Add protection against "wrong" marking in debug builds

To protect against situations where we accidentally mark an object that belongs
to a different engine - there are many possible entry points - this patch adds
an assertion in debug builds for this situation. When it happens, it will point
more or less directly to the code that tries to push an object to the wrong JS
stack for marking. This helped in the investigation of QTBUG-44895

Change-Id: I311b9ff6d282d52e725044b03a62cd77085536be
Reviewed-by: Lars Knoll <lars.knoll@digia.com>

2 files changed, 16 insertions, 0 deletions

diff --git a/src/qml/jsruntime/qv4engine.cpp b/src/qml/jsruntime/qv4engine.cpp
index a247f85761..92993259ec 100644
--- a/src/qml/jsruntime/qv4engine.cpp
+++ b/src/qml/jsruntime/qv4engine.cpp
@@ -1623,6 +1623,15 @@ QV4::ReturnedValue ExecutionEngine::metaTypeToJS(int type, const void *data)
     return 0;
 }
 
+#ifndef QT_NO_DEBUG
+void ExecutionEngine::assertObjectBelongsToEngine(const Value &v)
+{
+    if (!v.isObject())
+        return;
+    Q_ASSERT(v.objectValue()->engine() == this);
+}
+#endif
+
 // Converts a JS value to a meta-type.
 // data must point to a place that can store a value of the given type.
 // Returns true if conversion succeeded, false otherwise.
diff --git a/src/qml/jsruntime/qv4engine_p.h b/src/qml/jsruntime/qv4engine_p.h
index f01579be71..277cbdf1f5 100644
--- a/src/qml/jsruntime/qv4engine_p.h
+++ b/src/qml/jsruntime/qv4engine_p.h
@@ -340,6 +340,10 @@ public:
     bool metaTypeFromJS(const Value &value, int type, void *data);
     QV4::ReturnedValue metaTypeToJS(int type, const void *data);
 
+#ifndef QT_NO_DEBUG
+    void assertObjectBelongsToEngine(const Value &v);
+#endif
+
 private:
     QmlExtensions *m_qmlExtensions;
 };
@@ -381,6 +385,9 @@ void Managed::mark(QV4::ExecutionEngine *engine)
     Q_ASSERT(inUse());
     if (markBit())
         return;
+#ifndef QT_NO_DEBUG
+    engine->assertObjectBelongsToEngine(*this);
+#endif
     d()->setMarkBit();
     engine->pushForGC(d());
 }