Bug 204035 - Crash when trying to create a function of the type Vector<package.class>. (JavaClassifierCodeDocument::addCodeOperation)
Summary: Crash when trying to create a function of the type Vector<package.class>. (Ja...
Status: RESOLVED FIXED
Alias: None
Product: umbrello
Classification: Applications
Component: general (show other bugs)
Version: 2.6.5
Platform: Ubuntu Linux
: NOR crash
Target Milestone: ---
Assignee: Umbrello Development Group
URL:
Keywords:
: 256668 281612 281901 307949 311149 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-08-16 12:27 UTC by jan0sch
Modified: 2014-12-11 21:56 UTC (History)
8 users (show)

See Also:
Latest Commit:
Version Fixed In: 2.15.0 (KDE 14.12.0)


Attachments
test case (27.35 KB, application/x-uml)
2014-11-28 19:44 UTC, Ralf Habacker
Details
full backtrace for comment 11 (37.71 KB, text/plain)
2014-11-28 20:25 UTC, Ralf Habacker
Details
Dirty hack to avoid crash using new code generator (3.78 KB, patch)
2014-12-01 05:16 UTC, Ralf Habacker
Details

Note You need to log in before you can comment on or make changes to this bug.
Description jan0sch 2009-08-16 12:27:57 UTC
Application that crashed: umbrello
Version of the application: 2.3.0
KDE Version: 4.3.00 (KDE 4.3.0)
Qt Version: 4.5.2
Operating System: Linux 2.6.28-14-generic x86_64
Distribution: Ubuntu 9.04

What I was doing when the application crashed:
I created a class diagram with several classes within one package. For some functions that return vectors of specific types I created several data types ("Vector", "Vector<String>", "Vector<package.foo>", "Vector<package.bar>").

The creation of some function of the type Vector<String> and Vector<package.foo> was no problem but now I am stuck with the situation that the applications crashes whenever I try to define a new function of the type Vector<package.bar>.
It sometimes crashes also when I try to create an attribute of this type but it crashes always when trying to create a function.

I could send you my uml file if you can't reproduce the bug.


 -- Backtrace:
Application: Umbrello UML-Modeller (umbrello), signal: Segmentation fault
[KCrash Handler]
#5  JavaClassifierCodeDocument::addCodeOperation (this=0x28cb330, op=0x285fe28) at /build/buildd/kdesdk-4.3.0/umbrello/umbrello/codegenerators/java/javaclassifiercodedocument.cpp:124
#6  0x0000000000bc0759 in ClassifierCodeDocument::addOperation (this=0x28cb330, o=<value optimized out>) at /build/buildd/kdesdk-4.3.0/umbrello/umbrello/classifiercodedocument.cpp:308
#7  0x0000000000bc0e37 in ClassifierCodeDocument::qt_metacall (this=0x28cb330, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7ffff8573be0)
    at /build/buildd/kdesdk-4.3.0/obj-x86_64-linux-gnu/umbrello/umbrello/classifiercodedocument.moc:90
#8  0x00007f0eecffaea2 in QMetaObject::activate (sender=0x2835f20, from_signal_index=<value optimized out>, to_signal_index=8, argv=0x2815f50) at kernel/qobject.cpp:3113
#9  0x0000000000bb286d in UMLClassifier::operationAdded (this=0x0, _t1=0x287ba40) at /build/buildd/kdesdk-4.3.0/obj-x86_64-linux-gnu/umbrello/umbrello/classifier.moc:93
#10 0x0000000000bb9c64 in UMLClassifier::addOperation (this=0x2835f20, op=0x287ba40, position=-1) at /build/buildd/kdesdk-4.3.0/umbrello/umbrello/classifier.cpp:320
#11 0x0000000000bba3ab in UMLClassifier::createOperation (this=0x2835f20, name=@0x7ffff8573df0, isExistingOp=<value optimized out>, params=0x7ffff8573e10)
    at /build/buildd/kdesdk-4.3.0/umbrello/umbrello/classifier.cpp:277
#12 0x0000000000bfad10 in Object_Factory::createChildObject (parent=0x0, type=<value optimized out>) at /build/buildd/kdesdk-4.3.0/umbrello/umbrello/object_factory.cpp:259
#13 0x0000000000b6f7a2 in ClassifierWidget::slotMenuSelection (this=0x285dd90, action=0x2879160) at /build/buildd/kdesdk-4.3.0/umbrello/umbrello/widgets/classifierwidget.cpp:429
#14 0x0000000000b9d985 in UMLWidget::qt_metacall (this=0x285dd90, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7ffff85741b0)
    at /build/buildd/kdesdk-4.3.0/obj-x86_64-linux-gnu/umbrello/umbrello/umlwidget.moc:87
#15 0x00007f0eecffaea2 in QMetaObject::activate (sender=0x23db080, from_signal_index=<value optimized out>, to_signal_index=29, argv=0x2815f50) at kernel/qobject.cpp:3113
#16 0x00007f0eedf65072 in QMenu::triggered (this=0x0, _t1=0x2879160) at .moc/release-shared/moc_qmenu.cpp:158
#17 0x00007f0eedf6648a in QMenuPrivate::activateCausedStack (this=0x27e0880, causedStack=@0x7ffff85742a0, action=0x2879160, action_e=QAction::Trigger, self=<value optimized out>)
    at widgets/qmenu.cpp:977
#18 0x00007f0eedf6c53e in QMenuPrivate::activateAction (this=0x27e0880, action=0x2879160, action_e=QAction::Trigger, self=true) at widgets/qmenu.cpp:1060
#19 0x00007f0eef03bdc1 in KMenu::mouseReleaseEvent (this=0x244f730, e=0x7ffff8574c40) at /build/buildd/kde4libs-4.3.0/kdeui/widgets/kmenu.cpp:456
#20 0x00007f0eedbb50bf in QWidget::event (this=0x244f730, event=0x7ffff8574c40) at kernel/qwidget.cpp:7549
#21 0x00007f0eedf6ed8b in QMenu::event (this=0x244f730, e=0x7ffff8574c40) at widgets/qmenu.cpp:2353
#22 0x00007f0eedb63f4d in QApplicationPrivate::notify_helper (this=0x20f25d0, receiver=0x244f730, e=0x7ffff8574c40) at kernel/qapplication.cpp:4056
#23 0x00007f0eedb6c8ea in QApplication::notify (this=<value optimized out>, receiver=0x244f730, e=0x7ffff8574c40) at kernel/qapplication.cpp:3758
#24 0x00007f0eeef6871b in KApplication::notify (this=0x7ffff8576ba0, receiver=0x244f730, event=0x7ffff8574c40) at /build/buildd/kde4libs-4.3.0/kdeui/kernel/kapplication.cpp:302
#25 0x00007f0eecfe56ac in QCoreApplication::notifyInternal (this=0x7ffff8576ba0, receiver=0x244f730, event=0x7ffff8574c40) at kernel/qcoreapplication.cpp:610
#26 0x00007f0eedb6bb38 in QApplicationPrivate::sendMouseEvent (receiver=0x244f730, event=0x7ffff8574c40, alienWidget=0x0, nativeWidget=0x244f730, buttonDown=<value optimized out>, 
    lastMouseReceiver=@0x7f0eee59b010) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:216
#27 0x00007f0eedbd5cd4 in QETWidget::translateMouseEvent (this=0x244f730, event=<value optimized out>) at kernel/qapplication_x11.cpp:4343
#28 0x00007f0eedbd4b53 in QApplication::x11ProcessEvent (this=0x7ffff8576ba0, event=0x7ffff85767c0) at kernel/qapplication_x11.cpp:3550
#29 0x00007f0eedbfd454 in x11EventSourceDispatch (s=0x20f62c0, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#30 0x00007f0ee858f20a in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#31 0x00007f0ee85928e0 in ?? () from /usr/lib/libglib-2.0.so.0
#32 0x00007f0ee8592a7c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#33 0x00007f0eed00ea8f in QEventDispatcherGlib::processEvents (this=0x20ccf00, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:327
#34 0x00007f0eedbfcbdf in QGuiEventDispatcherGlib::processEvents (this=0x0, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#35 0x00007f0eecfe3f42 in QEventLoop::processEvents (this=<value optimized out>, flags={i = -128488784}) at kernel/qeventloop.cpp:149
#36 0x00007f0eecfe4314 in QEventLoop::exec (this=0x7ffff8576af0, flags={i = -128488704}) at kernel/qeventloop.cpp:201
#37 0x00007f0eecfe65e4 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#38 0x0000000000bf0c65 in main (argc=1, argv=0x7ffff8577028) at /build/buildd/kdesdk-4.3.0/umbrello/umbrello/main.cpp:111

Reported using DrKonqi
Comment 1 jan0sch 2009-08-17 10:44:23 UTC
I just could manage to make it work.

The crash occured whenever I tried to add the mentioned function to an interface from which existed an abstract class. I could add the function to the abstract class without problems and _afterwards_ I could add it to the interface.

It seems to work for now. Although I guess this behaviour is not intended?!?
Comment 2 Dario Andres 2010-11-18 01:04:30 UTC
[Comment from a bug triager]
New information from bug 256668:
-- Information about the crash:
When the crash occured i just imported a full project for UML modelling. But my
interface didn't have the method defined in the java class.
So I tried to add it manually. This method must return a Map<String, String>.
When i validated the add action it crashed
Comment 3 Dario Andres 2010-11-18 01:04:36 UTC
*** Bug 256668 has been marked as a duplicate of this bug. ***
Comment 4 Jekyll Wu 2012-07-05 23:33:13 UTC
*** Bug 281901 has been marked as a duplicate of this bug. ***
Comment 5 Jekyll Wu 2012-07-05 23:33:20 UTC
*** Bug 281612 has been marked as a duplicate of this bug. ***
Comment 6 Jekyll Wu 2012-10-06 01:25:55 UTC
*** Bug 307949 has been marked as a duplicate of this bug. ***
Comment 7 notreal 2012-10-06 23:07:00 UTC
Dear Sir,
I would not mark my bug as duplicate of 
204035
for the following reason.
The 204035 complains about a fancy complicated return type (Vector).

In my case, I had a simple method in fact returning void that I was trying copy and paste.

Therefore I would leave my bug in and I would let the developers to solve the simple case 

(return void) before they go and chase Vectors.

On the other hand, it may be that in 204035 the Vector part is irrelevant and again
the problem of copy and paste method occurs and is independent of return type.
It may be just copy and paste method does not work for any simple method.
In my case the method signature and type is:
void print().

This is my view.
--regards



________________________________
 From: Jekyll Wu <adaptee@gmail.com>
To: jtaller2006@yahoo.com 
Sent: Friday, October 5, 2012 6:25 PM
Subject: [Bug 204035] Crash when trying to create a function of the type Vector<package.class>. (JavaClassifierCodeDocument::addCodeOperation)
 
https://bugs.kde.org/show_bug.cgi?id=204035

Jekyll Wu <adaptee@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jtaller2006@yahoo.com

--- Comment #6 from Jekyll Wu <adaptee@gmail.com> ---
*** Bug 307949 has been marked as a duplicate of this bug. ***
Comment 8 Jekyll Wu 2012-12-04 19:09:04 UTC
*** Bug 311149 has been marked as a duplicate of this bug. ***
Comment 9 Ralf Habacker 2014-04-15 07:14:19 UTC
The function mentioned in the last stack frame is shown below: 

bool JavaClassifierCodeDocument::addCodeOperation (CodeOperation * op)
{
    if(!op->getParentOperation()->isLifeOperation())
        return operationsBlock->addTextBlock(op);
    else
        return constructorBlock->addTextBlock(op);
}

There may be three places where a crash can happen:
1. op->getParentOperation() == 0
2. operationsBlock == 0
3. constructorBlock == 0
Comment 10 Ralf Habacker 2014-11-28 19:44:49 UTC
Created attachment 89758 [details]
test case

Adding a method to the interface of the appended test case let umbrello also  crash with 14.12 branch.
Comment 11 Ralf Habacker 2014-11-28 20:24:42 UTC
(In reply to Ralf Habacker from comment #9)
> The function mentioned in the last stack frame is shown below: 
> 
> bool JavaClassifierCodeDocument::addCodeOperation (CodeOperation * op)
> {
>     if(!op->getParentOperation()->isLifeOperation())
>         return operationsBlock->addTextBlock(op);
>     else
>         return constructorBlock->addTextBlock(op);
> }
> 
> There may be three places where a crash can happen:
> 1. op->getParentOperation() == 0
> 2. operationsBlock == 0
> 3. constructorBlock == 0

With selected umbrello setting "Use new C++/Java/Ruby generators"  the above mentioned crash happens because of case 2. and 3. 

With unselected umbrello setting "Use new C++/Java/Ruby generators"  the above mentioned crash happens in  

void JavaClassDeclarationBlock::updateContent ()
{
    JavaClassifierCodeDocument *parentDoc = dynamic_cast<JavaClassifierCodeDocument*>(getParentDocument());
because parentDoc is zero and not guarded later.

    UMLClassifier *c = parentDoc->getParentClassifier();
    CodeGenerationPolicy *commonPolicy = UMLApp::app()->commonPolicy();
    QString endLine = commonPolicy->getNewLineEndingChars();
    bool isInterface = parentDoc->parentIsInterface(); // a little shortcut
    QString JavaClassName = parentDoc->getJavaClassName(c->name());

The top related backtrace part is
#0  0x00007ffff404224a in __dynamic_cast () from /usr/lib64/libstdc++.so.6
#1  0x0000000000524b72 in JavaClassDeclarationBlock::updateContent (this=0x164f690) at /home/ralf/src/umbrello-14.12/umbrello/codegenerators /java/javaclassdeclarationblock.cpp:53
#2  0x00007ffff469db38 in QMetaObject::activate (sender=sender@entry=0x10cab90, m=m@entry=0x6fa720 <UMLObject::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0) at kernel/qobject.cpp:3576
#3  0x0000000000657e6e in UMLObject::modified (this=this@entry=0x10cab90) at /home/ralf/src/umbrello-14.12-build/umbrello/umlobject.moc:145
No locals.
#4  0x0000000000657eaf in UMLObject::emitModified (this=this@entry=0x10cab90) at /home/ralf/src/umbrello-14.12/umbrello/umlobject.cpp:354
        umldoc = <optimized out>
#5  0x00000000005f5907 in UMLClassifier::addOperation (this=this@entry=0x10cab90, op=op@entry=0x1384c00, position=position@entry=-1) at /home/ralf/src/umbrello-14.12/umbrello/classifier.cpp:338
        __PRETTY_FUNCTION__ = "bool UMLClassifier::addOperation(UMLOperation*, int)"
#6  0x00000000005f5dac in UMLClassifier::createOperation (this=this@entry=0x10cab90, name=..., isExistingOp=isExistingOp@entry=0x0, params=params@entry=0x0) at /home/ralf/src/umbrello-14.12/umbrello/classifier.cpp:294
#7  0x000000000061ecfd in Object_Factory::createChildObject (parent=parent@entry=0x10cab90, type=type@entry=UMLObject::ot_Operation, name=...) at /home/ralf/src/umbrello-14.12/umbrello/object_factory.cpp:308
#8  0x00000000005bf0a3 in ClassifierWidget::slotMenuSelection (this=0x10c6ad0, action=<optimized out>) at /home/ralf/src/umbrello-14.12/umbrello/widgets/classifierwidget.cpp:1278
#9  0x00000000005e7be0 in WidgetBase::contextMenuEvent (this=<optimized out>, event=0x7fffffffd1b0) at /home/ralf/src/umbrello-14.12/umbrello/widgets/widgetbase.cpp:746
Comment 12 Ralf Habacker 2014-11-28 20:25:44 UTC
Created attachment 89760 [details]
full backtrace for comment 11
Comment 13 Ralf Habacker 2014-12-01 05:16:44 UTC
Created attachment 89787 [details]
Dirty hack to avoid crash using new code generator
Comment 14 Ralf Habacker 2014-12-02 00:13:45 UTC
Git commit 64b98668dad5e38af44042e8daafd11d1a501c10 by Ralf Habacker.
Committed on 01/12/2014 at 23:26.
Pushed by habacker into branch 'Applications/14.12'.

Fix 'Crash when trying to create a function of the type Vector<package.class>.'

Guard access to member constructorBlock and operationsBlock of
class JavaClassifierCodeDocument because they could be zero.
FIXED-IN:2.15.0 (KDE 14.12.0)

M  +2    -2    umbrello/codegenerators/java/javaclassifiercodedocument.cpp

http://commits.kde.org/umbrello/64b98668dad5e38af44042e8daafd11d1a501c10
Comment 15 Oliver Kellogg 2014-12-03 22:02:05 UTC
(In reply to Ralf Habacker from comment #11)
> [...]
> With unselected umbrello setting "Use new C++/Java/Ruby generators"  the
> above mentioned crash happens in  
> 
> void JavaClassDeclarationBlock::updateContent ()

Yikes, this sounds very wrong!
When using the "old" Java generator (JavaWriter) there should be no JavaClassDeclarationBlock constructed at all. In fact only a JavaWriter object should exist; none of the other classes of umbrello/codegenerators/java/ should exist.
Comment 16 Ralf Habacker 2014-12-04 11:18:23 UTC
(In reply to Oliver Kellogg from comment #15)
> (In reply to Ralf Habacker from comment #11)
> > [...]
> > With unselected umbrello setting "Use new C++/Java/Ruby generators"  the
> > above mentioned crash happens in  
> > 
> > void JavaClassDeclarationBlock::updateContent ()
> 
> Yikes, this sounds very wrong!
> When using the "old" Java generator (JavaWriter) there should be no
> JavaClassDeclarationBlock constructed at all. In fact only a JavaWriter
> object should exist; none of the other classes of
> umbrello/codegenerators/java/ should exist.

Unfortunally I could not reproduce this crash yet, but looking at the code there is at least a resource leak with "use new code generators"  in 

QStringList CodeTextHighlighter::keywords()
{
    Uml::ProgrammingLanguage::Enum pl = UMLApp::app()->activeLanguage();
!!!    CodeGenerator* generator = CodeGenFactory::createObject(pl);
    QStringList keywordList = generator->reservedKeywords();

With java as active language a new ClassifierCodeDocument instance is created, which connects an UMLClassifier instance to ClassifierCodeDocument::syncToParent(). 

classifiercodedocument.cpp:446
      connect(c, SIGNAL(modified()), this, SLOT(syncToParent()));

but the generator is never freed. After changing to "use old code generators" this connection (and others) are still present and may result into unwanted calls. 

BTW: This leak has not been detected by coverige.
Comment 17 Ralf Habacker 2014-12-09 10:02:34 UTC
Git commit 9372a51b496397cbf7ae82d8e6925d72610b18a5 by Ralf Habacker.
Committed on 09/12/2014 at 10:01.
Pushed by habacker into branch 'Applications/14.12'.

Fix resource leak and potiental crash cause.

The local variable 'generator' of CodeTextHighlighter::keywords()
gets a new instance of the class CodeGenerator, but is never
been free'd and there are active signal/slots connections non
deterministic crashes occurs.

M  +1    -0    umbrello/dialogs/codetexthighlighter.cpp

http://commits.kde.org/umbrello/9372a51b496397cbf7ae82d8e6925d72610b18a5
Comment 18 Andi Fischer 2014-12-11 21:56:46 UTC
Git commit 23c4a33effb2fb88a20a09a87b0eb89b1de53b9b by Andi Fischer, on behalf of Ralf Habacker.
Committed on 09/12/2014 at 10:01.
Pushed by fischer into branch 'frameworks'.

Fix resource leak and potiental crash cause.

The local variable 'generator' of CodeTextHighlighter::keywords()
gets a new instance of the class CodeGenerator, but is never
been free'd and there are active signal/slots connections non
deterministic crashes occurs.

M  +1    -0    umbrello/dialogs/codetexthighlighter.cpp

http://commits.kde.org/umbrello/23c4a33effb2fb88a20a09a87b0eb89b1de53b9b