Bug 341709

Summary:	Crash while importing C++ code from existing project
Product:	[Applications] umbrello	Reporter:	Guus <gbonnema>
Component:	general	Assignee:	Umbrello Development Group <umbrello-devel>
Status:	RESOLVED FIXED
Severity:	crash	CC:	okellogg, ralf.habacker
Priority:	NOR	Keywords:	drkonqi
Version:	unspecified
Target Milestone:	---
Platform:	Fedora RPMs
OS:	Linux
Latest Commit:	http://commits.kde.org/umbrello/e9c3cfbd5c9cf9acd7343589e52f2c15e309c570	Version Fixed In:	2.15.0 (KDE 14.12.0)
Sentry Crash Report:
Attachments:	checker.tar.gz

Description Guus 2014-12-09 20:07:14 UTC

Application: umbrello (2.14.3)
KDE Platform Version: 4.14.3
Qt Version: 4.8.6
Operating System: Linux 3.17.4-200.fc20.x86_64 x86_64
Distribution (Platform): Fedora RPMs

-- Information about the crash:
- What I was doing when the application crashed:
I loaded the source of a project someone else had been writing. While importing the code (it is in C++), the handler showed progress in the status bar. Somewhere during the processing it crashed. When repeating the action, the result is the same.

I am running umbrello through gnome.

The crash can be reproduced every time.

-- Backtrace:
Application: Umbrello UML Modeller (umbrello), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
81	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[Current thread is 1 (Thread 0x7f9a3578c8c0 (LWP 8096))]

Thread 4 (Thread 0x7f9a15ede700 (LWP 8099)):
#0  0x00007f9a3076071d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f9a2c4875b4 in g_main_context_poll (priority=2147483647, n_fds=1, fds=0x7f9a100010c0, timeout=-1, context=0x26f8f90) at gmain.c:4007
#2  g_main_context_iterate (context=0x26f8f90, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3708
#3  0x00007f9a2c487a3a in g_main_loop_run (loop=0x26f8f20) at gmain.c:3907
#4  0x00007f9a1f916376 in gdbus_shared_thread_func (user_data=0x26f8f60) at gdbusprivate.c:278
#5  0x00007f9a2c4aca45 in g_thread_proxy (data=0x271c370) at gthread.c:798
#6  0x00007f9a3154eee5 in start_thread (arg=0x7f9a15ede700) at pthread_create.c:309
#7  0x00007f9a3076ab8d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 3 (Thread 0x7f9a156dd700 (LWP 8100)):
#0  0x00007f9a3076071d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f9a2c4875b4 in g_main_context_poll (priority=2147483647, n_fds=2, fds=0x7f9a080008c0, timeout=-1, context=0x2757bf0) at gmain.c:4007
#2  g_main_context_iterate (context=context@entry=0x2757bf0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3708
#3  0x00007f9a2c4876dc in g_main_context_iteration (context=0x2757bf0, may_block=may_block@entry=1) at gmain.c:3774
#4  0x00007f9a2c487729 in glib_worker_main (data=<optimized out>) at gmain.c:5473
#5  0x00007f9a2c4aca45 in g_thread_proxy (data=0x271d5e0) at gthread.c:798
#6  0x00007f9a3154eee5 in start_thread (arg=0x7f9a156dd700) at pthread_create.c:309
#7  0x00007f9a3076ab8d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 2 (Thread 0x7f99f92bf700 (LWP 8102)):
#0  0x00007f9a3076071d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f9a2c4875b4 in g_main_context_poll (priority=2147483647, n_fds=1, fds=0x7f99f4001fb0, timeout=-1, context=0x7f99f40009a0) at gmain.c:4007
#2  g_main_context_iterate (context=context@entry=0x7f99f40009a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3708
#3  0x00007f9a2c4876dc in g_main_context_iteration (context=0x7f99f40009a0, may_block=1) at gmain.c:3774
#4  0x00007f9a3191943e in QEventDispatcherGlib::processEvents (this=0x7f99f40008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:452
#5  0x00007f9a318e938f in QEventLoop::processEvents (this=this@entry=0x7f99f92becc0, flags=...) at kernel/qeventloop.cpp:149
#6  0x00007f9a318e96dd in QEventLoop::exec (this=this@entry=0x7f99f92becc0, flags=...) at kernel/qeventloop.cpp:204
#7  0x00007f9a317dde5f in QThread::exec (this=this@entry=0x30124a0) at thread/qthread.cpp:538
#8  0x00007f9a318c9de3 in QInotifyFileSystemWatcherEngine::run (this=0x30124a0) at io/qfilesystemwatcher_inotify.cpp:265
#9  0x00007f9a317e069f in QThreadPrivate::start (arg=0x30124a0) at thread/qthread_unix.cpp:349
#10 0x00007f9a3154eee5 in start_thread (arg=0x7f99f92bf700) at pthread_create.c:309
#11 0x00007f9a3076ab8d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 1 (Thread 0x7f9a3578c8c0 (LWP 8096)):
[KCrash Handler]
#6  UMLListViewItem::updateObject (this=0x0) at /usr/src/debug/umbrello-4.14.3/umbrello/umllistviewitem.cpp:338
#7  0x0000000000509dae in Import_Utils::createUMLObject (type=type@entry=UMLObject::ot_Class, inName=..., parentPkg=<optimized out>, comment=..., stereotype=..., searchInParentPackageOnly=searchInParentPackageOnly@entry=false) at /usr/src/debug/umbrello-4.14.3/umbrello/codeimport/import_utils.cpp:246
#8  0x00000000004fd8ef in CppTree2Uml::parseBaseClause (this=0x7fffaf6bd2f0, baseClause=<optimized out>, klass=0x4637f60) at /usr/src/debug/umbrello-4.14.3/umbrello/codeimport/kdevcppparser/cpptree2uml.cpp:613
#9  0x00000000004ff2ac in CppTree2Uml::parseClassSpecifier (this=0x7fffaf6bd2f0, ast=0x4a3a4a0) at /usr/src/debug/umbrello-4.14.3/umbrello/codeimport/kdevcppparser/cpptree2uml.cpp:370
#10 0x00000000004f84a0 in TreeParser::parseTypeSpecifier (this=0x7fffaf6bd2f0, typeSpec=0x4a3a4a0) at /usr/src/debug/umbrello-4.14.3/lib/cppparser/tree_parser.cpp:176
#11 0x00000000004fc6d2 in CppTree2Uml::parseSimpleDeclaration (this=0x7fffaf6bd2f0, ast=0x4941f40) at /usr/src/debug/umbrello-4.14.3/umbrello/codeimport/kdevcppparser/cpptree2uml.cpp:239
#12 0x00000000004f7a35 in TreeParser::parseDeclaration (this=0x7fffaf6bd2f0, declaration=0x4941f40) at /usr/src/debug/umbrello-4.14.3/lib/cppparser/tree_parser.cpp:89
#13 0x00000000004f7682 in TreeParser::parseTranslationUnit (this=this@entry=0x7fffaf6bd2f0, translationUnit=...) at /usr/src/debug/umbrello-4.14.3/lib/cppparser/tree_parser.cpp:48
#14 0x00000000004fcb53 in CppTree2Uml::parseTranslationUnit (this=this@entry=0x7fffaf6bd2f0, file=...) at /usr/src/debug/umbrello-4.14.3/umbrello/codeimport/kdevcppparser/cpptree2uml.cpp:67
#15 0x000000000051aba2 in CppImport::feedTheModel (this=this@entry=0x2c26df0, fileName=...) at /usr/src/debug/umbrello-4.14.3/umbrello/codeimport/cppimport.cpp:102
#16 0x000000000051b51f in CppImport::parseFile (this=0x2c26df0, fileName=...) at /usr/src/debug/umbrello-4.14.3/umbrello/codeimport/cppimport.cpp:163
#17 0x0000000000504970 in importFile (fileName=..., this=0x2c26df0) at /usr/src/debug/umbrello-4.14.3/umbrello/codeimport/classimport.cpp:97
#18 ClassImport::importFiles (this=this@entry=0x2c26df0, fileNames=...) at /usr/src/debug/umbrello-4.14.3/umbrello/codeimport/classimport.cpp:81
#19 0x00000000006a730e in UMLApp::importFiles (this=this@entry=0x298cd00, fileList=fileList@entry=0x7fffaf6bd810) at /usr/src/debug/umbrello-4.14.3/umbrello/uml.cpp:2613
#20 0x00000000006a7bb5 in importFiles (fileList=0x7fffaf6bd810, this=0x298cd00) at /usr/src/debug/umbrello-4.14.3/umbrello/uml.cpp:2605
#21 UMLApp::slotImportProject (this=0x298cd00) at /usr/src/debug/umbrello-4.14.3/umbrello/uml.cpp:2666
#22 0x00007f9a318ff37a in QMetaObject::activate (sender=sender@entry=0x2c1fc20, m=m@entry=0x7f9a332ad840 <QAction::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7fffaf6bd990) at kernel/qobject.cpp:3567
#23 0x00007f9a327d0862 in QAction::triggered (this=this@entry=0x2c1fc20, _t1=false) at .moc/release-shared/moc_qaction.cpp:276
#24 0x00007f9a327d23f7 in QAction::activate (this=this@entry=0x2c1fc20, event=event@entry=QAction::Trigger) at kernel/qaction.cpp:1257
#25 0x00007f9a32c1b67d in QMenuPrivate::activateCausedStack (this=this@entry=0x2d228e0, causedStack=..., action=action@entry=0x2c1fc20, action_e=action_e@entry=QAction::Trigger, self=self@entry=true) at widgets/qmenu.cpp:1037
#26 0x00007f9a32c1ff19 in QMenuPrivate::activateAction (this=0x2d228e0, action=0x2c1fc20, action_e=action_e@entry=QAction::Trigger, self=self@entry=true) at widgets/qmenu.cpp:1129
#27 0x00007f9a32c23a85 in QMenu::mouseReleaseEvent (this=this@entry=0x2d02b00, e=e@entry=0x7fffaf6be140) at widgets/qmenu.cpp:2371
#28 0x00007f9a335f7ffb in KMenu::mouseReleaseEvent (this=0x2d02b00, e=0x7fffaf6be140) at /usr/src/debug/kdelibs-4.14.3/kdeui/widgets/kmenu.cpp:464
#29 0x00007f9a32829cc8 in QWidget::event (this=this@entry=0x2d02b00, event=event@entry=0x7fffaf6be140) at kernel/qwidget.cpp:8389
#30 0x00007f9a32c23f6b in QMenu::event (this=0x2d02b00, e=0x7fffaf6be140) at widgets/qmenu.cpp:2480
#31 0x00007f9a327d6e5c in QApplicationPrivate::notify_helper (this=0x2626ae0, receiver=0x2d02b00, e=0x7fffaf6be140) at kernel/qapplication.cpp:4565
#32 0x00007f9a327dd8f1 in QApplication::notify (this=this@entry=0x7fffaf6be970, receiver=receiver@entry=0x2d02b00, e=e@entry=0x7fffaf6be140) at kernel/qapplication.cpp:4108
#33 0x00007f9a335374fa in KApplication::notify (this=0x7fffaf6be970, receiver=0x2d02b00, event=0x7fffaf6be140) at /usr/src/debug/kdelibs-4.14.3/kdeui/kernel/kapplication.cpp:311
#34 0x00007f9a318ea8fd in QCoreApplication::notifyInternal (this=0x7fffaf6be970, receiver=0x2d02b00, event=0x7fffaf6be140) at kernel/qcoreapplication.cpp:953
#35 0x00007f9a327dd067 in QApplicationPrivate::sendMouseEvent (receiver=0x2d02b00, event=0x7fffaf6be140, alienWidget=0x0, nativeWidget=0x2d02b00, buttonDown=<optimized out>, lastMouseReceiver=..., spontaneous=true) at ../../src/corelib/kernel/qcoreapplication.h:231
#36 0x00007f9a3285296c in QETWidget::translateMouseEvent (this=0x2d02b00, event=<optimized out>) at kernel/qapplication_x11.cpp:4474
#37 0x00007f9a328510ac in QApplication::x11ProcessEvent (this=0x7fffaf6be970, event=event@entry=0x7fffaf6be480) at kernel/qapplication_x11.cpp:3663
#38 0x00007f9a32878ac4 in x11EventSourceDispatch (s=s@entry=0x2625620, callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:148
#39 0x00007f9a2c4872a6 in g_main_dispatch (context=0x25ed870) at gmain.c:3066
#40 g_main_context_dispatch (context=context@entry=0x25ed870) at gmain.c:3642
#41 0x00007f9a2c487628 in g_main_context_iterate (context=context@entry=0x25ed870, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3713
#42 0x00007f9a2c4876dc in g_main_context_iteration (context=0x25ed870, may_block=1) at gmain.c:3774
#43 0x00007f9a3191941e in QEventDispatcherGlib::processEvents (this=0x2627730, flags=...) at kernel/qeventdispatcher_glib.cpp:450
#44 0x00007f9a32878c46 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:207
#45 0x00007f9a318e938f in QEventLoop::processEvents (this=this@entry=0x7fffaf6be870, flags=...) at kernel/qeventloop.cpp:149
#46 0x00007f9a318e96dd in QEventLoop::exec (this=this@entry=0x7fffaf6be870, flags=...) at kernel/qeventloop.cpp:204
#47 0x00007f9a318eeda9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1225
#48 0x00007f9a327d54dc in QApplication::exec () at kernel/qapplication.cpp:3823
#49 0x000000000043c5aa in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/umbrello-4.14.3/umbrello/main.cpp:123

Reported using DrKonqi

Comment 1 Ralf Habacker 2014-12-10 07:25:55 UTC

>#6 UMLListViewItem::updateObject (this=0x0) at /usr/src/debug/umbrello-4.14.3/umbrello/umllistviewitem.cpp:338 
>#7 0x0000000000509dae in Import_Utils::createUMLObject (type=type@entry=UMLObject::ot_Class, inName=..., parentPkg=<optimized out>, comment=..., stereotype=..., searchInParentPackageOnly=searchInParentPackageOnly@entry=false) at /usr/src/debug/umbrello-4.14.3/umbrello/codeimport/import_utils.cpp:246

The listed backtrace belongs to the following code fragment from umbrello/codeimport/import_utils.cpp:

UMLObject *createUMLObject(UMLObject::ObjectType type,
                           const QString& inName,
                           UMLPackage *parentPkg,
                           const QString& comment,
                           const QString& stereotype,
                           bool searchInParentPackageOnly)
... 
246             UMLListViewItem *item = UMLApp::app()->listView()->findUMLObject(o);
                    item->updateObject();

The related entry in the list view is created by a signal/slot connection. It looks that the related class is not created in the list view yet.

Comment 2 Ralf Habacker 2014-12-10 07:27:16 UTC

Git commit c359c26780de7463750166b0f73c565fce52a59e by Ralf Habacker.
Committed on 10/12/2014 at 07:17.
Pushed by habacker into branch 'Applications/14.12'.

Fix 'Crash while importing C++ code from existing project'.

On importing code UML objects are created on the fly. The
related list view item is afterwards created by a signal/slot
connection. There are cases where this seems to be delayed,
so we need to check if the list view item is really present.
FIXED-IN:2.15.0 (KDE 14.12.0)

M  +2    -1    umbrello/codeimport/import_utils.cpp

http://commits.kde.org/umbrello/c359c26780de7463750166b0f73c565fce52a59e

Comment 3 Guus 2014-12-10 10:22:54 UTC

On 10-12-14 08:27, Ralf Habacker wrote:
> https://bugs.kde.org/show_bug.cgi?id=341709
>
> Ralf Habacker <ralf.habacker@freenet.de> changed:
>
>             What    |Removed                     |Added
> ----------------------------------------------------------------------------
>     Version Fixed In|                            |2.15.0 (KDE 14.12.0)
>           Resolution|---                         |FIXED
>        Latest Commit|                            |http://commits.kde.org/umbr
>                     |                            |ello/c359c26780de7463750166
>                     |                            |b0f73c565fce52a59e
>               Status|CONFIRMED                   |RESOLVED
>
> --- Comment #2 from Ralf Habacker <ralf.habacker@freenet.de> ---
> Git commit c359c26780de7463750166b0f73c565fce52a59e by Ralf Habacker.
> Committed on 10/12/2014 at 07:17.
> Pushed by habacker into branch 'Applications/14.12'.
>
> Fix 'Crash while importing C++ code from existing project'.
>
> On importing code UML objects are created on the fly. The
> related list view item is afterwards created by a signal/slot
> connection. There are cases where this seems to be delayed,
> so we need to check if the list view item is really present.
> FIXED-IN:2.15.0 (KDE 14.12.0)

Hey Ralf,

While reading up on Qt I saw somewhere that Qt delays signals until they 
can be processed in their own thread. Could this explain the delay we 
are experiencing here? Probably the application would have to be 
multithreaded for that to happen.
Maybe this explains the delay.

>
> M  +2    -1    umbrello/codeimport/import_utils.cpp
>
> http://commits.kde.org/umbrello/c359c26780de7463750166b0f73c565fce52a59e
>

Comment 4 Ralf Habacker 2014-12-10 11:16:15 UTC

(In reply to Guus from comment #3)
> While reading up on Qt I saw somewhere that Qt delays signals until they 
> can be processed in their own thread. Could this explain the delay we 
> are experiencing here? Probably the application would have to be 
> multithreaded for that to happen.
> Maybe this explains the delay.
> 
From the related code path the following happens:

Object_Factory::createUMLObject() 
        calls Object_Factory::createNewUMLObject() 
        which 
               1. creates the object
               2. add it to the undo list
               3. signals object creation (UMLApp::app()->document()->signalUMLObjectCreated(o);)
               4. call qApp->processEvents() to handle signals/slots  
               5. return

The list view is connected to the signal mentioned in 3.  It creates the list view entry and adds it to the list view. The question is if this is completly handled by 4. 

To be sure about that, a test case header file is required.

Comment 5 Guus 2014-12-10 11:22:26 UTC

On 10-12-14 12:16, Ralf Habacker wrote:
> https://bugs.kde.org/show_bug.cgi?id=341709
>
>  From the related code path the following happens:
>
> Object_Factory::createUMLObject()
>          calls Object_Factory::createNewUMLObject()
>          which
>                 1. creates the object
>                 2. add it to the undo list
>                 3. signals object creation
> (UMLApp::app()->document()->signalUMLObjectCreated(o);)
>                 4. call qApp->processEvents() to handle signals/slots
>                 5. return
>
> The list view is connected to the signal mentioned in 3.  It creates the list
> view entry and adds it to the list view. The question is if this is completly
> handled by 4.
>
> To be sure about that, a test case header file is required.
>
Do you need anything from me?

Comment 6 Ralf Habacker 2014-12-10 11:31:56 UTC

(In reply to Guus from comment #5)
> > To be sure about that, a test case header file is required.
> >
> Do you need anything from me?

You wrote: 
> I loaded the source of a project someone else had been writing. While importing the code (it is in
> C++), the handler showed progress in the status bar. Somewhere during the processing it
> crashed. When repeating the action, the result is the same. 
One of the imported files triggers this issue, so if it would be possible to get this related file, the problem could be reproduced in the debugger. 
In the case that you are not allowed to publish this files, it would be nice to have a stripped down test file with which the behavior could be reproduced. 
Another option would be, that you compile umbrello from master or Applications/14.12 branch by yourself and check if the issue is fixed. The issue has been fixed with the commit mentioned in the "Latest commit" field.

Comment 7 Guus 2014-12-10 12:11:50 UTC

Created attachment 89902 [details]
checker.tar.gz

On 10-12-14 12:31, Ralf Habacker wrote:
> https://bugs.kde.org/show_bug.cgi?id=341709
>
> --- Comment #6 from Ralf Habacker <ralf.habacker@freenet.de> ---
> (In reply to Guus from comment #5)
>>> To be sure about that, a test case header file is required.
>>>
>> Do you need anything from me?
> You wrote:
>> I loaded the source of a project someone else had been writing. While importing the code (it is in
>> C++), the handler showed progress in the status bar. Somewhere during the processing it
>> crashed. When repeating the action, the result is the same.
> One of the imported files triggers this issue, so if it would be possible to
> get this related file, the problem could be reproduced in the debugger.
> In the case that you are not allowed to publish this files, it would be nice to
> have a stripped down test file with which the behavior could be reproduced.
> Another option would be, that you compile umbrello from master or
> Applications/14.12 branch by yourself and check if the issue is fixed. The
> issue has been fixed with the commit mentioned in the "Latest commit" field.
>
I just obtained permission to upload. It appears the bulk of the source 
is Apache licensed, the lib part is GPLv3 licensed, according to the 
author. I also pointed out he did not cite GPL anywhere in the source 
code and he indicated this a "todo". So, I will copy the source code and 
attach it as tar.gz file.

Kind regards, Guus.

Comment 8 Ralf Habacker 2014-12-11 10:51:09 UTC

Thanks for providing the test case. The committed patch fixed one problem, but there are still more crash cases.

Comment 9 Ralf Habacker 2014-12-11 10:51:26 UTC

Git commit 6de2d9308680a7c7755e66eddb937db85dfc46a7 by Ralf Habacker.
Committed on 11/12/2014 at 10:48.
Pushed by habacker into branch 'Applications/14.12'.

Add dynamic cast test to be sure we can trust getting zero pointer for invalid casts.

M  +21   -0    unittests/TEST_basictypes.cpp

http://commits.kde.org/umbrello/6de2d9308680a7c7755e66eddb937db85dfc46a7

Comment 10 Guus 2014-12-11 11:08:39 UTC

On 11-12-14 11:51, Ralf Habacker wrote:
> https://bugs.kde.org/show_bug.cgi?id=341709
>
> Ralf Habacker <ralf.habacker@freenet.de> changed:
>
>             What    |Removed                     |Added
> ----------------------------------------------------------------------------
>               Status|RESOLVED                    |REOPENED
>           Resolution|FIXED                       |---
>
> --- Comment #8 from Ralf Habacker <ralf.habacker@freenet.de> ---
> Thanks for providing the test case. The committed patch fixed one problem, but
> there are still more crash cases.
>
This does not come as a surprise: the problem of re-engineering from 
code to UML is a non-trivial problem to say the least: it may be very 
hard to solve. When I encountered it I suspected there would be more 
where that came from. I am very interested, because with the errors gone 
it is much easier to study code, starting from the UML. I have only 
started studying C++ (I come from a Java environment) and UML gives a 
great entry to complex code, if it is well designed.

Thanks for your efforts!

Kind regards, Guus.

Comment 11 Ralf Habacker 2014-12-11 12:59:00 UTC

(In reply to Ralf Habacker from comment #9)
...
> Add dynamic cast test to be sure we can trust getting zero pointer for
> invalid casts.

There is a surprising dynamic_cast problem inModel_Utils::findUMLObject()

At line 202 there is an access to the package child objects:
202:          UMLObjectList objectsInCurrentScope = pkg->containedObjects();

Child objects are supported from UMLPackage and higher derived classes.

UMLObject<- UMLCancasObject<-UMLPackage
                      <- UMLAssociation

In the crash case the package is an UMLAssociation instance, which does support objects.

I added a dedicated dynamic_cast to check this case 
+            UMLPackage *p = dynamic_cast<UMLPackage*>(pkg);
+           qDebug() << p << pkg
            UMLObjectList objectsInCurrentScope = pkg->containedObjects();

and expected to get p == 0 but got

          UMLAssociation(0x1954da0, name = "UMLObject")  UMLAssociation(0x1954da0, name = "UMLObject") 

which means p == 0x1954da0, which is *NOT* zero and indicates that dynamic_cast fails in this context and result into the crash accessing invalid class instance member.

In the opposite a simple testcase 

UMLObject *a = new UMLAssociation;
UMLObject *p = new UMLPackage;

UMLPackage *p1 = dynamic_cast<UMLPackage*>(a)
qDebug() << p1;
UMLPackage *p2 = dynamic_cast<UMLPackage*>(p)
qDebug() << p2;

returns p1 == 0 and p2 != 0 as expected

Comment 12 Ralf Habacker 2014-12-11 13:30:11 UTC

Git commit 713fe83d4a105e5abe734b95b2ef983954e50e04 by Ralf Habacker.
Committed on 11/12/2014 at 13:18.
Pushed by habacker into branch 'Applications/14.12'.

Fix another 'Crash while importing C++ code from existing project'.

Exclude non UMLPackage based uml objects from accessing not present
m_objects member in Model_Utils::findUMLObject().

A common solution would be to solve the dynamic_cast<UMLPackage*>()
failure (see bug) or to add a virtual bool canHaveObjects() method
to UMLObject, which returns false by default and true for classes
derived from UMLPackage to guard the access to m_objects.

M  +12   -0    umbrello/model_utils.cpp

http://commits.kde.org/umbrello/713fe83d4a105e5abe734b95b2ef983954e50e04

Comment 13 Oliver Kellogg 2014-12-11 18:29:43 UTC

(In reply to Ralf Habacker from comment #11)
> There is a surprising dynamic_cast problem inModel_Utils::findUMLObject()
> 
> At line 202 there is an access to the package child objects:
> 202:          UMLObjectList objectsInCurrentScope = pkg->containedObjects();
> [...]
> In the crash case the package is an UMLAssociation instance, which does
> support objects.

I don't understand: UMLAssociation is not derived from UMLPackage.
In fact, in line 179:
        if (pkg == NULL || pkg->baseType() == UMLObject::ot_Association)
            pkg = currentObj->umlPackage();
the RHS of the "||" should never become true (?)

Comment 14 Andi Fischer 2014-12-11 22:19:26 UTC

Git commit e9c3cfbd5c9cf9acd7343589e52f2c15e309c570 by Andi Fischer, on behalf of Ralf Habacker.
Committed on 10/12/2014 at 07:17.
Pushed by fischer into branch 'frameworks'.

Fix 'Crash while importing C++ code from existing project'.

On importing code UML objects are created on the fly. The
related list view item is afterwards created by a signal/slot
connection. There are cases where this seems to be delayed,
so we need to check if the list view item is really present.
FIXED-IN:2.15.0 (KDE 14.12.0)

M  +2    -1    umbrello/codeimport/import_utils.cpp

http://commits.kde.org/umbrello/e9c3cfbd5c9cf9acd7343589e52f2c15e309c570

Comment 15 Ralf Habacker 2014-12-12 07:47:01 UTC

(In reply to Ralf Habacker from comment #11)
> In the crash case the package is an UMLAssociation instance, which does support objects.
.. wording mistake, it should be 
> In the crash case the package is an UMLAssociation instance, which does *NOT* support objects.

Comment 16 Ralf Habacker 2014-12-12 08:55:43 UTC

(In reply to Oliver Kellogg from comment #13)
> (In reply to Ralf Habacker from comment #11)
> > There is a surprising dynamic_cast problem inModel_Utils::findUMLObject()
> > 
> > At line 202 there is an access to the package child objects:
> > 202:          UMLObjectList objectsInCurrentScope = pkg->containedObjects();
> > [...]
> > In the crash case the package is an UMLAssociation instance, which does
> > support objects.
> 
> I don't understand: UMLAssociation is not derived from UMLPackage.
I also do not understand the reason why a dynamic_cast<UMLPackage*> of an UMLAssociation instance does not return 0. :-(

> In fact, in line 179:
>         if (pkg == NULL || pkg->baseType() == UMLObject::ot_Association)
>             pkg = currentObj->umlPackage();
> the RHS of the "||" should never become true (?)

This is not the source of the problem. The probolem happens later in the loop 

To see some details I added the following code:

#define EMBED_BREAKPOINT  asm volatile ("int3;")

        for (; pkg; pkg = currentObj->umlPackage()) {
            if (pkg->umlPackage() && pkg->umlPackage()->baseType() == UMLObject::ot_Association) {
                qDebug() << "1" << pkg << pkg->umlPackage() << pkg->umlPackage()->umlPackage();
                UMLPackage *p = dynamic_cast<UMLPackage*>(pkg->umlPackage());
                qDebug() << "2" << p;
                EMBED_BREAKPOINT;
            }

imported the appended test case and got a break with the following output: 
1 UMLClassifier(0x3ff3ef0, name = "UMLObject") UMLAssociation(0x197a7e0, name = "UMLObject") UMLFolder(0xe405b0, name = "UMLObject") 
2 UMLAssociation(0x197a7e0, name = "UMLObject") 

1. shows that an UMLAssociation instance is a parent of an UML Classifier
    - package class name is 'testing' 
    - the parent is a dependency with 
       - Role A - class "ConstraintPackage"
       - Role B - class "ConstraintPackageField"

2. shows a failed dynamic_cast

Comment 17 Ralf Habacker 2014-12-12 09:28:16 UTC

(In reply to Ralf Habacker from comment #16)
> (In reply to Oliver Kellogg from comment #13)
> > (In reply to Ralf Habacker from comment #11)
 
> 1. shows that an UMLAssociation instance is a parent of an UML Classifier
>     - package class name is 'testing' 
>     - the parent is a dependency with 
>        - Role A - class "ConstraintPackage"
>        - Role B - class "ConstraintPackageField"
> 
The related code is in reachability/test_util.h

25: class TestNetwork : public ::testing::Test {

in import_utils.cpp::createUMLObject() line 237 there is called: 
            if (components.count() > 1) {
                typeName = components.back();
                components.pop_back();
                while (components.count()) {
                    QString scopeName = components.front();
                    components.pop_front();
                    o = umldoc->findUMLObject(scopeName, UMLObject::ot_UMLObject, parentPkg);

o returns an UMLAssociation instance named 'testing'

                    if (o) {
                        parentPkg = static_cast<UMLPackage*>(o);

which is casted to an UMLPackage and sets parentPkg not to zero. 

It looks wrong to accept an association as class parent, but the root cause is that dynamic_cast fails to cast an UMLAssociation instance to UMLPackage* to zero. 

BTW: I compiled umbrello on opensuse 13.1 x86_64 with gcc 4.8.1

Comment 18 Ralf Habacker 2014-12-12 10:40:01 UTC

(In reply to Ralf Habacker from comment #17)
> 
> o returns an UMLAssociation instance named 'testing'

This has been fixed with bug 341799