Bug 111613

Summary:

REGRESSION: Intermittent crash in SpeechSynthesis::didFinishSpeaking

Product:

WebKit

Reporter:

Ryosuke Niwa <rniwa>

Component:

Accessibility

Assignee:

chris fleizach <cfleizach>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, cfleizach, commit-queue, dmazzoni, mark.lam, simon.fraser, webkit.review.bot

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
patch	none
patch 2	none

Description Ryosuke Niwa 2013-03-06 12:28:25 PST

CRASHING TEST: platform/mac/fast/speechsynthesis/speech-synthesis-cancel.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x0000000101952a64 WebCore::SpeechSynthesis::didFinishSpeaking(WebCore::PlatformSpeechSynthesisUtterance const*) + 4 (PlatformSpeechSynthesisUtterance.h:71)
1   libWebCoreTestSupport.dylib   	0x0000000100a03937 WebCore::PlatformSpeechSynthesizerMock::speakingFinished(WebCore::Timer<WebCore::PlatformSpeechSynthesizerMock>*) + 23 (PlatformSpeechSynthesizerMock.cpp:54)
2   com.apple.WebCore             	0x0000000101ab37ef WebCore::ThreadTimers::sharedTimerFiredInternal() + 175 (ThreadTimers.cpp:132)
3   com.apple.WebCore             	0x0000000101942423 WebCore::timerFired(__CFRunLoopTimer*, void*) + 51 (SharedTimerMac.mm:167)
4   com.apple.CoreFoundation      	0x00007fff92ac7da4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
5   com.apple.CoreFoundation      	0x00007fff92ac78bd __CFRunLoopDoTimer + 557
6   com.apple.CoreFoundation      	0x00007fff92aad099 __CFRunLoopRun + 1513
7   com.apple.CoreFoundation      	0x00007fff92aac6b2 CFRunLoopRunSpecific + 290
8   com.apple.Foundation          	0x00007fff87a8089e -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 268
9   DumpRenderTree                	0x000000010035a122 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 1639 (DumpRenderTree.mm:1375)
10  DumpRenderTree                	0x00000001003598b6 dumpRenderTree(int, char const**) + 1727 (DumpRenderTree.mm:832)
11  DumpRenderTree                	0x000000010035a48b main + 86 (DumpRenderTree.mm:925)
12  libdyld.dylib                 	0x00007fff895837e1 start + 1

e.g.
http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK1%20(Tests)/r144949%20(7620)/results.html

Comment 1 Ryosuke Niwa 2013-03-06 12:29:14 PST

http://test-results.appspot.com/dashboards/flakiness_dashboard.html#group=%40ToT%20-%20webkit.org&tests=platform%2Fmac%2Ffast%2Fspeechsynthesis%2Fspeech-synthesis-cancel.html

Comment 2 Ryosuke Niwa 2013-03-06 12:45:05 PST

Added a flaky crash test expectation in http://trac.webkit.org/changeset/144965.

Comment 3 chris fleizach 2013-03-07 00:58:59 PST

Created attachment 191940 [details]
patch

I don't think this will actually fix this, but I think it will help illuminate the problem. It does fix a similar problem when calling cancel.

I believe this problem only affects the mock synthesizer right now

Comment 4 Ryosuke Niwa 2013-03-08 22:01:45 PST

Comment on attachment 191940 [details]
patch

rs=me.

Comment 5 WebKit Review Bot 2013-03-08 22:40:40 PST

Comment on attachment 191940 [details]
patch

Clearing flags on attachment: 191940

Committed r145304: <http://trac.webkit.org/changeset/145304>

Comment 6 WebKit Review Bot 2013-03-08 22:40:43 PST

All reviewed patches have been landed.  Closing bug.

Comment 7 chris fleizach 2013-03-08 22:48:57 PST

I don't think the problem is actually fixed so leaving this open to see if we hit some asserts that illuminate the problem more fully

Comment 8 Simon Fraser (smfr) 2013-03-12 21:29:02 PDT

<rdar://problem/13407093>

Comment 9 chris fleizach 2014-04-28 10:34:59 PDT

Created attachment 230305 [details]
patch 2

Comment 10 Mark Lam 2014-04-28 12:25:57 PDT

Comment on attachment 230305 [details]
patch 2

LGTM.  r=me.

Comment 11 Simon Fraser (smfr) 2014-04-28 12:30:16 PDT

Comment on attachment 230305 [details]
patch 2

View in context: https://bugs.webkit.org/attachment.cgi?id=230305&action=review

> Source/WebCore/ChangeLog:8
> +        I think it's possible that didFinishSpeaking ends up calling directly back into start speaking, and the utterance reference

"I think it's possible". Maybe verify that with assertions? Is it OK that this happens?

Comment 12 chris fleizach 2014-04-28 12:34:57 PDT

(In reply to comment #11)
> (From update of attachment 230305 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=230305&action=review
> 
> > Source/WebCore/ChangeLog:8
> > +        I think it's possible that didFinishSpeaking ends up calling directly back into start speaking, and the utterance reference
> 
> "I think it's possible". Maybe verify that with assertions? Is it OK that this happens?

The assertion that Mark posted means that it definitely happens. My language is probably too cautious

Comment 13 WebKit Commit Bot 2014-04-28 12:57:53 PDT

Comment on attachment 230305 [details]
patch 2

Clearing flags on attachment: 230305

Committed r167899: <http://trac.webkit.org/changeset/167899>

Comment 14 WebKit Commit Bot 2014-04-28 12:57:57 PDT

All reviewed patches have been landed.  Closing bug.

Comment 15 Alexey Proskuryakov 2014-04-29 12:23:58 PDT

Removed Crash/Pass expectation in <http://trac.webkit.org/r167950>.