid = 0x3727c3, 0x0000000103c4e886 QtCore`QObject::property(char const*) const [inlined] QListData::size() const + 4 at qlist.h:105, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
frame #0: 0x0000000103c4e886 QtCore`QObject::property(char const*) const [inlined] QListData::size() const + 4 at qlist.h:105
102 void remove(int i);
103 void remove(int i, int n);
104 void move(int from, int to);
-> 105 inline int size() const { return d->end - d->begin; }
106 inline bool isEmpty() const { return d->end == d->begin; }
107 inline void **at(int i) const { return d->array + d->begin + i; }
108 inline void **begin() const { return d->array + d->begin; }
(lldb) bt
* thread #1: tid = 0x3727c3, 0x0000000103c4e886 QtCore`QObject::property(char const*) const [inlined] QListData::size() const + 4 at qlist.h:105, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
* frame #0: 0x0000000103c4e886 QtCore`QObject::property(char const*) const [inlined] QListData::size() const + 4 at qlist.h:105
frame #1: 0x0000000103c4e882 QtCore`QObject::property(char const*) const [inlined] QList<QByteArray>::indexOf(this=0x0000000118b9a1c0, t=0x0000000118b9a1c0, from=<unavailable>) const at qlist.h:940
frame #2: 0x0000000103c4e882 QtCore`QObject::property(this=<unavailable>, name=0x000000010af1799a) const + 146 at qobject.cpp:3884
frame #3: 0x000000010ae9e37a libqcocoa.dylib`QCocoaMenuItem::~QCocoaMenuItem(this=0x00000001069bd9d0) + 58 at qcocoamenuitem.mm:109
frame #4: 0x000000010ae9e52e libqcocoa.dylib`QCocoaMenuItem::~QCocoaMenuItem() [inlined] QCocoaMenuItem::~QCocoaMenuItem(this=0x00000001069bd9d0) + 14 at qcocoamenuitem.mm:106
frame #5: 0x000000010ae9e529 libqcocoa.dylib`QCocoaMenuItem::~QCocoaMenuItem(this=0x00000001069bd9d0) + 9 at qcocoamenuitem.mm:106
frame #6: 0x00000001022339bd QtWidgets`QMenu::actionEvent(this=0x00000001069bce00, e=<unavailable>) + 749 at qmenu.cpp:3224
frame #7: 0x00000001020ff3d0 QtWidgets`QWidget::event(this=0x00000001069bce00, event=0x00007fff5fbfde30) + 1232 at qwidget.cpp:9044
frame #8: 0x0000000102231bdc QtWidgets`QMenu::event(this=0x00000001069bce00, e=0x00007fff5fbfde30) + 1164 at qmenu.cpp:2678
frame #9: 0x00000001020c153b QtWidgets`QApplicationPrivate::notify_helper(this=<unavailable>, receiver=0x00000001069bce00, e=0x00007fff5fbfde30) + 251 at qapplication.cpp:3716
frame #10: 0x00000001020c48f4 QtWidgets`QApplication::notify(this=<unavailable>, receiver=<unavailable>, e=<unavailable>) + 8212 at qapplication.cpp:3681
frame #11: 0x0000000103c1d433 QtCore`QCoreApplication::notifyInternal(this=<unavailable>, receiver=<unavailable>, event=<unavailable>) + 115 at qcoreapplication.cpp:970
frame #12: 0x00000001020f32ed QtWidgets`QWidget::removeAction(QAction*) [inlined] QCoreApplication::sendEvent(receiver=<unavailable>, event=0x00000001037c1480) + 125 at qcoreapplication.h:224
frame #13: 0x00000001020f32ce QtWidgets`QWidget::removeAction(this=<unavailable>, action=0x0000000106a7eff0) + 94 at qwidget.cpp:3317
frame #14: 0x00000001020b7711 QtWidgets`QAction::~QAction(this=0x0000000106a7eff0) + 97 at qaction.cpp:568
frame #15: 0x000000010210816c QtWidgets`QWidgetAction::~QWidgetAction(this=0x0000000106a7eff0) + 444 at qwidgetaction.cpp:122
frame #16: 0x0000000101db9d80 libKF5WidgetsAddons.5.dylib`KSelectAction::~KSelectAction() [inlined] KSelectAction::~KSelectAction(this=0x0000000106a7eff0) + 64 at kselectaction.cpp:107
frame #17: 0x0000000101db9d49 libKF5WidgetsAddons.5.dylib`KSelectAction::~KSelectAction() [inlined] KSelectAction::~KSelectAction(this=0x0000000106a7eff0) at kselectaction.cpp:99
frame #18: 0x0000000101db9d49 libKF5WidgetsAddons.5.dylib`KSelectAction::~KSelectAction(this=0x0000000106a7eff0) + 9 at kselectaction.cpp:99
frame #19: 0x0000000103c45d75 QtCore`QObjectPrivate::deleteChildren(this=0x0000000106a78e30) + 245 at qobject.cpp:1946
frame #20: 0x00000001020eeee1 QtWidgets`QWidget::~QWidget(this=0x0000000106a78c80) + 1441 at qwidget.cpp:1658
frame #21: 0x0000000100363e6b kdenlive`Bin::~Bin(this=0x0000000106a78c80) + 1067 at bin.cpp:458
frame #22: 0x0000000100363fce kdenlive`Bin::~Bin() [inlined] Bin::~Bin(this=0x0000000106a78c80) + 14 at bin.cpp:440
frame #23: 0x0000000100363fc9 kdenlive`Bin::~Bin(this=0x0000000106a78c80) + 9 at bin.cpp:440
frame #24: 0x00000001003e8bed kdenlive`Core::~Core() [inlined] Core::~Core(this=0x0000000106a6ba60) + 68 at core.cpp:47
frame #25: 0x00000001003e8ba9 kdenlive`Core::~Core() [inlined] Core::~Core(this=0x0000000106a6ba60) at core.cpp:43
frame #26: 0x00000001003e8ba9 kdenlive`Core::~Core(this=0x0000000106a6ba60) + 9 at core.cpp:43
frame #27: 0x00000001003bbb8f kdenlive`MainWindow::~MainWindow(this=0x0000000106b4df40, vtt=0x00000001004e1850) + 207 at mainwindow.cpp:614
frame #28: 0x00000001003bbf75 kdenlive`MainWindow::~MainWindow() [inlined] MainWindow::~MainWindow(this=0x0000000106b4df40) + 12 at mainwindow.cpp:608
frame #29: 0x00000001003bbf69 kdenlive`MainWindow::~MainWindow(this=0x0000000106b4df40) + 9 at mainwindow.cpp:608
frame #30: 0x0000000103c46748 QtCore`QObject::event(QEvent*) [inlined] qDeleteInEventHandler(o=0x0000000106b4df40) + 14 at qobject.cpp:4455
frame #31: 0x0000000103c4673a QtCore`QObject::event(this=0x0000000106b4df40, e=<unavailable>) + 762 at qobject.cpp:1230
frame #32: 0x00000001020ffd26 QtWidgets`QWidget::event(this=0x0000000106b4df40, event=0x00000001236a90d0) + 3622 at qwidget.cpp:9105
frame #33: 0x000000010220745f QtWidgets`QMainWindow::event(this=0x0000000106b4df40, event=0x00000001236a90d0) + 911 at qmainwindow.cpp:1495
frame #34: 0x0000000101925810 libKF5XmlGui.5.dylib`KMainWindow::event(this=0x0000000106b4df40, ev=0x00000001236a90d0) + 624 at kmainwindow.cpp:829
frame #35: 0x000000010195d398 libKF5XmlGui.5.dylib`KXmlGuiWindow::event(this=0x0000000106b4df40, ev=0x00000001236a90d0) + 24 at kxmlguiwindow.cpp:118
frame #36: 0x00000001020c153b QtWidgets`QApplicationPrivate::notify_helper(this=<unavailable>, receiver=0x0000000106b4df40, e=0x00000001236a90d0) + 251 at qapplication.cpp:3716
frame #37: 0x00000001020c48f4 QtWidgets`QApplication::notify(this=<unavailable>, receiver=<unavailable>, e=<unavailable>) + 8212 at qapplication.cpp:3681
frame #38: 0x0000000103c1e0db QtCore`QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) [inlined] QCoreApplication::notifyInternal(this=<unavailable>, receiver=<unavailable>, event=<unavailable>) + 95 at qcoreapplication.cpp:970
frame #39: 0x0000000103c1e07c QtCore`QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) [inlined] QCoreApplication::sendEvent(receiver=<unavailable>, event=0x00000001236a90d0) + 28 at qcoreapplication.h:224
frame #40: 0x0000000103c1e060 QtCore`QCoreApplicationPrivate::sendPostedEvents(receiver=0x0000000000000000, event_type=0, data=0x0000000106a00e70) + 848 at qcoreapplication.cpp:1598
frame #41: 0x0000000103c1da2c QtCore`QCoreApplication::exec() + 412 at qcoreapplication.cpp:1240
frame #42: 0x00000001003a13b1 kdenlive`main(argc=1, argv=<unavailable>) + 9841 at main.cpp:126
frame #43: 0x00007fff8508c5fd libdyld.dylib`start + 1
frame #44: 0x00007fff8508c5fd libdyld.dylib`start + 1
```
> On Jan. 12, 2016, 10:49 p.m., David Faure wrote:
> > src/kselectaction.cpp, line 101
> > <https://git.reviewboard.kde.org/r/126725/diff/1/?file=430463#file430463line101>
> >
> > This seems unnecessary and wasteful (it sends an ActionChanged event). You're not deleting the menu right now anyway, you're using deleteLater. So the action will be gone before the menu is deleted, therefore the action will never have a dangling pointer to the menu.
>
> René J.V. Bertin wrote:
> It's almost impossible to debug this kind of situation because an interactive debugging session will alter the event flow. It does look like we're dealing only with Qt events here, no pending native events that get delivered to ObjC objects.
> Doesn't the menu have its parent set to the action (KSelectAction), and if so, will that relationship be broken when the action gets deleted? Because if not, it's the menu that could have a dangling pointer to the action, no?
> Also, remember that using deleteLater isn't required to prevent the systematic crash-on-exit. I suppose I could try to see if deleting the d-ptr last is the most important change here.
So...
- `delete menu() ; delete d_ptr;` crashes just as hard as `delete d_ptr ; delete menu();`
- a `delete menu();` doesn't crash after a preceding `setMenu(Q_NULLPTR);`
- `if(m) m->deleteLater();` *without* `setMenu(Q_NULLPTR);` _doesn't_ crash (at least not all the time).
I think that really means that the safest workaround will be the implementation I submitted. We can of course try to use either setMenu+delete or else deleteLater on its own and go from there if a sufficiently repeatable crasher represents itself.
- René J.V.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126725/#review90980
-----------------------------------------------------------
On Jan. 12, 2016, 2:14 p.m., René J.V. Bertin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/126725/
> -----------------------------------------------------------
>
> (Updated Jan. 12, 2016, 2:14 p.m.)
>
>
> Review request for KDE Frameworks and Christoph Feck.
>
>
> Repository: kwidgetsaddons
>
>
> Description
> -------
>
> I was seeing a systematic crash on exitting kdenlive5, on OS X deep under the `delete menu()` instruction in `KSelectAction::~KSelectAction`. The backtrace suggested this might be due to a pending event (or an event due to the menu deletion) being delivered post-mortem to an instance of a QMenu related class.
>
> My fix is based on 3 principles:
> 1) release the "foreign" member instance (`menu()`) before releasing the own d-ptr
> 2) Remove the QMenu instance from ourselves before deleting it to have one less potential dangling reference to it
> 3) QMenu is a QObject descendent that corresponds to a UI element: on OS X it is safer to dispose these through `deleteLater()` rather than directly.
>
>
> Diffs
> -----
>
> src/kselectaction.cpp 1381099
>
> Diff: https://git.reviewboard.kde.org/r/126725/diff/
>
>
> Testing
> -------
>
> On OS X 10.9.5, Qt 5.5.1 and KF5 Frameworks 5.16.0, built for installation under /opt/local .
>
> It seems that points 1) and 2) above already solve the crash issue in kdenlive on OS X, but the general principle stands so I suggest keeping 3) in library code like this.
>
>
> Thanks,
>
> René J.V. Bertin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160113/61a1f8a7/attachment-0001.html>
More information about the Kde-frameworks-devel
mailing list