'Re: Review Request: Fix crash due to Qthread member variable being deleted before it was finished.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Review Request: Fix crash due to Qthread member variable being deleted before it was finished.
From:       "Frank Reininghaus" <frank78ac () googlemail ! com>
Date:       2012-12-27 20:20:41
Message-ID: 20121227202041.27833.36002 () vidsolbach ! de
[Download RAW message or body]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/107656/#review24071
-----------------------------------------------------------


Thanks for the new patch and the analysis! I hadn't thought of the possibility that \
we might be dealing with more than one UpdateItemStatesThread yet.

"When an object gets deleted, its member variables get deleted too":

I'm afraid that this is incorrect. m_updateItemStatesThread is a *pointer* to an \
UpdateItemStatesThread. Member variables which are pointers are not deleted on \
destruction (unless they are children of the QObject being destructed, but that is \
not the case here). This means that the thread object is left alone when the \
VersionControlObserver is destructed, and the line "m_updateItemStatesThread=0;" in \
the destructor, which is supposed to fix the crash if I understand correctly, is \
essentially a no-op if I'm not mistaken.

Could you check if it makes any difference if you comment out that line, or if you \
add it in the state where you could reproduce the crash rather reliably?

I haven't looked at the other parts of the patch in much detail yet. At first sight, \
it looks like it might make sense though.

- Frank Reininghaus


On Dec. 24, 2012, 1:13 a.m., Simeon Bird wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/107656/
> -----------------------------------------------------------
> 
> (Updated Dec. 24, 2012, 1:13 a.m.)
> 
> 
> Review request for Dolphin and Frank Reininghaus.
> 
> 
> Description
> -------
> 
> Three commits here:
> 
> commit fecc4da9d614b9b3d0924a55e484b34187f0e743
> Author: Simeon Bird <spb41@ias.edu>
> Date:   Mon Dec 24 01:02:22 2012 +0000
> 
> When the VersionControlObserver is deleted, its member variable
> m_updateItemStatesThread is deleted too. If it has not yet finished,
> this will lead to a crash.
> 
> BUG: 302264
> FIXED-IN: 4.10
> 
> commit d35b01694ea8a9e695131d8f59e3e2bfd1863d02
> Author: Simeon Bird <spb41@ias.edu>
> Date:   Sun Dec 23 23:45:36 2012 +0000
> 
> The locking around the plugin access in actions doesn't seem to be
> necessary, as actions is only called from the main thread.
> 
> Also it wasn't checked consistently; if the lock could not be taken, the
> plugin was accessed anyway.
> 
> commit ae54fd78ea17332a60b601f4916b004fa9572fef
> Author: Simeon Bird <spb41@ias.edu>
> Date:   Sun Dec 23 23:45:04 2012 +0000
> 
> We don't need the mutex guarding m_itemStates in the
> UpdateItemStatesThread, because m_itemStates is only accessed by the
> when the thread is done, and set before the thread starts.
> 
> Also combine the setData function with the constructor.
> 
> For real! Probably a fix! I'll test this a bit more to be sure though.
> 
> 
> This addresses bug 302264.
> http://bugs.kde.org/show_bug.cgi?id=302264
> 
> 
> Diffs
> -----
> 
> dolphin/src/views/versioncontrol/updateitemstatesthread.h f0f91d7 
> dolphin/src/views/versioncontrol/updateitemstatesthread.cpp e07d72c 
> dolphin/src/views/versioncontrol/versioncontrolobserver.cpp 42e00de 
> 
> Diff: http://git.reviewboard.kde.org/r/107656/diff/
> 
> 
> Testing
> -------
> 
> Compiles, no crash yet. Will test more though.
> 
> 
> Thanks,
> 
> Simeon Bird
> 
> 


[Attachment #3 (text/html)]

<html>
 <body>
  <div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
   <table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 \
solid;">  <tr>
     <td>
      This is an automatically generated e-mail. To reply, visit:
      <a href="http://git.reviewboard.kde.org/r/107656/">http://git.reviewboard.kde.org/r/107656/</a>
  </td>
    </tr>
   </table>
   <br />





 <pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Thanks for the new patch \
and the analysis! I hadn&#39;t thought of the possibility that we might be dealing \
with more than one UpdateItemStatesThread yet.

&quot;When an object gets deleted, its member variables get deleted too&quot;:

I&#39;m afraid that this is incorrect. m_updateItemStatesThread is a *pointer* to an \
UpdateItemStatesThread. Member variables which are pointers are not deleted on \
destruction (unless they are children of the QObject being destructed, but that is \
not the case here). This means that the thread object is left alone when the \
VersionControlObserver is destructed, and the line \
&quot;m_updateItemStatesThread=0;&quot; in the destructor, which is supposed to fix \
the crash if I understand correctly, is essentially a no-op if I&#39;m not mistaken.

Could you check if it makes any difference if you comment out that line, or if you \
add it in the state where you could reproduce the crash rather reliably?

I haven&#39;t looked at the other parts of the patch in much detail yet. At first \
sight, it looks like it might make sense though.</pre>  <br />







<p>- Frank</p>


<br />
<p>On December 24th, 2012, 1:13 a.m., Simeon Bird wrote:</p>






<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" \
style="background-image: \
url('http://git.reviewboard.kde.org/media/rb/images/review_request_box_top_bg.png'); \
background-position: left top; background-repeat: repeat-x; border: 1px black \
solid;">  <tr>
  <td>

<div>Review request for Dolphin and Frank Reininghaus.</div>
<div>By Simeon Bird.</div>


<p style="color: grey;"><i>Updated Dec. 24, 2012, 1:13 a.m.</i></p>






<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
 <table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" \
style="border: 1px solid #b8b5a0">  <tr>
  <td>
   <pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">Three commits here:

commit fecc4da9d614b9b3d0924a55e484b34187f0e743
Author: Simeon Bird &lt;spb41@ias.edu&gt;
Date:   Mon Dec 24 01:02:22 2012 +0000

    When the VersionControlObserver is deleted, its member variable
    m_updateItemStatesThread is deleted too. If it has not yet finished,
    this will lead to a crash.
    
    BUG: 302264
    FIXED-IN: 4.10

commit d35b01694ea8a9e695131d8f59e3e2bfd1863d02
Author: Simeon Bird &lt;spb41@ias.edu&gt;
Date:   Sun Dec 23 23:45:36 2012 +0000

    The locking around the plugin access in actions doesn&#39;t seem to be
    necessary, as actions is only called from the main thread.
    
    Also it wasn&#39;t checked consistently; if the lock could not be taken, the
    plugin was accessed anyway.

commit ae54fd78ea17332a60b601f4916b004fa9572fef
Author: Simeon Bird &lt;spb41@ias.edu&gt;
Date:   Sun Dec 23 23:45:04 2012 +0000

    We don&#39;t need the mutex guarding m_itemStates in the
    UpdateItemStatesThread, because m_itemStates is only accessed by the
    when the thread is done, and set before the thread starts.
    
    Also combine the setData function with the constructor.

For real! Probably a fix! I&#39;ll test this a bit more to be sure though.</pre>
  </td>
 </tr>
</table>


<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: \
1px solid #b8b5a0">  <tr>
  <td>
   <pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">Compiles, no crash yet. Will test more though.</pre>  </td>
 </tr>
</table>



<div style="margin-top: 1.5em;">
 <b style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Bugs: </b>


 <a href="http://bugs.kde.org/show_bug.cgi?id=302264">302264</a>


</div>


<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">

 <li>dolphin/src/views/versioncontrol/updateitemstatesthread.h <span style="color: \
grey">(f0f91d7)</span></li>

 <li>dolphin/src/views/versioncontrol/updateitemstatesthread.cpp <span style="color: \
grey">(e07d72c)</span></li>

 <li>dolphin/src/views/versioncontrol/versioncontrolobserver.cpp <span style="color: \
grey">(42e00de)</span></li>

</ul>

<p><a href="http://git.reviewboard.kde.org/r/107656/diff/" style="margin-left: \
3em;">View Diff</a></p>




  </td>
 </tr>
</table>








  </div>
 </body>
</html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic