Carina Denkmann wrote: >there seems to be a problem with this commit in qt master: > >http://qt.gitorious.org/+qt-developers/qt/webkit/commit/1a5e7171b9da383c >a5f6be92b7cb6e502fd79fc4 > >I get a crash in QMetaObject::changeGuard() at this place: > > if (!more) > QObjectPrivate::get(*ptr)->hasGuards = false; > >The problem could be that it accesses the object private pointer of an > object that has already been deleted? > >Also, the for loop uses "it.key() == *ptr && it != end", the order of > the checks should probably reversed.
Hi Carina
I've been looking at this problem trying to figure out why that would
happen and I just couldn't see how the problem could happen.
The code is sound: if an object has hasGuards = true, then it has to lock
the guard hash, which is a synchronisation point. So when changeGuard is
called, hasGuards on *ptr has to be true or *ptr == 0.
So if the code structure is fine and you get a crash, then the problem has
to be somewhere else. If *ptr is pointing to a deleted object, that means
hasGuards changed from true to false outside removeGuard or changeGuard.
And that's when I got to the second file changed in that commit:
- uint unused : 23;
+ uint hasGuards : 1; //true iff there is one or more QPointer attached
to this object
hasGuards is a bit in a bitfield. That means the accesses to it aren't
atomic. More than that, it means the accesses to the *other* bits in the
same bitfield aren't atomic either.
So you probably have a race condition where one of the other bits was
changed while setting hasGuards to true. That would explain why the bit
cleared unexpectedly.
The most likely cause is a moveToThread, but other operations like
blockSignals() can cause it too.
We'll move the boolean to a full integer in the QObjectPrivate and see if
this solves the problem.
Thanks for the report.
--
Thiago Macieira - thiago.macieira (AT) nokia.com
Senior Product Manager - Nokia, Qt Software
Sandakerveien 116, NO-0402 Oslo, Norway
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Qt4-preview-feedback mailing list [email protected] http://lists.trolltech.com/mailman/listinfo/qt4-preview-feedback
