Bug 111613

Summary: REGRESSION: Intermittent crash in SpeechSynthesis::didFinishSpeaking
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: AccessibilityAssignee: chris fleizach <cfleizach>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, cfleizach, commit-queue, dmazzoni, mark.lam, simon.fraser, webkit.review.bot
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch
none
patch 2 none

Ryosuke Niwa
Reported 2013-03-06 12:28:25 PST
CRASHING TEST: platform/mac/fast/speechsynthesis/speech-synthesis-cancel.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000101952a64 WebCore::SpeechSynthesis::didFinishSpeaking(WebCore::PlatformSpeechSynthesisUtterance const*) + 4 (PlatformSpeechSynthesisUtterance.h:71) 1 libWebCoreTestSupport.dylib 0x0000000100a03937 WebCore::PlatformSpeechSynthesizerMock::speakingFinished(WebCore::Timer<WebCore::PlatformSpeechSynthesizerMock>*) + 23 (PlatformSpeechSynthesizerMock.cpp:54) 2 com.apple.WebCore 0x0000000101ab37ef WebCore::ThreadTimers::sharedTimerFiredInternal() + 175 (ThreadTimers.cpp:132) 3 com.apple.WebCore 0x0000000101942423 WebCore::timerFired(__CFRunLoopTimer*, void*) + 51 (SharedTimerMac.mm:167) 4 com.apple.CoreFoundation 0x00007fff92ac7da4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 5 com.apple.CoreFoundation 0x00007fff92ac78bd __CFRunLoopDoTimer + 557 6 com.apple.CoreFoundation 0x00007fff92aad099 __CFRunLoopRun + 1513 7 com.apple.CoreFoundation 0x00007fff92aac6b2 CFRunLoopRunSpecific + 290 8 com.apple.Foundation 0x00007fff87a8089e -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 268 9 DumpRenderTree 0x000000010035a122 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 1639 (DumpRenderTree.mm:1375) 10 DumpRenderTree 0x00000001003598b6 dumpRenderTree(int, char const**) + 1727 (DumpRenderTree.mm:832) 11 DumpRenderTree 0x000000010035a48b main + 86 (DumpRenderTree.mm:925) 12 libdyld.dylib 0x00007fff895837e1 start + 1 e.g. http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK1%20(Tests)/r144949%20(7620)/results.html
Attachments
patch (2.14 KB, patch)
2013-03-07 00:58 PST, chris fleizach 		no flags
DetailsFormatted DiffDiff
patch 2 (1.58 KB, patch)
2014-04-28 10:34 PDT, chris fleizach 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 2 2013-03-06 12:45:05 PST
Added a flaky crash test expectation in http://trac.webkit.org/changeset/144965.
chris fleizach
Comment 3 2013-03-07 00:58:59 PST
Created attachment 191940 [details] patch I don't think this will actually fix this, but I think it will help illuminate the problem. It does fix a similar problem when calling cancel. I believe this problem only affects the mock synthesizer right now
Ryosuke Niwa
Comment 4 2013-03-08 22:01:45 PST
Comment on attachment 191940 [details] patch rs=me.
WebKit Review Bot
Comment 5 2013-03-08 22:40:40 PST
Comment on attachment 191940 [details] patch Clearing flags on attachment: 191940 Committed r145304: <http://trac.webkit.org/changeset/145304>
WebKit Review Bot
Comment 6 2013-03-08 22:40:43 PST
All reviewed patches have been landed. Closing bug.
chris fleizach
Comment 7 2013-03-08 22:48:57 PST
I don't think the problem is actually fixed so leaving this open to see if we hit some asserts that illuminate the problem more fully
Simon Fraser (smfr)
Comment 8 2013-03-12 21:29:02 PDT
<rdar://problem/13407093>
chris fleizach
Comment 9 2014-04-28 10:34:59 PDT
Created attachment 230305 [details] patch 2
Mark Lam
Comment 10 2014-04-28 12:25:57 PDT
Comment on attachment 230305 [details] patch 2 LGTM. r=me.
Simon Fraser (smfr)
Comment 11 2014-04-28 12:30:16 PDT
Comment on attachment 230305 [details] patch 2 View in context: https://bugs.webkit.org/attachment.cgi?id=230305&action=review > Source/WebCore/ChangeLog:8 > + I think it's possible that didFinishSpeaking ends up calling directly back into start speaking, and the utterance reference "I think it's possible". Maybe verify that with assertions? Is it OK that this happens?
chris fleizach
Comment 12 2014-04-28 12:34:57 PDT
(In reply to comment #11) > (From update of attachment 230305 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=230305&action=review > > > Source/WebCore/ChangeLog:8 > > + I think it's possible that didFinishSpeaking ends up calling directly back into start speaking, and the utterance reference > > "I think it's possible". Maybe verify that with assertions? Is it OK that this happens? The assertion that Mark posted means that it definitely happens. My language is probably too cautious
WebKit Commit Bot
Comment 13 2014-04-28 12:57:53 PDT
Comment on attachment 230305 [details] patch 2 Clearing flags on attachment: 230305 Committed r167899: <http://trac.webkit.org/changeset/167899>
WebKit Commit Bot
Comment 14 2014-04-28 12:57:57 PDT
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 15 2014-04-29 12:23:58 PDT
Removed Crash/Pass expectation in <http://trac.webkit.org/r167950>.
Note You need to log in before you can comment on or make changes to this bug.