From 6d70418e2ceddc6433223ef17e5cac73a09dbbdf Mon Sep 17 00:00:00 2001
From: Nikolai Kosjar <nikolai.kosjar@digia.com>
Date: Wed, 20 Aug 2014 16:18:02 +0200
Subject: [PATCH] CppTools: Remove concurrent write access to diagnostic
 messages

...in CheckSymbols (highlighting backend). CheckSymbols might run
concurrently several times with the same CPlusPlus::Document and modify
the diagnostic messages in an unsave manner. See stack straces below.

While the generated diagnostic messages ("Only virtual functions can be
marked 'final'", "Too few arguments", ...) are useful, they weren't
propagated to the editor widget since several minor versions.

=================================================================
==23724==ERROR: AddressSanitizer: attempting double-free on 0x60c0072fcd00 in thread T528 (Thread (pooled)):
    #0 0x4787c1 in __interceptor_free (/home/nik/dev/creator/creator-ut_clang-qt5/bin/qtcreator+0x4787c1)
    #1 0x7fa15e5da4ac in QTypedArrayData<unsigned short>::deallocate(QArrayData*) /home/nik/usr/qt-5.3.1/include/QtCore/qarraydata.h:234
    #2 0x7fa15e5d87db in QString::~QString() /home/nik/usr/qt-5.3.1/include/QtCore/qstring.h:995
    #3 0x7fa15e5f4f6a in CPlusPlus::Document::DiagnosticMessage::~DiagnosticMessage() /home/nik/dev/creator/creator-ut/src/libs/cplusplus/CppDocument.h:140
    #4 0x7fa15e5f4de2 in QList<CPlusPlus::Document::DiagnosticMessage>::node_destruct(QList<CPlusPlus::Document::DiagnosticMessage>::Node*, QList<CPlusPlus::Document::DiagnosticMessage>::Node*) /home/nik/usr/qt-5.3.1/include/QtCore/qlist.h:432
    #5 0x7fa15e5f4ae9 in QList<CPlusPlus::Document::DiagnosticMessage>::dealloc(QListData::Data*) /home/nik/usr/qt-5.3.1/include/QtCore/qlist.h:784
    #6 0x7fa15e5f47ed in QList<CPlusPlus::Document::DiagnosticMessage>::~QList() /home/nik/usr/qt-5.3.1/include/QtCore/qlist.h:760
    #7 0x7fa15e7533c2 in QList<CPlusPlus::Document::DiagnosticMessage>::clear() /home/nik/usr/qt-5.3.1/include/QtCore/qlist.h:793
    #8 0x7fa15e6f2ed2 in CPlusPlus::Document::clearDiagnosticMessages() /home/nik/dev/creator/creator-ut/src/libs/cplusplus/CppDocument.h:205
    #9 0x7fa15e6c5f5b in CppTools::CheckSymbols::run() /home/nik/dev/creator/creator-ut/src/plugins/cpptools/cppchecksymbols.cpp:337
    #10 0x7fa15e6c83c2 in non-virtual thunk to CppTools::CheckSymbols::run() /home/nik/dev/creator/creator-ut/src/plugins/cpptools/cppchecksymbols.cpp:348
    #11 0x7fa17f0ccab1 (/home/nik/usr/qt-5.3.1/lib/libQt5Core.so.5+0x98ab1)
    #12 0x7fa17f0cfa5e (/home/nik/usr/qt-5.3.1/lib/libQt5Core.so.5+0x9ba5e)
    #13 0x7fa17eaeb181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)
    #14 0x7fa17dbec38c (/lib/x86_64-linux-gnu/libc.so.6+0xfb38c)

0x60c0072fcd00 is located 0 bytes inside of 128-byte region [0x60c0072fcd00,0x60c0072fcd80)
freed by thread T539 (Thread (pooled)) here:
    #0 0x4787c1 in __interceptor_free (/home/nik/dev/creator/creator-ut_clang-qt5/bin/qtcreator+0x4787c1)
    #1 0x7fa15e5da4ac in QTypedArrayData<unsigned short>::deallocate(QArrayData*) /home/nik/usr/qt-5.3.1/include/QtCore/qarraydata.h:234
    #2 0x7fa15e5d87db in QString::~QString() /home/nik/usr/qt-5.3.1/include/QtCore/qstring.h:995
    #3 0x7fa15e5f4f6a in CPlusPlus::Document::DiagnosticMessage::~DiagnosticMessage() /home/nik/dev/creator/creator-ut/src/libs/cplusplus/CppDocument.h:140
    #4 0x7fa15e5f4de2 in QList<CPlusPlus::Document::DiagnosticMessage>::node_destruct(QList<CPlusPlus::Document::DiagnosticMessage>::Node*, QList<CPlusPlus::Document::DiagnosticMessage>::Node*) /home/nik/usr/qt-5.3.1/include/QtCore/qlist.h:432
    #5 0x7fa15e5f4ae9 in QList<CPlusPlus::Document::DiagnosticMessage>::dealloc(QListData::Data*) /home/nik/usr/qt-5.3.1/include/QtCore/qlist.h:784
    #6 0x7fa15e5f47ed in QList<CPlusPlus::Document::DiagnosticMessage>::~QList() /home/nik/usr/qt-5.3.1/include/QtCore/qlist.h:760
    #7 0x7fa15e7533c2 in QList<CPlusPlus::Document::DiagnosticMessage>::clear() /home/nik/usr/qt-5.3.1/include/QtCore/qlist.h:793
    #8 0x7fa15e6f2ed2 in CPlusPlus::Document::clearDiagnosticMessages() /home/nik/dev/creator/creator-ut/src/libs/cplusplus/CppDocument.h:205
    #9 0x7fa15e6c5f5b in CppTools::CheckSymbols::run() /home/nik/dev/creator/creator-ut/src/plugins/cpptools/cppchecksymbols.cpp:337
    #10 0x7fa15e6c83c2 in non-virtual thunk to CppTools::CheckSymbols::run() /home/nik/dev/creator/creator-ut/src/plugins/cpptools/cppchecksymbols.cpp:348

Change-Id: Ifab2842ea43aeb26099835966b02d8afc4b85df4
Reviewed-by: Erik Verbruggen <erik.verbruggen@digia.com>
---
 src/plugins/cpptools/cppchecksymbols.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/plugins/cpptools/cppchecksymbols.cpp b/src/plugins/cpptools/cppchecksymbols.cpp
index 4f528d47d6f..4cdf02dfbe7 100644
--- a/src/plugins/cpptools/cppchecksymbols.cpp
+++ b/src/plugins/cpptools/cppchecksymbols.cpp
@@ -332,7 +332,9 @@ void CheckSymbols::run()
     _potentialStatics = collectTypes.statics();
 
     Utils::sort(_macroUses, sortByLinePredicate);
-    _doc->clearDiagnosticMessages();
+    // TODO: Handle concurrent (write) access of diagnostic messages and ensure
+    //       propagation to the editor widget
+//    _doc->clearDiagnosticMessages();
 
     if (!isCanceled()) {
         if (_doc->translationUnit()) {
@@ -348,7 +350,9 @@ void CheckSymbols::run()
 bool CheckSymbols::warning(unsigned line, unsigned column, const QString &text, unsigned length)
 {
     Document::DiagnosticMessage m(Document::DiagnosticMessage::Warning, _fileName, line, column, text, length);
-    _doc->addDiagnosticMessage(m);
+    // TODO: Handle concurrent (write) access of diagnostic messages and ensure
+    //       propagation to the editor widget
+//    _doc->addDiagnosticMessage(m);
     return false;
 }