Bug 357630

Summary:	crash when exiting with parser running [KDevelop::BackgroundParser::~BackgroundParser]
Product:	[Applications] kdevelop	Reporter:	RJVB <rjvbertin>
Component:	Language Support: CPP (Clang-based)	Assignee:	kdevelop-bugs-null
Status:	CONFIRMED ---
Severity:	normal	CC:	kfunk, simonandric5
Priority:	NOR
Version:	4.90.90
Target Milestone:	---
Platform:	Compiled Sources
OS:	macOS
Latest Commit:		Version Fixed In:
Sentry Crash Report:
Attachments:	valgrind -v --track-origins=yes --error-limit=no /opt/local/bin/kdevelop5 valgrind --track-origins=yes -v --error-limit=no kdevelop5 (against llvm 3.7) [OS X] valgrind --track-origins=yes --smc-check=all-non-file --error-limit=no kdevelop5 [OS X] valgrind --track-origins=yes --smc-check=all-non-file --error-limit=no kdevelop5

Description RJVB 2016-01-06 20:50:40 UTC

My first crash report for KDevelop5 ...

The IDE was parsing its own source tree (git working copy) after I had run cmake on the project externally (an editor for cmake options is still lacking in the project config).
I quit the application with the parser still running, and got the backtrace copied below

Reproducible: Didn't try

Steps to Reproduce:
1. open a project, say kdevelop itself
2. rerun cmake in the build directory, from a terminal
3. wait until the parser is working and quit KDevelop

Actual Results:  
Process:         kdevelop [75487]
Path:            /Applications/MacPorts/*/kdevelop.app/Contents/MacOS/kdevelop
Identifier:      org.kde.KDevelop
Version:         4.90 (4.90)
Code Type:       X86-64 (Native)
Parent Process:  tcsh [37199]
Responsible:     X11.bin [36815]
User ID:         505

Date/Time:       2016-01-06 21:34:40.587 +0100
OS Version:      Mac OS X 10.9.5 (13F1134)

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000

Application Specific Information:
abort() called
*** error for object 0x7fe89e707ce0: pointer being freed was not allocated
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff91dbc866 __pthread_kill + 10
1   libsystem_pthread.dylib       	0x00007fff8ee4035c pthread_kill + 92
2   libsystem_c.dylib             	0x00007fff89e5cb1a abort + 125
3   libsystem_malloc.dylib        	0x00007fff9434207f free + 411
4   libKF5ThreadWeaver.5.dylib    	0x00000001123ae38a ThreadWeaver::Private::Job_Private::~Job_Private() + 74 (job_p.cpp:44)
5   libKF5ThreadWeaver.5.dylib    	0x00000001123ad929 ThreadWeaver::Job::~Job() + 105 (job.cpp:68)
6   libKF5ThreadWeaver.5.dylib    	0x00000001123ae6a9 ThreadWeaver::IdDecorator::~IdDecorator() + 41 (iddecorator.cpp:52)
7   libKF5ThreadWeaver.5.dylib    	0x00000001123ac337 QtMetaTypePrivate::QMetaTypeFunctionHelper<QSharedPointer<ThreadWeaver::JobInterface>, true>::Destruct(void*) + 39 (qatomic_x86.h:214)
8   org.qt-project.QtCore         	0x0000000110adc8bf QMetaType::destroy(int, void*) + 127 (qmetatype.cpp:1726)
9   org.qt-project.QtCore         	0x0000000110af1c89 QMetaCallEvent::~QMetaCallEvent() + 73 (qobject.cpp:463)
10  org.qt-project.QtCore         	0x0000000110af1d2e QMetaCallEvent::~QMetaCallEvent() + 14 (qobject.cpp:461)
11  org.qt-project.QtCore         	0x0000000110acba36 QCoreApplication::removePostedEvents(QObject*, int) + 1622 (qvarlengtharray.h:108)
12  org.qt-project.QtCore         	0x0000000110af0fd4 QObjectPrivate::~QObjectPrivate() + 228 (qobject.cpp:237)
13  org.qt-project.QtCore         	0x0000000110af10fe QObjectPrivate::~QObjectPrivate() + 14 (qobject.cpp:219)
14  org.qt-project.QtCore         	0x0000000110af2b71 QObject::~QObject() + 1841 (qscopedpointer.h:54)
15  libKDevPlatformLanguage.10.dylib	0x00000001111cbad2 KDevelop::BackgroundParser::~BackgroundParser() + 82 (backgroundparser.cpp:485)
16  org.qt-project.QtCore         	0x0000000110af2d75 QObjectPrivate::deleteChildren() + 245 (qobject.cpp:1943)
17  org.qt-project.QtCore         	0x0000000110af2b40 QObject::~QObject() + 1792 (qobject.cpp:1027)
18  libKDevPlatformShell.10.dylib 	0x000000010d5b9525 KDevelop::LanguageController::~LanguageController() + 53 (languagecontroller.cpp:154)
19  libKDevPlatformShell.10.dylib 	0x000000010d5854e4 KDevelop::CorePrivate::~CorePrivate() + 116 (qsharedpointer_impl.h:588)
20  libKDevPlatformShell.10.dylib 	0x000000010d586444 KDevelop::Core::~Core() + 116 (core.cpp:384)
21  libKDevPlatformShell.10.dylib 	0x000000010d58648e KDevelop::Core::~Core() + 14 (core.cpp:380)
22  org.qt-project.QtCore         	0x0000000110af3748 QObject::event(QEvent*) + 776 (qobject.cpp:4455)
23  org.qt-project.QtWidgets      	0x000000010f80a53b QApplicationPrivate::notify_helper(QObject*, QEvent*) + 251 (qapplication.cpp:3716)
24  org.qt-project.QtWidgets      	0x000000010f80d8f4 QApplication::notify(QObject*, QEvent*) + 8212 (qapplication.cpp:3681)
25  org.qt-project.QtCore         	0x0000000110acb0db QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) + 971 (qthread_p.h:291)
26  org.qt-project.QtCore         	0x0000000110acaa2c QCoreApplication::exec() + 412 (qcoreapplication.cpp:1240)
27  kdevelop.bin                  	0x000000010d53132a main + 54426 (main.cpp:677)
28  libdyld.dylib                 	0x00007fff8e8b05fd start + 1


Expected Results:  
no crash, no abort, no double/illegal free?

This has nothing to do with unloading plugins, correct?
FWIW, Qt5 will stop doing that at exit in a future release to avoid certain types of crashes at exit, and I have observed that this approach also prevents crashes in certain KF5 applications like Kate.

Comment 1 Kevin Funk 2016-01-06 21:06:06 UTC

I think I have seen this on Linux before as well.

A valgrind run might be enlightening...

Comment 2 RJVB 2016-01-06 21:28:58 UTC

Yeah, maybe when I am sure I can reproduce it, and preferably under Linux. Valgrind'ing CPU & memory-hungry processes has been a very efficient way to get KPs on OS X for me so I tend to avoid it.

Comment 3 RJVB 2016-01-07 12:23:35 UTC

When I tried to quit during parsing again:

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: EXC_I386_GPFLT

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libKDevPlatformLanguage.10.dylib	0x0000000111c61611 QtSharedPointer::ExternalRefCountWithCustomDeleter<ThreadWeaver::JobInterface, QtSharedPointer::NormalDeleter>::deleter(QtSharedPointer::ExternalRefCountData*) + 17 (qsharedpointer_impl.h:189)
1   org.qt-project.QtCore         	0x000000011156d8bf QMetaType::destroy(int, void*) + 127 (qmetatype.cpp:1726)
2   org.qt-project.QtCore         	0x0000000111582c89 QMetaCallEvent::~QMetaCallEvent() + 73 (qobject.cpp:463)
3   org.qt-project.QtCore         	0x0000000111582d2e QMetaCallEvent::~QMetaCallEvent() + 14 (qobject.cpp:461)
4   org.qt-project.QtCore         	0x000000011155ca36 QCoreApplication::removePostedEvents(QObject*, int) + 1622 (qvarlengtharray.h:108)
5   org.qt-project.QtCore         	0x0000000111581fd4 QObjectPrivate::~QObjectPrivate() + 228 (qobject.cpp:237)
6   org.qt-project.QtCore         	0x00000001115820fe QObjectPrivate::~QObjectPrivate() + 14 (qobject.cpp:219)
7   org.qt-project.QtCore         	0x0000000111583b71 QObject::~QObject() + 1841 (qscopedpointer.h:54)
8   libKDevPlatformLanguage.10.dylib	0x0000000111c5aad2 KDevelop::BackgroundParser::~BackgroundParser() + 82 (backgroundparser.cpp:489)
9   org.qt-project.QtCore         	0x0000000111583d75 QObjectPrivate::deleteChildren() + 245 (qobject.cpp:1943)
10  org.qt-project.QtCore         	0x0000000111583b40 QObject::~QObject() + 1792 (qobject.cpp:1027)
11  libKDevPlatformShell.10.dylib 	0x000000010e048525 KDevelop::LanguageController::~LanguageController() + 53 (languagecontroller.cpp:154)
12  libKDevPlatformShell.10.dylib 	0x000000010e0144e4 KDevelop::CorePrivate::~CorePrivate() + 116 (qsharedpointer_impl.h:588)
13  libKDevPlatformShell.10.dylib 	0x000000010e015444 KDevelop::Core::~Core() + 116 (core.cpp:384)
14  libKDevPlatformShell.10.dylib 	0x000000010e01548e KDevelop::Core::~Core() + 14 (core.cpp:380)
15  org.qt-project.QtCore         	0x0000000111584748 QObject::event(QEvent*) + 776 (qobject.cpp:4455)
16  org.qt-project.QtWidgets      	0x000000011029d53b QApplicationPrivate::notify_helper(QObject*, QEvent*) + 251 (qapplication.cpp:3716)
17  org.qt-project.QtWidgets      	0x00000001102a08f4 QApplication::notify(QObject*, QEvent*) + 8212 (qapplication.cpp:3681)
18  org.qt-project.QtCore         	0x000000011155c0db QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) + 971 (qthread_p.h:291)
19  org.qt-project.QtCore         	0x000000011155ba2c QCoreApplication::exec() + 412 (qcoreapplication.cpp:1240)
20  kdevelop.bin                  	0x000000010dfbe2ad main + 50973 (main.cpp:685)
21  libdyld.dylib                 	0x00007fff8e8b05fd start + 1

and then, running under lldb:

kdevelop.bin(98689,0x7fff78f0f310) malloc: *** error for object 0x127b6a2f0: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
Process 98689 stopped
* thread #1: tid = 0x1a94919, 0x00007fff91dbc866 libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
* thread #1: tid = 0x1a94919, 0x00007fff91dbc866 libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x00007fff91dbc866 libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff8ee4035c libsystem_pthread.dylib`pthread_kill + 92
    frame #2: 0x00007fff89e5cb1a libsystem_c.dylib`abort + 125
    frame #3: 0x00007fff9434207f libsystem_malloc.dylib`free + 411
    frame #4: 0x0000000104df038a libKF5ThreadWeaver.5.dylib`ThreadWeaver::Private::Job_Private::~Job_Private(this=0x0000000127b6a2f0) + 74 at job_p.cpp:44
    frame #5: 0x0000000104def929 libKF5ThreadWeaver.5.dylib`ThreadWeaver::Job::~Job() [inlined] ThreadWeaver::Job::~Job(this=<unavailable>) + 105 at job.cpp:72
    frame #6: 0x0000000104def8ca libKF5ThreadWeaver.5.dylib`ThreadWeaver::Job::~Job() [inlined] ThreadWeaver::Job::~Job(this=<unavailable>) at job.cpp:68
    frame #7: 0x0000000104def8ca libKF5ThreadWeaver.5.dylib`ThreadWeaver::Job::~Job(this=0x000000010b7a51d0) + 10 at job.cpp:68
    frame #8: 0x0000000104df06a9 libKF5ThreadWeaver.5.dylib`ThreadWeaver::IdDecorator::~IdDecorator() [inlined] ThreadWeaver::IdDecorator::~IdDecorator(this=<unavailable>) + 41 at iddecorator.cpp:56
    frame #9: 0x0000000104df0689 libKF5ThreadWeaver.5.dylib`ThreadWeaver::IdDecorator::~IdDecorator() [inlined] ThreadWeaver::IdDecorator::~IdDecorator(this=<unavailable>) at iddecorator.cpp:52
    frame #10: 0x0000000104df0689 libKF5ThreadWeaver.5.dylib`ThreadWeaver::IdDecorator::~IdDecorator(this=0x000000011ddf2dd0) + 9 at iddecorator.cpp:52
    frame #11: 0x0000000104dee337 libKF5ThreadWeaver.5.dylib`QtMetaTypePrivate::QMetaTypeFunctionHelper<QSharedPointer<ThreadWeaver::JobInterface>, true>::Destruct(void*) [inlined] QtSharedPointer::ExternalRefCountData::destroy(this=<unavailable>) + 39 at qsharedpointer_impl.h:151
    frame #12: 0x0000000104dee32e libKF5ThreadWeaver.5.dylib`QtMetaTypePrivate::QMetaTypeFunctionHelper<QSharedPointer<ThreadWeaver::JobInterface>, true>::Destruct(void*) [inlined] QSharedPointer<ThreadWeaver::JobInterface>::deref(d=0x0000000116f08620) + 20 at qsharedpointer_impl.h:472
    frame #13: 0x0000000104dee31a libKF5ThreadWeaver.5.dylib`QtMetaTypePrivate::QMetaTypeFunctionHelper<QSharedPointer<ThreadWeaver::JobInterface>, true>::Destruct(void*) [inlined] QSharedPointer<ThreadWeaver::JobInterface>::deref() + 6 at qsharedpointer_impl.h:467
    frame #14: 0x0000000104dee314 libKF5ThreadWeaver.5.dylib`QtMetaTypePrivate::QMetaTypeFunctionHelper<QSharedPointer<ThreadWeaver::JobInterface>, true>::Destruct(void*) [inlined] QSharedPointer<ThreadWeaver::JobInterface>::~QSharedPointer() at qsharedpointer_impl.h:306
    frame #15: 0x0000000104dee314 libKF5ThreadWeaver.5.dylib`QtMetaTypePrivate::QMetaTypeFunctionHelper<QSharedPointer<ThreadWeaver::JobInterface>, true>::Destruct(void*) [inlined] QSharedPointer<ThreadWeaver::JobInterface>::~QSharedPointer() at qsharedpointer_impl.h:306
    frame #16: 0x0000000104dee314 libKF5ThreadWeaver.5.dylib`QtMetaTypePrivate::QMetaTypeFunctionHelper<QSharedPointer<ThreadWeaver::JobInterface>, true>::Destruct(t=<unavailable>) + 4 at qmetatype.h:749
    frame #17: 0x00000001035528bf QtCore`QMetaType::destroy(type=<unavailable>, data=0x0000000126af4330) + 127 at qmetatype.h:2146
    frame #18: 0x0000000103567c89 QtCore`QMetaCallEvent::~QMetaCallEvent(this=0x0000000126a9b780) + 73 at qobject.cpp:465
    frame #19: 0x0000000103567d2e QtCore`QMetaCallEvent::~QMetaCallEvent() [inlined] QMetaCallEvent::~QMetaCallEvent(this=0x0000000126a9b780) + 14 at qobject.cpp:461
    frame #20: 0x0000000103567d29 QtCore`QMetaCallEvent::~QMetaCallEvent(this=0x0000000126a9b780) + 9 at qobject.cpp:461
    frame #21: 0x0000000103541a36 QtCore`QCoreApplication::removePostedEvents(receiver=<unavailable>, eventType=<unavailable>) + 1622 at qcoreapplication.cpp:1675
    frame #22: 0x0000000103566fd4 QtCore`QObjectPrivate::~QObjectPrivate(this=0x000000011a485280) + 228 at qobject.cpp:235
    frame #23: 0x00000001035670fe QtCore`QObjectPrivate::~QObjectPrivate() [inlined] QObjectPrivate::~QObjectPrivate(this=0x000000011a485280) + 14 at qobject.cpp:219
    frame #24: 0x00000001035670f9 QtCore`QObjectPrivate::~QObjectPrivate(this=0x000000011a485280) + 9 at qobject.cpp:219
    frame #25: 0x0000000103568b71 QtCore`QObject::~QObject() [inlined] QScopedPointerDeleter<QObjectData>::cleanup(pointer=<unavailable>) + 1841 at qscopedpointer.h:54
    frame #26: 0x0000000103568b66 QtCore`QObject::~QObject() [inlined] QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() + 4 at qscopedpointer.h:101
    frame #27: 0x0000000103568b62 QtCore`QObject::~QObject() [inlined] QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() at qscopedpointer.h:99
    frame #28: 0x0000000103568b62 QtCore`QObject::~QObject(this=<unavailable>) + 1826 at qobject.cpp:1032
    frame #29: 0x0000000103c32ad2 libKDevPlatformLanguage.10.dylib`KDevelop::BackgroundParser::~BackgroundParser() [inlined] KDevelop::BackgroundParser::~BackgroundParser(this=0x000000011a489880) + 82 at backgroundparser.cpp:491
    frame #30: 0x0000000103c32a8d libKDevPlatformLanguage.10.dylib`KDevelop::BackgroundParser::~BackgroundParser() [inlined] KDevelop::BackgroundParser::~BackgroundParser(this=0x000000011a489880) at backgroundparser.cpp:489
    frame #31: 0x0000000103c32a8d libKDevPlatformLanguage.10.dylib`KDevelop::BackgroundParser::~BackgroundParser(this=0x000000011a489880) + 13 at backgroundparser.cpp:489
    frame #32: 0x0000000103568d75 QtCore`QObjectPrivate::deleteChildren(this=0x000000011a483380) + 245 at qobject.cpp:1946
    frame #33: 0x0000000103568b40 QtCore`QObject::~QObject(this=0x000000011a4851a0) + 1792 at qobject.cpp:1024
    frame #34: 0x000000010009f525 libKDevPlatformShell.10.dylib`KDevelop::LanguageController::~LanguageController() [inlined] KDevelop::ILanguageController::~ILanguageController() + 53 at ilanguagecontroller.h:40
    frame #35: 0x000000010009f51d libKDevPlatformShell.10.dylib`KDevelop::LanguageController::~LanguageController() [inlined] KDevelop::LanguageController::~LanguageController(this=0x000000011a4851a0) + 35 at languagecontroller.cpp:156
    frame #36: 0x000000010009f4fa libKDevPlatformShell.10.dylib`KDevelop::LanguageController::~LanguageController() [inlined] KDevelop::LanguageController::~LanguageController(this=0x000000011a4851a0) at languagecontroller.cpp:154
    frame #37: 0x000000010009f4fa libKDevPlatformShell.10.dylib`KDevelop::LanguageController::~LanguageController(this=0x000000011a4851a0) + 10 at languagecontroller.cpp:154
    frame #38: 0x000000010006b4e4 libKDevPlatformShell.10.dylib`KDevelop::CorePrivate::~CorePrivate(this=0x00000001176f7cf0) + 116 at core.cpp:310
    frame #39: 0x000000010006c444 libKDevPlatformShell.10.dylib`KDevelop::Core::~Core() [inlined] KDevelop::CorePrivate::~CorePrivate(this=0x00000001176f7cf0) + 116 at core.cpp:307
    frame #40: 0x000000010006c43c libKDevPlatformShell.10.dylib`KDevelop::Core::~Core(this=0x0000000112a13e80) + 108 at core.cpp:384
    frame #41: 0x000000010006c48e libKDevPlatformShell.10.dylib`KDevelop::Core::~Core() [inlined] KDevelop::Core::~Core(this=0x0000000112a13e80) + 14 at core.cpp:380
    frame #42: 0x000000010006c489 libKDevPlatformShell.10.dylib`KDevelop::Core::~Core(this=0x0000000112a13e80) + 9 at core.cpp:380
    frame #43: 0x0000000103569748 QtCore`QObject::event(QEvent*) [inlined] qDeleteInEventHandler(o=0x0000000112a13e80) + 14 at qobject.cpp:4455
    frame #44: 0x000000010356973a QtCore`QObject::event(this=0x0000000112a13e80, e=<unavailable>) + 762 at qobject.cpp:1230
    frame #45: 0x000000010228b53b QtWidgets`QApplicationPrivate::notify_helper(this=<unavailable>, receiver=0x0000000112a13e80, e=0x000000011e0009c0) + 251 at qapplication.cpp:3716
    frame #46: 0x000000010228e8f4 QtWidgets`QApplication::notify(this=<unavailable>, receiver=<unavailable>, e=<unavailable>) + 8212 at qapplication.cpp:3681
    frame #47: 0x00000001035410db QtCore`QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) [inlined] QCoreApplication::notifyInternal(this=<unavailable>, receiver=<unavailable>, event=<unavailable>) + 95 at qcoreapplication.cpp:970
    frame #48: 0x000000010354107c QtCore`QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) [inlined] QCoreApplication::sendEvent(receiver=<unavailable>, event=0x000000011e0009c0) + 28 at qcoreapplication.h:224
    frame #49: 0x0000000103541060 QtCore`QCoreApplicationPrivate::sendPostedEvents(receiver=0x0000000000000000, event_type=0, data=0x000000010d000ac0) + 848 at qcoreapplication.cpp:1598
    frame #50: 0x0000000103540a2c QtCore`QCoreApplication::exec() + 412 at qcoreapplication.cpp:1240
    frame #51: 0x00000001000192ad kdevelop.bin`main(argc=2, argv=<unavailable>) + 50973 at main.cpp:685
    frame #52: 0x00007fff8e8b05fd libdyld.dylib`start + 1

(lldb) f 4
frame #4: 0x0000000104df038a libKF5ThreadWeaver.5.dylib`ThreadWeaver::Private::Job_Private::~Job_Private(this=0x0000000127b6a2f0) + 74 at job_p.cpp:44
   41   }
   42   
   43   ThreadWeaver::Private::Job_Private::~Job_Private()
-> 44   {}
   45   
   46   void ThreadWeaver::Private::Job_Private::freeQueuePolicyResources(JobPointer job)
   47   {
(lldb) up
frame #5: 0x0000000104def929 libKF5ThreadWeaver.5.dylib`ThreadWeaver::Job::~Job() [inlined] ThreadWeaver::Job::~Job(this=<unavailable>) + 105 at job.cpp:72
   69       for (int index = 0; index < d()->queuePolicies.size(); ++index) {
   70           d()->queuePolicies.at(index)->destructed(this);
   71       }
-> 72       delete d_;
   73   }
   74   

Shouldn't d() and d_ be the same ?

Comment 4 RJVB 2016-01-07 13:41:55 UTC

I wonder if it isn't a double free, simply.

The Job::Job copy ctor makes a copy of the dptr without marking it as a copy; from job.cpp:

Job::Job(Private::Job_Private *d__)
    : d_(d__)
{ /* d_ is not marked a copy of somebody else's d__ */ }

Printing out the d_ addresses in Job::~Job() :

Job::~Job(): d=0x124be9cf0 NqueuePolicies=0
        deleting 0x124be9cf0
Job::~Job(): d=0x124be66b0 NqueuePolicies=0
        deleting 0x124be66b0
Job::~Job(): d=0x124be9cf0 NqueuePolicies=0
        deleting 0x124be9cf0
Job::~Job(): d=0x124be66b0 NqueuePolicies=0
        deleting 0x124be66b0

I added a very naive little "is not delete" boolean to ThreadWeaver::Private::Job_Private so that Job::~Job can check if d_ has not yet been deleted (i.e. d_->is_valid == false), and then I saw this:

Job::~Job(): d=0x128acd470 NqueuePolicies=0
                skipping alread deleted 0x128acd470
kdevelop.bin(2490,0x7fff78f0f310) malloc: *** error for object 0x112a4ae00: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug

and this time I could confirm that the object in question (0x112a4ae00) is the Job instance being deleted, i.e. *d1 from ThreadWeaver::IdDecorator :

(lldb) f 6
frame #6: 0x0000000104df0429 libKF5ThreadWeaver.5.dylib`ThreadWeaver::IdDecorator::~IdDecorator(this=0x00000001175e9120) + 9 at iddecorator.cpp:52
   49   }
   50   
   51   IdDecorator::~IdDecorator()
-> 52   {
   53       // Do not assert here. IdDecorator can decorate a null pointer. Only assert if a method is called on a decorared
   54       // null  pointer.
   55       if (autoDelete()) {
(lldb) l
   56           delete job();
   57       }
   58   }
   59   
   60   QMutex *IdDecorator::mutex() const
   61   {
   62       Q_ASSERT(d1);
(lldb) p d1
(ThreadWeaver::IdDecorator::Private1 *const) $1 = 0x0000000112a4ae00

I think this is about where I'm handing this off to the code's author. Or authors, supposing the unorthodox Job copy being deleted is created upstream from ThreadWeaver ;)

Comment 5 Milian Wolff 2016-01-07 13:48:55 UTC

please use valgrind to find out whats going on instead of guessing.

Comment 6 RJVB 2016-01-07 15:38:19 UTC

Here's a variant on Linux, using the same source project (kdevelop itself, a git clone from a few days ago):

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff97fff700 (LWP 8081)]
lock (timeout=-1, this=0x20)
    at /home/bertin/work/src/Scratch/Qt/qt-everywhere-opensource-src-5.5.1/qtbase/src/corelib/thread/qmutex.cpp:634
634         if (owner.load() == self) {
(gdb) bt
#0  lock (timeout=-1, this=0x20)
    at /home/bertin/work/src/Scratch/Qt/qt-everywhere-opensource-src-5.5.1/qtbase/src/corelib/thread/qmutex.cpp:634
#1  QMutex::lock (this=<optimized out>)
    at /home/bertin/work/src/Scratch/Qt/qt-everywhere-opensource-src-5.5.1/qtbase/src/corelib/thread/qmutex.cpp:215
#2  0x00007ffff4dfad43 in QMutexLocker (m=<optimized out>, this=<synthetic pointer>)
    at /home/bertin/work/src/Scratch/Qt/qt-everywhere-opensource-src-5.5.1/qtbase/src/corelib/thread/qmutex.h:128
#3  QReadWriteLock::unlock (this=this@entry=0x1705740)
    at /home/bertin/work/src/Scratch/Qt/qt-everywhere-opensource-src-5.5.1/qtbase/src/corelib/thread/qreadwritelock.cpp:408
#4  0x00007fffc8abcbe9 in unlock (this=<synthetic pointer>) at /opt/local/include/qt5/QtCore/qreadwritelock.h:89
#5  ~QReadLocker (this=<synthetic pointer>, __in_chrg=<optimized out>)
    at /opt/local/include/qt5/QtCore/qreadwritelock.h:82
#6  QmlJsParseJob::run (this=0xcd05a0, pointer=..., thread=<optimized out>)
    at /opt/local/var/macports/build/_opt_local_site-ports_kf5_kdevelop5/kf5-kdevelop-devel/work/kf5-kdevelop-5/languages/qmljs/qmljsparsejob.cpp:138
#7  0x00007fffea2d5648 in ThreadWeaver::IdDecorator::run(QSharedPointer<ThreadWeaver::JobInterface>, ThreadWeaver::Thread*) (this=<optimized out>, self=..., thread=0x7fffc4092470)
    at /opt/local/var/macports/build/_opt_local_site-ports_kf5_Frameworks/kf5-threadweaver/work/threadweaver-5.17.0/src/iddecorator.cpp:69
#8  0x00007fffea2d509f in ThreadWeaver::Executor::run(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (this=<optimized out>, job=..., thread=<optimized out>)
    at /opt/local/var/macports/build/_opt_local_site-ports_kf5_Frameworks/kf5-threadweaver/work/threadweaver-5.17.0/src/executor.cpp:52
#9  0x00007fffea2cdad0 in ThreadWeaver::Job::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (this=<optimized out>, self=..., th=0x7fffc4092470)
    at /opt/local/var/macports/build/_opt_local_site-ports_kf5_Frameworks/kf5-threadweaver/work/threadweaver-5.17.0/src/job.cpp:83
#10 0x00007fffea2cdd12 in ThreadWeaver::Thread::run() (this=0x7fffc4092470)
    at /opt/local/var/macports/build/_opt_local_site-ports_kf5_Frameworks/kf5-threadweaver/work/threadweaver-5.17.0/src/thread.cpp:114
#11 0x00007ffff4e012cf in QThreadPrivate::start (arg=0x7fffc4092470)
    at /home/bertin/work/src/Scratch/Qt/qt-everywhere-opensource-src-5.5.1/qtbase/src/corelib/thread/qthread_unix.cpp:331
#12 0x00007fffedb29182 in start_thread (arg=0x7fff97fff700) at pthread_create.c:312
#13 0x00007ffff476e47d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Interestingly the parser continued to run without error after I removed the official Ubuntu clang-3.6.0 against which I had built (buggy LLVM that crashes during an internal operation). Cutting the clang parser out of the equation like this ought to reduce the memory load, which should make valgrinding a bit more feasible. On Linux.

Comment 7 RJVB 2016-01-07 16:03:01 UTC

Created attachment 96506 [details]
valgrind -v --track-origins=yes --error-limit=no /opt/local/bin/kdevelop5

Comment 8 RJVB 2016-01-08 13:35:30 UTC

Created attachment 96525 [details]
valgrind --track-origins=yes -v --error-limit=no kdevelop5 (against llvm 3.7)

Comment 9 Milian Wolff 2016-01-08 16:56:13 UTC

please rerun without -v but with --smc-check=all-non-file

Comment 10 RJVB 2016-01-08 20:14:02 UTC

I've got the log, but a priori it just shows a crash while dlopen'ing kdevclangsupport without any further explanation as to what the gdb backtrace above already shows.

I rebuilt kdevclangsupport against the clang 3.5.1 version I grabbed from Debian/Exp. a year ago and built via a PPA of my own. And that one seems to work, contrary to Ubuntu's current 3.6.0 release and both the 3.6.2 and the 3.7.1 builds from the LLVM apt servers. Those last 2 fail in the same way, which leads me to think it must be some incompatibility in the way they build their stuff and I built KF5/KDevelop.
This particular issue is too resource demanding to continue to look into it. I'll see if I can reproduce the crash-on-exit issue, now that I managed to work around the crash-on-startup :)

Comment 11 Kevin Funk 2016-01-08 20:37:07 UTC

For the record: Distro-provided Clang/LLVM works fine for me on Ubuntu Wily. I'm sure I tried both the 3.6 and 3.7 versions at some point, without problems.

Comment 12 RJVB 2016-01-08 21:51:39 UTC

(In reply to Kevin Funk from comment #11)
> For the record: Distro-provided Clang/LLVM works fine for me on Ubuntu Wily.

The crash I saw with Ubuntu's Clang 3.6 was different from the one I saw with the LLVM-provided builds. Ubuntu only provide an early 3.6.0 for "Trusty", it's not at all impossible there's a real bug in there.

Here's a wild thought: when I tried to rebuild that year old 3.5.1 LLVM toolchain earlier today using gcc-5.3 instead of gcc-4.8 I ran into a build failure. Gcc 5 didn't accept access to a private member of a template class in one of LLVM's headers (in one of the class ctors...), code that is accepted without issues by gcc-4.8 . Not that it seems likely, but suppose that is caused by a difference in default C++ flavour in gcc-5, couldn't that also lead to subtle incompatibilities between libraries built with an older g++ and a host application built with g++5?

Comment 13 RJVB 2016-01-14 16:53:19 UTC

Created attachment 96640 [details]
[OS X] valgrind --track-origins=yes --smc-check=all-non-file --error-limit=no kdevelop5

Comment 14 RJVB 2016-01-14 16:55:44 UTC

Created attachment 96641 [details]
[OS X] valgrind --track-origins=yes --smc-check=all-non-file --error-limit=no kdevelop5