Bug 280968

Summary: KCacheGrind crashed after setting additional source folder
Product: [Developer tools] kcachegrind Reporter: Gennady <gennady>
Component: generalAssignee: Josef Weidendorfer <josef.weidendorfer>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: cachegrind file
PHP source
Fix

Description Gennady 2011-08-29 01:54:17 UTC 
Application: kcachegrind (0.5.1kde)
KDE Platform Version: 4.4.5 (KDE 4.4.5) (Compiled from sources)
Qt Version: 4.6.2
Operating System: Linux 2.6.32-33-generic i686
Distribution: Ubuntu 10.04.3 LTS

-- Information about the crash:
The application crashes when loading a cachegrind file from the same directory as an additional source folder, with the cachegrind containing a file from that same source folder (in the root).

The crash can be reproduced every time.

 -- Backtrace:
Application: KCachegrind (kcachegrind), signal: Aborted
[KCrash Handler]
#6  0x004e7422 in __kernel_vsyscall ()
#7  0x00322651 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#8  0x00325a82 in *__GI_abort () at abort.c:92
#9  0x0031b718 in *__GI___assert_fail (assertion=0x245f2c5 "ret != inval_id", file=0x245f289 "../../src/xcb_io.c", line=385, function=0x245f444 "_XAllocID") at assert.c:81
#10 0x023efc29 in _XAllocID (dpy=0x8305a30) at ../../src/xcb_io.c:385
#11 0x004dadf7 in XRenderCreatePicture (dpy=0x8305a30, drawable=79736419, format=0x82eedd0, valuemask=0, attributes=0x0) at ../../src/Picture.c:90
#12 0x02b29556 in QX11PixmapData::resize (this=0x8943fc0, width=8, height=8) at image/qpixmap_x11.cpp:374
#13 0x02b1c239 in QPixmapData::create (w=8, h=8, type=QPixmapData::PixmapType) at image/qpixmapdata.cpp:63
#14 0x02b14780 in QPixmap::init (this=0xbfa596b0, w=737, h=0, type=6) at image/qpixmap.cpp:117
#15 0x02b149bd in QPixmap (this=0xbfa596b0, size=...) at image/qpixmap.cpp:190
#16 0x02c4ca2c in QX11PaintEngine::updateBrush (this=0x86e7fe8, brush=..., origin=...) at painting/qpaintengine_x11.cpp:1383
#17 0x02c4d4d8 in QX11PaintEngine::updateState (this=0x86e7fe8, state=...) at painting/qpaintengine_x11.cpp:1079
#18 0x02b896f4 in QPainterPrivate::updateStateImpl (this=0x8bd36c8, newState=0x87c4a00) at painting/qpainter.cpp:892
#19 0x02b897bc in QPainterPrivate::updateState (this=0x8bd36c8, newState=0x87c4a00) at painting/qpainter.cpp:920
#20 0x02b9590f in QPainter::drawRects (this=0xbfa5a7ec, rects=0xbfa59f3c, rectCount=1) at painting/qpainter.cpp:3528
#21 0x02b95cfa in QPainter::drawRect (this=0xbfa5a7ec, r=..., brush=...) at ../../include/QtGui/../../src/gui/painting/qpainter.h:622
#22 QPainter::fillRect (this=0xbfa5a7ec, r=..., brush=...) at painting/qpainter.cpp:6679
#23 0x03835ebc in OxygenStyle::drawTreePrimitive (this=0x8421fd0, primitive=3, opt=0xbfa5a2ec, r=..., pal=..., flags=..., p=0xbfa5a7ec, widget=0x0, kOpt=0x0)
    at ../../../kstyles/oxygen/oxygen.cpp:2770
#24 0x038347aa in OxygenStyle::drawKStylePrimitive (this=0x8421fd0, widgetType=KStyle::WT_Tree, primitive=3, opt=0xbfa5a2ec, r=..., palette=..., flags=..., p=0xbfa5a7ec, widget=0x0, kOpt=0x0)
    at ../../../kstyles/oxygen/oxygen.cpp:762
#25 0x00e972f1 in KStyle::drawPrimitive (this=0x8421fd0, elem=QStyle::PE_IndicatorBranch, option=0xbfa5a2ec, painter=0xbfa5a7ec, widget=0x0) at ../../kdeui/kernel/kstyle.cpp:1050
#26 0x03834df7 in OxygenStyle::drawPrimitive (this=0x8421fd0, element=QStyle::PE_Q3CheckListController, option=0xbfa5a2ec, p=0xbfa5a7ec, widget=0x0) at ../../../kstyles/oxygen/oxygen.cpp:485
#27 0x00e8df20 in KStyle::drawComplexControl (this=0x8421fd0, cc=QStyle::CC_Q3ListView, opt=0xbfa5a54c, p=0xbfa5a7ec, w=0x855ed08) at ../../kdeui/kernel/kstyle.cpp:3248
#28 0x038351e8 in OxygenStyle::drawComplexControl (this=0x8421fd0, control=QStyle::CC_Q3ListView, option=0xbfa5a54c, painter=0xbfa5a7ec, widget=0x855ed08) at ../../../kstyles/oxygen/oxygen.cpp:303
#29 0x00ab12c2 in Q3ListViewItem::paintBranches (this=0x881fd08, p=0xbfa5a7ec, cg=..., w=20, y=0, h=18) at itemviews/q3listview.cpp:2267
#30 0x00aa80fc in Q3ListView::drawContentsOffset (this=0x855ed08, p=0xbfa5a7ec, ox=0, oy=0, cx=0, cy=0, cw=747, ch=235) at itemviews/q3listview.cpp:2968
#31 0x00b05511 in Q3ScrollView::viewportPaintEvent (this=0x855ed08, pe=0xbfa5ad94) at widgets/q3scrollview.cpp:1716
#32 0x00b06efa in Q3ScrollView::eventFilter (this=0x855ed08, obj=0x855c628, e=0xbfa5ad94) at widgets/q3scrollview.cpp:1465
#33 0x00aa54eb in Q3ListView::eventFilter (this=0x855ed08, o=0x855c628, e=0xbfa5ad94) at itemviews/q3listview.cpp:3787
#34 0x0167fcda in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x82ea4e8, receiver=0x855c628, event=0xbfa5ad94) at kernel/qcoreapplication.cpp:819
#35 0x02a1e4b9 in QApplicationPrivate::notify_helper (this=0x82ea4e8, receiver=0x855c628, e=0xbfa5ad94) at kernel/qapplication.cpp:4296
#36 0x02a250f9 in QApplication::notify (this=0xbfa5d338, receiver=0x855c628, e=0xbfa5ad94) at kernel/qapplication.cpp:4265
#37 0x00e7d40a in KApplication::notify (this=0xbfa5d338, receiver=0x855c628, event=0xbfa5ad94) at ../../kdeui/kernel/kapplication.cpp:302
#38 0x01680a3b in QCoreApplication::notifyInternal (this=0xbfa5d338, receiver=0x855c628, event=0xbfa5ad94) at kernel/qcoreapplication.cpp:704
#39 0x02a859d6 in QCoreApplication::sendSpontaneousEvent (this=0x8560498, pdev=0x8652364, rgn=..., offset=..., flags=<value optimized out>, sharedPainter=0x0, backingStore=0x86560d0)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#40 QWidgetPrivate::drawWidget (this=0x8560498, pdev=0x8652364, rgn=..., offset=..., flags=<value optimized out>, sharedPainter=0x0, backingStore=0x86560d0) at kernel/qwidget.cpp:5339
#41 0x02c5c7d7 in QWidgetBackingStore::sync (this=0x86560d0) at painting/qbackingstore.cpp:1283
#42 0x02a75b93 in QWidgetPrivate::syncBackingStore (this=0x8436340) at kernel/qwidget.cpp:1672
#43 0x02a7ce76 in QWidget::event (this=0x8433690, event=0xbfa5b774) at kernel/qwidget.cpp:8291
#44 0x02e97bc7 in QMainWindow::event (this=0x8433690, event=0xbfa5b774) at widgets/qmainwindow.cpp:1433
#45 0x00f6f2e4 in KMainWindow::event (this=0x8433690, ev=0xbfa5b774) at ../../kdeui/widgets/kmainwindow.cpp:1103
#46 0x00fb70ff in KXmlGuiWindow::event (this=0x8433690, ev=0xbfa5b774) at ../../kdeui/xmlgui/kxmlguiwindow.cpp:131
#47 0x02a1e4dc in QApplicationPrivate::notify_helper (this=0x82ea4e8, receiver=0x8433690, e=0xbfa5b774) at kernel/qapplication.cpp:4300
#48 0x02a250f9 in QApplication::notify (this=0xbfa5d338, receiver=0x8433690, e=0xbfa5b774) at kernel/qapplication.cpp:4265
#49 0x00e7d40a in KApplication::notify (this=0xbfa5d338, receiver=0x8433690, event=0xbfa5b774) at ../../kdeui/kernel/kapplication.cpp:302
#50 0x01680a3b in QCoreApplication::notifyInternal (this=0xbfa5d338, receiver=0x8433690, event=0xbfa5b774) at kernel/qcoreapplication.cpp:704
#51 0x02c59877 in QCoreApplication::sendEvent (widget=0x8433690, updateImmediately=<value optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#52 sendUpdateRequest (widget=0x8433690, updateImmediately=<value optimized out>) at painting/qbackingstore.cpp:503
#53 0x02c5d204 in QWidgetBackingStore::markDirty (this=0x86560d0, rect=..., widget=0x8560c50, updateImmediately=true, invalidateBuffer=false) at painting/qbackingstore.cpp:667
#54 0x02a78689 in QWidget::repaint (this=0x8560c50, rect=...) at kernel/qwidget.cpp:10034
#55 0x02a7879c in QWidget::repaint (this=0x8560c50) at kernel/qwidget.cpp:9990
#56 0x00af4748 in Q3Header::adjustHeaderSize (this=0x8560c50, diff=-17) at widgets/q3header.cpp:1941
#57 0x00af49de in Q3Header::resizeEvent (this=0x8560c50, e=0xbfa5bf00) at widgets/q3header.cpp:1885
#58 0x02a7c643 in QWidget::event (this=0x8560c50, event=0xbfa5bf00) at kernel/qwidget.cpp:8152
#59 0x02a1e4dc in QApplicationPrivate::notify_helper (this=0x82ea4e8, receiver=0x8560c50, e=0xbfa5bf00) at kernel/qapplication.cpp:4300
#60 0x02a250f9 in QApplication::notify (this=0xbfa5d338, receiver=0x8560c50, e=0xbfa5bf00) at kernel/qapplication.cpp:4265
#61 0x00e7d40a in KApplication::notify (this=0xbfa5d338, receiver=0x8560c50, event=0xbfa5bf00) at ../../kdeui/kernel/kapplication.cpp:302
#62 0x01680a3b in QCoreApplication::notifyInternal (this=0xbfa5d338, receiver=0x8560c50, event=0xbfa5bf00) at kernel/qcoreapplication.cpp:704
#63 0x02ad0a81 in QCoreApplication::sendEvent (this=0x8561030, x=3, y=3, w=747, h=21, isMove=false) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#64 QWidgetPrivate::setGeometry_sys (this=0x8561030, x=3, y=3, w=747, h=21, isMove=false) at kernel/qwidget_x11.cpp:2597
#65 0x02a7bc19 in QWidget::resize (this=0x8560c50, s=...) at kernel/qwidget.cpp:6619
#66 0x00aa455b in QWidget::resize (this=0x855ed08, e=0xbfa5c680) at ../../include/QtGui/../../src/gui/kernel/qwidget.h:996
#67 Q3ListView::viewportResizeEvent (this=0x855ed08, e=0xbfa5c680) at itemviews/q3listview.cpp:3654
#68 0x00b06ee2 in Q3ScrollView::eventFilter (this=0x855ed08, obj=0x855c628, e=0xbfa5c680) at widgets/q3scrollview.cpp:1469
#69 0x00aa54eb in Q3ListView::eventFilter (this=0x855ed08, o=0x855c628, e=0xbfa5c680) at itemviews/q3listview.cpp:3787
#70 0x0167fcda in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x82ea4e8, receiver=0x855c628, event=0xbfa5c680) at kernel/qcoreapplication.cpp:819
#71 0x02a1e4b9 in QApplicationPrivate::notify_helper (this=0x82ea4e8, receiver=0x855c628, e=0xbfa5c680) at kernel/qapplication.cpp:4296
#72 0x02a250f9 in QApplication::notify (this=0xbfa5d338, receiver=0x855c628, e=0xbfa5c680) at kernel/qapplication.cpp:4265
#73 0x00e7d40a in KApplication::notify (this=0xbfa5d338, receiver=0x855c628, event=0xbfa5c680) at ../../kdeui/kernel/kapplication.cpp:302
#74 0x01680a3b in QCoreApplication::notifyInternal (this=0xbfa5d338, receiver=0x855c628, event=0xbfa5c680) at kernel/qcoreapplication.cpp:704
#75 0x02ad0a81 in QCoreApplication::sendEvent (this=0x8560498, x=3, y=24, w=747, h=235, isMove=true) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#76 QWidgetPrivate::setGeometry_sys (this=0x8560498, x=3, y=24, w=747, h=235, isMove=true) at kernel/qwidget_x11.cpp:2597
#77 0x02a7ba90 in QWidget::setGeometry (this=0x855c628, r=...) at kernel/qwidget.cpp:6635
#78 0x00b085e7 in QWidget::setGeometry (this=0x855ed08) at ../../include/QtGui/../../src/gui/kernel/qwidget.h:999
#79 Q3ScrollView::updateScrollBars (this=0x855ed08) at widgets/q3scrollview.cpp:978
#80 0x00c16a78 in Q3ScrollView::qt_metacall (this=0x855ed08, _c=QMetaObject::InvokeMetaMethod, _id=12, _a=0xbfa5ca9c) at .moc/release-shared/moc_q3scrollview.cpp:154
#81 0x00c10fda in Q3ListView::qt_metacall (this=0x855ed08, _c=QMetaObject::InvokeMetaMethod, _id=39, _a=0xbfa5ca9c) at .moc/release-shared/moc_q3listview.cpp:173
#82 0x080ea80f in SourceView::qt_metacall (this=0x855ed08, _c=QMetaObject::InvokeMetaMethod, _id=39, _a=0xbfa5ca9c) at ./sourceview.moc:73
#83 0x01685c9a in QMetaObject::metacall (object=0x855ed08, cl=737, idx=39, argv=0xbfa5ca9c) at kernel/qmetaobject.cpp:237
#84 0x016943d5 in QMetaObject::activate (sender=0x855f060, m=0x811838c, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3293
#85 0x016e5aa7 in QTimer::timeout (this=0x855f060) at .moc/release-shared/moc_qtimer.cpp:134
#86 0x0169c60e in QTimer::timerEvent (this=0x855f060, e=0xbfa5cfd0) at kernel/qtimer.cpp:271
#87 0x01691254 in QObject::event (this=0x855f060, e=0x6) at kernel/qobject.cpp:1212
#88 0x02a1e4dc in QApplicationPrivate::notify_helper (this=0x82ea4e8, receiver=0x855f060, e=0xbfa5cfd0) at kernel/qapplication.cpp:4300
#89 0x02a2505e in QApplication::notify (this=0xbfa5d338, receiver=0x855f060, e=0xbfa5cfd0) at kernel/qapplication.cpp:3704
#90 0x00e7d40a in KApplication::notify (this=0xbfa5d338, receiver=0x855f060, event=0xbfa5cfd0) at ../../kdeui/kernel/kapplication.cpp:302
#91 0x01680a3b in QCoreApplication::notifyInternal (this=0xbfa5d338, receiver=0x855f060, event=0xbfa5cfd0) at kernel/qcoreapplication.cpp:704
#92 0x016afd66 in QCoreApplication::sendEvent (this=0x82ed2ac) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#93 QTimerInfoList::activateTimers (this=0x82ed2ac) at kernel/qeventdispatcher_unix.cpp:603
#94 0x016ac8e4 in timerSourceDispatch (source=0x82ed278) at kernel/qeventdispatcher_glib.cpp:184
#95 0x021fe5e5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#96 0x022022d8 in ?? () from /lib/libglib-2.0.so.0
#97 0x022024b8 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#98 0x016ac5d5 in QEventDispatcherGlib::processEvents (this=0x82ea4c8, flags=...) at kernel/qeventdispatcher_glib.cpp:412
#99 0x02ade135 in QGuiEventDispatcherGlib::processEvents (this=0x82ea4c8, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#100 0x0167f059 in QEventLoop::processEvents (this=0xbfa5d294, flags=) at kernel/qeventloop.cpp:149
#101 0x0167f4aa in QEventLoop::exec (this=0xbfa5d294, flags=...) at kernel/qeventloop.cpp:201
#102 0x0168369f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#103 0x02a1e577 in QApplication::exec () at kernel/qapplication.cpp:3579
#104 0x080626ab in main (argc=3, argv=0xbfa5d484) at ../../../kcachegrind/kcachegrind/main.cpp:91

Possible duplicates by query: bug 238258.

Reported using DrKonqi
Comment 1 Josef Weidendorfer 2011-09-01 13:18:45 UTC 
Oh, wow.
According to the back trace, the crash is triggered by a timer resulting in a geometry change of some cell in the list used by the source annotation view, which itself results in a repainting of part of the list, and it finally
crashes in redrawing a complex widget part using the Oxygen style, deeply
in X11 libraries.

I can not see any relation of this crash to your description of how to
reproduce the bug:
> The application crashes when loading a cachegrind file from the same
> directory as an additional source folder, with the cachegrind containing
> a file from that same source folder (in the root).

Does the crash really disappear when you remove the additional source folder?
Of course, the source file still needs to be found to get the redrawing
in the source annotation which triggers the bug. To ensure that, you could
check that the source file path in the loaded callgrind.out file points to
the correct absolute path where the source is found (just open the file with
any text editor, search for the file name, and change the path).

I assume it to be highly likely that the crash is fixed by upgrading to a
newer version of KDE, Qt and/or X11 libs, as the back trace does not include any
function from KCachegrind sources.

Can you check if the crash goes away when switching to a style other than
Oxygen? As KCachegrind's source view still uses some Qt3 compatibility widgets,
it may be that an Oxygen bug with Qt3 compat widgets was not fixed yet for the
KDE version you are using.

I'll keep the bug report open anyway as reminder to port all widgets still
using Qt3 compat widgets to Qt4 widgets (this is needed anyway for Qt5 in the
not-too-distant future).
Comment 2 Gennady 2011-09-01 13:52:00 UTC 
Created attachment 63286 [details]
cachegrind file
Comment 3 Gennady 2011-09-01 13:52:27 UTC 
Created attachment 63287 [details]
PHP source
Comment 4 Gennady 2011-09-01 13:52:53 UTC 
Josef,

Thank you for your reply.

The crash does disappear, but the source file is not loaded, obviously.
I'm loading a cachegrind, it's loads up, I can click the functions, click the Types, Callers, All Callers, Callee Map tabs no problem,however as soon as I click on the Source tab KCachegrind freezes for about 5 minutes and then crashes. I have however managed to look at the source code by clicking a function other than {main}. I can view the source code, however as soon as click {main} it freezes and crashes.

The source file inside the cachegrind was in a different path, and I do not wish to reconstruct the path on another machine, so I figured that I could supply a path of my own and KCachegrind would grab a matching filename, no?

I am really sorry, but I have no idea how to switch styles for KCachegrind. I'm using a GNOME desktop, though.

I'm attaching both the cachegrind and the source file. I'm placing both files into /tmp/cachegrinds/ and adding that directory to the source directories in KCachegrind.

Hope my info helps. Let me know if you need any additional information.

Regards,
Gennady.
Comment 5 Gennady 2011-09-01 13:56:21 UTC 
One other thing... I just redone my test and the filepath points to an existing file on the system, same source, removed source from directories in KCachegrind. Same problem. Freezes up.
Comment 6 Josef Weidendorfer 2011-09-01 15:49:43 UTC 
Thanks. I am able to reproduce the problem.
It is because the following lines in the dump file:

 ...
 fl=...index.php
 fn={main}
 ...
 172878212 113

The last line is problematic. I have no idea why xdebug writes
it, but this is definitely buggy. It says that in line number
172878212 of file index.php there is a cost of 113. You should
send this as bug report to xdebug.

On the other hand, KCachegrind should gracefully handle such
invalid input.
Comment 7 Josef Weidendorfer 2011-09-01 15:51:52 UTC 
Created attachment 63290 [details]
Fix

Proposed bug fix. Does this help?
Comment 8 Gennady 2011-09-01 16:31:26 UTC 
Josef,

Applied the patch to the source files and recompiled and it did indeed help. I'm able to view source with {main} selected, and all the other stuff. Thank you very much. I have filed a bug report with XDebug and provided a link to this report as well, so that they can see if there are problems with how XDebug constructs its dump.

Do let me know if you need additional information. Thanks again for your quick response, patch and an awesome piece of software.

Best of luck,
Gennady.
Comment 9 Josef Weidendorfer 2011-09-05 19:30:42 UTC 
Cool, thanks.
Fixed in r1250797. Closing.