Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-111729

Assertion failed in QJSEngine when repeatedly deleting & adding property getters on an object

    XMLWordPrintable

Details

    • All
    • 642d531e4 (dev), 308f785c7 (6.7), f17168ef8 (6.6), 912886afe (tqtc/lts-6.5), c81160d20 (tqtc/lts-6.2)

    Description

      This simple program crashes after iteration 64.
       

      #include <QCoreApplication>
#include <QJSEngine>

int main(int argc, char *argv[])
{
  QCoreApplication a(argc, argv);

  QJSEngine engine;
  QStringList stackTrace;

  engine.installExtensions(QJSEngine::AllExtensions);

  QJSValue result = engine.evaluate(uR"(
  let global = ({})

  for(let j = 0; j < 1000; j++) {
    console.info("Iteration", j)
    for(let i = 0; i < 2; i++) {
      const name = "test" + i
      delete global[name]
      Object.defineProperty(global, name, { get() { return 0 }, configurable: true })
    }
  }
  )"_qs, {}, 1, &stackTrace);

  qInfo() << "Result" << result.toString() << stackTrace;
}

      With the following error:

      ASSERT: "id.isStringOrSymbol()" in file C:\Users\qt\work\qt\qtdeclarative\include\QtQml\6.4.2\QtQml\private\../../../../../src/qml/jsruntime/qv4internalclass_p.h, line 351

      Note that reducing the number of iterations in the inner loop to 1 prevents the crash. It also only crashes when a getter is installed, with a simple value it keeps going.

      1  qt_message_fatal                            qlogging.cpp         1910 0x7ff98ed5df84 
2  QMessageLogger::fatal                       qlogging.cpp         851  0x7ff98ed5c3e8 
3  qt_assert                                   qglobal.cpp          3276 0x7ff98ed472b9 
4  QV4::Heap::InternalClass::findValueOrGetter qv4internalclass_p.h 353  0x7ff970461dca 
5  QV4::Object::internalGet                    qv4object.cpp        436  0x7ff9704793ac 
6  QV4::Object::virtualGet                     qv4object.cpp        308  0x7ff970477132 
7  QV4::Object::get                            qv4object_p.h        278  0x7ff97030f336 
8  QV4::Object::setInternalClass               qv4object.cpp        43   0x7ff970474d62 
9  QV4::Heap::InternalClass::changeMember      qv4internalclass.cpp 308  0x7ff970443ef3 
10 QV4::Heap::InternalClass::removeMember      qv4internalclass.cpp 615  0x7ff970443f7d 
11 QV4::Object::internalDeleteProperty         qv4object.cpp        582  0x7ff97047a071 
12 QV4::Object::virtualDeleteProperty          qv4object.cpp        318  0x7ff97047719e 
13 QV4::Object::deleteProperty                 qv4object_p.h        329  0x7ff97030db10 
14 QV4::Runtime::DeleteProperty_NoThrow::call  qv4runtime.cpp       304  0x7ff970523d78 
15 QV4::Runtime::DeleteProperty::call          qv4runtime.cpp       309  0x7ff970523ded 
16 QV4::Moth::VME::interpret                   qv4vme_moth.cpp      1040 0x7ff970592a63 
17 QV4::Moth::VME::exec                        qv4vme_moth.cpp      542  0x7ff97058d193 
18 QV4::Function::call                         qv4function.cpp      62   0x7ff970422d62 
19 QV4::Script::run                            qv4script.cpp        126  0x7ff97053a097 
20 QJSEngine::evaluate                         qjsengine.cpp        522  0x7ff9702fdcfa 
21 main                                        main.cpp             13   0x7ff649752a1d

      The crash can also be reproduced on 6.5.0 beta 3

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            ulherman Ulf Hermann
            pdegoeje Pieter de Goeje
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: