Bug 46662 - CrashTracer: 1,803 crashes in Safari at com.apple.WebCore: -[AccessibilityObjectWrapper accessibilityIsIgnored] + 56
Summary: CrashTracer: 1,803 crashes in Safari at com.apple.WebCore: -[AccessibilityObj...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Accessibility (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: chris fleizach
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2010-09-27 15:20 PDT by chris fleizach
Modified: 2010-09-27 17:44 PDT (History)
1 user (show)

See Also:

Attachments
patch (13.83 KB, patch)
2010-09-27 16:03 PDT, chris fleizach 		bdakin: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description chris fleizach 2010-09-27 15:20:36 PDT 
54 com.apple.WebCore:  -[AccessibilityObjectWrapper accessibilityIsIgnored] + 56 <==
        54 com.apple.AppKit:  NSAccessibilityPostNotificationForObservedElement + 99
          54 com.apple.WebCore:  WebCore::AXObjectCache::postPlatformNotification + 234
            54 com.apple.WebCore:  WebCore::AXObjectCache::notificationPostTimerFired + 76
              54 com.apple.WebCore:  WebCore::ThreadTimers::sharedTimerFiredInternal + 151
                54 com.apple.WebCore:  WebCore::timerFired + 53
                  54 com.apple.CoreFoundation:  __CFRunLoopRun + 6488
                    54 com.apple.CoreFoundation:  CFRunLoopRunSpecific + 575
                      54 com.apple.HIToolbox:  RunCurrentEventLoopInMode + 333
                        49 com.apple.HIToolbox:  ReceiveNextEventCommon + 310
                        | 49 com.apple.HIToolbox:  BlockUntilNextEventMatchingListInMode + 59
                        |   49 com.apple.AppKit:  _DPSNextEvent + 708
                        |     49 com.apple.AppKit:  -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155
                        |       49 com.apple.Safari:  -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
                        |         47 com.apple.AppKit:  -[NSApplication run] + 395
                        |         | 47 com.apple.AppKit:  NSApplicationMain + 364
                        |         |   47 com.apple.Safari:  start
                        |         pruning: 1 com.apple.AppKit:  -[NSScroller trackKnob:] + 1959
                        |         pruning: 1 com.apple.AppKit:  -[NSScrollView scrollWheel:] + 711
                        pruning: 5 com.apple.HIToolbox:  ReceiveNextEventCommon + 148
Comment 1 chris fleizach 2010-09-27 15:21:26 PDT 
The problem is that when posting a notification after a timer callback, an updateLayout can be called which invalidates the object that initiated the updateLayout.
Comment 2 chris fleizach 2010-09-27 15:21:53 PDT 
rdar://8203386
Comment 3 chris fleizach 2010-09-27 16:03:59 PDT 
Created attachment 68984 [details]
patch
Comment 4 Beth Dakin 2010-09-27 17:28:17 PDT 
Comment on attachment 68984 [details]
patch

Awesome! I don't love the name prepareAccessibilityMethod, but I'm not sure I have a better suggestion. What about something like updateObjectBackingStore? Is that too specific? Anyway, I don't think the title *needs* to change, but I thought I would mention it.
Comment 5 chris fleizach 2010-09-27 17:29:32 PDT 
we can go with updateObjectBackingStore
Comment 6 chris fleizach 2010-09-27 17:44:35 PDT 
http://trac.webkit.org/changeset/68461