[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-frameworks-devel
Subject: Re: Review Request 126725: prevent crash-on-exit in KSelectAction::~KSelectAction
From: René J.V. Bertin <rjvbertin () gmail ! com>
Date: 2016-01-13 1:20:16
Message-ID: 20160113012016.23702.41495 () mimi ! kde ! org
[Download RAW message or body]
--===============4847133609290710195==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
> On Jan. 12, 2016, 10:49 p.m., David Faure wrote:
> > Can I see the backtrace, with a description of how this gets triggered? I'm not \
> > sure the issue is fully understood (as shown by the use of "might" in the \
> > description...).
> > Is the action being destroyed by clicking into a submenu of the action? Otherwise \
> > I don't get the relation with the fix.
A CrashReporter backtrace I still had logged:
```
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: EXC_I386_GPFLT
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 org.qt-project.QtCore 0x000000010cbac886 QObject::property(char const*) \
const + 150 (qlist.h:105) 1 libqcocoa.dylib 0x000000011189e37a \
QCocoaMenuItem::~QCocoaMenuItem() + 58 (qcocoamenuitem.mm:109) 2 libqcocoa.dylib \
0x000000011189e52e QCocoaMenuItem::~QCocoaMenuItem() + 14 (qcocoamenuitem.mm:106) 3 \
org.qt-project.QtWidgets 0x000000010b2989bd QMenu::actionEvent(QActionEvent*) + \
749 (qmenu.cpp:3224) 4 org.qt-project.QtWidgets 0x000000010b1643d0 \
QWidget::event(QEvent*) + 1232 (qwidget.cpp:9044) 5 org.qt-project.QtWidgets \
0x000000010b296bdc QMenu::event(QEvent*) + 1164 (qmenu.cpp:2678) 6 \
org.qt-project.QtWidgets 0x000000010b12653b \
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 251 (qapplication.cpp:3716) 7 \
org.qt-project.QtWidgets 0x000000010b1298f4 QApplication::notify(QObject*, \
QEvent*) + 8212 (qapplication.cpp:3681) 8 org.qt-project.QtCore \
0x000000010cb7b433 QCoreApplication::notifyInternal(QObject*, QEvent*) + 115 \
(qthread_p.h:291) 9 org.qt-project.QtWidgets 0x000000010b1582ed \
QWidget::removeAction(QAction*) + 125 (qcoreapplication.h:224) 10 \
org.qt-project.QtWidgets 0x000000010b11c711 QAction::~QAction() + 97 \
(qaction.cpp:566) 11 org.qt-project.QtWidgets 0x000000010b16d16c \
QWidgetAction::~QWidgetAction() + 444 (qwidgetaction.cpp:122) 12 \
libKF5WidgetsAddons.5.dylib 0x000000010acddd80 KSelectAction::~KSelectAction() + \
64 (kselectaction.cpp:99) 13 org.qt-project.QtCore 0x000000010cba3d75 \
QObjectPrivate::deleteChildren() + 245 (qobject.cpp:1943) 14 \
org.qt-project.QtWidgets 0x000000010b153ee1 QWidget::~QWidget() + 1441 \
(qwidget.cpp:1658) 15 0x00000001093c16bb Bin::~Bin() \
+ 1067 (bin.cpp:456) 16 0x00000001093c181e \
Bin::~Bin() + 14 (bin.cpp:438) 17 0x0000000109443d3e \
Core::~Core() + 62 (core.cpp:43) 18 \
0x000000010940c95f MainWindow::~MainWindow() + 207 (mainwindow.cpp:549) 19 \
0x000000010940cd45 MainWindow::~MainWindow() + 21 (mainwindow.cpp:542) 20 \
org.qt-project.QtCore 0x000000010cba4748 QObject::event(QEvent*) + 776 \
(qobject.cpp:4455) 21 org.qt-project.QtWidgets 0x000000010b164d26 \
QWidget::event(QEvent*) + 3622 (qwidget.cpp:9105) 22 org.qt-project.QtWidgets \
0x000000010b26c45f QMainWindow::event(QEvent*) + 911 (qmainwindow.cpp:1495) 23 \
libKF5XmlGui.5.dylib 0x000000010a81e810 KMainWindow::event(QEvent*) + 624 \
(kmainwindow.cpp:829) 24 libKF5XmlGui.5.dylib 0x000000010a856398 \
KXmlGuiWindow::event(QEvent*) + 24 (kxmlguiwindow.cpp:118) 25 \
org.qt-project.QtWidgets 0x000000010b12653b \
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 251 (qapplication.cpp:3716) \
26 org.qt-project.QtWidgets 0x000000010b1298f4 QApplication::notify(QObject*, \
QEvent*) + 8212 (qapplication.cpp:3681) 27 org.qt-project.QtCore \
0x000000010cb7c0db QCoreApplicationPrivate::sendPostedEvents(QObject*, int, \
QThreadData*) + 971 (qthread_p.h:291) 28 org.qt-project.QtCore \
0x000000010cb7ba2c QCoreApplication::exec() + 412 (qcoreapplication.cpp:1240) 29 \
0x00000001093f3761 main + 10257 (main.cpp:118) 30 libdyld.dylib \
0x00007fff8508c5fd start + 1 ```
When I say crash-on-exit, I mean that the crash occurs after selecting the Quit menu \
item, or closing the main window.
> On Jan. 12, 2016, 10:49 p.m., David Faure wrote:
> > src/kselectaction.cpp, line 101
> > <https://git.reviewboard.kde.org/r/126725/diff/1/?file=430463#file430463line101>
> >
> > This seems unnecessary and wasteful (it sends an ActionChanged event). You're not \
> > deleting the menu right now anyway, you're using deleteLater. So the action will \
> > be gone before the menu is deleted, therefore the action will never have a \
> > dangling pointer to the menu.
It's almost impossible to debug this kind of situation because an interactive \
debugging session will alter the event flow. It does look like we're dealing only \
with Qt events here, no pending native events that get delivered to ObjC objects. \
Doesn't the menu have its parent set to the action (KSelectAction), and if so, will \
that relationship be broken when the action gets deleted? Because if not, it's the \
menu that could have a dangling pointer to the action, no? Also, remember that using \
deleteLater isn't required to prevent the systematic crash-on-exit. I suppose I could \
try to see if deleting the d-ptr last is the most important change here.
- René J.V.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126725/#review90980
-----------------------------------------------------------
On Jan. 12, 2016, 2:14 p.m., René J.V. Bertin wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/126725/
> -----------------------------------------------------------
>
> (Updated Jan. 12, 2016, 2:14 p.m.)
>
>
> Review request for KDE Frameworks and Christoph Feck.
>
>
> Repository: kwidgetsaddons
>
>
> Description
> -------
>
> I was seeing a systematic crash on exitting kdenlive5, on OS X deep under the \
> `delete menu()` instruction in `KSelectAction::~KSelectAction`. The backtrace \
> suggested this might be due to a pending event (or an event due to the menu \
> deletion) being delivered post-mortem to an instance of a QMenu related class.
> My fix is based on 3 principles:
> 1) release the "foreign" member instance (`menu()`) before releasing the own d-ptr
> 2) Remove the QMenu instance from ourselves before deleting it to have one less \
> potential dangling reference to it 3) QMenu is a QObject descendent that \
> corresponds to a UI element: on OS X it is safer to dispose these through \
> `deleteLater()` rather than directly.
>
> Diffs
> -----
>
> src/kselectaction.cpp 1381099
>
> Diff: https://git.reviewboard.kde.org/r/126725/diff/
>
>
> Testing
> -------
>
> On OS X 10.9.5, Qt 5.5.1 and KF5 Frameworks 5.16.0, built for installation under \
> /opt/local .
> It seems that points 1) and 2) above already solve the crash issue in kdenlive on \
> OS X, but the general principle stands so I suggest keeping 3) in library code like \
> this.
>
> Thanks,
>
> René J.V. Bertin
>
>
--===============4847133609290710195==
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 8bit
<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="12" style="border: 1px #c9c399 \
solid; border-radius: 6px; -moz-border-radius: 6px; -webkit-border-radius: 6px;"> \
<tr> <td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://git.reviewboard.kde.org/r/126725/">https://git.reviewboard.kde.org/r/126725/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;"> <p style="margin-top: 0;">On January 12th, 2016, 10:49 p.m. CET, <b>David \
Faure</b> wrote:</p> <blockquote style="margin-left: 1em; border-left: 2px solid \
#d0d0d0; padding-left: 10px;"> <pre style="white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: \
inherit;white-space: inherit;">Can I see the backtrace, with a description of how \
this gets triggered? I'm not sure the issue is fully understood (as shown by the use \
of "might" in the description...).</p> <p style="padding: 0;text-rendering: \
inherit;margin: 0;line-height: inherit;white-space: inherit;">Is the action being \
destroyed by clicking into a submenu of the action? Otherwise I don't get the \
relation with the fix.</p></pre> </blockquote>
</blockquote>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: \
0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">A \
CrashReporter backtrace I still had logged:</p> <p style="padding: 0;text-rendering: \
inherit;margin: 0;line-height: inherit;white-space: inherit;"><div class="codehilite" \
style="background: #f8f8f8"><pre style="line-height: 125%">Exception Type: \
EXC_BAD_ACCESS (SIGSEGV) Exception Codes: EXC_I386_GPFLT
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 org.qt-project.QtCore 0x000000010cbac886 QObject::property(char const*) \
const + 150 (qlist.h:105) 1 libqcocoa.dylib 0x000000011189e37a \
QCocoaMenuItem::~QCocoaMenuItem() + 58 (qcocoamenuitem.mm:109) 2 libqcocoa.dylib \
0x000000011189e52e QCocoaMenuItem::~QCocoaMenuItem() + 14 (qcocoamenuitem.mm:106) 3 \
org.qt-project.QtWidgets 0x000000010b2989bd QMenu::actionEvent(QActionEvent*) \
+ 749 (qmenu.cpp:3224) 4 org.qt-project.QtWidgets 0x000000010b1643d0 \
QWidget::event(QEvent*) + 1232 (qwidget.cpp:9044) 5 org.qt-project.QtWidgets \
0x000000010b296bdc QMenu::event(QEvent*) + 1164 (qmenu.cpp:2678) 6 \
org.qt-project.QtWidgets 0x000000010b12653b \
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 251 (qapplication.cpp:3716) 7 \
org.qt-project.QtWidgets 0x000000010b1298f4 QApplication::notify(QObject*, \
QEvent*) + 8212 (qapplication.cpp:3681) 8 org.qt-project.QtCore \
0x000000010cb7b433 QCoreApplication::notifyInternal(QObject*, QEvent*) + 115 \
(qthread_p.h:291) 9 org.qt-project.QtWidgets 0x000000010b1582ed \
QWidget::removeAction(QAction*) + 125 (qcoreapplication.h:224) 10 \
org.qt-project.QtWidgets 0x000000010b11c711 QAction::~QAction() + 97 \
(qaction.cpp:566) 11 org.qt-project.QtWidgets 0x000000010b16d16c \
QWidgetAction::~QWidgetAction() + 444 (qwidgetaction.cpp:122) 12 \
libKF5WidgetsAddons.5.dylib 0x000000010acddd80 KSelectAction::~KSelectAction() + \
64 (kselectaction.cpp:99) 13 org.qt-project.QtCore 0x000000010cba3d75 \
QObjectPrivate::deleteChildren() + 245 (qobject.cpp:1943) 14 \
org.qt-project.QtWidgets 0x000000010b153ee1 QWidget::~QWidget() + 1441 \
(qwidget.cpp:1658) 15 0x00000001093c16bb Bin::~Bin() \
+ 1067 (bin.cpp:456) 16 0x00000001093c181e \
Bin::~Bin() + 14 (bin.cpp:438) 17 0x0000000109443d3e \
Core::~Core() + 62 (core.cpp:43) 18 \
0x000000010940c95f MainWindow::~MainWindow() + 207 (mainwindow.cpp:549) 19 \
0x000000010940cd45 MainWindow::~MainWindow() + 21 (mainwindow.cpp:542) 20 \
org.qt-project.QtCore 0x000000010cba4748 QObject::event(QEvent*) + 776 \
(qobject.cpp:4455) 21 org.qt-project.QtWidgets 0x000000010b164d26 \
QWidget::event(QEvent*) + 3622 (qwidget.cpp:9105) 22 org.qt-project.QtWidgets \
0x000000010b26c45f QMainWindow::event(QEvent*) + 911 (qmainwindow.cpp:1495) 23 \
libKF5XmlGui.5.dylib 0x000000010a81e810 KMainWindow::event(QEvent*) + 624 \
(kmainwindow.cpp:829) 24 libKF5XmlGui.5.dylib 0x000000010a856398 \
KXmlGuiWindow::event(QEvent*) + 24 (kxmlguiwindow.cpp:118) 25 \
org.qt-project.QtWidgets 0x000000010b12653b \
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 251 (qapplication.cpp:3716) \
26 org.qt-project.QtWidgets 0x000000010b1298f4 QApplication::notify(QObject*, \
QEvent*) + 8212 (qapplication.cpp:3681) 27 org.qt-project.QtCore \
0x000000010cb7c0db QCoreApplicationPrivate::sendPostedEvents(QObject*, int, \
QThreadData*) + 971 (qthread_p.h:291) 28 org.qt-project.QtCore \
0x000000010cb7ba2c QCoreApplication::exec() + 412 (qcoreapplication.cpp:1240) 29 \
0x00000001093f3761 main + 10257 (main.cpp:118) 30 libdyld.dylib \
0x00007fff8508c5fd start + 1 </pre></div>
</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: \
inherit;white-space: inherit;">When I say crash-on-exit, I mean that the crash occurs \
after selecting the Quit menu item, or closing the main window.</p></pre> <br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;"> <p style="margin-top: 0;">On January 12th, 2016, 10:49 p.m. CET, <b>David \
Faure</b> wrote:</p> <blockquote style="margin-left: 1em; border-left: 2px solid \
#d0d0d0; padding-left: 10px;">
<table width="100%" border="0" bgcolor="white" style="border: 1px solid #C0C0C0; \
border-collapse: collapse; margin: 2px padding: 2px;"> <thead>
<tr>
<th colspan="4" bgcolor="#F0F0F0" style="border-bottom: 1px solid #C0C0C0; \
font-size: 9pt; padding: 4px 8px; text-align: left;"> <a \
href="https://git.reviewboard.kde.org/r/126725/diff/1/?file=430463#file430463line101" \
style="color: black; font-weight: bold; text-decoration: \
underline;">src/kselectaction.cpp</a> <span style="font-weight: normal;">
(Diff revision 1)
</span>
</th>
</tr>
</thead>
<tbody style="background-color: #e4d9cb; padding: 4px 8px; text-align: center;">
<tr>
<td colspan="4"><pre style="font-size: 8pt; line-height: 140%; margin: 0; \
">KSelectAction::KSelectAction(KSelectActionPrivate &dd, QObject \
*parent)</pre></td>
</tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">101</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="n">setMenu</span><span class="p">(</span><span class="n">Q_NULLPTR</span><span \
class="p">);</span></pre></td> </tr>
</tbody>
</table>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: \
0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">This \
seems unnecessary and wasteful (it sends an ActionChanged event). You're not deleting \
the menu right now anyway, you're using deleteLater. So the action will be gone \
before the menu is deleted, therefore the action will never have a dangling pointer \
to the menu.</p></pre> </blockquote>
</blockquote>
<pre style="margin-left: 1em; white-space: pre-wrap; white-space: -moz-pre-wrap; \
white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p \
style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: \
inherit;">It's almost impossible to debug this kind of situation because an \
interactive debugging session will alter the event flow. It does look like we're \
dealing only with Qt events here, no pending native events that get delivered to ObjC \
objects. Doesn't the menu have its parent set to the action (KSelectAction), and if \
so, will that relationship be broken when the action gets deleted? Because if not, \
it's the menu that could have a dangling pointer to the action, no? Also, remember \
that using deleteLater isn't required to prevent the systematic crash-on-exit. I \
suppose I could try to see if deleting the d-ptr last is the most important change \
here.</p></pre> <br />
<p>- René J.V.</p>
<br />
<p>On January 12th, 2016, 2:14 p.m. CET, René J.V. Bertin wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="12" style="border: \
1px #888a85 solid; border-radius: 6px; -moz-border-radius: 6px; \
-webkit-border-radius: 6px;"> <tr>
<td>
<div>Review request for KDE Frameworks and Christoph Feck.</div>
<div>By René J.V. Bertin.</div>
<p style="color: grey;"><i>Updated Jan. 12, 2016, 2:14 p.m.</i></p>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt;">Repository: </b>
kwidgetsaddons
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" \
style="border: 1px solid #b8b5a0"> <tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: \
inherit;white-space: inherit;">I was seeing a systematic crash on exitting kdenlive5, \
on OS X deep under the <code style="text-rendering: inherit;color: #4444cc;padding: \
0;white-space: normal;margin: 0;line-height: inherit;">delete menu()</code> \
instruction in <code style="text-rendering: inherit;color: #4444cc;padding: \
0;white-space: normal;margin: 0;line-height: \
inherit;">KSelectAction::~KSelectAction</code>. The backtrace suggested this might be \
due to a pending event (or an event due to the menu deletion) being delivered \
post-mortem to an instance of a QMenu related class.</p> <p style="padding: \
0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">My \
fix is based on 3 principles: 1) release the "foreign" member instance (<code \
style="text-rendering: inherit;color: #4444cc;padding: 0;white-space: normal;margin: \
0;line-height: inherit;">menu()</code>) before releasing the own d-ptr 2) Remove the \
QMenu instance from ourselves before deleting it to have one less potential dangling \
reference to it 3) QMenu is a QObject descendent that corresponds to a UI element: on \
OS X it is safer to dispose these through <code style="text-rendering: inherit;color: \
#4444cc;padding: 0;white-space: normal;margin: 0;line-height: \
inherit;">deleteLater()</code> rather than directly.</p></pre> </td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: \
1px solid #b8b5a0"> <tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: \
inherit;white-space: inherit;">On OS X 10.9.5, Qt 5.5.1 and KF5 Frameworks 5.16.0, \
built for installation under /opt/local .</p> <p style="padding: 0;text-rendering: \
inherit;margin: 0;line-height: inherit;white-space: inherit;">It seems that points 1) \
and 2) above already solve the crash issue in kdenlive on OS X, but the general \
principle stands so I suggest keeping 3) in library code like this.</p></pre> </td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>src/kselectaction.cpp <span style="color: grey">(1381099)</span></li>
</ul>
<p><a href="https://git.reviewboard.kde.org/r/126725/diff/" style="margin-left: \
3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>
--===============4847133609290710195==--
[Attachment #3 (text/plain)]
_______________________________________________
Kde-frameworks-devel mailing list
Kde-frameworks-devel@kde.org
https://mail.kde.org/mailman/listinfo/kde-frameworks-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic