Bug 140868

Summary: [Win] Assertion trying to add notification listener
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: Tools / TestsAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   

Description Brent Fulgham 2015-01-25 11:16:09 PST 
The following layout tests crash in debug mode when trying to add a notification listener:

accessibility/notification-listeners.html
accessibility/combo-box-collapsed-selection-changed.html

The crash trace looks like the following:

>	WTF.dll!WTFCrash() Line 321	C++
 	DumpRenderTree.dll!COMPtr<IAccessible>::operator&() Line 76	C++
 	DumpRenderTree.dll!WTF::HashTraits<COMPtr<IAccessible> >::constructDeletedValue(COMPtr<IAccessible> & slot) Line 228	C++
 	DumpRenderTree.dll!WTF::KeyValuePairHashTraits<WTF::HashTraits<COMPtr<IAccessible> >,WTF::HashTraits<OpaqueJSValue *> >::constructDeletedValue(WTF::KeyValuePair<COMPtr<IAccessible>,OpaqueJSValue *> & slot) Line 217	C++
 	DumpRenderTree.dll!WTF::HashTable<COMPtr<IAccessible>,WTF::KeyValuePair<COMPtr<IAccessible>,OpaqueJSValue *>,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<COMPtr<IAccessible>,OpaqueJSValue *> >,WTF::PtrHash<COMPtr<IAccessible> >,WTF::HashMap<COMPtr<IAccessible>,OpaqueJSValue *,WTF::PtrHash<COMPtr<IAccessible> >,WTF::HashTraits<COMPtr<IAccessible> >,WTF::HashTraits<OpaqueJSValue *> >::KeyValuePairTraits,WTF::HashTraits<COMPtr<IAccessible> > >::checkKey<WTF::HashMapTranslator<WTF::HashMap<COMPtr<IAccessible>,OpaqueJSValue *,WTF::PtrHash<COMPtr<IAccessible> >,WTF::HashTraits<COMPtr<IAccessible> >,WTF::HashTraits<OpaqueJSValue *> >::KeyValuePairTraits,WTF::PtrHash<COMPtr<IAccessible> > >,COMPtr<IAccessible> >(const COMPtr<IAccessible> & key) Line 580	C++
 	DumpRenderTree.dll!WTF::HashTable<COMPtr<IAccessible>,WTF::KeyValuePair<COMPtr<IAccessible>,OpaqueJSValue *>,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<COMPtr<IAccessible>,OpaqueJSValue *> >,WTF::PtrHash<COMPtr<IAccessible> >,WTF::HashMap<COMPtr<IAccessible>,OpaqueJSValue *,WTF::PtrHash<COMPtr<IAccessible> >,WTF::HashTraits<COMPtr<IAccessible> >,WTF::HashTraits<OpaqueJSValue *> >::KeyValuePairTraits,WTF::HashTraits<COMPtr<IAccessible> > >::add<WTF::HashMapTranslator<WTF::HashMap<COMPtr<IAccessible>,OpaqueJSValue *,WTF::PtrHash<COMPtr<IAccessible> >,WTF::HashTraits<COMPtr<IAccessible> >,WTF::HashTraits<OpaqueJSValue *> >::KeyValuePairTraits,WTF::PtrHash<COMPtr<IAccessible> > >,COMPtr<IAccessible> const &,OpaqueJSValue * &>(const COMPtr<IAccessible> & key, OpaqueJSValue * & extra) Line 795	C++
 	DumpRenderTree.dll!WTF::HashMap<COMPtr<IAccessible>,OpaqueJSValue *,WTF::PtrHash<COMPtr<IAccessible> >,WTF::HashTraits<COMPtr<IAccessible> >,WTF::HashTraits<OpaqueJSValue *> >::inlineAdd<COMPtr<IAccessible> const &,OpaqueJSValue * &>(const COMPtr<IAccessible> & key, OpaqueJSValue * & value) Line 296	C++
 	DumpRenderTree.dll!WTF::HashMap<COMPtr<IAccessible>,OpaqueJSValue *,WTF::PtrHash<COMPtr<IAccessible> >,WTF::HashTraits<COMPtr<IAccessible> >,WTF::HashTraits<OpaqueJSValue *> >::add<OpaqueJSValue * &>(const COMPtr<IAccessible> & key, OpaqueJSValue * & mapped) Line 324	C++
 	DumpRenderTree.dll!AccessibilityController::winAddNotificationListener(COMPtr<IAccessible> element, OpaqueJSValue * functionCallback) Line 374	C++
 	DumpRenderTree.dll!AccessibilityUIElement::addNotificationListener(OpaqueJSValue * functionCallback) Line 817	C++
 	DumpRenderTree.dll!addNotificationListenerCallback(const OpaqueJSContext * context, OpaqueJSValue * function, OpaqueJSValue * thisObject, unsigned int argumentCount, const OpaqueJSValue * const * arguments, const OpaqueJSValue * * exception) Line 1188	C++
 	JavaScriptCore.dll!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState * exec) Line 61	C++
 	JavaScriptCore.dll!JSC::LLInt::handleHostCall(JSC::ExecState * execCallee, JSC::Instruction * pc, JSC::JSValue callee, JSC::CodeSpecializationKind kind) Line 1051	C++
 	JavaScriptCore.dll!JSC::LLInt::setUpCall(JSC::ExecState * execCallee, JSC::Instruction * pc, JSC::CodeSpecializationKind kind, JSC::JSValue calleeAsValue, JSC::LLIntCallLinkInfo * callLinkInfo) Line 1097	C++
 	JavaScriptCore.dll!JSC::LLInt::genericCall(JSC::ExecState * exec, JSC::Instruction * pc, JSC::CodeSpecializationKind kind) Line 1159	C++
 	JavaScriptCore.dll!llint_slow_path_call(JSC::ExecState * exec, JSC::Instruction * pc) Line 1165	C++
 	JavaScriptCore.dll!llint_entry() Line 7201	Unknown
 	JavaScriptCore.dll!vmEntryToJavaScript() Line 110	Unknown
 	JavaScriptCore.dll!JSC::JITCode::execute(JSC::VM * vm, JSC::ProtoCallFrame * protoCallFrame) Line 77	C++
 	JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program, JSC::ExecState * callFrame, JSC::JSObject * thisObj) Line 914	C++
 	JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * returnedException) Line 83	C++
 	WebKit.dll!WebCore::JSMainThreadExecState::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * exception) Line 62	C++
 	WebKit.dll!WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode, WebCore::DOMWrapperWorld & world) Line 151	C++
 	WebKit.dll!WebCore::ScriptController::evaluate(const WebCore::ScriptSourceCode & sourceCode) Line 167	C++
 	WebKit.dll!WebCore::ScriptElement::executeScript(const WebCore::ScriptSourceCode & sourceCode) Line 301	C++
 	WebKit.dll!WebCore::ScriptElement::prepareScript(const WTF::TextPosition & scriptStartPosition, WebCore::ScriptElement::LegacyTypeSupport supportLegacyTypes) Line 237	C++
 	WebKit.dll!WebCore::HTMLScriptRunner::runScript(WebCore::Element * script, const WTF::TextPosition & scriptStartPosition) Line 304	C++
 	WebKit.dll!WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element> scriptElement, const WTF::TextPosition & scriptStartPosition) Line 177	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() Line 197	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode mode, WebCore::PumpSession & session) Line 214	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode mode) Line 259	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode mode) Line 167	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() Line 497	C++
 	WebKit.dll!WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource * cachedResource) Line 537	C++
 	WebKit.dll!WebCore::CachedResource::checkNotify() Line 296	C++
 	WebKit.dll!WebCore::CachedResource::finishLoading(WebCore::SharedBuffer * __formal) Line 313	C++
 	WebKit.dll!WebCore::CachedScript::finishLoading(WebCore::SharedBuffer * data) Line 87	C++
 	WebKit.dll!WebCore::SubresourceLoader::didFinishLoading(double finishTime) Line 366	C++
 	WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal, double finishTime) Line 503	C++
 	WebKit.dll!WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didFinishLoading() Line 181	C++
 	WebKit.dll!WebCore::ResourceHandleCFURLConnectionDelegate::didFinishLoadingCallback(_CFURLConnection * __formal, const void * clientInfo) Line 88	C++
 	CFNetwork.dll!URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue * preQ) Line 1739	C++
 	CFNetwork.dll!URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<enum XClientEvent,XClientEventParams> * e, long count) Line 2256	C++
 	CFNetwork.dll!URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<enum XClientEvent,XClientEventParams> * e, long count) Line 2328	C++
 	CFNetwork.dll!XConnectionEventQueue<enum XClientEvent,XClientEventParams>::processAllEvents() Line 231	C++
 	CFNetwork.dll!URLConnectionClient::processEvents() Line 362	C++
 	CFNetwork.dll!MultiplexerSource::perform() Line 229	C++
 	CoreFoundation.dll!__CFRunLoopDoSources0(__CFRunLoop * rl, __CFRunLoopMode * rlm, unsigned char stopAfterHandle) Line 41844	C++
 	CoreFoundation.dll!__CFRunLoopRun(__CFRunLoop * rl, __CFRunLoopMode * rlm, double seconds, unsigned char stopAfterHandle, __CFRunLoopMode * previousMode) Line 42281	C++
 	CoreFoundation.dll!CFRunLoopRunSpecific(__CFRunLoop * rl, const __CFString * modeName, double seconds, unsigned char returnAfterSourceHandled) Line 42477	C++
 	CoreFoundation.dll!CFRunLoopRunInMode(const __CFString * modeName, double seconds, unsigned char returnAfterSourceHandled) Line 42511	C++
 	DumpRenderTree.dll!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & inputLine) Line 1129	C++
 	DumpRenderTree.dll!main(int argc, const char * * argv) Line 1484	C++
 	DumpRenderTree.dll!dllLauncherEntryPoint(int argc, const char * * argv) Line 1514	C++
 	DumpRenderTree.exe!main(int argc, const char * * argv) Line 239	C++
 	[External Code]	

The failing assertion is:

    T** operator&() { ASSERT(!m_ptr); return &m_ptr; }