Code Completion crash

Hi,

A new crash in code completion appeared recently. 

The trace looks like this (I've added a print to say when we
enter 
appendNextFunction()):
kdevelop (cpp support): [void 
SimpleTypeFunctionInterface::appendNextFunction(SimpleType)]
kdevelop (cpp support): [void 
...
...
SimpleTypeFunctionInterface::appendNextFunction(SimpleType)]
kdevelop (cpp support): [void 
SimpleTypeFunctionInterface::appendNextFunction(SimpleType)]
Segmentation fault

The backtrace(with my added print):
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47347505625728 (LWP 1918)]
0x00002b0ff323c810 in malloc () from /lib/libc.so.6
(gdb) bt
#0  0x00002b0ff323c810 in malloc () from /lib/libc.so.6
#1  0x00002b0ff2e28b0d in operator new () 
from /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
#2  0x00002b0ff10b006e in QGArray::newData () 
from /usr/qt/3/lib64/libqt-mt.so.3
#3  0x00002b0ff10b0250 in QGArray::QGArray () 
from /usr/qt/3/lib64/libqt-mt.so.3
#4  0x00002b0ff10a39f8 in QCString::QCString () 
from /usr/qt/3/lib64/libqt-mt.so.3
#5  0x00002b0ff019f069 in KConfigBase::readEntryUtf8 () 
from /usr/kde/3.5/lib64/libkdecore.so.4
#6  0x00002b0ff019f9e6 in KConfigBase::readNumEntry () 
from /usr/kde/3.5/lib64/libkdecore.so.4
#7  0x00002b0ff019faa3 in KConfigBase::readNumEntry () 
from /usr/kde/3.5/lib64/libkdecore.so.4
#8  0x00002b0ff018cae3 in kdbgstream::flush () 
from /usr/kde/3.5/lib64/libkdecore.so.4
#9  0x0000000000408cff in kdbgstream::operator<<
(this=0x7fffbcf584c0, 
string=0x40e3ea "n") at
/usr/kde/3.5/include/kdebug.h:232
#10 0x0000000000408d28 in endl (s=0x7fffbcf584c0) 
at /usr/kde/3.5/include/kdebug.h:430
#11 0x0000000000408bf5 in kdbgstream::operator<<
(this=0x7fffbcf584c0, 
f=0x408d0e <endl(kdbgstream&)>) at
/usr/kde/3.5/include/kdebug.h:260
#12 0x00002b0ff5da5e44 in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x8af3770, func=0x7fffbcf58580)
    at simpletypefunction.cpp:144
#13 0x00002b0ff5da5f03 in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x8af3770, func=0x7fffbcf58610)
    at simpletypefunction.cpp:148
#14 0x00002b0ff5da5f03 in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x8af3770, func=0x7fffbcf586a0)
    at simpletypefunction.cpp:148
#15 0x00002b0ff5da5f03 in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x8af3770, func=0x7fffbcf58730)
    at simpletypefunction.cpp:148
...

The backtrace (without my print):
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47579123927680 (LWP 12303)]
0x00002b45e0696651 in
__cxxabiv1::__vmi_class_type_info::__do_dyncast () 
from /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
(gdb) bt
#0  0x00002b45e0696651 in
__cxxabiv1::__vmi_class_type_info::__do_dyncast () 
from /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
#1  0x00002b45e0696068 in
__cxxabiv1::__si_class_type_info::__do_dyncast () 
from /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
#2  0x00002b45e06969f1 in __dynamic_cast () 
from /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
#3  0x00002b45e35f843f in SimpleTypeImpl::asFunction
(this=0x9b13f70) at 
simpletype.cpp:229
#4  0x00002b45e3612e6a in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=0x7fffcf6ea200) at
simpletypefunction.cpp:147
#5  0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=0x7fffcf6ea270) at
simpletypefunction.cpp:148
#6  0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=0x7fffcf6ea2e0) at
simpletypefunction.cpp:148
#7  0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=0x7fffcf6ea350) at
simpletypefunction.cpp:148
#8  0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=0x7fffcf6ea3c0) at
simpletypefunction.cpp:148
#9  0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=0x7fffcf6ea430) at
simpletypefunction.cpp:148
#10 0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction 
(this=0x9b13fb0, func=0x7fffcf6ea4a0) at
simpletypefunction.cpp:148
...
etc

It seems rather likely the crash is caused by an exhausted
stack 
from "endlessly" recursing into
appendNextFunction. Sadly I can't seem to get 
enough of my head around the Code Completion code to
actually understand what 
it attempts to do and why it fails.

To reproduce:
Find a methodname that appears in multiple places. I found
it, and can 
reproduce it, with NewMainWindow::setCaption() in
src/newmainwindow.cpp. You 
need to have a code completion database for KDElibs and Qt
and have both 
enabled (Both KDE and Qt have "setCaption"
methods. It might work with just 
one, haven't tested that.) and then rightclick a few times
on 
the "setCaption" string in the editor. First time
it usually works, but the 
second time, KDevelop normally crashes.

Btw, I use an AMD64 system, but this was reproduced by two
people on IRC on 
32-bit systems.

David, any idea?

// jens


_______________________________________________
KDevelop-devel mailing list
KDevelop-develbarney.cs.uni-potsdam.de
https://barney.cs.uni-potsdam.de/mailman/listinf
o/kdevelop-devel

On Monday 27 November 2006 19:17, Jens Dagerbo wrote:
> Hi,
>
> A new crash in code completion appeared recently.
>

Amusing how the fix reached SVN before this mail reached the
mailinglist. 

The fix stops the crash. Thanks, David! 


// jens

_______________________________________________
KDevelop-devel mailing list
KDevelop-develbarney.cs.uni-potsdam.de
https://barney.cs.uni-potsdam.de/mailman/listinf
o/kdevelop-devel

Hi! Thanks for the report, I think I know what it's coming
from, I'll look at 
it.

David

Am Montag, 27. November 2006 19:17 schrieb Jens Dagerbo:
> Hi,
>
> A new crash in code completion appeared recently.
>
> The trace looks like this (I've added a print to say
when we enter
> appendNextFunction()):
> kdevelop (cpp support): [void
>
SimpleTypeFunctionInterface::appendNextFunction(SimpleType)]
> kdevelop (cpp support): [void
> ...
> ...
>
SimpleTypeFunctionInterface::appendNextFunction(SimpleType)]
> kdevelop (cpp support): [void
>
SimpleTypeFunctionInterface::appendNextFunction(SimpleType)]
> Segmentation fault
>
> The backtrace(with my added print):
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 47347505625728 (LWP 1918)]
> 0x00002b0ff323c810 in malloc () from /lib/libc.so.6
> (gdb) bt
> #0  0x00002b0ff323c810 in malloc () from /lib/libc.so.6
> #1  0x00002b0ff2e28b0d in operator new ()
> from
/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
> #2  0x00002b0ff10b006e in QGArray::newData ()
> from /usr/qt/3/lib64/libqt-mt.so.3
> #3  0x00002b0ff10b0250 in QGArray::QGArray ()
> from /usr/qt/3/lib64/libqt-mt.so.3
> #4  0x00002b0ff10a39f8 in QCString::QCString ()
> from /usr/qt/3/lib64/libqt-mt.so.3
> #5  0x00002b0ff019f069 in KConfigBase::readEntryUtf8 ()
> from /usr/kde/3.5/lib64/libkdecore.so.4
> #6  0x00002b0ff019f9e6 in KConfigBase::readNumEntry ()
> from /usr/kde/3.5/lib64/libkdecore.so.4
> #7  0x00002b0ff019faa3 in KConfigBase::readNumEntry ()
> from /usr/kde/3.5/lib64/libkdecore.so.4
> #8  0x00002b0ff018cae3 in kdbgstream::flush ()
> from /usr/kde/3.5/lib64/libkdecore.so.4
> #9  0x0000000000408cff in kdbgstream::operator<<
(this=0x7fffbcf584c0,
> string=0x40e3ea "n") at
/usr/kde/3.5/include/kdebug.h:232
> #10 0x0000000000408d28 in endl (s=0x7fffbcf584c0)
> at /usr/kde/3.5/include/kdebug.h:430
> #11 0x0000000000408bf5 in kdbgstream::operator<<
(this=0x7fffbcf584c0,
> f=0x408d0e <endl(kdbgstream&)>) at
/usr/kde/3.5/include/kdebug.h:260
> #12 0x00002b0ff5da5e44 in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x8af3770, func=0x7fffbcf58580)
>     at simpletypefunction.cpp:144
> #13 0x00002b0ff5da5f03 in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x8af3770, func=0x7fffbcf58610)
>     at simpletypefunction.cpp:148
> #14 0x00002b0ff5da5f03 in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x8af3770, func=0x7fffbcf586a0)
>     at simpletypefunction.cpp:148
> #15 0x00002b0ff5da5f03 in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x8af3770, func=0x7fffbcf58730)
>     at simpletypefunction.cpp:148
> ...
>
> The backtrace (without my print):
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 47579123927680 (LWP 12303)]
> 0x00002b45e0696651 in
__cxxabiv1::__vmi_class_type_info::__do_dyncast ()
> from
/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
> (gdb) bt
> #0  0x00002b45e0696651 in
__cxxabiv1::__vmi_class_type_info::__do_dyncast
> () from
/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
> #1  0x00002b45e0696068 in
__cxxabiv1::__si_class_type_info::__do_dyncast ()
> from
/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
> #2  0x00002b45e06969f1 in __dynamic_cast ()
> from
/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.1/libstdc++.so.6
> #3  0x00002b45e35f843f in SimpleTypeImpl::asFunction
(this=0x9b13f70) at
> simpletype.cpp:229
> #4  0x00002b45e3612e6a in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x9b13fb0, func=0x7fffcf6ea200) at
simpletypefunction.cpp:147
> #5  0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x9b13fb0, func=0x7fffcf6ea270) at
simpletypefunction.cpp:148
> #6  0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x9b13fb0, func=0x7fffcf6ea2e0) at
simpletypefunction.cpp:148
> #7  0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x9b13fb0, func=0x7fffcf6ea350) at
simpletypefunction.cpp:148
> #8  0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x9b13fb0, func=0x7fffcf6ea3c0) at
simpletypefunction.cpp:148
> #9  0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x9b13fb0, func=0x7fffcf6ea430) at
simpletypefunction.cpp:148
> #10 0x00002b45e3612eaf in
SimpleTypeFunctionInterface::appendNextFunction
> (this=0x9b13fb0, func=0x7fffcf6ea4a0) at
simpletypefunction.cpp:148
> ...
> etc
>
> It seems rather likely the crash is caused by an
exhausted stack
> from "endlessly" recursing into
appendNextFunction. Sadly I can't seem to
> get enough of my head around the Code Completion code
to actually
> understand what it attempts to do and why it fails.
>
> To reproduce:
> Find a methodname that appears in multiple places. I
found it, and can
> reproduce it, with NewMainWindow::setCaption() in
src/newmainwindow.cpp.
> You need to have a code completion database for KDElibs
and Qt and have
> both enabled (Both KDE and Qt have
"setCaption" methods. It might work with
> just one, haven't tested that.) and then rightclick a
few times on
> the "setCaption" string in the editor. First
time it usually works, but the
> second time, KDevelop normally crashes.
>
> Btw, I use an AMD64 system, but this was reproduced by
two people on IRC on
> 32-bit systems.
>
> David, any idea?
>
> // jens
>
>
> _______________________________________________
> KDevelop-devel mailing list
> KDevelop-develbarney.cs.uni-potsdam.de
> https://barney.cs.uni-potsdam.de/mailman/listinf
o/kdevelop-devel

_______________________________________________
KDevelop-devel mailing list
KDevelop-develbarney.cs.uni-potsdam.de
https://barney.cs.uni-potsdam.de/mailman/listinf
o/kdevelop-devel

What the function does is putting overloaded functions of
the same name(but 
maybe from different locations) together.

This probably has something to do with the caching, because
it only happens 
when you click setCaption twice within the same
function-context.

I've workarounded the crash for now, but I'll look at it in
detail once I have 
some more time.

greetings, David

_______________________________________________
KDevelop-devel mailing list
KDevelop-develbarney.cs.uni-potsdam.de
https://barney.cs.uni-potsdam.de/mailman/listinf
o/kdevelop-devel