WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
188724
accessibility/notification-listeners.html abandons a document
https://bugs.webkit.org/show_bug.cgi?id=188724
Summary
accessibility/notification-listeners.html abandons a document
Simon Fraser (smfr)
Reported
2018-08-18 16:28:35 PDT
accessibility/notification-listeners.html abandons a document (see
bug 186214
). The unmatched refs come from: Document 0x6d3d02400 reference stacks: Backtrace for token 179 1 0x6b830a08c WebCore::adopted(WebCore::Node*) 2 0x6b9a8639b WTF::Ref<WebCore::HTMLDocument, WTF::DumbPtrTraits<WebCore::HTMLDocument> > WTF::adoptRef<WebCore::HTMLDocument, WTF::DumbPtrTraits<WebCore::HTMLDocument> >(WebCore::HTMLDocument&) 3 0x6b9a85daf WTF::Ref<WebCore::HTMLDocument, WTF::DumbPtrTraits<WebCore::HTMLDocument> > WTF::static_reference_cast<WebCore::HTMLDocument, WTF::DumbPtrTraits<WebCore::HTMLDocument>, WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >(WTF::Ref<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) 4 0x6b9a85ae0 std::__1::enable_if<!(std::is_same<WebCore::HTMLDocument, WebCore::Document>::value), WebCore::JSDOMWrapperConverterTraits<WebCore::HTMLDocument>::WrapperClass*>::type WebCore::createWrapper<WebCore::HTMLDocument, WebCore::Document>(WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) 5 0x6b9a82c07 WebCore::createNewDocumentWrapper(JSC::ExecState&, WebCore::JSDOMGlobalObject&, WTF::Ref<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) 6 0x6b9a82ba0 WebCore::toJSNewlyCreated(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) 7 0x6b9a82d1a WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Document&) 8 0x6b9a99358 WebCore::createWrapperInline(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >&&) 9 0x6b9a99080 WebCore::createWrapper(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >&&) 10 0x6b83223be WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Node&) 11 0x6b837bb90 WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Node*) 12 0x6b9a70fb3 WebCore::JSDOMWindowBase::updateDocument() 13 0x6b9ac2d63 WebCore::ScriptController::updateDocument() 14 0x6b9f6b86b WebCore::Document::didBecomeCurrentDocumentInFrame() 15 0x6ba99580b WebCore::Frame::setDocument(WTF::RefPtr<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) 16 0x6ba7b11ad WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) 17 0x6ba770f7e WebCore::DocumentLoader::commitData(char const*, unsigned long) 18 0x109b50b92 WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) 19 0x6ba776add WebCore::DocumentLoader::commitLoad(char const*, int) 20 0x6ba7769fb WebCore::DocumentLoader::dataReceived(char const*, int) 21 0x6ba777278 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) 22 0x6ba8b0c9b WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) 23 0x6ba8b0a6b WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) 24 0x6ba84335a WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType) 25 0x6ba843092 WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) 26 0x109fe2d06 WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) 27 0x109fe7460 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) 28 0x109fe7390 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) 29 0x109fe6575 void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) 30 0x109fe5c66 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) 31 0x10943d0c9 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 32 0x1097eab5c IPC::Connection::dispatchMessage(IPC::Decoder&) 33 0x1097dd6cd IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 34 0x1097eb717 IPC::Connection::dispatchOneIncomingMessage() 35 0x1098098e8 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() 36 0x1098097f9 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() 37 0x6c877c18f WTF::Function<void ()>::operator()() const 38 0x6c87d4f83 WTF::RunLoop::performWork() 39 0x6c87d5934 WTF::RunLoop::performWork(void*) 40 0x7fff2e435a11 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 41 0x7fff2e4ef42c __CFRunLoopDoSource0 42 0x7fff2e418470 __CFRunLoopDoSources0 43 0x7fff2e4178ed __CFRunLoopRun 44 0x7fff2e417153 CFRunLoopRunSpecific 45 0x7fff2d701d96 RunCurrentEventLoopInMode 46 0x7fff2d701b06 ReceiveNextEventCommon 47 0x7fff2d701884 _BlockUntilNextEventMatchingListInModeWithFilter 48 0x7fff2b9b2a73 _DPSNextEvent 49 0x7fff2c148e34 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 50 0x7fff2b9a7885 -[NSApplication run] 51 0x7fff2b976a72 NSApplicationMain 52 0x7fff56619d77 _xpc_objc_main 53 0x7fff566189ca xpc_main 54 0x109068077 WebKit::XPCServiceMain() 55 0x10906836b main 56 0x7fff562bf015 start 57 0x1 Backtrace for token 178 1 0x6ba0a6a87 WebCore::Node::ref() 2 0x6b8463d68 WTF::Ref<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >::Ref(WebCore::Document&) 3 0x6b8463d2d WTF::Ref<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >::Ref(WebCore::Document&) 4 0x6b9a82d09 WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Document&) 5 0x6b9a99358 WebCore::createWrapperInline(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >&&) 6 0x6b9a99080 WebCore::createWrapper(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >&&) 7 0x6b83223be WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Node&) 8 0x6b837bb90 WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Node*) 9 0x6b9a70fb3 WebCore::JSDOMWindowBase::updateDocument() 10 0x6b9ac2d63 WebCore::ScriptController::updateDocument() 11 0x6b9f6b86b WebCore::Document::didBecomeCurrentDocumentInFrame() 12 0x6ba99580b WebCore::Frame::setDocument(WTF::RefPtr<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) 13 0x6ba7b11ad WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) 14 0x6ba770f7e WebCore::DocumentLoader::commitData(char const*, unsigned long) 15 0x109b50b92 WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) 16 0x6ba776add WebCore::DocumentLoader::commitLoad(char const*, int) 17 0x6ba7769fb WebCore::DocumentLoader::dataReceived(char const*, int) 18 0x6ba777278 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) 19 0x6ba8b0c9b WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) 20 0x6ba8b0a6b WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) 21 0x6ba84335a WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType) 22 0x6ba843092 WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) 23 0x109fe2d06 WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) 24 0x109fe7460 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) 25 0x109fe7390 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) 26 0x109fe6575 void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) 27 0x109fe5c66 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) 28 0x10943d0c9 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 29 0x1097eab5c IPC::Connection::dispatchMessage(IPC::Decoder&) 30 0x1097dd6cd IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 31 0x1097eb717 IPC::Connection::dispatchOneIncomingMessage() 32 0x1098098e8 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() 33 0x1098097f9 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() 34 0x6c877c18f WTF::Function<void ()>::operator()() const 35 0x6c87d4f83 WTF::RunLoop::performWork() 36 0x6c87d5934 WTF::RunLoop::performWork(void*) 37 0x7fff2e435a11 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 38 0x7fff2e4ef42c __CFRunLoopDoSource0 39 0x7fff2e418470 __CFRunLoopDoSources0 40 0x7fff2e4178ed __CFRunLoopRun 41 0x7fff2e417153 CFRunLoopRunSpecific 42 0x7fff2d701d96 RunCurrentEventLoopInMode 43 0x7fff2d701b06 ReceiveNextEventCommon 44 0x7fff2d701884 _BlockUntilNextEventMatchingListInModeWithFilter 45 0x7fff2b9b2a73 _DPSNextEvent 46 0x7fff2c148e34 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 47 0x7fff2b9a7885 -[NSApplication run] 48 0x7fff2b976a72 NSApplicationMain 49 0x7fff56619d77 _xpc_objc_main 50 0x7fff566189ca xpc_main 51 0x109068077 WebKit::XPCServiceMain() 52 0x10906836b main 53 0x7fff562bf015 start 54 0x1 so this might be a GC-related issue, possibly via AccessibilityController.
Attachments
GC heap json
(484.21 KB, application/json)
2018-09-08 17:41 PDT
,
Simon Fraser (smfr)
no flags
Details
Patch
(1.73 KB, patch)
2018-09-08 18:06 PDT
,
Simon Fraser (smfr)
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2018-08-18 16:28:53 PDT
<
rdar://problem/43469575
>
Simon Fraser (smfr)
Comment 2
2018-09-08 17:40:49 PDT
GC inspector shows a ref from a function which is a "Protected values" root: Function cell 0x6643f04b0 (GC root—Protected values)Internal 0 JSGlobalLexicalEnvironment cell 0x65f7c4050 Internal 0 Window cell 0x65f7d8fb0 Variable document HTMLDocument cell 0x65f75c060 wrapped 0x664a02570 “file:///Volumes/Data/Development/apple/webkit/OpenSource/LayoutTests/accessibility/notification-listeners.html”
Simon Fraser (smfr)
Comment 3
2018-09-08 17:41:19 PDT
Created
attachment 349267
[details]
GC heap json
Simon Fraser (smfr)
Comment 4
2018-09-08 17:56:40 PDT
On AccessibilityNotificationHandler is not being cleaned up, so one JSValueProtect(context, m_notificationFunctionCallback) is never matched by a a JSValueUnprotect().
Simon Fraser (smfr)
Comment 5
2018-09-08 18:06:01 PDT
Created
attachment 349269
[details]
Patch
Darin Adler
Comment 6
2018-09-08 18:20:32 PDT
Comment on
attachment 349269
[details]
Patch Great fix, even better that an existing test works as a regression test for it. Also glad it was only a mistake in the test code
WebKit Commit Bot
Comment 7
2018-09-08 22:02:41 PDT
Comment on
attachment 349269
[details]
Patch Clearing flags on attachment: 349269 Committed
r235836
: <
https://trac.webkit.org/changeset/235836
>
WebKit Commit Bot
Comment 8
2018-09-08 22:02:43 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug