Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-66732

failing assert in memory manager

    XMLWordPrintable

Details

    Description

      There are 2 tests that end up with the same failing assert in MemorySegment::allocate.

      First is a test case originally reported for bug QTBUG-61356. The original issue for that bug has been fixed, but it now also runs into the assert both on qt5.9 and 5.11. The example code for that bug is attached here too.

      Then there is a second test, reported for QTBUG-62087. Again, the original issue of that bug is fixed, but now it runs into the assert when using qt5.9 (but not qt5.11). Code:

      import QtQuick 2.0
Item {
  Component.onCompleted: {
    var foo, chars;
    foo = new Array(250000 + 1).join('x');
    foo = new Array(264000 + 1).join('x');
    chars = foo.split('');
    chars = foo.split('');
    chars = foo.split('');
  }
}

      Failure:

      ASSERT: "availableBytes >= size" in file /Users/erik/dev/qt5.9/qtdeclarative/src/qml/memory/qv4mm.cpp, line 195

      Stack trace:

      * thread #1: tid = 0x1a1c46, 0x00007fff9464bd42 libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x00007fff9464bd42 libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff94739457 libsystem_pthread.dylib`pthread_kill + 90
    frame #2: 0x00007fff945b1420 libsystem_c.dylib`abort + 129
    frame #3: 0x0000000106aa138d libQt5Core_debug.5.dylib`QtNS::qt_message_fatal((null)=QtFatalMsg, context=0x00007fff5fbf8cc0, message=0x00007fff5fbf8a00) + 29 at qlogging.cpp:1690
    frame #4: 0x0000000106aa4fd1 libQt5Core_debug.5.dylib`QtNS::QMessageLogger::fatal(this=0x00007fff5fbf8cc0, msg="ASSERT: \"%s\" in file %s, line %d") const + 657 at qlogging.cpp:796
    frame #5: 0x0000000106a8764c libQt5Core_debug.5.dylib`QtNS::qt_assert(assertion="availableBytes >= size", file="/Users/erik/dev/qt5.9/qtdeclarative/src/qml/memory/qv4mm.cpp", line=195) + 300 at qglobal.cpp:3080
    frame #6: 0x0000000104b822b8 libQt5Qml_debug.5.dylib`QtNS::QV4::MemorySegment::allocate(this=0x00006190000f87c8, size=4198400) + 200 at qv4mm.cpp:195
    frame #7: 0x0000000104b7faa2 libQt5Qml_debug.5.dylib`QtNS::QV4::ChunkAllocator::allocate(this=0x00006030000991f0, size=4198400) + 1954 at qv4mm.cpp:246
    frame #8: 0x0000000104b89aa7 libQt5Qml_debug.5.dylib`QtNS::QV4::HugeItemAllocator::allocate(this=0x000061300009bb58, size=4194368) + 407 at qv4mm.cpp:636
    frame #9: 0x0000000104b8fc38 libQt5Qml_debug.5.dylib`QtNS::QV4::MemoryManager::allocData(this=0x000061300009ba80, size=4194368) + 280 at qv4mm.cpp:764
    frame #10: 0x000000010516ffb2 libQt5Qml_debug.5.dylib`QtNS::QV4::SimpleArrayData::Data* QtNS::QV4::MemoryManager::allocManaged<QtNS::QV4::SimpleArrayData>(this=0x000061300009ba80, size=4194368) + 50 at qv4mm_p.h:218
    frame #11: 0x00000001051f46eb libQt5Qml_debug.5.dylib`QtNS::QV4::ArrayData::realloc(o=0x0000000116422418, newType=Simple, requested=262145, enforceAttributes=false) + 1995 at qv4arraydata.cpp:151
    frame #12: 0x0000000104ee5db1 libQt5Qml_debug.5.dylib`QtNS::QV4::Object::arrayReserve(this=0x0000000116422418, n=262145) + 33 at qv4object_p.h:317
    frame #13: 0x00000001052af88d libQt5Qml_debug.5.dylib`QtNS::QV4::Object::push_back(this=0x0000000116422418, v=0x0000000116422428) + 61 at qv4object_p.h:487
    frame #14: 0x00000001052d4012 libQt5Qml_debug.5.dylib`QtNS::QV4::StringPrototype::method_split((null)=0x00000001164223f8, scope=0x00007fff5fbfa4c0, callData=0x00000001164223a0) + 5122 at qv4stringobject.cpp:735
    frame #15: 0x000000010524df88 libQt5Qml_debug.5.dylib`QtNS::QV4::BuiltinFunction::call(that=0x00000001164223f8, scope=0x00007fff5fbfa4c0, callData=0x00000001164223a0) + 344 at qv4functionobject.cpp:484
    frame #16: 0x0000000104eee4d2 libQt5Qml_debug.5.dylib`QtNS::QV4::Object::call(this=0x00000001164223f8, scope=0x00007fff5fbfa4c0, d=0x00000001164223a0) const + 114 at qv4object_p.h:372
    frame #17: 0x000000010545b779 libQt5Qml_debug.5.dylib`QtNS::QV4::Runtime::method_callProperty(engine=0x000061a00003c080, nameIndex=10, callData=0x00000001164223a0) + 2201 at qv4runtime.cpp:1108
    frame #18: 0x0000000110d57762
    frame #19: 0x00000001051af84c libQt5Qml_debug.5.dylib`QtNS::QV4::ExecutionContext::simpleCall(this=0x0000000110d56038, scope=0x00007fff5fbfb0c0, callData=0x0000000116422328, function=0x00006040000bc010) + 3052 at qv4context.cpp:347
    frame #20: 0x0000000105707b1f libQt5Qml_debug.5.dylib`QtNS::QQmlJavaScriptExpression::evaluate(this=0x000060c00005a580, callData=0x0000000116422328, isUndefined=0x0000000000000000, scope=0x00007fff5fbfb0c0) + 2415 at qqmljavascriptexpression.cpp:223
    frame #21: 0x0000000105544823 libQt5Qml_debug.5.dylib`QtNS::QQmlBoundSignalExpression::evaluate(this=0x000060c00005a580, a=0x0000000000000000) + 3715 at qqmlboundsignal.cpp:223
    frame #22: 0x0000000105545ba4 libQt5Qml_debug.5.dylib`QtNS::QQmlBoundSignal_callback(e=0x0000606000160100, a=0x0000000000000000) + 1300 at qqmlboundsignal.cpp:355
    frame #23: 0x00000001056972ad libQt5Qml_debug.5.dylib`QtNS::QQmlNotifier::emitNotify(endpoint=0x0000000000000000, a=0x0000000000000000) + 2205 at qqmlnotifier.cpp:106
    frame #24: 0x00000001054c4752 libQt5Qml_debug.5.dylib`QtNS::QQmlData::signalEmitted((null)=0x000060d00004efb0, object=0x00006030000a7c20, index=3, a=0x0000000000000000) + 2898 at qqmlengine.cpp:854
    frame #25: 0x0000000107384804 libQt5Core_debug.5.dylib`QtNS::QMetaObject::activate(sender=0x00006030000a7c20, signalOffset=3, local_signal_index=0, argv=0x0000000000000000) + 804 at qobject.cpp:3644
    frame #26: 0x00000001073844cd libQt5Core_debug.5.dylib`QtNS::QMetaObject::activate(sender=0x00006030000a7c20, m=0x0000000105a8a7c0, local_signal_index=0, argv=0x0000000000000000) + 61 at qobject.cpp:3629
    frame #27: 0x00000001058dfa52 libQt5Qml_debug.5.dylib`QtNS::QQmlComponentAttached::completed(this=0x00006030000a7c20) + 34 at moc_qqmlcomponentattached_p.cpp:138
    frame #28: 0x000000010576d1df libQt5Qml_debug.5.dylib`QtNS::QQmlObjectCreator::finalize(this=0x00006120000994c0, interrupt=0x00007fff5fbfe0a0) + 3407 at qqmlobjectcreator.cpp:1335
    frame #29: 0x000000010552117b libQt5Qml_debug.5.dylib`QtNS::QQmlComponentPrivate::complete(enginePriv=0x0000616000076280, state=0x00006110000e9f60) + 411 at qqmlcomponent.cpp:920
    frame #30: 0x000000010551bf4f libQt5Qml_debug.5.dylib`QtNS::QQmlComponentPrivate::completeCreate(this=0x00006110000e9ec0) + 207 at qqmlcomponent.cpp:956
    frame #31: 0x0000000105521452 libQt5Qml_debug.5.dylib`QtNS::QQmlComponent::completeCreate(this=0x000060200003f9d0) + 34 at qqmlcomponent.cpp:949
    frame #32: 0x000000010551f30a libQt5Qml_debug.5.dylib`QtNS::QQmlComponent::create(this=0x000060200003f9d0, context=0x000060200003f9f0) + 650 at qqmlcomponent.cpp:775
    frame #33: 0x0000000100008591 qmlscene`main(argc=2, argv=0x00007fff5fbff9b0) + 13697 at main.cpp:578
    frame #34: 0x00007fff9451d235 libdyld.dylib`start + 1

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-62087 Segfault in QV4::SimpleArrayData with a simple testcase

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              laknoll Lars Knoll
              erikv Erik Verbruggen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes