From ac032fc1524f8e00a26580a68ed1c4dc23077c14 Mon Sep 17 00:00:00 2001
From: Martin Jones <martin.jones@jollamobile.com>
Date: Wed, 16 Jul 2014 13:20:53 +1000
Subject: shift and unshift fail for QQmlSequence types

QQmlSequence is a Custom array type, so must use the generic
shift/unshift implementation.

Task-number: QTBUG-40244
Change-Id: I491d9dc87a3a204daad4cf7460ffac81165056a5
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
---
 src/qml/jsruntime/qv4arrayobject.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/qml')

diff --git a/src/qml/jsruntime/qv4arrayobject.cpp b/src/qml/jsruntime/qv4arrayobject.cpp
index d5b3b8a651..fbd757a829 100644
--- a/src/qml/jsruntime/qv4arrayobject.cpp
+++ b/src/qml/jsruntime/qv4arrayobject.cpp
@@ -371,7 +371,7 @@ ReturnedValue ArrayPrototype::method_shift(CallContext *ctx)
 
     ScopedValue result(scope);
 
-    if (!instance->protoHasArray() && !instance->arrayData->hasAttributes() && instance->arrayData->length() <= len) {
+    if (!instance->protoHasArray() && !instance->arrayData->hasAttributes() && instance->arrayData->length() <= len && instance->arrayData->type != ArrayData::Custom) {
         result = instance->arrayData->vtable()->pop_front(instance.getPointer());
     } else {
         result = instance->getIndexed(0);
@@ -550,7 +550,7 @@ ReturnedValue ArrayPrototype::method_unshift(CallContext *ctx)
 
     uint len = instance->getLength();
 
-    if (!instance->protoHasArray() && !instance->arrayData->hasAttributes() && instance->arrayData->length() <= len) {
+    if (!instance->protoHasArray() && !instance->arrayData->hasAttributes() && instance->arrayData->length() <= len && instance->arrayData->type != ArrayData::Custom) {
         instance->arrayData->vtable()->push_front(instance.getPointer(), ctx->callData->args, ctx->callData->argc);
     } else {
         ScopedValue v(scope);
-- 
cgit v1.2.3


From 619790ba60e223c90a7ff33635ec5ab227584cbf Mon Sep 17 00:00:00 2001
From: Mitch Curtis <mitch.curtis@digia.com>
Date: Thu, 24 Jul 2014 10:13:42 +0200
Subject: QQmlComponent::create(): visual items must have a visual parent.

There seems to be a bit of confusion about this on public forums.

Change-Id: Id193de541e7d7e353dc5d75b64a15f481e2cf8b6
Reviewed-by: Jerome Pasion <jerome.pasion@digia.com>
---
 src/qml/qml/qqmlcomponent.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/qml')

diff --git a/src/qml/qml/qqmlcomponent.cpp b/src/qml/qml/qqmlcomponent.cpp
index 1da2f1c109..68f950d840 100644
--- a/src/qml/qml/qqmlcomponent.cpp
+++ b/src/qml/qml/qqmlcomponent.cpp
@@ -780,6 +780,11 @@ QQmlComponent::QQmlComponent(QQmlComponentPrivate &dd, QObject *parent)
 
     The ownership of the returned object instance is transferred to the caller.
 
+    If the object being created from this component is a visual item, it must
+    have a visual parent, which can be set by calling
+    QQuickItem::setParentItem(). See \l {Concepts - Visual Parent in Qt Quick}
+    for more details.
+
     \sa QQmlEngine::ObjectOwnership
 */
 QObject *QQmlComponent::create(QQmlContext *context)
-- 
cgit v1.2.3


From 36a179e8faa572544b9e8a9442f8c679a9509423 Mon Sep 17 00:00:00 2001
From: Erik Verbruggen <erik.verbruggen@digia.com>
Date: Tue, 1 Jul 2014 13:34:31 +0200
Subject: V4: work around a bug in libc++'s std::vector<bool>

The ++operator of std::vector<bool>::iterator in libc++ has a bug when
using it on an iterator pointing to the last element. It will not be set
to ::end(), but beyond that. (It will be set to the first multiple of
the native word size that is bigger than size().)

See http://llvm.org/bugs/show_bug.cgi?id=19663

Task-number: QTBUG-39911
Change-Id: Ic244d9c90ee6b596261a6e322301c411a14820a8
Reviewed-by: Fawzi Mohamed <fawzi.mohamed@digia.com>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
---
 src/qml/compiler/qv4ssa.cpp | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

(limited to 'src/qml')

diff --git a/src/qml/compiler/qv4ssa.cpp b/src/qml/compiler/qv4ssa.cpp
index 97114b9507..d7dbfac50b 100644
--- a/src/qml/compiler/qv4ssa.cpp
+++ b/src/qml/compiler/qv4ssa.cpp
@@ -246,13 +246,31 @@ public:
                 if (set.blockNumbers)
                     numberIt = set.blockNumbers->begin();
                 else
-                    flagIt = std::distance(set.blockFlags->begin(),
-                                           std::find(set.blockFlags->begin(),
-                                                     set.blockFlags->end(),
-                                                     true));
+                    findNextWithFlags(0);
             }
         }
 
+        void findNextWithFlags(size_t start)
+        {
+            flagIt = std::distance(set.blockFlags->begin(),
+                                   std::find(set.blockFlags->begin() + start,
+                                             set.blockFlags->end(),
+                                             true));
+
+            // The ++operator of std::vector<bool>::iterator in libc++ has a bug when using it on an
+            // iterator pointing to the last element. It will not be set to ::end(), but beyond
+            // that. (It will be set to the first multiple of the native word size that is bigger
+            // than size().)
+            //
+            // See http://llvm.org/bugs/show_bug.cgi?id=19663
+            //
+            // As we use the size to for our end() iterator, take the minimum of the size and the
+            // distance for the flagIt:
+            flagIt = qMin(flagIt, set.blockFlags->size());
+
+            Q_ASSERT(flagIt <= set.blockFlags->size());
+        }
+
     public:
         BasicBlock *operator*() const
         {
@@ -282,10 +300,7 @@ public:
             if (set.blockNumbers)
                 ++numberIt;
             else
-                flagIt = std::distance(set.blockFlags->begin(),
-                                       std::find(set.blockFlags->begin() + flagIt + 1,
-                                                 set.blockFlags->end(),
-                                                 true));
+                findNextWithFlags(flagIt + 1);
 
             return *this;
         }
-- 
cgit v1.2.3


From ba8416b80f42c81387170620472194e7a76429b8 Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@digia.com>
Date: Fri, 25 Jul 2014 10:13:50 +0200
Subject: Do not use mark() when marking ExecutionContexts

Some execution contexts in the parent chain can be allocated
on the C stack instead of the GC heap. Calling mark() on those would
push them onto the GC stack (which is identical to the JS stack).
In rare cases the reference can survive to live into the next call to
gc(), causing invalid accesses to already deleted contexts.

Change-Id: I709f58de27be9386cf70707c84e4c86c7c303fa7
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
---
 src/qml/jsruntime/qv4engine.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/qml')

diff --git a/src/qml/jsruntime/qv4engine.cpp b/src/qml/jsruntime/qv4engine.cpp
index 8916cc597e..72be889e72 100644
--- a/src/qml/jsruntime/qv4engine.cpp
+++ b/src/qml/jsruntime/qv4engine.cpp
@@ -839,7 +839,11 @@ void ExecutionEngine::markObjects()
 
     ExecutionContext *c = currentContext();
     while (c) {
-        c->mark(this);
+        Q_ASSERT(c->inUse);
+        if (!c->markBit) {
+            c->markBit = 1;
+            c->markObjects(c, this);
+        }
         c = c->parent;
     }
 
-- 
cgit v1.2.3