NEW 257894
AX: Make the generation and update of isolated subtrees asynchronous. 
https://bugs.webkit.org/show_bug.cgi?id=257894
Summary AX: Make the generation and update of isolated subtrees asynchronous.
Andres Gonzalez
Reported 2023-06-09 09:14:41 PDT
This synchronous method contributes to Safari becoming irresponsive to AT requests.
Attachments
Patch (18.03 KB, patch)
2023-06-09 09:22 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (21.03 KB, patch)
2023-06-12 07:52 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (27.94 KB, patch)
2023-10-18 08:30 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (30.95 KB, patch)
2023-10-18 12:21 PDT, Andres Gonzalez 		andresg_22: review?
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-06-09 09:14:53 PDT
<rdar://problem/110532050>
Andres Gonzalez
Comment 2 2023-06-09 09:22:01 PDT
Created attachment 466651 [details] Patch
Tyler Wilcock
Comment 3 2023-06-09 16:51:31 PDT
Comment on attachment 466651 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=466651&action=review > Source/WebCore/accessibility/AXObjectCache.cpp:902 > + auto tree = AXIsolatedTree::create(*this, [this] () { When capturing `this` in the completion handler, we should be storing it in a `WeakPtr` or `CheckedPtr` (or RefPtr, but currently you can't make a ref-counted AXObjectCache) to avoid a UAF if the cache gets deleted before the completion handler runs. > Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:362 > + auto now = MonotonicTime::now(); I wonder if this should be called something like "start" or "startTime". It might make the comparison below more clear (which currently subtracts "MonotonicTome::now" from "now").
Andres Gonzalez
Comment 4 2023-06-12 07:52:23 PDT
Created attachment 466669 [details] Patch
Andres Gonzalez
Comment 5 2023-06-12 07:56:56 PDT
(In reply to Tyler Wilcock from comment #3) > Comment on attachment 466651 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=466651&action=review > > > Source/WebCore/accessibility/AXObjectCache.cpp:902 > > + auto tree = AXIsolatedTree::create(*this, [this] () { > > When capturing `this` in the completion handler, we should be storing it in > a `WeakPtr` or `CheckedPtr` (or RefPtr, but currently you can't make a > ref-counted AXObjectCache) to avoid a UAF if the cache gets deleted before > the completion handler runs. Done. > > > Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp:362 > > + auto now = MonotonicTime::now(); > > I wonder if this should be called something like "start" or "startTime". It > might make the comparison below more clear (which currently subtracts > "MonotonicTome::now" from "now"). Renamed. Also added in the new revision the check for Accessibility::waitingForMainThread.
Andres Gonzalez
Comment 6 2023-10-18 08:30:08 PDT
Created attachment 468261 [details] Patch
Andres Gonzalez
Comment 7 2023-10-18 12:21:59 PDT
Created attachment 468262 [details] Patch Updating expectation for glib test.
Note You need to log in before you can comment on or make changes to this bug.