RESOLVED FIXED 74093
platform/mac/accessibility/search-with-frames.html crashes 
https://bugs.webkit.org/show_bug.cgi?id=74093
Summary platform/mac/accessibility/search-with-frames.html crashes
Dominic Mazzoni
Reported 2011-12-08 08:25:35 PST
Crash log: Process: DumpRenderTree [51194] Path: /Volumes/Data/slave/snowleopard-intel-release-tests/build/WebKitBuild/Release/DumpRenderTree Identifier: DumpRenderTree Version: ??? (???) Code Type: X86-64 (Native) Parent Process: Python [51129] Date/Time: 2011-12-08 04:41:35.160 -0800 OS Version: Mac OS X 10.6.8 (10K549) Report Version: 6 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Application Specific Information: abort() called Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 libSystem.B.dylib 0x00007fff835470b6 __kill + 10 1 libSystem.B.dylib 0x00007fff835e79f6 abort + 83 2 libSystem.B.dylib 0x00007fff835677d2 _Unwind_Resume + 66 3 DumpRenderTree 0x0000000100008ad9 AccessibilityUIElement::uiElementForSearchPredicate(AccessibilityUIElement*, bool, OpaqueJSString*, OpaqueJSString*) + 461 (AccessibilityUIElementMac.mm:972) 4 DumpRenderTree 0x000000010000380e uiElementForSearchPredicateCallback(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 215 (AccessibilityUIElement.cpp:203) 5 com.apple.JavaScriptCore 0x00000001001e73bd JSC::JSCallbackFunction::call(JSC::ExecState*) + 349 (JSCallbackFunction.cpp:73) 6 com.apple.JavaScriptCore 0x00000001001d81c1 cti_op_call_NotJSFunction + 97 (JITStubs.cpp:2364) 7 ??? 0x00005acae7c0118f 0 + 99827518017935 8 com.apple.JavaScriptCore 0x00000001001a27af JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 911 (JSValueInlineMethods.h:363) 9 com.apple.JavaScriptCore 0x000000010014774a JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 42 (CallData.cpp:40) 10 com.apple.WebCore 0x0000000100d03731 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 961 (JSMainThreadExecState.h:52) 11 com.apple.WebCore 0x0000000100a4d1d5 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 149 (EventTarget.cpp:214) 12 com.apple.WebCore 0x0000000100a4d115 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 69 (Event.h:133) 13 com.apple.WebCore 0x0000000100f4ec4a WebCore::Node::handleLocalEvents(WebCore::Event*) + 170 (Node.cpp:2813) 14 com.apple.WebCore 0x0000000100a3b478 WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 776 (PassRefPtr.h:76) 15 com.apple.WebCore 0x0000000100a3a345 WebCore::EventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const + 37 (EventDispatchMediator.cpp:51) 16 com.apple.WebCore 0x0000000100a3aa62 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) + 146 (EventDispatcher.cpp:55) 17 com.apple.WebCore 0x0000000100f4ed57 WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 55 (Node.cpp:2827) 18 com.apple.WebCore 0x0000000100a093c2 WebCore::DOMWindow::dispatchLoadEvent() + 658 (DOMWindow.cpp:1652) 19 com.apple.WebCore 0x00000001009489d6 WebCore::Document::implicitClose() + 326 (Document.cpp:3543) 20 com.apple.WebCore 0x0000000100a8351f WebCore::FrameLoader::checkCompleted() + 287 (FrameLoader.cpp:745) 21 com.apple.WebCore 0x0000000100a8263f WebCore::FrameLoader::finishedParsing() + 95 (FrameLoader.cpp:679) 22 com.apple.WebCore 0x00000001009508fa WebCore::Document::finishedParsing() + 330 (Frame.h:353) 23 com.apple.WebCore 0x0000000100afbfe2 WebCore::HTMLDocumentParser::prepareToStopParsing() + 162 (HTMLDocumentParser.cpp:381) 24 com.apple.WebCore 0x0000000100964b71 WebCore::DocumentWriter::endIfNotLoadingMainResource() + 81 (RefPtr.h:133) 25 com.apple.WebCore 0x0000000100a8a155 WebCore::FrameLoader::finishedLoading() + 69 (ResourceErrorBase.h:42) 26 com.apple.WebCore 0x0000000100f1a08b WebCore::MainResourceLoader::didFinishLoading(double) + 123 (MainResourceLoader.cpp:498) 27 com.apple.Foundation 0x00007fff870298f0 _NSURLConnectionDidFinishLoading + 113
Attachments
patch (3.49 KB, patch)
2011-12-08 11:22 PST, chris fleizach 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
chris fleizach
Comment 1 2011-12-08 09:22:34 PST
strange this seems only to be with release. will fix this today
chris fleizach
Comment 2 2011-12-08 09:51:32 PST
Dominic, can you reproduce this crash? if so, what command line are you running webkit-tests with
Dominic Mazzoni
Comment 3 2011-12-08 10:14:40 PST
(In reply to comment #2) > Dominic, can you reproduce this crash? if so, what command line are you running webkit-tests with Yes, I can reproduce it locally with Snow Leopard and XCode 3.2, both with DRT and WKTR. Tools/Scripts/run-webkit-tests platform/mac/accessibility/ Tools/Scripts/run-webkit-tests platform/mac/accessibility/ -2 The stack trace I got was basically the same as the one I found on the buildbot (see below). If you have a theory but can't repro locally, I can try to help test it. 0 libSystem.B.dylib 0x00007fff823310b6 __kill + 10 1 libSystem.B.dylib 0x00007fff823d19f6 abort + 83 2 libSystem.B.dylib 0x00007fff823517d2 _Unwind_Resume + 66 3 WebKitTestRunnerInjectedBundle 0x000000010566e89e WTR::AccessibilityUIElement::uiElementForSearchPredicate(WTR::AccessibilityUIElement*, bool, OpaqueJSString*, OpaqueJSString*) + 438 (AccessibilityUIElementMac.mm:907) 4 WebKitTestRunnerInjectedBundle 0x0000000105673f42 WTR::JSAccessibilityUIElement::uiElementForSearchPredicate(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 224 (JSAccessibilityUIElement.cpp:669) 5 com.apple.JavaScriptCore 0x000000010112b478 JSC::JSCallbackFunction::call(JSC::ExecState*) + 392 (JSCallbackFunction.cpp:73) 6 com.apple.JavaScriptCore 0x0000000101113f16 cti_op_call_NotJSFunction + 182 (JITStubs.cpp:2361) 7 ??? 0x0000426f59a0118f 0 + 73046012465551 8 com.apple.JavaScriptCore 0x00000001010d1d05 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 853 (JITCode.h:116) 9 ??? 0x000000000000000a 0 + 10 10 ??? 0x0000000119db2920 0 + 4728760608 11 com.apple.JavaScriptCore 0x000000010113da70 JSC::JSFunction::~JSFunction() + 0 (JSObject.h:73) 12 ??? 0x90c307894810c083 0 + 10431189448121172099
chris fleizach
Comment 4 2011-12-08 10:23:24 PST
Not happening on Lion unfortunately. Also, it looks like an NSException is being thrown, however, it's unclear which one. If you break on +[NSException raise:format:] we could probably see what kind of exception is happening. Or alternatively, you could modify #define BEGIN_AX_OBJC_EXCEPTIONS @try { #define END_AX_OBJC_EXCEPTIONS } @catch(NSException *e) { if (![[e name] isEqualToString:NSAccessibilityException]) @throw; } to be #define BEGIN_AX_OBJC_EXCEPTIONS @try { #define END_AX_OBJC_EXCEPTIONS } @catch(NSException *e) { NSLog(@"%@", e); if (![[e name] isEqualToString:NSAccessibilityException]) @throw; } (add in the NSLog) so that we can see what the error is. then we'll know what to fix... (In reply to comment #3) > (In reply to comment #2) > > Dominic, can you reproduce this crash? if so, what command line are you running webkit-tests with > > Yes, I can reproduce it locally with Snow Leopard and XCode 3.2, both with DRT and WKTR. > > Tools/Scripts/run-webkit-tests platform/mac/accessibility/ > > Tools/Scripts/run-webkit-tests platform/mac/accessibility/ -2 > > The stack trace I got was basically the same as the one I found on the buildbot (see below). > > If you have a theory but can't repro locally, I can try to help test it. > > 0 libSystem.B.dylib 0x00007fff823310b6 __kill + 10 > 1 libSystem.B.dylib 0x00007fff823d19f6 abort + 83 > 2 libSystem.B.dylib 0x00007fff823517d2 _Unwind_Resume + 66 > 3 WebKitTestRunnerInjectedBundle 0x000000010566e89e WTR::AccessibilityUIElement::uiElementForSearchPredicate(WTR::AccessibilityUIElement*, bool, OpaqueJSString*, OpaqueJSString*) + 438 (AccessibilityUIElementMac.mm:907) > 4 WebKitTestRunnerInjectedBundle 0x0000000105673f42 WTR::JSAccessibilityUIElement::uiElementForSearchPredicate(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 224 (JSAccessibilityUIElement.cpp:669) > 5 com.apple.JavaScriptCore 0x000000010112b478 JSC::JSCallbackFunction::call(JSC::ExecState*) + 392 (JSCallbackFunction.cpp:73) > 6 com.apple.JavaScriptCore 0x0000000101113f16 cti_op_call_NotJSFunction + 182 (JITStubs.cpp:2361) > 7 ??? 0x0000426f59a0118f 0 + 73046012465551 > 8 com.apple.JavaScriptCore 0x00000001010d1d05 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 853 (JITCode.h:116) > 9 ??? 0x000000000000000a 0 + 10 > 10 ??? 0x0000000119db2920 0 + 4728760608 > 11 com.apple.JavaScriptCore 0x000000010113da70 JSC::JSFunction::~JSFunction() + 0 (JSObject.h:73) > 12 ??? 0x90c307894810c083 0 + 10431189448121172099
Dominic Mazzoni
Comment 5 2011-12-08 10:56:33 PST
(In reply to comment #4) > #define END_AX_OBJC_EXCEPTIONS } @catch(NSException *e) { NSLog(@"%@", e); if (![[e name] isEqualToString:NSAccessibilityException]) @throw; } Here's what I get: 2011-12-08 10:53:09.802 DumpRenderTree[24435:903] *** -[NSCFDictionary setObject:forKey:]: attempt to insert nil value (key: AXStartElement)
chris fleizach
Comment 6 2011-12-08 11:02:12 PST
(In reply to comment #5) > (In reply to comment #4) > > #define END_AX_OBJC_EXCEPTIONS } @catch(NSException *e) { NSLog(@"%@", e); if (![[e name] isEqualToString:NSAccessibilityException]) @throw; } > > Here's what I get: > > 2011-12-08 10:53:09.802 DumpRenderTree[24435:903] *** -[NSCFDictionary setObject:forKey:]: attempt to insert nil value (key: AXStartElement) thanks, will have a patch in a few minutes ready
chris fleizach
Comment 7 2011-12-08 11:22:03 PST
Created attachment 118429 [details] patch
Dominic Mazzoni
Comment 8 2011-12-08 12:40:56 PST
Fix looks good. Want to remove this test from platfom/mac/Skipped as part of this change too?
chris fleizach
Comment 9 2011-12-08 14:12:10 PST
http://trac.webkit.org/changeset/102382
Note You need to log in before you can comment on or make changes to this bug.