Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.3.0 RC1
Affects Version/s: 5.2.0
Component/s: QML: Declarative and Javascript Engine
Labels:
None
Environment:
Qt 5.2.0 on Linux

Commits:
cdf718d0a58b31f0595281fc71ca4a3a6a81e41a (qtdeclarative)

Description

This QML code causes a crash while the garbage collector is running:

import QtQml 2.0

QtObject {
    Component.onCompleted: {
        var serial = 0
        while (true) {
            var garbage = {}
            for (var i = 0; i < 1000; i++) {
                // Creating garbage this way causes a crash:
                garbage[Math.random()] = true

                // These ways cause no problems:
                // garbage[i] = true
                // garbage["key_" + i] = true
                // garbage[serial++] = true

                // But these also crash:
                // garbage[(serial++) + 0.5] = true
                // garbage[(serial++) + "_"] = true
                // garbage["_" + (serial++)] = true

                // Although these do not:
                // garbage[i + 0.5] = true
                // garbage[i + "_"] = true
                // garbage["_" + i] = true
            }
        }
    }
}

Stack backtrace:

#0  0xb78d3bd0 in QV4::SafeValue::operator= (this=0xb0627000, v=...) at ../../include/QtQml/5.2.0/QtQml/private/../../../../../src/qml/jsruntime/qv4value_def_p.h:426
#1  0xb7901dc8 in QV4::ExecutionEngine::pushForGC (this=0xb20f7258, m=0x848592c0) at ../../include/QtQml/5.2.0/QtQml/private/../../../../../src/qml/jsruntime/qv4engine_p.h:152
#2  0xb7901e08 in QV4::Managed::mark (this=0x848592c0, engine=0xb20f7258) at ../../include/QtQml/5.2.0/QtQml/private/../../../../../src/qml/jsruntime/qv4engine_p.h:394
#3  0xb79a36cd in QV4::IdentifierTable::mark (this=0xb20f56c8, e=0xb20f7258) at jsruntime/qv4identifiertable_p.h:85
#4  0xb799b61d in QV4::ExecutionEngine::markObjects (this=0xb20f7258) at jsruntime/qv4engine.cpp:740
#5  0xb79bfaf3 in QV4::MemoryManager::mark (this=0xb20f57c0) at jsruntime/qv4mm.cpp:326
#6  0xb79bfd8a in QV4::MemoryManager::runGC (this=0xb20f57c0) at jsruntime/qv4mm.cpp:536
#7  0xb79bff5f in QV4::MemoryManager::alloc (this=0xb20f57c0, size=32) at jsruntime/qv4mm.cpp:270
#8  0xb79c2668 in QV4::MemoryManager::allocManaged (this=0xb20f57c0, size=32) at jsruntime/qv4mm_p.h:102
#9  0xb79c260e in QV4::Managed::operator new (size=32, mm=0xb20f57c0) at jsruntime/qv4managed.cpp:76
#10 0xb799cbb2 in QV4::ExecutionEngine::newString (this=0xb20f7258, s=...) at jsruntime/qv4engine.cpp:444
#11 0xb79ae959 in QV4::__qmljs_string_from_number (ctx=0xbfffe56c, number=0.6129802207522933) at jsruntime/qv4runtime.cpp:347
#12 0xb79aeb8a in QV4::__qmljs_convert_to_string (ctx=0xbfffe56c, value=...) at jsruntime/qv4runtime.cpp:444
#13 0xb79b1430 in QV4::Value::toString (this=0xafe27088, ctx=0xbfffe56c) at jsruntime/qv4value.cpp:269
#14 0xb79ab3ac in QV4::__qmljs_set_element (ctx=0xbfffe56c, object=..., index=..., value=...) at jsruntime/qv4runtime.cpp:628
#15 0xb7a3acac in QQmlJS::Moth::VME::run (this=0xbfffe51b, context=0xbfffe56c, code=0x80a9ba8 "\223\004", stack=0xafe27070, stackSize=14, storeJumpTable=0x0) at jsruntime/qv4vme_moth.cpp:290
#16 0xb7a40f04 in QQmlJS::Moth::VME::exec (ctxt=0xbfffe56c, code=0x80a9ad8 "\003=\016") at jsruntime/qv4vme_moth.cpp:707
#17 0xb79df87b in QV4::Function::code (this=0xafc6a560, ctx=0xbfffe56c, data=0x80a9ad8 "\003=\016") at jsruntime/qv4function_p.h:89
#18 0xb79dc02d in QV4::SimpleScriptFunction::call (that=0xafdee8c0, callData=0xafe27008) at jsruntime/qv4functionobject.cpp:598
#19 0xb799993d in QV4::FunctionObject::call (this=0xafdee8c0, callData=0xafe27008) at jsruntime/qv4functionobject_p.h:130
#20 0xb7b37bb8 in QQmlJavaScriptExpression::evaluate (this=0xafc673e8, context=0xafc6a0e8, function=..., callData=0xafe27008, isUndefined=0x0) at qml/qqmljavascriptexpression.cpp:166
#21 0xb7abe81c in QQmlBoundSignalExpression::evaluate (this=0xafc673d8, a=0x0) at qml/qqmlboundsignal.cpp:226
#22 0xb7abe9d4 in QQmlBoundSignal_callback (e=0xafc67d2c, a=0x0) at qml/qqmlboundsignal.cpp:353
#23 0xb7b15a81 in QQmlNotifier::emitNotify (endpoint=0xafc67d2c, a=0x0) at qml/qqmlnotifier.cpp:81
#24 0xb7a61a34 in QQmlData::signalEmitted (object=0xafc6a318, index=3, a=0x0) at qml/qqmlengine.cpp:710
#25 0xb696dabf in QMetaObject::activate (sender=0xafc6a318, signalOffset=3, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3456
#26 0xb696e4ce in QMetaObject::activate (sender=0xafc6a318, m=0xb7c4d820, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3438
#27 0xb7bcabd5 in QQmlComponentAttached::completed (this=0xafc6a318) at .moc/moc_qqmlcomponentattached_p.cpp:133
#28 0xb7a8e7c7 in QQmlVME::complete (this=0xafc66d98, interrupt=...) at qml/qqmlvme.cpp:1219
#29 0xb7a81761 in QQmlComponentPrivate::complete (enginePriv=0xb20f61e0, state=0xafc66d94) at qml/qqmlcomponent.cpp:960
#30 0xb7a81801 in QQmlComponentPrivate::completeCreate (this=0xafc66d38) at qml/qqmlcomponent.cpp:997
#31 0xb7a818cf in QQmlComponent::completeCreate (this=0xafc69438) at qml/qqmlcomponent.cpp:990
#32 0xb7a82549 in QQmlComponent::create (this=0xafc69438, context=0xafc63cc8) at qml/qqmlcomponent.cpp:805
#33 0x0804da61 in main (argc=2, argv=0xbfffeee4) at main.cpp:485

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Simon Hausmann

Reporter:: Spencer Schumann

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 15 Jan '14 00:07

Updated:: 10 Apr '14 13:01

Resolved:: 10 Apr '14 13:01

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

Reduce memory pressure on JS stack when garbage collecting: Gerrit Review: