New issue
Advanced search Search tips

Issue 153283 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Oct 2012
Cc:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Chrome_Mac: [BrowserCrApplication terminate:]

Project Member Reported by dharani@google.com, Oct 1 2012

Issue description

Product: Chrome_Mac
Stack Signature: _dispatch_retain-1E5D71
New Signature Label: _dispatch_retain
New Signature Hash: 4a1d5d58_751d8dd6_d0de822e_9911dcd0_43285f34

Report link: http://go/crash/reportdetail?reportid=e135b3ac56b61f70

Meta information:
Product Name: Chrome_Mac
Product Version: 24.0.1282.0
Report ID: e135b3ac56b61f70
Report Time: 2012/10/01 08:54:59, Mon
Uptime: 40398 sec
Cumulative Uptime: 0 sec
OS Name: Mac OS X
OS Version: 10.8.2 12C54
CPU Architecture: x86
CPU Info: GenuineIntel family 6 model 58 stepping 9
ptype: renderer


Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE @ 0x00000004 )

0x97522a9e	 [libdispatch.dylib]	 + 0x00002a9e]	_dispatch_retain
0x0cfd3449	 [iLifeMediaBrowser]	 + 0x00038449]	-[ILMediaBrowserPathWatcher cleanupFromTerminate]
0x97183c51	 [Foundation]	 + 0x00063c51]	__57-[NSNotificationCenter addObserver:selector:name:object:]_block_invoke_0
0x96469e00	 [CoreFoundation]	 + 0x000fde00]	___CFXNotificationPost_block_invoke_0
0x963b5439	 [CoreFoundation]	 + 0x00049439]	_CFXNotificationPost
0x9716c787	 [Foundation]	 + 0x0004c787]	-[NSNotificationCenter postNotificationName:object:userInfo:]
0x9717c526	 [Foundation]	 + 0x0005c526]	-[NSNotificationCenter postNotificationName:object:]
0x002b0bde	 [Google Chrome Framework]	 - chrome_browser_application_mac.mm:337]	-[BrowserCrApplication terminate:]
0x90fa35d2	 [libobjc.A.dylib]	 + 0x0001e5d2]	-[NSObject performSelector:withObject:]
0x939c5bd1	 [AppKit]	 + 0x0024fbd1]	-[NSApplication sendAction:to:from:]
0x002b0ed4	 [Google Chrome Framework]	 - chrome_browser_application_mac.mm:413]	-[BrowserCrApplication sendAction:to:from:]
0x93b023db	 [AppKit]	 + 0x0038c3db]	-[NSMenuItem _corePerformAction]
0x93b0206a	 [AppKit]	 + 0x0038c06a]	-[NSCarbonMenuImpl performActionWithHighlightingForItemAtIndex:]
0x93b016f3	 [AppKit]	 + 0x0038b6f3]	-[NSMenu _performActionWithHighlightingForItemAtIndex:sendAccessibilityNotification:]
0x937e22b9	 [AppKit]	 + 0x0006c2b9]	-[NSMenu performActionForItemAtIndex:]
0x937e226e	 [AppKit]	 + 0x0006c26e]	-[NSMenu _internalPerformActionForItemAtIndex:]
0x937e2239	 [AppKit]	 + 0x0006c239]	-[NSMenuItem _internalPerformActionThroughMenuIfPossible]
0x937e20b8	 [AppKit]	 + 0x0006c0b8]	-[NSCarbonMenuImpl _carbonCommandProcessEvent:handlerCallRef:]
0x93afa7cd	 [AppKit]	 + 0x003847cd]	NSSLMMenuEventHandler
0x988e8b6a	 [HIToolbox]	 + 0x001acb6a]	_InvokeEventHandlerUPP(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*, long (*)(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*))
0x98770593	 [HIToolbox]	 + 0x00034593]	DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*)
0x9876f97f	 [HIToolbox]	 + 0x0003397f]	SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*)
0x98783854	 [HIToolbox]	 + 0x00047854]	SendEventToEventTarget
0x988e8a19	 [HIToolbox]	 + 0x001aca19]	SendHICommandEvent(unsigned long, HICommand const*, unsigned long, unsigned long, unsigned char, void const*, OpaqueEventTargetRef*, OpaqueEventTargetRef*, OpaqueEventRef**)
0x9875fb83	 [HIToolbox]	 + 0x00023b83]	SendMenuCommandWithContextAndModifiers
0x9875fb30	 [HIToolbox]	 + 0x00023b30]	SendMenuItemSelectedEvent
0x9875f9b5	 [HIToolbox]	 + 0x000239b5]	FinishMenuSelection(SelectionData*, MenuResult*, MenuResult*)
0x9893502d	 [HIToolbox]	 + 0x001f902d]	MenuSelectCore(MenuData*, Point, double, unsigned long, OpaqueMenuRef**, unsigned short*)
0x98740331	 [HIToolbox]	 + 0x00004331]	_HandleMenuSelection2
0x987400ae	 [HIToolbox]	 + 0x000040ae]	_HandleMenuSelection
0x939b3459	 [AppKit]	 + 0x0023d459]	_NSHandleCarbonMenuEvent
0x938da0de	 [AppKit]	 + 0x001640de]	_DPSNextEvent
0x938d926b	 [AppKit]	 + 0x0016326b]	-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
0x938cf6cb	 [AppKit]	 + 0x001596cb]	-[NSApplication run]
0x00afdaa0	 [Google Chrome Framework]	 - message_pump_mac.mm:574]	base::MessagePumpNSApplication::DoRun
0x00afd5db	 [Google Chrome Framework]	 - message_pump_mac.mm:169]	base::MessagePumpCFRunLoopBase::Run
0x00b2975f	 [Google Chrome Framework]	 - message_loop.cc:427]	MessageLoop::RunHandler
0x00b3b800	 [Google Chrome Framework]	 - run_loop.cc:45]	base::RunLoop::Run
0x002b7a22	 [Google Chrome Framework]	 - chrome_browser_main.cc:1497]	ChromeBrowserMainParts::MainMessageLoopRun
0x028cd2ff	 [Google Chrome Framework]	 - browser_main_loop.cc:481]	content::BrowserMainLoop::RunMainMessageLoopParts
0x028cda22	 [Google Chrome Framework]	 - browser_main_runner.cc:122]	(anonymous namespace)::BrowserMainRunnerImpl::Run
0x028cc380	 [Google Chrome Framework]	 - browser_main.cc:21]	BrowserMain
0x00a907da	 [Google Chrome Framework]	 - content_main_runner.cc:441]	content::ContentMainRunnerImpl::Run
0x00a8faef	 [Google Chrome Framework]	 - content_main.cc:35]	content::ContentMain
0x0001f548	 [Google Chrome Framework]	 - chrome_main.cc:32]	ChromeMain
0x00019f77	 [Google Chrome Canary]	 - chrome_exe_main_mac.cc:16]	main
0x00019f54	 [Google Chrome Canary]	 + 0x00000f54]	start
0x00000001	
 
Cc: -rsesek@chromium.org
Owner: rsesek@chromium.org
Status: Assigned
Repro steps:

1. Launch Chrome
2. Go to File > Open and click on one of the iLife media galleries (e.g. "Music" or "Photos")
3. Cancel the file chooser
4. Close all browser windows
5. Quit the application via the dock menu
6. Crash

Steps 2, 4, and 5 are critical. Due to tail call optimization, there's a function between _dispatch_retain and |-cleanupFromTerminate|, which is dispatch_source_cancel.
Scratch that, step step 5 can be quit via method. But you must open the file picker and have all browser windows closed prior to quitting.
The part of the function we're interested in is this:

0x2427142e <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+0>:	push   %ebp
0x2427142f <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+1>:	mov    %esp,%ebp
0x24271431 <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+3>:	push   %edi
0x24271432 <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+4>:	push   %esi
0x24271433 <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+5>:	sub    $0x30,%esp
0x24271436 <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+8>:	call   0x2427143b <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+13>
0x2427143b <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+13>:	pop    %edi
0x2427143c <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+14>:	mov    0x8(%ebp),%esi
0x2427143f <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+17>:	mov    0x54(%esi),%eax
0x24271442 <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+20>:	mov    %eax,(%esp)
0x24271445 <-[ILMediaBrowserPathWatcher cleanupFromTerminate]+23>:	call   0x242a0e06 <dyld_stub_dispatch_source_cancel>


At offset +14, we move the self pointer from the stack into %esi. We then move 0x54(%esi) onto the stack via offsets +17-20. To figure out what object that is, we need to class-dump the PrivateFramework iLifeMediaBrowser. That reveals the ObjC object whose ivars look like this:

struct ILMediaBrowserPathWatcher {
    NSMutableDictionary *watchedNodes;
    NSMutableDictionary *watchedQueryNodes;
    NSMutableDictionary *gatheredNotifications;
    NSMutableDictionary *watchedUnmountedNodes;
    NSMutableDictionary *watchedForCreationNodes;
    NSMutableDictionary *watchedMasterList;
    struct __MDQuery *watchedForCreationQuery;
    BOOL watchedForCreationQueryNeedsUpdate;
    NSMutableArray *spotlightToDoQueue;
    NSMutableArray *watchedQueryToDoQueue;
    NSLock *_watchedQueryToDoLock;
    NSMutableDictionary *spotlightQueriesByPath;
    BOOL alwaysNotify;
    long long startingFDCount;
    long long usedFDCount;
    struct __FSEventStream *watcherStreamRef;
    struct __DASession *diskArbSession;
    struct dispatch_queue_s *dispatch_queue_fsevents;
    struct dispatch_queue_s *dispatch_queue_spotlight;
    struct dispatch_queue_s *dispatch_queue_diskArb;
    struct dispatch_source_s *dispatch_source_spotlight;
    NSConditionLock *spotlightExitConditionLock;
    unsigned long long _latestFSEventId;
};

That's a pretty big object, and counting and math are hard, so let's use a bit of C code to find out which member is crashing:

int main() {
  struct Foo f;
  NSLog(@"at? %x", (intptr_t)&f.dispatch_queue_diskArb - (intptr_t)&f);
}

$ clang -arch i386 -framework Foundation foo.m
$ ./a.out
2012-10-04 17:16:34.880 a.out[7681:707] at? 54

So it looks like offset 54 is the dispatch_queue_diskArb that's NULL.
But we also must remember that ObjC objects have a hidden isa pointer, so we're actually looking at dispatch_queue_spotlight.
It looks like we're posting NSApplicationWillTerminateNotification twice. The ILMediaBrowserPathWatcher is a singleton and listens for that notification and cleans itself up via |-cleanupFromTerminate|. But why are we posting that twice? Well because we're calling -[NSApp terminate:] twice.

Breakpoint 1, 0x1a23843c in -[ILMediaBrowserPathWatcher cleanupFromTerminate] ()
(gdb) bt
#0  0x1a23843c in -[ILMediaBrowserPathWatcher cleanupFromTerminate] ()
#1  0x93a4ac52 in __57-[NSNotificationCenter addObserver:selector:name:object:]_block_invoke_0 ()
#2  0x9607ae01 in ___CFXNotificationPost_block_invoke_0 ()
#3  0x95fc643a in _CFXNotificationPost ()
#4  0x93a33788 in -[NSNotificationCenter postNotificationName:object:userInfo:] ()
#5  0x93a43527 in -[NSNotificationCenter postNotificationName:object:] ()
#6  0x05075d1c in -[BrowserCrApplication terminate:] (self=0x19d4b080, _cmd=0x913bdb39, sender=0x0) at ../../chrome/browser/chrome_browser_application_mac.mm:337
#7  0x0507535b in chrome_browser_application_mac::Terminate () at ../../chrome/browser/chrome_browser_application_mac.mm:187
#8  0x054154df in browser::HandleAppExitingForPlatform () at ../../chrome/browser/lifetime/application_lifetime_mac.mm:14
#9  0x0541490b in browser::OnAppExiting () at ../../chrome/browser/lifetime/application_lifetime.cc:152
#10 0x054149bc in browser::CloseAllBrowsers () at ../../chrome/browser/lifetime/application_lifetime.cc:172
#11 0x04d9d0a4 in -[AppController tryToTerminateApplication:] (self=0x16346e30, _cmd=0x8ea93bd, app=0x19d4b080) at ../../chrome/browser/app_controller_mac.mm:321
#12 0x05075ccb in -[BrowserCrApplication terminate:] (self=0x19d4b080, _cmd=0x913bdb39, sender=0x16343bd0) at ../../chrome/browser/chrome_browser_application_mac.mm:336
#13 0x934635d3 in -[NSObject performSelector:withObject:] ()
#14 0x90c4dbd2 in -[NSApplication sendAction:to:from:] ()
#15 0x0507631d in -[BrowserCrApplication sendAction:to:from:] (self=0x19d4b080, _cmd=0x913c2fad, anAction=0x913bdb39, aTarget=0x19d4b080, sender=0x16343bd0) at ../../chrome/browser/chrome_browser_application_mac.mm:413
#16 0x90d8a3dc in -[NSMenuItem _corePerformAction] ()
#17 0x90d8a06b in -[NSCarbonMenuImpl performActionWithHighlightingForItemAtIndex:] ()
#18 0x90d896f4 in -[NSMenu _performActionWithHighlightingForItemAtIndex:sendAccessibilityNotification:] ()
#19 0x90d896a0 in -[NSMenu _performActionWithHighlightingForItemAtIndex:] ()
#20 0x90d88ba5 in -[NSMenu performKeyEquivalent:] ()
#21 0x90d87f5c in -[NSApplication _handleKeyEquivalent:] ()
#22 0x90c3dee1 in -[NSApplication sendEvent:] ()
#23 0x0507679b in -[BrowserCrApplication sendEvent:] (self=0x19d4b080, _cmd=0x913bddc1, event=0x1a445350) at ../../chrome/browser/chrome_browser_application_mac.mm:437
#24 0x90b5772c in -[NSApplication run] ()
#25 0x0327490e in base::MessagePumpNSApplication::DoRun (this=0x1a54bdd0, delegate=0x1a550f10) at ../../base/message_pump_mac.mm:574
#26 0x03273748 in base::MessagePumpCFRunLoopBase::Run (this=0x1a54bdd0, delegate=0x1a550f10) at ../../base/message_pump_mac.mm:169
#27 0x03307542 in MessageLoop::RunInternal (this=0x1a550f10) at ../../base/message_loop.cc:427
#28 0x033073fb in MessageLoop::RunHandler (this=0x1a550f10) at ../../base/message_loop.cc:400
#29 0x03361188 in base::RunLoop::Run (this=0xbffff2e0) at ../../base/run_loop.cc:45
#30 0x05083699 in ChromeBrowserMainParts::MainMessageLoopRun (this=0x19d449b0, result_code=0x19d4495c) at ../../chrome/browser/chrome_browser_main.cc:1499
#31 0x047bb517 in content::BrowserMainLoop::RunMainMessageLoopParts (this=0x19d44950) at ../../content/browser/browser_main_loop.cc:481
#32 0x047bf52f in (anonymous namespace)::BrowserMainRunnerImpl::Run (this=0x19d44aa0) at ../../content/browser/browser_main_runner.cc:122
#33 0x047b92e6 in BrowserMain (parameters=@0xbffff7e8) at ../../content/browser/browser_main.cc:21
#34 0x06efeb04 in content::RunNamedProcessTypeMain (process_type=@0xbffff808, main_function_params=@0xbffff7e8, delegate=0xbffffa38) at ../../content/app/content_main_runner.cc:441
#35 0x06efff88 in content::ContentMainRunnerImpl::Run (this=0x16048ac0) at ../../content/app/content_main_runner.cc:734
#36 0x06efdf77 in content::ContentMain (argc=2, argv=0xbffffab0, delegate=0xbffffa38) at ../../content/app/content_main.cc:35
#37 0x00006e0b in ChromeMain (argc=2, argv=0xbffffab0) at ../../chrome/app/chrome_main.cc:32
#38 0x00001f7b in main (argc=2, argv=0xbffffab0) at ../../chrome/app/chrome_exe_main_mac.cc:16

Breakpoint 1, 0x1a23843c in -[ILMediaBrowserPathWatcher cleanupFromTerminate] ()
(gdb) bt
#0  0x1a23843c in -[ILMediaBrowserPathWatcher cleanupFromTerminate] ()
#1  0x93a4ac52 in __57-[NSNotificationCenter addObserver:selector:name:object:]_block_invoke_0 ()
#2  0x9607ae01 in ___CFXNotificationPost_block_invoke_0 ()
#3  0x95fc643a in _CFXNotificationPost ()
#4  0x93a33788 in -[NSNotificationCenter postNotificationName:object:userInfo:] ()
#5  0x93a43527 in -[NSNotificationCenter postNotificationName:object:] ()
#6  0x05075d1c in -[BrowserCrApplication terminate:] (self=0x19d4b080, _cmd=0x913bdb39, sender=0x16343bd0) at ../../chrome/browser/chrome_browser_application_mac.mm:337
#7  0x934635d3 in -[NSObject performSelector:withObject:] ()
#8  0x90c4dbd2 in -[NSApplication sendAction:to:from:] ()
#9  0x0507631d in -[BrowserCrApplication sendAction:to:from:] (self=0x19d4b080, _cmd=0x913c2fad, anAction=0x913bdb39, aTarget=0x19d4b080, sender=0x16343bd0) at ../../chrome/browser/chrome_browser_application_mac.mm:413
#10 0x90d8a3dc in -[NSMenuItem _corePerformAction] ()
#11 0x90d8a06b in -[NSCarbonMenuImpl performActionWithHighlightingForItemAtIndex:] ()
#12 0x90d896f4 in -[NSMenu _performActionWithHighlightingForItemAtIndex:sendAccessibilityNotification:] ()
#13 0x90d896a0 in -[NSMenu _performActionWithHighlightingForItemAtIndex:] ()
#14 0x90d88ba5 in -[NSMenu performKeyEquivalent:] ()
#15 0x90d87f5c in -[NSApplication _handleKeyEquivalent:] ()
#16 0x90c3dee1 in -[NSApplication sendEvent:] ()
#17 0x0507679b in -[BrowserCrApplication sendEvent:] (self=0x19d4b080, _cmd=0x913bddc1, event=0x1a445350) at ../../chrome/browser/chrome_browser_application_mac.mm:437
#18 0x90b5772c in -[NSApplication run] ()
#19 0x0327490e in base::MessagePumpNSApplication::DoRun (this=0x1a54bdd0, delegate=0x1a550f10) at ../../base/message_pump_mac.mm:574
#20 0x03273748 in base::MessagePumpCFRunLoopBase::Run (this=0x1a54bdd0, delegate=0x1a550f10) at ../../base/message_pump_mac.mm:169
#21 0x03307542 in MessageLoop::RunInternal (this=0x1a550f10) at ../../base/message_loop.cc:427
#22 0x033073fb in MessageLoop::RunHandler (this=0x1a550f10) at ../../base/message_loop.cc:400
#23 0x03361188 in base::RunLoop::Run (this=0xbffff2e0) at ../../base/run_loop.cc:45
#24 0x05083699 in ChromeBrowserMainParts::MainMessageLoopRun (this=0x19d449b0, result_code=0x19d4495c) at ../../chrome/browser/chrome_browser_main.cc:1499
#25 0x047bb517 in content::BrowserMainLoop::RunMainMessageLoopParts (this=0x19d44950) at ../../content/browser/browser_main_loop.cc:481
#26 0x047bf52f in (anonymous namespace)::BrowserMainRunnerImpl::Run (this=0x19d44aa0) at ../../content/browser/browser_main_runner.cc:122
#27 0x047b92e6 in BrowserMain (parameters=@0xbffff7e8) at ../../content/browser/browser_main.cc:21
#28 0x06efeb04 in content::RunNamedProcessTypeMain (process_type=@0xbffff808, main_function_params=@0xbffff7e8, delegate=0xbffffa38) at ../../content/app/content_main_runner.cc:441
#29 0x06efff88 in content::ContentMainRunnerImpl::Run (this=0x16048ac0) at ../../content/app/content_main_runner.cc:734
#30 0x06efdf77 in content::ContentMain (argc=2, argv=0xbffffab0, delegate=0xbffffa38) at ../../content/app/content_main.cc:35
#31 0x00006e0b in ChromeMain (argc=2, argv=0xbffffab0) at ../../chrome/app/chrome_main.cc:32
#32 0x00001f7b in main (argc=2, argv=0xbffffab0) at ../../chrome/app/chrome_exe_main_mac.cc:16

Now, it's probably bad that the PathWatcher doesn't remove itself as an observer, but it's probably worse that we call |-terminate:| twice.
Status: Started
https://codereview.chromium.org/11066035/
Project Member

Comment 8 by bugdroid1@chromium.org, Oct 5 2012

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=160443

------------------------------------------------------------------------
r160443 | rsesek@chromium.org | 2012-10-05T19:20:29.988155Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/lifetime/application_lifetime_mac.mm?r1=160443&r2=160442&pathrev=160443
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/chrome_browser_application_mac.mm?r1=160443&r2=160442&pathrev=160443

[Mac] During shutdown, do not post NSApplicationWillTerminateNotification twice.

In the quit path where zero browser windows are open,
-[BrowserCrApplication terminate:] was posting
NSApplicationWillTerminateNotification twice, via the stacks pasted on the bug.
Some system code assumes that after posting this notification, _exit() will be
called and so it does not bother removing itself as an observer, which leads
to a shutdown crash.

This change makes it so that browser::HandleAppExitingForPlatform() is
responsible for posting the notification. That function is called via
browser::OnAppExiting(), which is the final step in the cross-platform shutdown
code. At that time, all browsers have been closed and shutdown cannot be aborted,
so this should only ever be called once.

BUG= 153283 
TEST=Prayer and a sacrificial goat.

Review URL: https://codereview.chromium.org/11066035
------------------------------------------------------------------------
Labels: -Mstone-24 Mstone-22 Merge-Requested
This crash is 3.5% of all crashes grouped by MagicSignature on 22.0.1229.79. Happy to let it cycle to a dev channel for extra safety, but things look good on a few days of canaries.

Comment 10 by k...@google.com, Oct 9 2012

Labels: -Merge-Requested Merge-Approved
We'll want this on 23 as well I believe, please request merge there after landing on 22.
Project Member

Comment 11 by bugdroid1@chromium.org, Oct 9 2012

Labels: -Merge-Approved merge-merged-1229
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=160936

------------------------------------------------------------------------
r160936 | rsesek@chromium.org | 2012-10-09T21:44:58.049993Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1229/src/chrome/browser/lifetime/application_lifetime_mac.mm?r1=160936&r2=160935&pathrev=160936
   M http://src.chromium.org/viewvc/chrome/branches/1229/src/chrome/browser/chrome_browser_application_mac.mm?r1=160936&r2=160935&pathrev=160936

Merge 160443 - [Mac] During shutdown, do not post NSApplicationWillTerminateNotification twice.

In the quit path where zero browser windows are open,
-[BrowserCrApplication terminate:] was posting
NSApplicationWillTerminateNotification twice, via the stacks pasted on the bug.
Some system code assumes that after posting this notification, _exit() will be
called and so it does not bother removing itself as an observer, which leads
to a shutdown crash.

This change makes it so that browser::HandleAppExitingForPlatform() is
responsible for posting the notification. That function is called via
browser::OnAppExiting(), which is the final step in the cross-platform shutdown
code. At that time, all browsers have been closed and shutdown cannot be aborted,
so this should only ever be called once.

BUG= 153283 
TEST=Prayer and a sacrificial goat.

Review URL: https://codereview.chromium.org/11066035

TBR=rsesek@chromium.org
Review URL: https://codereview.chromium.org/11090031
------------------------------------------------------------------------
Labels: -Mstone-22 Mstone-23 Merge-Requested

Comment 13 by karen@chromium.org, Oct 10 2012

Labels: -Mstone-23 MovedFrom-23 Mstone-24
Moving all non essential bugs to the next Milestone
Labels: -MovedFrom-23 -Mstone-24 Mstone-23
Uhhh. Mstone-23 + Merge-Requested is not "non essential."

Comment 15 by kareng@google.com, Oct 10 2012

Labels: -Merge-Requested Merge-Approved
sorry about that pls go ahead :)
Project Member

Comment 16 by bugdroid1@chromium.org, Oct 10 2012

Labels: -Merge-Approved merge-merged-1271
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=161180

------------------------------------------------------------------------
r161180 | rsesek@chromium.org | 2012-10-10T20:30:50.590480Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1271/src/chrome/browser/chrome_browser_application_mac.mm?r1=161180&r2=161179&pathrev=161180
   M http://src.chromium.org/viewvc/chrome/branches/1271/src/chrome/browser/lifetime/application_lifetime_mac.mm?r1=161180&r2=161179&pathrev=161180

Merge 160443 - [Mac] During shutdown, do not post NSApplicationWillTerminateNotification twice.

In the quit path where zero browser windows are open,
-[BrowserCrApplication terminate:] was posting
NSApplicationWillTerminateNotification twice, via the stacks pasted on the bug.
Some system code assumes that after posting this notification, _exit() will be
called and so it does not bother removing itself as an observer, which leads
to a shutdown crash.

This change makes it so that browser::HandleAppExitingForPlatform() is
responsible for posting the notification. That function is called via
browser::OnAppExiting(), which is the final step in the cross-platform shutdown
code. At that time, all browsers have been closed and shutdown cannot be aborted,
so this should only ever be called once.

BUG= 153283 
TEST=Prayer and a sacrificial goat.

Review URL: https://codereview.chromium.org/11066035

TBR=rsesek@chromium.org
Review URL: https://codereview.chromium.org/11099048
------------------------------------------------------------------------
Labels: -Mstone-23 Mstone-24
Status: Fixed
Project Member

Comment 18 by bugdroid1@chromium.org, Oct 12 2012

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=161578

------------------------------------------------------------------------
r161578 | rsesek@chromium.org | 2012-10-12T15:26:51.466997Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/lifetime/application_lifetime_mac.mm?r1=161578&r2=161577&pathrev=161578

[Mac] Do not post NSApplicationWillTerminateNotification via a task, do it immediately.

BUG=155318, 153283 
TEST=Crash server numbers.

Review URL: https://codereview.chromium.org/11120002
------------------------------------------------------------------------
Project Member

Comment 19 by bugdroid1@chromium.org, Oct 12 2012

Labels: merge-merged-1290
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=161587

------------------------------------------------------------------------
r161587 | rsesek@chromium.org | 2012-10-12T16:19:29.647098Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1290/src/chrome/browser/lifetime/application_lifetime_mac.mm?r1=161587&r2=161586&pathrev=161587

Merge 161578 - [Mac] Do not post NSApplicationWillTerminateNotification via a task, do it immediately.

BUG=155318, 153283 
TEST=Crash server numbers.

Review URL: https://codereview.chromium.org/11120002

TBR=rsesek@chromium.org
Review URL: https://codereview.chromium.org/11112016
------------------------------------------------------------------------
Cc: nyerramilli@chromium.org
Status: Verified
Not able to repro this issue on the latest Beta 23.0.1271.40 on Mac 10.8.2


Project Member

Comment 21 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Mstone-24 M-24

Sign in to add a comment