Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-31555

V8 assertion on QQmlEngine destruction, related to a C++ object being deleted trying to call through to bindings

    XMLWordPrintable

Details

    Description

      This is the crash I mentioned in QTBUG-31553. Unfortunately I have been unable to generate a small testcase, but I'm going to try to provide as much information here as I can.

      Here's the stack:

       	Qt5V8d.dll!v8::internal::OS::DebugBreak()  Line 1044	C++
 	Qt5V8d.dll!v8::internal::OS::Abort()  Line 1031	C++
 	Qt5V8d.dll!V8_Fatal(const char * file, int line, const char * format, ...)  Line 59	C++
 	Qt5V8d.dll!v8::internal::Handle<v8::internal::JSFunction>::operator*()  Line 64 + 0x1e bytes	C++
 	Qt5V8d.dll!v8::internal::Handle<v8::internal::JSFunction>::operator->()  Line 64 + 0xf bytes	C++
 	Qt5V8d.dll!v8::Function::NewInstance(int argc, v8::Handle<v8::Value> * argv)  Line 3756 + 0x19 bytes	C++
 	Qt5V8d.dll!v8::Function::NewInstance()  Line 3750 + 0x10 bytes	C++
 	Qt5Qmld.dll!QV8VariantWrapper::newVariant(const QVariant & value)  Line 152 + 0x17 bytes	C++
 	Qt5Qmld.dll!QV8Engine::fromVariant(const QVariant & variant)  Line 444 + 0x1c bytes	C++
 	Qt5Qmld.dll!LoadProperty<&ReadAccessor::Indirect>(QV8Engine * engine, QObject * object, const QQmlPropertyData & property, QQmlNotifier * * notifier)  Line 472 + 0x10 bytes	C++
 	Qt5Qmld.dll!QV8QObjectWrapper::GetProperty(QV8Engine * engine, QObject * object, v8::Handle<v8::Value> * objectHandle, const QHashedV8String & property, QQmlContextData * context, QV8QObjectWrapper::RevisionMode revisionMode)  Line 590 + 0x17 bytes	C++
 	Qt5Qmld.dll!QV8QObjectWrapper::Getter(v8::Local<v8::String> property, const v8::AccessorInfo & info)  Line 763 + 0x1f bytes	C++
 	Qt5V8d.dll!v8::internal::LoadWithInterceptor(v8::internal::Arguments * args, PropertyAttributes * attrs)  Line 1127 + 0x1e bytes	C++
 	Qt5V8d.dll!v8::internal::LoadPropertyWithInterceptorForLoad(v8::internal::Arguments args, v8::internal::Isolate * isolate)  Line 1154 + 0xd bytes	C++
 	1430a236()	
 	Qt5V8d.dll!v8::internal::Invoke(bool is_construct, v8::internal::Handle<v8::internal::JSFunction> function, v8::internal::Handle<v8::internal::Object> receiver, int argc, v8::internal::Handle<v8::internal::Object> * args, bool * has_pending_exception, v8::internal::Handle<v8::internal::Object> qml)  Line 125 + 0x17 bytes	C++
 	Qt5V8d.dll!v8::internal::Execution::Call(v8::internal::Handle<v8::internal::Object> callable, v8::internal::Handle<v8::internal::Object> receiver, int argc, v8::internal::Handle<v8::internal::Object> * argv, bool * pending_exception, bool convert_receiver, v8::internal::Handle<v8::internal::Object> qml)  Line 201 + 0x23 bytes	C++
 	Qt5V8d.dll!v8::internal::Execution::Call(v8::internal::Handle<v8::internal::Object> callable, v8::internal::Handle<v8::internal::Object> receiver, int argc, v8::internal::Handle<v8::internal::Object> * argv, bool * pending_exception, bool convert_receiver)  Line 168 + 0x2d bytes	C++
 	Qt5V8d.dll!v8::Function::Call(v8::Handle<v8::Object> recv, int argc, v8::Handle<v8::Value> * argv)  Line 3788 + 0x27 bytes	C++
 	Qt5Qmld.dll!QQmlJavaScriptExpression::evaluate(QQmlContextData * context, v8::Handle<v8::Function> function, int argc, v8::Handle<v8::Value> * args, bool * isUndefined)  Line 180 + 0x20 bytes	C++
 	Qt5Qmld.dll!QQmlJavaScriptExpression::evaluate(QQmlContextData * context, v8::Handle<v8::Function> function, bool * isUndefined)  Line 127 + 0x1c bytes	C++
 	Qt5Qmld.dll!QV8Bindings::Binding::update(QFlags<enum QQmlPropertyPrivate::WriteFlag> flags)  Line 180	C++
 	Qt5Qmld.dll!QV8Bindings::Binding::expressionChanged(QQmlJavaScriptExpression * e)  Line 221	C++
 	Qt5Qmld.dll!QQmlJavaScriptExpressionGuard_callback(QQmlNotifierEndpoint * e, void * * __formal)  Line 426 + 0x11 bytes	C++
 	Qt5Qmld.dll!QQmlNotifier::emitNotify(QQmlNotifierEndpoint * endpoint, void * * a)  Line 83 + 0x1d bytes	C++
 	Qt5Qmld.dll!QQmlData::signalEmitted(QAbstractDeclarativeData * __formal, QObject * object, int index, void * * a)  Line 658 + 0x13 bytes	C++
 	Qt5Cored.dll!QMetaObject::activate(QObject * sender, int signalOffset, int local_signal_index, void * * argv)  Line 3372 + 0x1e bytes	C++
 	Qt5Qmld.dll!QQmlVMEMetaObject::activate(QObject * object, int index, void * * args)  Line 1350 + 0x25 bytes	C++
 	Qt5Qmld.dll!QQmlVMEMetaObject::metaCall(QMetaObject::Call c, int _id, void * * a)  Line 837	C++
 	Qt5Cored.dll!QAbstractDynamicMetaObject::metaCall(QObject * __formal, QMetaObject::Call c, int _id, void * * a)  Line 413 + 0x20 bytes	C++
 	Qt5Cored.dll!QMetaObject::metacall(QObject * object, QMetaObject::Call cl, int idx, void * * argv)  Line 305 + 0x2e bytes	C++
 	Qt5Qmld.dll!QQmlPropertyPrivate::writeBinding(QObject * object, const QQmlPropertyData & core, QQmlContextData * context, QQmlJavaScriptExpression * expression, v8::Handle<v8::Value> result, bool isUndefined, QFlags<enum QQmlPropertyPrivate::WriteFlag> flags)  Line 1524 + 0x62 bytes	C++
 	Qt5Qmld.dll!QV8Bindings::Binding::update(QFlags<enum QQmlPropertyPrivate::WriteFlag> flags)  Line 185 + 0x50 bytes	C++
 	Qt5Qmld.dll!QV8Bindings::Binding::expressionChanged(QQmlJavaScriptExpression * e)  Line 221	C++
 	Qt5Qmld.dll!QQmlJavaScriptExpressionGuard_callback(QQmlNotifierEndpoint * e, void * * __formal)  Line 426 + 0x11 bytes	C++
 	Qt5Qmld.dll!QQmlNotifier::emitNotify(QQmlNotifierEndpoint * endpoint, void * * a)  Line 83 + 0x1d bytes	C++
 	Qt5Qmld.dll!QQmlNotifier::emitNotify(QQmlNotifierEndpoint * endpoint, void * * a)  Line 78 + 0x10 bytes	C++
 	Qt5Qmld.dll!QQmlData::signalEmitted(QAbstractDeclarativeData * __formal, QObject * object, int index, void * * a)  Line 658 + 0x13 bytes	C++
 	Qt5Cored.dll!QMetaObject::activate(QObject * sender, int signalOffset, int local_signal_index, void * * argv)  Line 3372 + 0x1e bytes	C++
 	Qt5Qmld.dll!QQmlVMEMetaObject::activate(QObject * object, int index, void * * args)  Line 1350 + 0x25 bytes	C++
 	Qt5Qmld.dll!QQmlVMEMetaObject::metaCall(QMetaObject::Call c, int _id, void * * a)  Line 837	C++
 	Qt5Cored.dll!QAbstractDynamicMetaObject::metaCall(QObject * __formal, QMetaObject::Call c, int _id, void * * a)  Line 413 + 0x20 bytes	C++
 	Qt5Cored.dll!QMetaObject::metacall(QObject * object, QMetaObject::Call cl, int idx, void * * argv)  Line 305 + 0x2e bytes	C++
 	Qt5Qmld.dll!QQmlPropertyPrivate::write(QObject * object, const QQmlPropertyData & property, const QVariant & value, QQmlContextData * context, QFlags<enum QQmlPropertyPrivate::WriteFlag> flags)  Line 1341 + 0x17 bytes	C++
 	Qt5Qmld.dll!QQmlPropertyPrivate::writeValueProperty(QObject * object, const QQmlPropertyData & core, const QVariant & value, QQmlContextData * context, QFlags<enum QQmlPropertyPrivate::WriteFlag> flags)  Line 1270 + 0x19 bytes	C++
 	Qt5Qmld.dll!QQmlPropertyPrivate::writeBinding(QObject * object, const QQmlPropertyData & core, QQmlContextData * context, QQmlJavaScriptExpression * expression, v8::Handle<v8::Value> result, bool isUndefined, QFlags<enum QQmlPropertyPrivate::WriteFlag> flags)  Line 1590 + 0x19 bytes	C++
 	Qt5Qmld.dll!QV8Bindings::Binding::update(QFlags<enum QQmlPropertyPrivate::WriteFlag> flags)  Line 185 + 0x50 bytes	C++
 	Qt5Qmld.dll!QV8Bindings::Binding::expressionChanged(QQmlJavaScriptExpression * e)  Line 221	C++
 	Qt5Qmld.dll!QQmlJavaScriptExpressionGuard_callback(QQmlNotifierEndpoint * e, void * * __formal)  Line 426 + 0x11 bytes	C++
 	Qt5Qmld.dll!QQmlNotifier::emitNotify(QQmlNotifierEndpoint * endpoint, void * * a)  Line 83 + 0x1d bytes	C++
 	Qt5Qmld.dll!QQmlNotifier::emitNotify(QQmlNotifierEndpoint * endpoint, void * * a)  Line 78 + 0x10 bytes	C++
 	Qt5Qmld.dll!QQmlData::signalEmitted(QAbstractDeclarativeData * __formal, QObject * object, int index, void * * a)  Line 658 + 0x13 bytes	C++
 	Qt5Cored.dll!QMetaObject::activate(QObject * sender, int signalOffset, int local_signal_index, void * * argv)  Line 3372 + 0x1e bytes	C++
 	Qt5Qmld.dll!QQmlVMEMetaObject::activate(QObject * object, int index, void * * args)  Line 1350 + 0x25 bytes	C++
 	Qt5Qmld.dll!QQmlVMEVariantQObjectPtr::objectDestroyed(QObject * __formal)  Line 77	C++
 	Qt5Qmld.dll!QQmlData::destroyed(QObject * object)  Line 1603	C++
 	Qt5Qmld.dll!QQmlData::destroyed(QAbstractDeclarativeData * d, QObject * o)  Line 574	C++
>	Qt5Cored.dll!QObject::~QObject()  Line 781 + 0x14 bytes	C++
 	qtquickgui.dll!bacon::gui::QmlSession::~QmlSession()  Line 338 + 0xb2 bytes	C++
 	qtquickgui.dll!bacon::gui::QmlSession::`vector deleting destructor'()  + 0x54 bytes	C++
 	Qt5Qmld.dll!QV8QObjectWrapper::deleteWeakQObject(QV8QObjectResource * resource, bool calledFromEngineDtor)  Line 1179 + 0x21 bytes	C++
 	Qt5Qmld.dll!QV8QObjectWrapper::destroy()  Line 220	C++
 	Qt5Qmld.dll!QV8Engine::~QV8Engine()  Line 198	C++
 	Qt5Qmld.dll!QV8Engine::`vector deleting destructor'()  + 0x50 bytes	C++
 	Qt5Qmld.dll!QJSEngine::~QJSEngine()  Line 205 + 0x23 bytes	C++
 	Qt5Qmld.dll!QQmlEngine::~QQmlEngine()  Line 861 + 0x10 bytes	C++
 	Qt5Qmld.dll!QQmlApplicationEngine::~QQmlApplicationEngine()  Line 227 + 0x8 bytes	C++

      V8 reports:

      #
# Fatal error in c:\users\josh\st\qt5\qtjsbackend\src\3rdparty\v8\src\handles-inl.h, line 64
# CHECK(location_ != 0) failed
#


==== Stack trace ============================================

Security context: 27F09619 <JS Object>#0#
    1: $text [file:///C:/Users/josh/st/qt5/qtbase/qml/QtQuick/Controls/Styles/Desktop/ButtonStyle.qml:4] (this=27F096C1
<JS Global Object>#1#)

==== Details ================================================

[1]: $text [file:///C:/Users/josh/st/qt5/qtbase/qml/QtQuick/Controls/Styles/Desktop/ButtonStyle.qml:4] (this=27F096C1 <J
S Global Object>#1#) {
  // expression stack (top to bottom)
  [06] : 14626596
  [05] : 27F08091 <undefined>
  [04] : 3D7CF47D <JS Object>#2#
  [03] : 3D7CF47D <JS Object>#2#
  [02] : 27F2C0B1 <InterceptorInfo>#3#
  [01] : 1C51DD41 <String[10]: iconSource>
  [00] : 3F431A65 <JS Function $text>#4#
--------- s o u r c e   c o d e ---------
function $text() { return control.iconSource === "" ? "" : control.text }
-----------------------------------------
}

==== Key         ============================================

 #0# 27F09619: 27F09619 <JS Object>
 #1# 27F096C1: 27F096C1 <JS Global Object>
 #2# 3D7CF47D: 3D7CF47D <JS Object>
 #3# 27F2C0B1: 27F2C0B1 <InterceptorInfo>
 #4# 3F431A65: 3F431A65 <JS Function $text>
=====================

      The object being destroyed is owned by the JS engine, set via QQmlEngine::setObjectOwnership, and returned via a function call (it's actually in a list returned to JS).

      At (close to) the top of the stack, in

      >	Qt5Qmld.dll!QV8VariantWrapper::newVariant(const QVariant & value)  Line 152 + 0x17 bytes	C++

      m_constructor is NULL at qv8variantwrapper.cpp:152:

          if (scarceResource) {
        QQmlEnginePrivate *ep = QQmlEnginePrivate::get(m_engine->engine());
        Q_ASSERT(ep->scarceResourcesRefCount);
        rv = m_scarceConstructor->NewInstance();
        r->m_isScarceResource = true;
        ep->scarceResources.insert(r);
    } else {
        rv = m_constructor->NewInstance();       <---------- Here
    }

      I can provide more information if you'll let me know where in the stack would be most useful to get it from. I haven't had much luck trying to introspect into the various V8 and Qml structures in the debugger.

      Likely a solution for QTBUG-31553 would fix this as well, but like I said in that ticket I don't know if it's intended behavior.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            aalpert Alan Alpert
            jfaust Josh Faust
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes