Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-111729

Assertion failed in QJSEngine when repeatedly deleting & adding property getters on an object

    XMLWordPrintable

Details

    • All
    • 642d531e4 (dev), 308f785c7 (6.7), f17168ef8 (6.6), 912886afe (tqtc/lts-6.5), c81160d20 (tqtc/lts-6.2)

    Description

      This simple program crashes after iteration 64.
       

      #include <QCoreApplication>
      #include <QJSEngine>
      
      int main(int argc, char *argv[])
      {
        QCoreApplication a(argc, argv);
      
        QJSEngine engine;
        QStringList stackTrace;
      
        engine.installExtensions(QJSEngine::AllExtensions);
      
        QJSValue result = engine.evaluate(uR"(
        let global = ({})
      
        for(let j = 0; j < 1000; j++) {
          console.info("Iteration", j)
          for(let i = 0; i < 2; i++) {
            const name = "test" + i
            delete global[name]
            Object.defineProperty(global, name, { get() { return 0 }, configurable: true })
          }
        }
        )"_qs, {}, 1, &stackTrace);
      
        qInfo() << "Result" << result.toString() << stackTrace;
      }
      

      With the following error:

      ASSERT: "id.isStringOrSymbol()" in file C:\Users\qt\work\qt\qtdeclarative\include\QtQml\6.4.2\QtQml\private\../../../../../src/qml/jsruntime/qv4internalclass_p.h, line 351

      Note that reducing the number of iterations in the inner loop to 1 prevents the crash. It also only crashes when a getter is installed, with a simple value it keeps going.

      1  qt_message_fatal                            qlogging.cpp         1910 0x7ff98ed5df84 
      2  QMessageLogger::fatal                       qlogging.cpp         851  0x7ff98ed5c3e8 
      3  qt_assert                                   qglobal.cpp          3276 0x7ff98ed472b9 
      4  QV4::Heap::InternalClass::findValueOrGetter qv4internalclass_p.h 353  0x7ff970461dca 
      5  QV4::Object::internalGet                    qv4object.cpp        436  0x7ff9704793ac 
      6  QV4::Object::virtualGet                     qv4object.cpp        308  0x7ff970477132 
      7  QV4::Object::get                            qv4object_p.h        278  0x7ff97030f336 
      8  QV4::Object::setInternalClass               qv4object.cpp        43   0x7ff970474d62 
      9  QV4::Heap::InternalClass::changeMember      qv4internalclass.cpp 308  0x7ff970443ef3 
      10 QV4::Heap::InternalClass::removeMember      qv4internalclass.cpp 615  0x7ff970443f7d 
      11 QV4::Object::internalDeleteProperty         qv4object.cpp        582  0x7ff97047a071 
      12 QV4::Object::virtualDeleteProperty          qv4object.cpp        318  0x7ff97047719e 
      13 QV4::Object::deleteProperty                 qv4object_p.h        329  0x7ff97030db10 
      14 QV4::Runtime::DeleteProperty_NoThrow::call  qv4runtime.cpp       304  0x7ff970523d78 
      15 QV4::Runtime::DeleteProperty::call          qv4runtime.cpp       309  0x7ff970523ded 
      16 QV4::Moth::VME::interpret                   qv4vme_moth.cpp      1040 0x7ff970592a63 
      17 QV4::Moth::VME::exec                        qv4vme_moth.cpp      542  0x7ff97058d193 
      18 QV4::Function::call                         qv4function.cpp      62   0x7ff970422d62 
      19 QV4::Script::run                            qv4script.cpp        126  0x7ff97053a097 
      20 QJSEngine::evaluate                         qjsengine.cpp        522  0x7ff9702fdcfa 
      21 main                                        main.cpp             13   0x7ff649752a1d 
      

      The crash can also be reproduced on 6.5.0 beta 3

      Attachments

        For Gerrit Dashboard: QTBUG-111729
        # Subject Branch Project Status CR V

        Activity

          People

            ulherman Ulf Hermann
            pdegoeje Pieter de Goeje
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: