Skip the captured properties step in bindings

Objects and notifiers in the capturedProperties list were not guarded
which can lead to crashes if they're deleted prior to the binding
completing.  Now the notifiers are connected to and guarded immediately
to prevent this.

Change-Id: I912e323c52bf6169fb5077e552d5d38d9aa7faec
Reviewed-by: Roberto Raggi <roberto.raggi@nokia.com>

src/declarative/qml/ftw/ftw.pri

@@ -11,6 +11,7 @@ HEADERS +=  \
     $$PWD/qdeclarativethread_p.h \
     $$PWD/qfinitestack_p.h \
     $$PWD/qrecursionwatcher_p.h \
+    $$PWD/qrecyclepool_p.h \
 
 SOURCES += \
     $$PWD/qintrusivelist.cpp \

src/declarative/qml/ftw/qfieldlist_p.h

@@ -107,6 +107,7 @@ N *QFieldList<N, nextMember>::takeFirst()
             Q_ASSERT(_first == 0);
             _last = 0;
         }
+        value->*nextMember = 0;
         --_count;
     } 
     return value;

src/declarative/qml/ftw/qrecyclepool_p.h

@@ -0,0 +1,220 @@
+/****************************************************************************
+**
+** Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
+** All rights reserved.
+** Contact: Nokia Corporation (qt-info@nokia.com)
+**
+** This file is part of the QtDeclarative module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** GNU Lesser General Public License Usage
+** This file may be used under the terms of the GNU Lesser General Public
+** License version 2.1 as published by the Free Software Foundation and
+** appearing in the file LICENSE.LGPL included in the packaging of this
+** file. Please review the following information to ensure the GNU Lesser
+** General Public License version 2.1 requirements will be met:
+** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
+**
+** In addition, as a special exception, Nokia gives you certain additional
+** rights. These rights are described in the Nokia Qt LGPL Exception
+** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU General
+** Public License version 3.0 as published by the Free Software Foundation
+** and appearing in the file LICENSE.GPL included in the packaging of this
+** file. Please review the following information to ensure the GNU General
+** Public License version 3.0 requirements will be met:
+** http://www.gnu.org/copyleft/gpl.html.
+**
+** Other Usage
+** Alternatively, this file may be used in accordance with the terms and
+** conditions contained in a signed written agreement between you and Nokia.
+**
+**
+**
+**
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef QRECYCLEPOOL_P_H
+#define QRECYCLEPOOL_P_H
+
+//
+//  W A R N I N G
+//  -------------
+//
+// This file is not part of the Qt API.  It exists purely as an
+// implementation detail.  This header file may change from version to
+// version without notice, or even be removed.
+//
+// We mean it.
+//
+
+QT_BEGIN_NAMESPACE
+
+#define QRECYCLEPOOLCOOKIE 0x33218ADF
+
+template<typename T, int Step>
+class QRecyclePoolPrivate
+{
+public:
+    QRecyclePoolPrivate()
+    : recyclePoolHold(true), outstandingItems(0), cookie(QRECYCLEPOOLCOOKIE),
+      currentPage(0), nextAllocated(0)
+    {
+    }
+
+    bool recyclePoolHold;
+    int outstandingItems;
+    quint32 cookie;
+
+    struct PoolType : public T {
+        union {
+            QRecyclePoolPrivate<T, Step> *pool;
+            PoolType *nextAllocated;
+        };
+    };
+
+    struct Page {
+        Page *nextPage;
+        unsigned int free;
+        union {
+            char array[Step * sizeof(PoolType)];
+            qint64 q_for_alignment_1;
+            double q_for_alignment_2;
+        };
+    };
+
+    Page *currentPage;
+    PoolType *nextAllocated;
+
+    inline T *allocate();
+    static inline void dispose(T *);
+    inline void releaseIfPossible();
+};
+
+template<typename T, int Step = 1024>
+class QRecyclePool
+{
+public:
+    inline QRecyclePool();
+    inline ~QRecyclePool();
+
+    inline T *New();
+    template<typename T1>
+    inline T *New(const T1 &);
+    template<typename T1>
+    inline T *New(T1 &);
+
+    static inline void Delete(T *);
+
+private:
+    QRecyclePoolPrivate<T, Step> *d;
+};
+
+template<typename T, int Step>
+QRecyclePool<T, Step>::QRecyclePool()
+: d(new QRecyclePoolPrivate<T, Step>())
+{
+}
+
+template<typename T, int Step>
+QRecyclePool<T, Step>::~QRecyclePool()
+{
+    d->recyclePoolHold = false;
+    d->releaseIfPossible();
+}
+
+template<typename T, int Step>
+T *QRecyclePool<T, Step>::New()
+{
+    T *rv = d->allocate();
+    new (rv) T;
+    return rv;
+}
+
+template<typename T, int Step>
+template<typename T1>
+T *QRecyclePool<T, Step>::New(const T1 &a)
+{
+    T *rv = d->allocate();
+    new (rv) T(a);
+    return rv;
+}
+
+template<typename T, int Step>
+template<typename T1>
+T *QRecyclePool<T, Step>::New(T1 &a)
+{
+    T *rv = d->allocate();
+    new (rv) T(a);
+    return rv;
+}
+
+template<typename T, int Step>
+void QRecyclePool<T, Step>::Delete(T *t)
+{
+    t->~T();
+    QRecyclePoolPrivate<T, Step>::dispose(t);
+}
+
+template<typename T, int Step>
+void QRecyclePoolPrivate<T, Step>::releaseIfPossible()
+{
+    if (recyclePoolHold || outstandingItems)
+        return;
+
+    Page *p = currentPage;
+    while (p) {
+        Page *n = p->nextPage;
+        qFree(p);
+        p = n;
+    }
+
+    delete this;
+}
+
+template<typename T, int Step>
+T *QRecyclePoolPrivate<T, Step>::allocate()
+{
+    PoolType *rv = 0;
+    if (nextAllocated) {
+        rv = nextAllocated;
+        nextAllocated = rv->nextAllocated;
+    } else if (currentPage && currentPage->free) {
+        rv = (PoolType *)(currentPage->array + (Step - currentPage->free) * sizeof(PoolType));
+        currentPage->free--;
+    } else {
+        Page *p = (Page *)qMalloc(sizeof(Page));
+        p->nextPage = currentPage;
+        p->free = Step;
+        currentPage = p;
+
+        rv = (PoolType *)currentPage->array;
+        currentPage->free--;
+    }
+
+    rv->pool = this;
+    ++outstandingItems;
+    return rv;
+}
+
+template<typename T, int Step>
+void QRecyclePoolPrivate<T, Step>::dispose(T *t)
+{
+    PoolType *pt = static_cast<PoolType *>(t);
+    Q_ASSERT(pt->pool && pt->pool->cookie == QRECYCLEPOOLCOOKIE);
+
+    QRecyclePoolPrivate<T, Step> *This = pt->pool;
+    pt->nextAllocated = This->nextAllocated;
+    This->nextAllocated = pt;
+    --This->outstandingItems;
+    This->releaseIfPossible();
+}
+
+QT_END_NAMESPACE
+
+#endif // QRECYCLEPOOL_P_H

src/declarative/qml/qdeclarativeengine.cpp

@@ -332,7 +332,7 @@ the same object as is returned from the Qt.include() call.
 
 
 QDeclarativeEnginePrivate::QDeclarativeEnginePrivate(QDeclarativeEngine *e)
-: captureProperties(false), rootContext(0), isDebugging(false),
+: propertyCapture(0), rootContext(0), isDebugging(false),
   outputWarningsToStdErr(true), sharedContext(0), sharedScope(0),
   cleanup(0), erroredBindings(0), inProgressCreations(0), 
   workerScriptEngine(0), activeVME(0),

src/declarative/qml/qdeclarativeengine_p.h

@@ -69,6 +69,7 @@
 #include "qdeclarativemetatype_p.h"
 #include "qdeclarativedirparser_p.h"
 #include <private/qintrusivelist_p.h>
+#include <private/qrecyclepool_p.h>
 
 #include <QtCore/qlist.h>
 #include <QtCore/qpair.h>
@@ -103,6 +104,21 @@ class QSGTexture;
 class QDeclarativeIncubator;
 class QSGContext;
 
+// This needs to be declared here so that the pool for it can live in QDeclarativeEnginePrivate.
+// The inline method definitions are in qdeclarativeexpression_p.h
+class QDeclarativeJavaScriptExpressionGuard : public QDeclarativeNotifierEndpoint
+{
+public:
+    inline QDeclarativeJavaScriptExpressionGuard(QDeclarativeJavaScriptExpression *);
+
+    static inline void endpointCallback(QDeclarativeNotifierEndpoint *);
+    static inline QDeclarativeJavaScriptExpressionGuard *New(QDeclarativeJavaScriptExpression *e);
+    inline void Delete();
+
+    QDeclarativeJavaScriptExpression *expression;
+    QDeclarativeJavaScriptExpressionGuard *next;
+};
+
 class Q_DECLARATIVE_EXPORT QDeclarativeEnginePrivate : public QObjectPrivate
 {
     Q_DECLARE_PUBLIC(QDeclarativeEngine)
@@ -112,19 +128,18 @@ class Q_DECLARATIVE_EXPORT QDeclarativeEnginePrivate : public QObjectPrivate
 
     void init();
 
-    struct CapturedProperty {
-        CapturedProperty(QObject *o, int c, int n)
-            : object(o), coreIndex(c), notifier(0), notifyIndex(n) {}
-        CapturedProperty(QDeclarativeNotifier *n)
-            : object(0), coreIndex(-1), notifier(n), notifyIndex(-1) {}
-
-        QObject *object;
-        int coreIndex;
-        QDeclarativeNotifier *notifier;
-        int notifyIndex;
+    class PropertyCapture {
+    public:
+        inline virtual ~PropertyCapture() {}
+        virtual void captureProperty(QDeclarativeNotifier *) = 0;
+        virtual void captureProperty(QObject *, int, int) = 0;
     };
-    bool captureProperties;
-    QPODVector<CapturedProperty> capturedProperties;
+
+    PropertyCapture *propertyCapture;
+    inline void captureProperty(QDeclarativeNotifier *);
+    inline void captureProperty(QObject *, int, int);
+
+    QRecyclePool<QDeclarativeJavaScriptExpressionGuard> jsExpressionGuardPool;
 
     QDeclarativeContext *rootContext;
     bool isDebugging;
@@ -492,6 +507,18 @@ QDeclarativeEngine *QDeclarativeEnginePrivate::get(QDeclarativeEnginePrivate *p)
     return p->q_func(); 
 }
 
+void QDeclarativeEnginePrivate::captureProperty(QDeclarativeNotifier *n)
+{
+    if (propertyCapture)
+        propertyCapture->captureProperty(n);
+}
+
+void QDeclarativeEnginePrivate::captureProperty(QObject *o, int c, int n)
+{
+    if (propertyCapture)
+        propertyCapture->captureProperty(o, c, n);
+}
+
 QT_END_NAMESPACE
 
 #endif // QDECLARATIVEENGINE_P_H