WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 150944
Layout Test accessibility/win/linked-elements.html is crashing on win debug
https://bugs.webkit.org/show_bug.cgi?id=150944
Summary
Layout Test accessibility/win/linked-elements.html is crashing on win debug
Ryan Haddad
Reported
2015-11-05 14:09:23 PST
Layout Test accessibility/win/linked-elements.html is crashing on win debug Run: <
https://build.webkit.org/builders/Apple%20Win%207%20Debug%20(Tests)/builds/68173
> Results: <
https://build.webkit.org/results/Apple%20Win%207%20Debug%20(Tests)/r192022%20(68173)/results.html
> STACK_TEXT: 003ac7ac 5670d2f1 003ac8c4 003ac850 cccccccc WTF!WTFCrash+0x21 003ac838 567110bf 003ac88c 00000000 cccccc00 WebKit!WebCore::AccessibilityRenderObject::textUnderElement+0x4b1 003ac864 5635b41b 003ac88c 003ac884 0332c2c0 WebKit!WebCore::AccessibilityRenderObject::nameForMSAA+0x6f 003ac878 56359d48 003ac88c 003ac8ec 0332c2c0 WebKit!AccessibleBase::name+0x2b 003ac8a8 73ef56f8 0332c2c0 00000003 00000000 WebKit!AccessibleBase::get_accName+0x98 003ac8d0 73ef52ce 04c09180 00000003 00000000 OLEACC!AccWrap_Base::get_accName+0x22 003ac908 6e839401 04c09180 00000003 00000000 OLEACC!AccWrap_Annotate::get_accName+0x59 003ac960 6e80cb4b 003ac994 cccccccc cccccccc DumpRenderTreeLib!AccessibilityUIElement::title+0xb1 003ac97c 6578c53d 003acca8 052356a0 04ee3b48 DumpRenderTreeLib!getTitleCallback+0x2b 003ac9ec 6577ab3f 003aca4c 003acca8 605400d8 JavaScriptCore!JSC::JSCallbackObject<JSC::JSDestructibleObject>::getStaticValue+0xdd 003acabc 657ade33 052356a0 003acca8 605400d8 JavaScriptCore!JSC::JSCallbackObject<JSC::JSDestructibleObject>::getOwnPropertySlot+0x2ff 003acadc 657ae8cd 003acca8 004a22d8 05221dd0 JavaScriptCore!JSC::JSObject::fastGetOwnPropertySlot+0x63 003acb38 65bafa6e 003acca8 605400d8 003acbdc JavaScriptCore!JSC::JSObject::getPropertySlot+0x7d 003acb54 65baf167 003acca8 605400d8 003acbdc JavaScriptCore!JSC::JSValue::getPropertySlot+0x9e 003acb84 662424b4 003acbcc 003acca8 605400d8 JavaScriptCore!JSC::JSValue::get+0x37 003acc38 662a8e57 003acca8 051ac928 004d3f90 JavaScriptCore!llint_slow_path_get_by_id+0xd4 003acca8 662a6cbd 051f4cc0 fffffffa 0523ebe0 JavaScriptCore!llint_entry+0x2003 003acd04 65dfe7da 00ff3020 004a22d8 003acde8 JavaScriptCore!vmEntryToJavaScript+0x10d 003acd58 65dbb791 003acd74 004a22d8 003acde8 JavaScriptCore!JSC::JITCode::execute+0xca 003acf5c 65dbd3a4 003ad8a8 0455efa0 003ad968 JavaScriptCore!JSC::Interpreter::execute+0x8b1 003ad894 66247709 003ad8a8 003ad968 032bba20 JavaScriptCore!JSC::eval+0x3b4 003ad8e8 662ab877 003ad9c8 04c1ccf8 cccccccc JavaScriptCore!llint_slow_path_call_eval+0x119 003ad9c8 662ab397 051f5ec0 65e1771b 0523f7a0 JavaScriptCore!llint_entry+0x4a23 003ada28 662a6cbd 051f60c0 fffffffa 0523ecc0 JavaScriptCore!llint_entry+0x4543 003ada78 65dfe7da 00fe3000 004a22d8 003adb90 JavaScriptCore!vmEntryToJavaScript+0x10d 003adacc 65dba1b0 003adaf4 004a22d8 003adb90 JavaScriptCore!JSC::JITCode::execute+0xca 003ae620 65ffd54c 003ae654 0455f0c0 0326c0f0 JavaScriptCore!JSC::Interpreter::execute+0xef0 003ae680 570fbe64 003ae6e4 0326c0f0 003ae7e0 JavaScriptCore!JSC::evaluate+0x1ac 003ae6b4 5703a981 003ae6e4 0326c0f0 003ae7e0 WebKit!WebCore::JSMainThreadExecState::evaluate+0x44 003ae744 5703a878 003ae780 003ae7dc 00499dc8 WebKit!WebCore::ScriptController::evaluateInWorld+0xf1 003ae760 567db070 003ae780 003ae7dc 00000000 WebKit!WebCore::ScriptController::evaluate+0x28 003ae7b8 567dadd6 003ae7dc 003ae988 003ae888 WebKit!WebCore::ScriptElement::executeScript+0x160 003ae878 57fdcaba 003ae9cc 00000000 003aea5c WebKit!WebCore::ScriptElement::prepareScript+0x506 003ae988 57fdbcb0 04fc7fd0 003ae9cc 003ae9e4 WebKit!WebCore::HTMLScriptRunner::runScript+0x15a 003ae9a4 5743a2a5 04fc7fd0 003ae9cc 003ae9e4 WebKit!WebCore::HTMLScriptRunner::execute+0x90 003ae9dc 57439b2b 003aea68 051b59e8 003aea5c WebKit!WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder+0xe5 003ae9ec 57439d14 00000000 003aea34 003aeb30 WebKit!WebCore::HTMLDocumentParser::canTakeNextToken+0x7b 003aea5c 5743a0f5 00000000 003aeb3c 051b59e8 WebKit!WebCore::HTMLDocumentParser::pumpTokenizer+0x134 003aea70 57439056 00000000 003aebd8 003aeb3c WebKit!WebCore::HTMLDocumentParser::pumpTokenizerIfPossible+0x95 003aeb30 567d5080 003aeb44 003aeb6c 00000000 WebKit!WebCore::HTMLDocumentParser::append+0x186 003aeb58 57451f18 05199f78 03889350 00000911 WebKit!WebCore::DecodedDataDocumentParser::appendBytes+0x90 003aeb78 57199e26 03889350 00000911 003aec18 WebKit!WebCore::DocumentWriter::addData+0xb8 003aebd8 564ce585 03889350 00000911 003aec5c WebKit!WebCore::DocumentLoader::commitData+0x226 003aec18 5719a6ef 05199f08 03889350 00000911 WebKit!WebFrameLoaderClient::committedLoad+0x35 003aec5c 5719bcb2 03889350 00000911 003aec88 WebKit!WebCore::DocumentLoader::commitLoad+0xbf 003aec74 57ee7f4b 04f01c80 03889350 00000911 WebKit!WebCore::DocumentLoader::dataReceived+0x1b2 003aecc0 57ee7727 03889350 00000911 003aed00 WebKit!WebCore::CachedRawResource::notifyClientsDataWasReceived+0x6b 003aecf4 57637752 04e9bec0 003aed8c 003aed90 WebKit!WebCore::CachedRawResource::addDataBuffer+0xb7 003aed34 57636ceb 00000000 00000000 00000000 WebKit!WebCore::SubresourceLoader::didReceiveDataOrBuffer+0x1c2 003aed5c 5738c928 00000000 00000911 00000000 WebKit!WebCore::SubresourceLoader::didReceiveBuffer+0x3b 003aed7c 573e0030 04be3ad0 00000000 00000911 WebKit!WebCore::ResourceLoader::didReceiveBuffer+0x38 003aeda8 573df44b 03889338 00000911 0387e140 WebKit!WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveData+0xd0 003aedbc 6f66e9c4 038037c0 03889338 00000911 WebKit!WebCore::ResourceHandleCFURLConnectionDelegate::didReceiveDataCallback+0x1b WARNING: Stack unwind information not available. Following frames may be wrong. 003aedf8 6f6703e5 00000911 03889338 0387e148 CFNetwork!CFCachedURLResponseCreateWithDataArray+0x175972 003aee94 6f52011e 0387842c 03878420 00000000 CFNetwork!CFCachedURLResponseCreateWithDataArray+0x177393 003aeebc 6f2f7aa8 00000000 03803680 0387e148 CFNetwork!CFCachedURLResponseCreateWithDataArray+0x270cc 003aeecc 6f2f7aa8 00000000 03803680 00000000 pthreadVC2!pthread_setcanceltype+0x67ab 003aeedc 6f2f303e 003aee24 0387e148 00000000 pthreadVC2!pthread_setcanceltype+0x67ab 00000000 00000000 00000000 00000000 00000000 pthreadVC2!pthread_setcanceltype+0x1d41
Attachments
Patch proposal
(6.66 KB, patch)
2015-11-06 03:56 PST
,
Mario Sanchez Prada
cfleizach
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2015-11-05 14:10:29 PST
<
rdar://problem/23419352
>
Ryan Haddad
Comment 2
2015-11-05 14:14:00 PST
TestExpectations updated in <
https://trac.webkit.org/r192075
>
chris fleizach
Comment 3
2015-11-05 22:16:05 PST
Mario this looks like fallout from a recent GTK change. are you able to take a look?
Mario Sanchez Prada
Comment 4
2015-11-06 01:38:10 PST
(In reply to
comment #3
)
> Mario this looks like fallout from a recent GTK change. are you able to take > a look?
I'll take a look to it today, yes
Mario Sanchez Prada
Comment 5
2015-11-06 03:56:23 PST
Created
attachment 264933
[details]
Patch proposal I was trying all sort of things to try to reproduce a similar crash in the GTK+ port but I couldn't so I proposing an speculative fix instead. As I understand it, the problem is that now I moved those ASSERTs from AccessibilityNodeObject down to AccessibilityRenderObject, we are hitting those checks way more often for objects with an associated renderer since AccessibilityNodeObject::textUnderElement is not executed that often in this case. So, the checks will probably need to be more precise to avoid being too paranoid, as for instance we don't need to worry about having an stable subtree when we are either going through a RenderText object or not in 'IncludeAllChildren' mode. Looking at the backtrace, I can see that WebCore::AccessibilityRenderObject::nameForMSAA() calls textUnderElement() with the default mode, so I understand the attached patch should get rid of the crash in Win Debug bots. Hope this helps
Mario Sanchez Prada
Comment 6
2015-11-06 08:26:51 PST
Committed
r192103
: <
http://trac.webkit.org/changeset/192103
>
zalan
Comment 7
2017-05-13 11:48:46 PDT
I am rolling this out with
https://trac.webkit.org/changeset/216825/webkit
. Should accessibility/win/linked-elements.html hit this assertion, we need to address it properly.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug