Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-140074

Crash in QQmlPrivate::callArrowFunctionAsVariant() when using qmlcachegen

XMLWordPrintable

    • Linux/X11
    • 7105eb6d0 (dev), d478f1112 (6.10), 37b529d2d (6.9)

      After switching from 6.8.3 to 6.9.2 we are encountering a crash in QQmlPrivate::callArrowFunctionAsVariant() when the QML is compiled.

      Passing NO_CACHEGEN prevents the crash.

      Here is the stacktrace

       0# signal_handler(int) at main.cpp
 1# 0x00007DA92A645330 in /lib/x86_64-linux-gnu/libc.so.6
 2# QQmlPrivate::callArrowFunctionAsVariant(QV4::ExecutionEngine*, QV4::ArrowFunction*, QObject*, void**, int) at /home/qt/work/qt/qtdeclarative/src/qml/qml/qqml.cpp:2148
 3# QQmlPrivate::AOTCompiledContext::callObjectPropertyLookup(unsigned int, QObject*, void**, int) const in /opt/Qt/6.9.2/lib/libQt6Qml.so.6
 4# QmlCacheGeneratedCode::_com_0x2e_..._MyComboBox_qml::aotBuiltFunctions::{lambda(QQmlPrivate::AOTCompiledContext const*, void**)#6}::operator()(QQmlPrivate::AOTCompiledContext const, void*) const::{lambda()#1}::operator()() const at /builds/src/.rcc/qmlcache/MyComboBox_qml.cpp:955
 5# QmlCacheGeneratedCode::_com_0x2e_..._MyComboBox_qml::aotBuiltFunctions::{lambda(QQmlPrivate::AOTCompiledContext const*, void**)#3}::operator()(QQmlPrivate::AOTCompiledContext const*, void**) const at /builds/src/.rcc/qmlcache/MyComboBox_qml.cpp:962
 6# QmlCacheGeneratedCode::_com_0x2e_..._MyComboBox_qml::aotBuiltFunctions::{lambda(QQmlPrivate::AOTCompiledContext const*, void**)#6}::_FUN(QQmlPrivate::AOTCompiledContext const, void*) at /builds/src/.rcc/qmlcache/MyComboBox_qml.cpp:986
 7# void QV4::coerceAndCall<AOTCompiledMetaMethod, QV4::Moth::VME::exec(QV4::MetaTypesStackFrame*, QV4::ExecutionEngine*)::$_0>(QV4::ExecutionEngine*, AOTCompiledMetaMethod const*, void**, QMetaType const*, int, QV4::Moth::VME::exec(QV4::MetaTypesStackFrame*, QV4::ExecutionEngine*)::$_0) at /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4jscall_p.h:585
 8# QV4::Moth::VME::exec(QV4::MetaTypesStackFrame*, QV4::ExecutionEngine*) in /opt/Qt/6.9.2/lib/libQt6Qml.so.6
 9# QV4::Function::call(QObject*, void**, QMetaType const*, int, QV4::ExecutionContext*) at /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4function.cpp:37
10# QQmlJavaScriptExpression::evaluate(void**, QMetaType const*, int) at /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:270
11# QQmlBoundSignalExpression::evaluate(void**) in /opt/Qt/6.9.2/lib/libQt6Qml.so.6
12# QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) at /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:316
13# QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) at /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:71
14# void doActivate<false>(QObject*, int, void**) in /opt/Qt/6.9.2/lib/libQt6Core.so.6
15# QQuickComboBox::setCurrentIndex(int) at /home/qt/work/qt/qtdeclarative/src/quicktemplates/qquickcombobox.cpp:1147

      I am using my own style.
      If I remove "import MyStyle" from MyComboBox.qml, the bug does not occur without any change to the UI.

      The last call in MyComboBox_qml.cpp is callObjectPropertyLookup() in:

      const auto doCall = [&]() {
    void *args[] = {nullptr};
    return aotContext->callObjectPropertyLookup(9, v2_1, args, 0);
};

      This code is called multiple times, each time v2_1 is QQmlPrivate::QQmlElement<QQuickTextField>
      except the last time where the debugger reads <no such value>

      MyComboBox is nested inside another MyItem.
      MyItem, as a QQmlComponent*, is set as the source component of a Loader.
      The crash only occurs the 2nd time it is set on the Loader, if another QQmlComponent has been assigned to the Loader in between.

      Schematically:

      loader.sourceComponent = myItemComponent
loader.sourceComponent = anotherComponent
loader.sourceComponent = myItemComponent // crash
      MyComboBox_qml.cpp
      [](const QQmlPrivate::AOTCompiledContext *aotContext, void **argv) {
    Q_UNUSED(aotContext)
    Q_UNUSED(argv)
    // expression for onCurrentIndexChanged at line 21, column 5
    QObject *v2_1;
    // generate_CreateCallContext
    {
        {
        }
// generate_LoadQmlContextPropertyLookup
#ifndef QT_NO_DEBUG
        aotContext->setInstructionPointer(3);
#endif
        while (!aotContext->loadScopeObjectPropertyLookup(8, &v2_1)) {
#ifdef QT_NO_DEBUG
            aotContext->setInstructionPointer(3);
#endif
            aotContext->initLoadScopeObjectPropertyLookup(8);
            if (aotContext->engine->hasError()) {
                aotContext->setReturnValueUndefined();
                return;
            }
        }
        {
        }
        // generate_StoreReg
        {
        }
        // generate_CallPropertyLookup
        {
            const auto doCall = [&]() {
                void *args[] = {nullptr};
                return aotContext->callObjectPropertyLookup(9, v2_1, args, 0);
            };
            const auto doInit = [&]() {
                aotContext->initCallObjectPropertyLookupAsVariant(9, v2_1);
            };
#ifndef QT_NO_DEBUG
            aotContext->setInstructionPointer(10);
#endif
            while (!doCall()) {
#ifdef QT_NO_DEBUG
                aotContext->setInstructionPointer(10);
#endif
                doInit();
                if (aotContext->engine->hasError()) {
                    aotContext->setReturnValueUndefined();
                    return;
                }
            }
        }
        {
        }
        {
        }
        // generate_PopContext
        {
        }
    }
    {
    }
    {
    }
    // generate_Ret
    return;
}
      MyComboBox.qml
      import QtQuick
import QtQuick.Controls
import MyStyle

ComboBox {
    id: control
    property alias specialEntries: myModel.specialEntries
    property string currentId

    onCurrentIdChanged: currentIndex = indexOfValue(currentId)
    onCurrentValueChanged: {
        if (currentValue !== undefined) {
            currentId = currentValue;
        }
    }
    
    
    
    
    
    onCurrentIndexChanged: contentItem.update()

    height: 40
    textRole: "name"
    valueRole: "id"
    currentIndex: 0

    model: MyModel {
        id: myModel
        onDataChanged: (from, to, roles) => {
            if (control.currentIndex >= from.row && control.currentIndex <= to.row) {
                contentItem.update();
            }
        }
    }

    onCountChanged: {
        let currentIndex = indexOfValue(currentId);
        if (currentIndex < 0 || currentIndex >= count) {
            currentIndex = 0;
        }
        control.currentIndex = currentIndex;
        contentItem.update();
    }

    contentItem: Badge {
        rightPadding: control.width - control.indicator.x + control.spacing

        function update() {
            const modelIndex = control.model.index(control.currentIndex, 0);
            if (modelIndex.valid) {
                name = modelIndex.data(MyModel.Name);
                icon = modelIndex.data(MyModel.IconUrl);
            }
        }
    }

    delegate: MenuItem {
        required property var modelData
        width: control.width
        height: control.height

        Badge {
            anchors.fill: parent
            name: modelData.name
            icon: modelData.iconUrl
        }
    }
}

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            ulherman Ulf Hermann
            bterrier Benjamin Terrier
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes