Bug 283677

Summary: smokegen segafults when compiling Akonadi binding from smokekde package
Product: [Unmaintained] bindings Reporter: Vadim Zhukov <persgray>
Component: generalAssignee: kde-bindings
Status: RESOLVED FIXED    
Severity: crash CC: arno, dennislveatch, dilfridge, rdieter, scarpino
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: OpenBSD   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Vadim Zhukov 2011-10-09 23:23:12 UTC 
Version:           4.7 (using KDE 4.7.1) 
OS:                OpenBSD

smokegen segafults when compiling Akonadi binding from smokekde package. Looks like either TypeCompiler::visitPtrOperator() needs more sanity checks for token_text() returning non-empty string, or there are deeper problems. I've never used Smoke, just porting the fresh KDE 4 on OpenBSD. If you need any additional information, I'll be glad to provide it.

I hope that I'm not misusing this bugtracker. If I should ask somewhere else, please point me there and sorry for any inconvenience.

Reproducible: Always

Steps to Reproduce:
Simple compile.

Actual Results:  
make -f akonadi/CMakeFiles/smokeakonadi.dir/build.make akonadi/CMakeFiles/smokeakonadi.dir/depend
/usr/local/bin/cmake -E cmake_progress_report /usr/ports/pobj/smokekde-4.7.1/build-i386/CMakeFiles 5
[ 79%] Generating smokedata.cpp, x_1.cpp, x_2.cpp, x_3.cpp, x_4.cpp, x_5.cpp, x_6.cpp, x_7.cpp, x_8.cpp, x_9.cpp, x_10.cpp
cd /usr/ports/pobj/smokekde-4.7.1/build-i386/akonadi && /usr/local/bin/smokegen -config /usr/ports/pobj/smokekde-4.7.1/build-i386/akonadi/config.xml -smokeconfig /usr/ports/pobj/smokekde-4.7.1/smokekde-4.7.1/akonadi/smokeconfig.xml -I /usr/local/include -- /usr/ports/pobj/smokekde-4.7.1/smokekde-4.7.1/akonadi/akonadi_includes.h
using generator "/usr/local/bin/../lib/smokegen/generator_smoke.so" 
parsing "/usr/ports/pobj/smokekde-4.7.1/smokekde-4.7.1/akonadi/akonadi_includes.h" 
Segmentation fault (core dumped) 
*** Error code 139

Expected Results:  
Expected successful compilation instead.

Here is my GDB session, hope this helps.

02:57 0 pers@persx201i:/usr/ports/pobj/smokekde-4.7.1/build-i386/akonadi$ gdb -c smokegen.core /usr/local/bin/smokegen
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd5.0"...
Core was generated by `smokegen'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpthread.so.13.1...done.
Loaded symbols for /usr/lib/libpthread.so.13.1
Reading symbols from /usr/local/lib/qt4/libQtCore.so.9.0...done.
Loaded symbols for /usr/local/lib/qt4/libQtCore.so.9.0
Reading symbols from /usr/local/lib/qt4/libQtXml.so.8.0...done.
Loaded symbols for /usr/local/lib/qt4/libQtXml.so.8.0
Reading symbols from /usr/local/lib/libcppparser.so.0.0...done.
Loaded symbols for /usr/local/lib/libcppparser.so.0.0
Reading symbols from /usr/lib/libstdc++.so.52.0...done.
Loaded symbols for /usr/lib/libstdc++.so.52.0
Reading symbols from /usr/lib/libm.so.7.0...done.
Loaded symbols for /usr/lib/libm.so.7.0
Symbols already loaded for /usr/lib/libpthread.so.13.1
Reading symbols from /usr/lib/libc.so.60.2...done.
Loaded symbols for /usr/lib/libc.so.60.2
Reading symbols from /usr/lib/libz.so.4.1...done.
Loaded symbols for /usr/lib/libz.so.4.1
Reading symbols from /usr/local/lib/libgthread-2.0.so.2992.0...done.
Loaded symbols for /usr/local/lib/libgthread-2.0.so.2992.0
Reading symbols from /usr/local/lib/libglib-2.0.so.2992.0...done.
Loaded symbols for /usr/local/lib/libglib-2.0.so.2992.0
Reading symbols from /usr/local/lib/libintl.so.5.0...done.
Loaded symbols for /usr/local/lib/libintl.so.5.0
Reading symbols from /usr/local/lib/libiconv.so.6.0...done.
Loaded symbols for /usr/local/lib/libiconv.so.6.0
Reading symbols from /usr/local/lib/libpcre.so.2.5...done.
Loaded symbols for /usr/local/lib/libpcre.so.2.5
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
Reading symbols from /usr/local/lib/smokegen/generator_smoke.so...done.
Loaded symbols for /usr/local/bin/../lib/smokegen/generator_smoke.so
#0  0x1c031db7 in TypeCompiler::visitPtrOperator (this=0xcfbf9804, node=0x882062a4) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/type_compiler.cpp:194
194         if (token_text(m_session->token_stream->kind(node->op))[0] == '*') {
(gdb) bt
#0  0x1c031db7 in TypeCompiler::visitPtrOperator (this=0xcfbf9804, node=0x882062a4) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/type_compiler.cpp:194
#1  0x0c6d35a7 in Visitor::visit (this=0xcfbf9804, node=0x882062a4) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#2  0x1c0350e6 in visitNodes<PtrOperatorAST*> (v=0xcfbf9804, nodes=0x882062e4) at visitor.h:131
#3  0x1c031c2b in TypeCompiler::run (this=0xcfbf9804, ptr_ops=0x882062e4) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/type_compiler.cpp:106
#4  0x1c032252 in TypeCompiler::run (this=0xcfbf9804, declarator=0x88206274) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/type_compiler.cpp:69
#5  0x1c034255 in TypeCompiler::run (this=0xcfbf9804, node=0x8820621c, declarator=0x88206274) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/type_compiler.cpp:63
#6  0x1c03725b in NameCompiler::visitTemplateArgument (this=0xcfbf9adc, node=0x88206304) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/name_compiler.cpp:188
#7  0x0c6d35a7 in Visitor::visit (this=0xcfbf9adc, node=0x88206304) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#8  0x1c037c06 in visitNodes<TemplateArgumentAST*> (v=0xcfbf9adc, nodes=0x88206318) at visitor.h:131
#9  0x1c0366a2 in NameCompiler::visitUnqualifiedName (this=0xcfbf9adc, node=0x88206200) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/name_compiler.cpp:162
#10 0x0c6d35a7 in Visitor::visit (this=0xcfbf9adc, node=0x88206200) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#11 0x0c6d2dae in DefaultVisitor::visitName (this=0xcfbf9adc, node=0x882061e8) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/default_visitor.cpp:239
#12 0x0c6d35a7 in Visitor::visit (this=0xcfbf9adc, node=0x882061e8) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#13 0x1c036fc1 in NameCompiler::internal_run (this=0xcfbf9adc, node=0x882061e8) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/name_compiler.cpp:123
#14 0x1c0325e7 in TypeCompiler::visitName (this=0x81044300, node=0x882061e8) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/type_compiler.cpp:241
#15 0x0c6d35a7 in Visitor::visit (this=0x81044300, node=0x882061e8) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#16 0x0c6d35a7 in Visitor::visit (this=0x81044300, node=0x88206500) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#17 0x1c03423f in TypeCompiler::run (this=0x81044300, node=0x88206500, declarator=0x0) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/type_compiler.cpp:60
#18 0x1c01476f in GeneratorVisitor::visitSimpleDeclaration (this=0xcfbf9e78, node=0x8820656c) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/generatorvisitor.cpp:746
#19 0x0c6d35a7 in Visitor::visit (this=0xcfbf9e78, node=0x8820656c) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#20 0x1c013515 in GeneratorVisitor::visitTemplateDeclaration (this=0xcfbf9e78, node=0x88206590) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/generatorvisitor.cpp:836
#21 0x0c6d35a7 in Visitor::visit (this=0xcfbf9e78, node=0x88206590) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#22 0x0c6d3088 in visitNodes<DeclarationAST*> (v=0xcfbf9e78, nodes=0x882060f4) at visitor.h:131
#23 0x0c6d29a7 in DefaultVisitor::visitLinkageBody (this=0xcfbf9e78, node=0x84225c94) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/default_visitor.cpp:221
#24 0x0c6d35a7 in Visitor::visit (this=0xcfbf9e78, node=0x84225c94) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#25 0x0c6d23eb in DefaultVisitor::visitNamespace (this=0xcfbf9e78, node=0x84225c7c) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/default_visitor.cpp:244
#26 0x1c013f75 in GeneratorVisitor::visitNamespace (this=0xcfbf9e78, node=0x84225c7c) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/generatorvisitor.cpp:635
#27 0x0c6d35a7 in Visitor::visit (this=0xcfbf9e78, node=0x84225c7c) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#28 0x0c6d3088 in visitNodes<DeclarationAST*> (v=0xcfbf9e78, nodes=0x859e214c) at visitor.h:131
#29 0x0c6d2977 in DefaultVisitor::visitTranslationUnit (this=0xcfbf9e78, node=0x859e2000) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/default_visitor.cpp:394
#30 0x0c6d35a7 in Visitor::visit (this=0xcfbf9e78, node=0x859e2000) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
#31 0x1c00f6cb in main (argc=Cannot access memory at address 0x0
) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/main.cpp:229
(gdb) f 0
#0  0x1c031db7 in TypeCompiler::visitPtrOperator (this=0xcfbf9804, node=0x882062a4) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/type_compiler.cpp:194
194         if (token_text(m_session->token_stream->kind(node->op))[0] == '*') {
(gdb) l
189         m_realType.appendParameter(Parameter(name_cc.name(), Type::registerType(tc.type())));
190     }
191
192     void TypeCompiler::visitPtrOperator(PtrOperatorAST* node)
193     {
194         if (token_text(m_session->token_stream->kind(node->op))[0] == '*') {
195             QPair<bool, bool> cv = m_visitor->parseCv(node->cv);
196             pointerDepth.append(cv.first);
197         } else if (token_text(m_session->token_stream->kind(node->op))[0] == '&') {
198             isRef = true;
(gdb) p node
$1 = (PtrOperatorAST *) 0x882062a4
(gdb) p node->op
$2 = 0
(gdb) p m_session
$3 = (ParseSession *) 0xcfbf9fe8
(gdb) p m_session->token_stream
$4 = (TokenStream *) 0x81043e80
(gdb) p *m_session->token_stream
$5 = {tokens = 0x8d9f7000, index = 261265, token_count = 262144}
(gdb) p m_session->token_stream->tokens
$6 = (Token *) 0x8d9f7000
(gdb) p *m_session->token_stream->tokens
$7 = {kind = 0, position = 0, size = 0, session = 0xcfbf9fe8, extra = {right_brace = 0}}
(gdb) l TokenStream::kind
the class TokenStream does not have any method named kind
Hint: try 'TokenStream::kind<TAB> or 'TokenStream::kind<ESC-?>
(Note leading single quote.)
(gdb) l TokenStream::kind
the class TokenStream does not have any method named kind
Hint: try 'TokenStream::kind<TAB> or 'TokenStream::kind<ESC-?>
(Note leading single quote.)
(gdb) l token_text
350
351       Q_ASSERT(0);
352       return 0;
353     }
354
355     char const *token_text(int token)
356     {
357       if (token >= 32 && token <= 127)
358         {
359           return _S_printable[token - 32];
(gdb) l
360         }
361       else if (token >= 1000)
362         {
363           return _S_token_texts[token - 1000];
364         }
365
366       return 0;
367     }
(gdb) p _S_printable
$8 = {" ", "!", "\"", "#", "$", "%", "&", "'", "(", ")", "*", "+", ",", "-", ".", "/", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", ":", ";", "<", "=", ">", "?", "@", "A", "B",
  "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "[", "\\", "]", "^", "_", "`", "a", "b", "c", "d", "e",
  "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "{", "|", "}", "~", "\177", "\200"}
(gdb) p _S_token_texts
$9 = {0x2c6bb290 "K_DCOP", 0x2c6bb297 "Q_OBJECT", 0x2c6bb2b2 "__attribute__", 0x2c6bb2c0 "__typeof", 0x2c6bb891 "&&", 0x2c6bb894 "&=", 0x2c6bbed0 ">", 0x2c6bb2d0 "asm",
  0x2c6bb897 "==", 0x2c6bb2d4 "auto", 0x2c6bbf8f "&", 0x2c6bb8e6 "|", 0x2c6bb2e6 "bool", 0x2c6bb2eb "break", 0x2c6bb2f1 "case", 0x2c6bb2f6 "catch", 0x2c6bb2fc "char",
  0x2c6bb89a "char_literal", 0x2c6bb301 "class", 0x2c6bb8a7 "comment", 0x2c6bb8af "~", 0x2c6bb8b1 "concat", 0x2c6bb30d "const", 0x2c6bb313 "const_cast", 0x2c6bb31e "continue",
  0x2c6bb8b8 "--", 0x2c6bb327 "default", 0x2c6bb32f "delete", 0x2c6bb336 "do", 0x2c6bb339 "double", 0x2c6bb340 "dynamic_cast", 0x2c6bb8bb "...", 0x2c6bb34d "else",
  0x2c6bb352 "emit", 0x2c6bb357 "enum", 0x2c6bb897 "==", 0x2c6bb35c "explicit", 0x2c6bb365 "export", 0x2c6bb36c "extern", 0x2c6bb373 "false", 0x2c6bb379 "float", 0x2c6bb37f "for",
  0x2c6bb383 "friend", 0x2c6bb8bf ">=", 0x2c6bb38a "goto", 0x2c6bb8c2 "identifier", 0x2c6bc45c "if", 0x2c6bb8cd "++", 0x2c6bb394 "inline", 0x2c6bb39b "int", 0x2c6bb39f "k_dcop",
  0x2c6bb3a6 "k_dcop_signals", 0x2c6bb8d0 "<=", 0x2c6bb3b5 "long", 0x2c6bb3ba "mutable", 0x2c6bb3c2 "namespace", 0x2c6bb3cc "new", 0x2c6bbf9b "!", 0x2c6bb8d3 "!=",
  0x2c6bb8d6 "number_literal", 0x2c6bb3db "operator", 0x2c6bb8e5 "||", 0x2c6bb8e8 "|=", 0x2c6bb8eb "preproc", 0x2c6bb3e4 "private", 0x2c6bb3ec "protected", 0x2c6bb8f3 "ptrmem",
  0x2c6bb3f6 "public", 0x2c6bb3fd "register", 0x2c6bb406 "reinterpret_cast", 0x2c6bb417 "return", 0x2c6bb8fa "::", 0x2c6bb8fd "shift", 0x2c6bb41e "short", 0x2c6bb3ad "signals",
  0x2c6bb48a "signed", 0x2c6bb424 "sizeof", 0x2c6bb4ad "size_t", 0x2c6bb42b "slots", 0x2c6bb431 "static", 0x2c6bb438 "static_cast", 0x2c6bb903 "string_literal", 0x2c6bb444 "struct",
  0x2c6bb44b "switch", 0x2c6bb452 "template", 0x2c6bb50e "this", 0x2c6bb45b "throw", 0x2c6bb461 "true", 0x2c6bb466 "try", 0x2c6bb46a "typedef", 0x2c6bb472 "typeid",
  0x2c6bb479 "typename", 0x2c6bb482 "union", 0x2c6bb488 "unsigned", 0x2c6bb491 "using", 0x2c6bb497 "virtual", 0x2c6bb49f "void", 0x2c6bb4a4 "volatile", 0x2c6bb4b4 "wchar_t",
  0x2c6bb4bc "while", 0x2c6bb912 "whitespaces", 0x2c6bb91e "^", 0x2c6bb920 "^="}
(gdb) f 1
#1  0x0c6d35a7 in Visitor::visit (this=0xcfbf9804, node=0x882062a4) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/parser/visitor.cpp:113
113         (this->*_S_table[node->kind])(node);
(gdb) f 0
#0  0x1c031db7 in TypeCompiler::visitPtrOperator (this=0xcfbf9804, node=0x882062a4) at /usr/ports/pobj/smokegen-4.7.1/smokegen-4.7.1/type_compiler.cpp:194
194         if (token_text(m_session->token_stream->kind(node->op))[0] == '*') {
(gdb) l
189         m_realType.appendParameter(Parameter(name_cc.name(), Type::registerType(tc.type())));
190     }
191
192     void TypeCompiler::visitPtrOperator(PtrOperatorAST* node)
193     {
194         if (token_text(m_session->token_stream->kind(node->op))[0] == '*') {
195             QPair<bool, bool> cv = m_visitor->parseCv(node->cv);
196             pointerDepth.append(cv.first);
197         } else if (token_text(m_session->token_stream->kind(node->op))[0] == '&') {
198             isRef = true;
(gdb) l
199         }
200     }
201
202     void TypeCompiler::visitSimpleTypeSpecifier(SimpleTypeSpecifierAST *node)
203     {
204       if (const ListNode<std::size_t> *it = node->integrals)
205         {
206           it = it->toFront();
207           const ListNode<std::size_t> *end = it;
208           do
(gdb)
Comment 1 Vadim Zhukov 2011-11-05 21:31:00 UTC 
Bug still persists in 4.7.3.

If noone want/can debug the problem, maybe just some clues to help me getting it fixed myself? Thanks in advance.
Comment 2 Arno Rehn 2011-11-06 13:27:47 UTC 
I can't reproduce it myself, but I'm working on replacing our current parser with the one from QtCreator, which should hopefully fix it.

Looking at your backtrace and gdb output, I can't understand what's going wrong. There's no null pointer or other stuff going on, so I suspect it's trying to access memory that's already been free'd.
One thing you can try is commenting out header files in akonadi/akonadi_includes.h and see if that fixes it. Once you've found the culprit, look into this header file and search for some 'unusual' C++ that the parser might not be able to handle properly.

Other than that, I don't have any ideas, sorry.
Comment 3 Vadim Zhukov 2011-11-06 13:53:42 UTC 
Thank you very much! I'll go the way you offered and try to narrow the problem down.

If there are any patches regarding QtCreator parser, I could test them. Are they planned for 4.8 or later?

Thanks again for your reply.
Comment 4 Rex Dieter 2011-12-03 15:17:53 UTC 
Try this
http://pkgs.fedoraproject.org/gitweb/?p=smokegen.git;a=blob;f=smokegen-4.7.0-crash.patch
it's a quick-fix we found when valgrind'ing smokegen way back when, not sure how or why it never landed upstream.
Comment 5 Arno Rehn 2011-12-03 16:55:56 UTC 
Oh, i've never seen that patch. thanks :) will apply it. if this fixes it for everybody else, please say so and I'm going to mark this bug as fixed.
Comment 6 Andrea Scarpino 2011-12-03 17:15:47 UTC 
Fedora's patch seems to work fine. After I apply that patch I built every kdebindings-* with no issues.
Comment 7 Arno Rehn 2011-12-03 17:17:45 UTC 
Git commit 50f01c2d6b28110f8517a77960e456c1125bdb6e by Arno Rehn.
Committed on 03/12/2011 at 17:57.
Pushed by arnorehn into branch 'KDE/4.7'.

fix a crash when generating the akonadi bindings

BUG: 283677

M  +2    -0    type_compiler.cpp

http://commits.kde.org/smokegen/50f01c2d6b28110f8517a77960e456c1125bdb6e
Comment 8 Arno Rehn 2011-12-03 17:17:46 UTC 
Git commit 03d211e51f88c3d2cf26e165d45119f2f28d3731 by Arno Rehn.
Committed on 03/12/2011 at 17:57.
Pushed by arnorehn into branch 'master'.

fix a crash when generating the akonadi bindings

BUG: 283677

M  +2    -0    type_compiler.cpp

http://commits.kde.org/smokegen/03d211e51f88c3d2cf26e165d45119f2f28d3731
Comment 9 Arno Rehn 2011-12-08 15:41:26 UTC 
*** Bug 288436 has been marked as a duplicate of this bug. ***
Comment 10 Arno Rehn 2011-12-12 13:39:11 UTC 
*** Bug 288758 has been marked as a duplicate of this bug. ***