[Webkit-unassigned] [Bug 112523] Crash in AXObjectCache::notificationPostTimerFired()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Mar 17 23:27:05 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=112523
--- Comment #7 from chris fleizach <cfleizach at apple.com> 2013-03-17 23:29:31 PST ---
(In reply to comment #6)
> Something very odd is happening with accessibility. See this sample:
> http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r146032%20(7849)/svg/wicd/sizing-flakiness-sample.txt
>
> notably:
> 911 WebCore::ThreadTimers::sharedTimerFiredInternal() (in WebCore) + 302 [0x1134a177e] ThreadTimers.cpp:129
> 911 WebCore::Timer<WebCore::AXObjectCache>::fired() (in WebCore) + 115 [0x111a19823] Timer.h:113
> 911 WebCore::AXObjectCache::notificationPostTimerFired(WebCore::Timer<WebCore::AXObjectCache>*) (in WebCore) + 400 [0x1119cbcd0] AXObjectCache.cpp:645
> 911 WebCore::AXObjectCache::postPlatformNotification(WebCore::AccessibilityObject*, WebCore::AXObjectCache::AXNotification) (in WebCore) + 597 [0x111b011e5] AXObjectCacheMac.mm:131
> 911 -[WebAccessibilityObjectWrapperBase accessibilityPostedNotification:] (in WebCore) + 161 [0x1134f70b1] WebAccessibilityObjectWrapperBase.mm:240
> 911 -[NSNotificationCenter postNotificationName:object:userInfo:] (in Foundation) + 64 [0x7fff918abe26]
> 911 _CFXNotificationPost (in CoreFoundation) + 2554 [0x7fff9351deda]
> 907 -[AccessibilityNotificationHandler _notificationReceived:] (in WebKitTestRunnerInjectedBundle) + 681 [0x119ea0fa9] AccessibilityNotificationHandler.mm:136
> ! 907 JSObjectCallAsFunction (in JavaScriptCore) + 523 [0x110c5b56b] JSObjectRef.cpp:468
> ! 907 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (in JavaScriptCore) + 306 [0x1109b3782] CallData.cpp:40
> ! 907 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (in JavaScriptCore) + 1519 [0x110ba61cf] Interpreter.cpp:1059
> ! 907 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) (in JavaScriptCore) + 84 [0x110ba8f24] JITCode.h:135
> ! 907 ??? (in JavaScriptCore) load address 0x110939000 + 0x2b3250 [0x110bec250]
> ! 796 cti_op_put_by_id_generic (in JavaScriptCore) + 203 [0x110bdfdfb] JITStubs.cpp:1415
> ! : 796 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (in JavaScriptCore) + 185 [0x110ad0859] JSCJSValueInlines.h:678
>
> The test is svg/wicd/sizing-flakiness.html, which has nothing to do with accessibility. So why is an accessibility notification firing, and why is it running JS code?
(In reply to comment #6)
> Something very odd is happening with accessibility. See this sample:
> http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r146032%20(7849)/svg/wicd/sizing-flakiness-sample.txt
>
> notably:
> 911 WebCore::ThreadTimers::sharedTimerFiredInternal() (in WebCore) + 302 [0x1134a177e] ThreadTimers.cpp:129
> 911 WebCore::Timer<WebCore::AXObjectCache>::fired() (in WebCore) + 115 [0x111a19823] Timer.h:113
> 911 WebCore::AXObjectCache::notificationPostTimerFired(WebCore::Timer<WebCore::AXObjectCache>*) (in WebCore) + 400 [0x1119cbcd0] AXObjectCache.cpp:645
> 911 WebCore::AXObjectCache::postPlatformNotification(WebCore::AccessibilityObject*, WebCore::AXObjectCache::AXNotification) (in WebCore) + 597 [0x111b011e5] AXObjectCacheMac.mm:131
> 911 -[WebAccessibilityObjectWrapperBase accessibilityPostedNotification:] (in WebCore) + 161 [0x1134f70b1] WebAccessibilityObjectWrapperBase.mm:240
> 911 -[NSNotificationCenter postNotificationName:object:userInfo:] (in Foundation) + 64 [0x7fff918abe26]
> 911 _CFXNotificationPost (in CoreFoundation) + 2554 [0x7fff9351deda]
> 907 -[AccessibilityNotificationHandler _notificationReceived:] (in WebKitTestRunnerInjectedBundle) + 681 [0x119ea0fa9] AccessibilityNotificationHandler.mm:136
> ! 907 JSObjectCallAsFunction (in JavaScriptCore) + 523 [0x110c5b56b] JSObjectRef.cpp:468
> ! 907 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (in JavaScriptCore) + 306 [0x1109b3782] CallData.cpp:40
> ! 907 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (in JavaScriptCore) + 1519 [0x110ba61cf] Interpreter.cpp:1059
> ! 907 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) (in JavaScriptCore) + 84 [0x110ba8f24] JITCode.h:135
> ! 907 ??? (in JavaScriptCore) load address 0x110939000 + 0x2b3250 [0x110bec250]
> ! 796 cti_op_put_by_id_generic (in JavaScriptCore) + 203 [0x110bdfdfb] JITStubs.cpp:1415
> ! : 796 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (in JavaScriptCore) + 185 [0x110ad0859] JSCJSValueInlines.h:678
>
> The test is svg/wicd/sizing-flakiness.html, which has nothing to do with accessibility. So why is an accessibility notification firing, and why is it running JS code?
It's informing the layout test that an accessibility notification (like ValueChanged perhaps) fired. It does that by storing a function callback which it will call when the notification comes in.
However, things should be cleaned up when the test finishes, which is obviously not happening
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list