Re: bad c++ (or bug 596)

Subject: Re: bad c++ (or bug 596)
From: sam th (sam@bur-jud-118-039.rh.uchicago.edu)
Date: Wed May 10 2000 - 17:51:06 CDT

• sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Mike Nordell: "Re: bad c++ (or bug 596)"
• Previous message: Justin Bradford: "Re: cut and paste on Linux"
• In reply to: Mike Nordell: "Re: bad c++ (or bug 596)"
• Next in thread: Mike Nordell: "Re: bad c++ (or bug 596)"
• Reply: sam th: "Re: bad c++ (or bug 596)"
• Reply: Mike Nordell: "Re: bad c++ (or bug 596)"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 10 May 2000, Mike Nordell wrote:

> > This is the description of bug 596
> >
> > The following causes a core dump every time:
> [snip]
> > The funtion being called is cmdUnselectSelection, which is a method of
> the
> > classes FV_View and AP_View, where it is non-virtual, and it is a
> > pure virtual function in AV_View. So this error means that we have
> > committed a cardinal sin, and instantiated an abstract class.
>
> I'd like to see _that_ compiler! :-)
> No, it only means we've lost the _real_ class. An ABC can't be
> instantiated as you know.

Well, actually, what appears to happen is that we create a pointer to the
abstract class (legal), do nothing, and then try to call virtual methods
of that class. (illegal)

>
> One of the few ways this can happen is if the concrete class gets sliced
> by copying by value to AV_View. Let's close that possibility by enforcing
> it. To the definition of class AV_View we add:
>
> private:
> AV_View(const AV_View&); // no impl.
> void operator=(AV_View&); // no impl.
>

This makes no difference in the operation of the code. Same error.

> > The code making the bad call is
> >
> > m_pViewSelection->cmdUnselectSelection();
> >
> > And indeed, GDB tells us that m_pViewSelection is of type AV_View.
>
> I suppose GDB gets this by looking at the vtable ptr. Could it be that
> the concrete view have been destructed? In that case the dangling pointer
> would contain the vtable ptr to the topmost baseclass, since it gets set
> in that class' d'tor.

More info:

This is where the real initialization takes place.

src/wp/ap/unix/ap_UnixApp.cpp:470: m_pViewSelection = pView;

Now, this gets called once prior to the crash - when you make the original
selection (makes sense, since it is in setSelectionStatus() ).

The state of m_pViewSelection should only be altered in (potentially) 2
other places, the two places where ->cmdUnselectSelection() is called.
However, these locations are not reached until the actual crash occurs.
So I am at a loss to explain how we mauled this object so badly. If other
people have ideas, I would be glad to hear them.
                                     sam th
                                     sam@uchicago.edu
                                http://sam.rh.uchicago.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5Gefft+kM0Mq9M/wRAkVwAJ9F6BPVs9yIdhFEiSwRj88O2N+Q7wCeLSLb
Ndwfk03Nw/Gj+SwmLbq5btM=
=32Bv
-----END PGP SIGNATURE-----

• Next message: Mike Nordell: "Re: bad c++ (or bug 596)"
• Previous message: Justin Bradford: "Re: cut and paste on Linux"
• In reply to: Mike Nordell: "Re: bad c++ (or bug 596)"
• Next in thread: Mike Nordell: "Re: bad c++ (or bug 596)"
• Reply: sam th: "Re: bad c++ (or bug 596)"
• Reply: Mike Nordell: "Re: bad c++ (or bug 596)"

This archive was generated by hypermail 2b25 : Wed May 10 2000 - 17:51:16 CDT