RESOLVED FIXED 233014
Fix for crash in LayoutTests in isolated tree mode. 
https://bugs.webkit.org/show_bug.cgi?id=233014
Summary Fix for crash in LayoutTests in isolated tree mode.
Andres Gonzalez
Reported 2021-11-11 14:12:38 PST
Fix for crash in LayoutTests in isolated tree mode.
Attachments
Patch (1.92 KB, patch)
2021-11-11 14:18 PST, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-11-11 14:12:52 PST
<rdar://problem/85315168>
Andres Gonzalez
Comment 2 2021-11-11 14:18:05 PST
Created attachment 444000 [details] Patch
EWS
Comment 3 2021-11-11 15:38:41 PST
Committed r285677 (244160@main): <https://commits.webkit.org/244160@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 444000 [details].
Darin Adler
Comment 4 2021-11-11 16:18:35 PST
Comment on attachment 444000 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=444000&action=review > Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:582 > - NSString *value = descriptionOfValue(attributeValue(attribute).get()); > - [values appendFormat:@"%@: %@\n", attribute, value]; > + RetainPtr<NSString> value = descriptionOfValue(attributeValue(attribute).get()); > + [values appendFormat:@"%@: %@\n", attribute, value.get()]; I don’t understand this. Why do we need to retain the string?
Andres Gonzalez
Comment 5 2021-11-15 16:50:52 PST
(In reply to Darin Adler from comment #4) > Comment on attachment 444000 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=444000&action=review > > > Tools/WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:582 > > - NSString *value = descriptionOfValue(attributeValue(attribute).get()); > > - [values appendFormat:@"%@: %@\n", attribute, value]; > > + RetainPtr<NSString> value = descriptionOfValue(attributeValue(attribute).get()); > > + [values appendFormat:@"%@: %@\n", attribute, value.get()]; > > I don’t understand this. Why do we need to retain the string? Darin, I don't have a good explanation for this, but this doesn't crash any longer. The other way I found to avoid this crash is as follows: - NSString *description = descriptionOfValue(attributeValue(NSAccessibilityValueAttribute).get()); // the above crashes when you dereference description in any way, like description.length. + auto value = attributeValue(NSAccessibilityValueAttribute); + NSString *description = descriptionOfValue(value.get()); // doesn't crash if you description.length. attributeValue is doing some threading trickery because it is dispatching to a secondary, mocked thread and waiting, and then spinning the main thread run loop until the dispatched block is executed on the secondary thread. My hypothesis is that this is allowing the garbage collector to kick in and release the return value of attributeValue, unless is assigned to an lvalue. The stack trace of the crash is not inside descriptionOfValue though, but when dereferencing the description string which makes no much sense to me... would greatly appreciate it if you had any suggestion. Thanks!
Note You need to log in before you can comment on or make changes to this bug.