143037 2015-03-24 21:49:42 -0700 WebContent Crash when instantiating class with Type Profiling enabled 2015-03-26 20:00:19 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED InRadar P2 Normal --- 140491 1 joepeck joepeck fpizlo ggaren joepeck mark.lam rniwa saam timothy webkit-bug-importer oldest_to_newest 1079860 0 joepeck 2015-03-24 21:49:42 -0700 * SUMMARY WebContent Crash when instantiating class in Web Inspector console. * STEPS TO REPRODUCE 1. Inspect about:blank 2. Paste and run in the console: var baseclass = class A { constructor(){} methodA(a,b){} }; var derivedclass = class B extends baseclass { constructor(){} methodB(a, b){} }; new derivedclass; => CRASH * NOTES - I was testing at r181930. - When Web Inspector is evaluating in the console, it wraps this code up in a with block and evals it. Seems like it could be related * LLDB Backtrace: (lldb) [0x0000000000000000 - 0x00000000000001ba) [0x00000000000001ba - 0x0000000000000376) [0x0000000000000376 - 0x00000000000003a4) [0x00000000000003a4 - 0x00000000000003ac) [0x00000000000003ac - 0x0000000000007228) Process 42045 stopped * thread #1: tid = 0x14388c, 0x00000001117a14fb JavaScriptCore`llint_entry + 21311, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001117a14fb JavaScriptCore`llint_entry + 21311 JavaScriptCore`llint_entry: -> 0x1117a14fb <+21311>: movl (%rax), %ebx 0x1117a14fd <+21313>: movl %ebx, 0x10(%rcx) 0x1117a1500 <+21316>: addq $0x18, %rcx 0x1117a1504 <+21320>: movq %rcx, 0x10(%rdx) (lldb) btjs * thread #1: tid = 0x14388c, 0x00000001117a14fb, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, addre?f0 frame #0: 0x00000001117a14fb B#EQKQNo [LLInt](<JSValue()>) frame #1: 0x000000011c80e2f0 B#EQKQNo [LLInt](<JSValue()>) frame #2: 0x00000001117a27e0 <eval>#BboBZw [LLInt](Cell[JSDOMWindowShell ID: 339]: 0x11c0dffb0) frame #3: 0x000000011179bf79 JavaScriptCore`vmEntryToJavaScript + 361 frame #4: 0x000000011160809a JavaScriptCore`JSC::JITCode::execute(this=0x0000000125fecb70, vm=0x000000011c02fcc0, protoCallFrame=0x00007fff58eca448) + 266 at JITCode.cpp:77 frame #5: 0x00000001115e8761 JavaScriptCore`JSC::Interpreter::execute(this=0x000000011dff3138, eval=0x000000011c377070, callFrame=0x00007fff58ecb820, thisValue=JSValue at 0x00007fff58eca5d0, scope=0x000000011c12f470) + 2577 at Interpreter.cpp:1142 frame #6: 0x00000001116a850d JavaScriptCore`JSC::globalFuncEval(exec=0x00007fff58ecb820) + 877 at JSGlobalObjectFunctions.cpp:578 frame #7: 0x0000215428601028 0x1117a265a frame #8: 0x00000001117a265a _evaluateOn#BGPlyZ [LLInt](Cell[Object ID: 1172]: 0x11c2cff60, Cell[Function ID: 41]: 0x11c1ae230, Cell[InjectedScriptHost ID: 67]: 0x11c14ee90, \"console\", \"var baseclass = class A { constructor(){} m frame #9: 0x00000001117a265a _evaluateAndWrap#AhmPO9 [LLInt](Cell[Object ID: 1172]: 0x11c2cff60, Cell[Function ID: 41]: 0x11c1ae230, Cell[InjectedScriptHost ID: 67]: 0x11c14ee90, \"var baseclass = class A { constructor(){} methodA frame #10: 0x00000001117a265a evaluate#BBLmsT [LLInt](Cell[Object ID: 1172]: 0x11c2cff60, \"var baseclass = class A { constructor(){} methodA(a,b){} };\nvar derivedclass = class B extends baseclass { constructor(){} methodB(a, b){} frame #11: 0x000000011179bf79 JavaScriptCore`vmEntryToJavaScript + 361 frame #12: 0x000000011160809a JavaScriptCore`JSC::JITCode::execute(this=0x0000000123ff2e70, vm=0x000000011c02fcc0, protoCallFrame=0x00007fff58ecbd08) + 266 at JITCode.cpp:77 frame #13: 0x00000001115ebcbe JavaScriptCore`JSC::Interpreter::executeCall(this=0x000000011dff3138, callFrame=0x000000011c12f4b0, function=0x000000011c3184f0, callType=CallTypeJS, callData=0x00007fff58ecc130, thisValue=JSValue at 0x00007fff58ecbde0, args=0x00007fff58ecc0e8) + 1486 at Interpreter.cpp:919 frame #14: 0x00000001110c77de JavaScriptCore`JSC::call(exec=0x000000011c12f4b0, functionObject=JSValue at 0x00007fff58ecbec0, callType=CallTypeJS, callData=0x00007fff58ecc130, thisValue=JSValue at 0x00007fff58ecbeb8, args=0x00007fff58ecc0e8) + 190 at CallData.cpp:39 frame #15: 0x00000001110c7843 JavaScriptCore`JSC::call(exec=0x000000011c12f4b0, functionObject=JSValue at 0x00007fff58ecbf40, callType=CallTypeJS, callData=0x00007fff58ecc130, thisValue=JSValue at 0x00007fff58ecbf38, args=0x00007fff58ecc0e8, exception=0x00007fff58ecc110) + 83 at CallData.cpp:44 frame #16: 0x0000000113ea7eab WebCore`WebCore::JSMainThreadExecState::call(exec=0x000000011c12f4b0, functionObject=JSValue at 0x00007fff58ecbfc0, callType=CallTypeJS, callData=0x00007fff58ecc130, thisValue=JSValue at 0x00007fff58ecbfb8, args=0x00007fff58ecc0e8, exception=0x00007fff58ecc110) + 107 at JSMainThreadExecState.h:56 frame #17: 0x000000011415769d WebCore`WebCore::functionCallHandlerFromAnyThread(exec=0x000000011c12f4b0, functionObject=JSValue at 0x00007fff58ecc040, callType=CallTypeJS, callData=0x00007fff58ecc130, thisValue=JSValue at 0x00007fff58ecc038, args=0x00007fff58ecc0e8, exception=0x00007fff58ecc110) + 109 at JSMainThreadExecState.cpp:52 frame #18: 0x000000011191beb8 JavaScriptCore`Deprecated::ScriptFunctionCall::call(this=0x00007fff58ecc4b8, hadException=0x00007fff58ecc2bf) + 488 at ScriptFunctionCall.cpp:138 frame #19: 0x000000011154b8d1 JavaScriptCore`Inspector::InjectedScriptBase::callFunctionWithEvalEnabled(this=0x00007fff58ecc640, function=0x00007fff58ecc4b8, hadException=0x00007fff58ecc2bf) const + 193 at InjectedScriptBase.cpp:87 frame #20: 0x000000011154ba09 JavaScriptCore`Inspector::InjectedScriptBase::makeCall(this=0x00007fff58ecc640, function=0x00007fff58ecc4b8, result=0x00007fff58ecc438) + 137 at InjectedScriptBase.cpp:104 frame #21: 0x000000011154bb9e JavaScriptCore`Inspector::InjectedScriptBase::makeEvalCall(this=0x00007fff58ecc640, errorString=0x00007fff58ecca88, function=0x00007fff58ecc4b8, objectResult=0x00007fff58ecca78, wasThrown=0x00007fff58ecca70, savedResultIndex=0x00007fff58ecca68) + 78 at InjectedScriptBase.cpp:118 frame #22: 0x0000000111546fad JavaScriptCore`Inspector::InjectedScript::evaluate(this=0x00007fff58ecc640, errorString=0x00007fff58ecca88, expression=0x00007fff58eccb68, objectGroup=0x00007fff58ecc630, includeCommandLineAPI=true, returnByValue=false, generatePreview=true, saveResult=true, result=0x00007fff58ecca78, wasThrown=0x00007fff58ecca70, savedResultIndex=0x00007fff58ecca68) + 445 at InjectedScript.cpp:68 frame #23: 0x00000001115d9ddc JavaScriptCore`Inspector::InspectorRuntimeAgent::evaluate(this=0x000000011dfe2420, errorString=0x00007fff58ecca88, expression=0x00007fff58eccb68, objectGroup=0x00007fff58eccb48, includeCommandLineAPI=0x00007fff58eccb36, doNotPauseOnExceptionsAndMuteConsole=0x00007fff58eccb1e, executionContextId=0x0000000000000000, returnByValue=0x00007fff58eccaee, generatePreview=0x00007fff58eccad6, saveResult=0x00007fff58eccabe, result=0x00007fff58ecca78, wasThrown=0x00007fff58ecca70, savedResultIndex=0x00007fff58ecca68) + 636 at InspectorRuntimeAgent.cpp:129 frame #24: 0x00000001115da02c JavaScriptCore`non-virtual thunk to Inspector::InspectorRuntimeAgent::evaluate(this=0x000000011dfe2430, errorString=0x00007fff58ecca88, expression=0x00007fff58eccb68, objectGroup=0x00007fff58eccb48, includeCommandLineAPI=0x00007fff58eccb36, doNotPauseOnExceptionsAndMuteConsole=0x00007fff58eccb1e, executionContextId=0x0000000000000000, returnByValue=0x00007fff58eccaee, generatePreview=0x00007fff58eccad6, saveResult=0x00007fff58eccabe, result=0x00007fff58ecca78, wasThrown=0x00007fff58ecca70, savedResultIndex=0x00007fff58ecca68) + 252 at InspectorRuntimeAgent.cpp:135 frame #25: 0x00000001115a7ca2 JavaScriptCore`Inspector::RuntimeBackendDispatcher::evaluate(this=0x000000011de128e8, callId=54, message=0x0000000125fdc910) + 2690 at InspectorBackendDispatchers.cpp:4810 frame #26: 0x00000001115a6cf3 JavaScriptCore`Inspector::RuntimeBackendDispatcher::dispatch(this=0x000000011de128e8, callId=54, method=0x00007fff58eccd90, message=0x00007fff58eccd88) + 739 at InspectorBackendDispatchers.cpp:4733 frame #27: 0x000000011155f345 JavaScriptCore`Inspector::BackendDispatcher::dispatch(this=0x000000011de15968, message=0x00007fff58ecd040) + 1509 at InspectorBackendDispatcher.cpp:129 frame #28: 0x0000000113d66e51 WebCore`WebCore::InspectorController::dispatchMessageFromFrontend(this=0x000000011dfe3000, message=0x00007fff58ecd040) + 81 at InspectorController.cpp:356 frame #29: 0x000000010e501253 WebKit`WebKit::WebInspector::sendMessageToBackend(this=0x00007fe49700f6a8, message=0x00007fff58ecd040) + 83 at WebInspector.cpp:245 frame #30: 0x000000010e50c24f WebKit`void IPC::callMemberFunctionImpl<WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&), std::__1::tuple<WTF::String>, 0ul>(object=0x00007fe49700f6a8, function=0x000000010e501200, args=0x00007fff58ecd040, (null)=index_sequence<0> at 0x00007fff58eccf70)(WTF::String const&), std::__1::tuple<WTF::String>&&, std::index_sequence<0ul>) + 159 at HandleMessage.h:16 frame #31: 0x000000010e50c1a8 WebKit`void IPC::callMemberFunction<WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&), std::__1::tuple<WTF::String>, std::make_index_sequence<1ul> >(args=0x00007fff58ecd040, object=0x00007fe49700f6a8, function=0x000000010e501200)(WTF::String const&)) + 88 at HandleMessage.h:22 frame #32: 0x000000010e50c116 WebKit`void IPC::handleMessage<Messages::WebInspector::SendMessageToBackend, WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&)>(decoder=0x0000000125f9cc00, object=0x00007fe49700f6a8, function=0x000000010e501200)(WTF::String const&)) + 230 at HandleMessage.h:92 frame #33: 0x000000010e50b64a WebKit`WebKit::WebInspector::didReceiveMessage(this=0x00007fe49700f6a8, connection=0x000000011d7fb798, decoder=0x0000000125f9cc00) + 1306 at WebInspectorMessageReceiver.cpp:76 frame #34: 0x000000010e50b6b7 WebKit`non-virtual thunk to WebKit::WebInspector::didReceiveMessage(this=0x00007fe49700f6b8, connection=0x000000011d7fb798, decoder=0x0000000125f9cc00) + 55 at WebInspectorMessageReceiver.cpp:94 frame #35: 0x000000010dec9873 WebKit`IPC::Connection::dispatchMessage(this=0x000000011d7fb798, decoder=0x0000000125f9cc00) + 51 at Connection.cpp:847 frame #36: 0x000000010dec1c80 WebKit`IPC::Connection::dispatchMessage(this=0x000000011d7fb798, message=unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> > at 0x00007fff58ecd4c8) + 416 at Connection.cpp:870 frame #37: 0x000000010dec9e6f WebKit`IPC::Connection::dispatchOneMessage(this=0x000000011d7fb798) + 1519 at Connection.cpp:898 frame #38: 0x000000010decb55d WebKit`IPC::Connection::enqueueIncomingMessage(this=0x00007fe492c120a8)::$_9::operator()() const + 29 at Connection.cpp:841 frame #39: 0x000000010decb52c WebKit`std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_9, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_9>, void ()>::operator()() [inlined] decltype(this=0x00007fe492c120a8, __f=0x00007fe492c120a8)::$_9&>(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_9&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_9&&&) + 60 at __functional_base:413 frame #40: 0x000000010decb51b WebKit`std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_9, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_9>, void ()>::operator(this=0x00007fe492c120a0)() + 43 at functional:1370 frame #41: 0x000000011153434a JavaScriptCore`std::__1::function<void ()>::operator(this=0x00007fff58ecd9c0)() const + 26 at functional:1755 frame #42: 0x0000000111a2f452 JavaScriptCore`WTF::RunLoop::performWork(this=0x000000011dff9000) + 306 at RunLoop.cpp:104 frame #43: 0x0000000111a30724 JavaScriptCore`WTF::RunLoop::performWork(context=0x000000011dff9000) + 36 at RunLoopCF.cpp:38 frame #44: 0x00007fff85b0ba01 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #45: 0x00007fff85afdb8d CoreFoundation`__CFRunLoopDoSources0 + 269 frame #46: 0x00007fff85afd1bf CoreFoundation`__CFRunLoopRun + 927 frame #47: 0x00007fff85afcbd8 CoreFoundation`CFRunLoopRunSpecific + 296 frame #48: 0x00007fff8ada356f HIToolbox`RunCurrentEventLoopInMode + 235 frame #49: 0x00007fff8ada32ea HIToolbox`ReceiveNextEventCommon + 431 frame #50: 0x00007fff8ada312b HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 71 frame #51: 0x00007fff87dd59bb AppKit`_DPSNextEvent + 978 frame #52: 0x00007fff87dd4f68 AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 346 frame #53: 0x00007fff87dcabf3 AppKit`-[NSApplication run] + 594 frame #54: 0x00007fff87d47354 AppKit`NSApplicationMain + 1832 frame #55: 0x00007fff8fc10958 libxpc.dylib`_xpc_objc_main + 793 frame #56: 0x00007fff8fc12060 libxpc.dylib`xpc_main + 490 frame #57: 0x0000000106d31185 com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x00007fff58ecf2e8) + 37 at XPCServiceMain.Development.mm:162 frame #58: 0x00007fff898065c9 libdyld.dylib`start + 1 frame #59: 0x00007fff898065c9 libdyld.dylib`start + 1 1079861 1 joepeck 2015-03-24 21:53:02 -0700 > var baseclass = class A { constructor(){} methodA(a,b){} }; > var derivedclass = class B extends baseclass { constructor(){} methodB(a,b){} }; > new derivedclass; As written I would expect a TDZ exception since derivedclass does not have a call to super() in its constructor. 1080503 2 joepeck 2015-03-26 17:09:08 -0700 Thanks to Mark Lam's help, we deduced this crash only happens when the type profiler is enabled. Reduction using `jsc`: shell> cd Build/Debug shell> JSC_enableTypeProfiler=1 DYLD_FRAMEWORK_PATH=$PWD ./jsc jsc> var base = class A { constructor() {} }; var derived = class B extends base { constructor() { super(); } }; new derived; Segmentation fault: 11 1080510 3 joepeck 2015-03-26 17:31:39 -0700 <rdar://problem/20279177> 1080512 4 joepeck 2015-03-26 17:34:01 -0700 Ryosuke pointed to an emitMove(&m_thisRegister, addConstantEmptyValue()) we do for derived constructors that should probably not be profiled. Making this particular move not profile fixes the issue. So we're going to suggest adding a new method emitMoveEmptyValue(). Also looking into adding an ASSERT to catch this earlier, and see if there is a way to write tests with the type profiler enabled. 1080517 5 saam 2015-03-26 17:57:00 -0700 (In reply to comment #4) > Ryosuke pointed to an emitMove(&m_thisRegister, addConstantEmptyValue()) we > do for derived constructors that should probably not be profiled. Making > this particular move not profile fixes the issue. > > So we're going to suggest adding a new method emitMoveEmptyValue(). Also > looking into adding an ASSERT to catch this earlier, and see if there is a > way to write tests with the type profiler enabled. This bug: https://bugs.webkit.org/show_bug.cgi?id=136359 should fix this problem. 1080521 6 249547 joepeck 2015-03-26 18:10:57 -0700 Created attachment 249547 [PATCH] Proposed Fix 1080522 7 249547 joepeck 2015-03-26 18:16:34 -0700 Comment on attachment 249547 [PATCH] Proposed Fix View in context: https://bugs.webkit.org/attachment.cgi?id=249547&action=review > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:998 > + m_staticPropertyAnalyzer.mov(dst->index(), emptyValue->index()); I wasn't sure if we could drop this as well: "Used for flow-insensitive static analysis of the number of properties assigned to an object" I don't think we can ever have properties of an object that are uninitialized. My understanding is TDZ only affects lexically scoped variables and `this`, neither of which are properties. 1080524 8 249547 rniwa 2015-03-26 18:42:44 -0700 Comment on attachment 249547 [PATCH] Proposed Fix View in context: https://bugs.webkit.org/attachment.cgi?id=249547&action=review >> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:998 >> + m_staticPropertyAnalyzer.mov(dst->index(), emptyValue->index()); > > I wasn't sure if we could drop this as well: > > "Used for flow-insensitive static analysis of the number of properties assigned to an object" > > I don't think we can ever have properties of an object that are uninitialized. My understanding is TDZ only affects lexically scoped variables and `this`, neither of which are properties. Yeah, just delete this line. 1080531 9 joepeck 2015-03-26 19:57:12 -0700 http://trac.webkit.org/changeset/182050 1080532 10 joepeck 2015-03-26 20:00:19 -0700 > This bug: https://bugs.webkit.org/show_bug.cgi?id=136359 > should fix this problem. Oh, I missed this comment earlier! Yes, that sounds right. 249547 2015-03-26 18:10:57 -0700 2015-03-26 19:57:04 -0700 [PATCH] Proposed Fix uninit.patch text/plain 5781 joepeck ZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cgYi9Tb3VyY2UvSmF2 YVNjcmlwdENvcmUvQ2hhbmdlTG9nCmluZGV4IDAwZGZlYWIuLjNjZTliZTEgMTAwNjQ0Ci0tLSBh L1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL0phdmFTY3JpcHRD b3JlL0NoYW5nZUxvZwpAQCAtMSw1ICsxLDMxIEBACiAyMDE1LTAzLTI2ICBKb3NlcGggUGVjb3Jh cm8gIDxwZWNvcmFyb0BhcHBsZS5jb20+CiAKKyAgICAgICAgV2ViQ29udGVudCBDcmFzaCB3aGVu IGluc3RhbnRpYXRpbmcgY2xhc3Mgd2l0aCBUeXBlIFByb2ZpbGluZyBlbmFibGVkCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDMwMzcKKworICAgICAg ICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIGJ5dGVjb21waWxlci9C eXRlY29kZUdlbmVyYXRvci5oOgorICAgICAgICAqIGJ5dGVjb21waWxlci9CeXRlY29kZUdlbmVy YXRvci5jcHA6CisgICAgICAgIChKU0M6OkJ5dGVjb2RlR2VuZXJhdG9yOjpCeXRlY29kZUdlbmVy YXRvcik6CisgICAgICAgIChKU0M6OkJ5dGVjb2RlR2VuZXJhdG9yOjplbWl0TW92ZUVtcHR5VmFs dWUpOgorICAgICAgICBXZSBjYW5ub3QgcHJvZmlsZSB0aGUgdHlwZSBvZiBhbiB1bmluaXRpYWxp emVkIGVtcHR5IEpTVmFsdWUuCisgICAgICAgIE5vciBkbyB3ZSBleHBlY3QgdGhpcyB0byBiZSBu ZWNlc3NhcnksIHNpbmNlIGl0IGlzIGVmZmVjdGl2ZWx5CisgICAgICAgIGFuIHVuc2VlbiB1bmRl ZmluZWQgdmFsdWUuIFNvIGFkZCBhIHdheSB0byBwdXQgdGhlIGVtcHR5IHZhbHVlCisgICAgICAg IHdpdGhvdXQgcHJvZmlsaW5nLgorCisgICAgICAgIChKU0M6OkJ5dGVjb2RlR2VuZXJhdG9yOjpl bWl0TW92ZSk6CisgICAgICAgIEFkZCBhbiBhc3NlcnQgdG8gdHJ5IHRvIGNhdGNoIHRoaXMgaXNz dWUgZWFybHkgb24sIGFuZCBmb3JjZQorICAgICAgICBjYWxsZXJzIHRvIGV4cGxpY2l0bHkgdXNl IGVtaXRNb3ZlRW1wdHlWYWx1ZSBpbnN0ZWFkLgorCisgICAgICAgICogdGVzdHMvdHlwZVByb2Zp bGVyL2NsYXNzZXMuanM6IEFkZGVkLgorICAgICAgICAod3JhcHBlci5CYXNlKToKKyAgICAgICAg KHdyYXBwZXIuRGVyaXZlZCk6CisgICAgICAgICh3cmFwcGVyKToKKyAgICAgICAgQWRkIHRlc3Qg Y292ZXJhZ2UgYm90aCBmb3IgdGhpcyBjYXNlIGFuZCBjbGFzc2VzIGluIGdlbmVyYWwuCisKKzIw MTUtMDMtMjYgIEpvc2VwaCBQZWNvcmFybyAgPHBlY29yYXJvQGFwcGxlLmNvbT4KKwogICAgICAg ICBXZWIgSW5zcGVjdG9yOiBFUzY6IFByb3ZpZGUgYSBiZXR0ZXIgdmlldyBmb3IgQ2xhc3NlcyBp biB0aGUgY29uc29sZQogICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5j Z2k/aWQ9MTQyOTk5CiAKZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9ieXRlY29t cGlsZXIvQnl0ZWNvZGVHZW5lcmF0b3IuY3BwIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVj b21waWxlci9CeXRlY29kZUdlbmVyYXRvci5jcHAKaW5kZXggYWM1ZTM3ZS4uN2NjZmU3NyAxMDA2 NDQKLS0tIGEvU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb21waWxlci9CeXRlY29kZUdlbmVy YXRvci5jcHAKKysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb21waWxlci9CeXRlY29k ZUdlbmVyYXRvci5jcHAKQEAgLTQ3Myw3ICs0NzMsNyBAQCBCeXRlY29kZUdlbmVyYXRvcjo6Qnl0 ZWNvZGVHZW5lcmF0b3IoVk0mIHZtLCBGdW5jdGlvbk5vZGUqIGZ1bmN0aW9uTm9kZSwgVW5saW5r ZQogICAgICAgICBpZiAoY29uc3RydWN0b3JLaW5kKCkgPT0gQ29uc3RydWN0b3JLaW5kOjpEZXJp dmVkKSB7CiAgICAgICAgICAgICBtX25ld1RhcmdldFJlZ2lzdGVyID0gYWRkVmFyKCk7CiAgICAg ICAgICAgICBlbWl0TW92ZShtX25ld1RhcmdldFJlZ2lzdGVyLCAmbV90aGlzUmVnaXN0ZXIpOwot ICAgICAgICAgICAgZW1pdE1vdmUoJm1fdGhpc1JlZ2lzdGVyLCBhZGRDb25zdGFudEVtcHR5VmFs dWUoKSk7CisgICAgICAgICAgICBlbWl0TW92ZUVtcHR5VmFsdWUoJm1fdGhpc1JlZ2lzdGVyKTsK ICAgICAgICAgfSBlbHNlCiAgICAgICAgICAgICBlbWl0Q3JlYXRlVGhpcygmbV90aGlzUmVnaXN0 ZXIpOwogICAgIH0gZWxzZSBpZiAoY29uc3RydWN0b3JLaW5kKCkgIT0gQ29uc3RydWN0b3JLaW5k OjpOb25lKSB7CkBAIC05OTIsOCArOTkyLDIwIEBAIHVuc2lnbmVkIEJ5dGVjb2RlR2VuZXJhdG9y OjphZGRSZWdFeHAoUmVnRXhwKiByKQogICAgIHJldHVybiBtX2NvZGVCbG9jay0+YWRkUmVnRXhw KHIpOwogfQogCitSZWdpc3RlcklEKiBCeXRlY29kZUdlbmVyYXRvcjo6ZW1pdE1vdmVFbXB0eVZh bHVlKFJlZ2lzdGVySUQqIGRzdCkKK3sKKyAgICBSZWZQdHI8UmVnaXN0ZXJJRD4gZW1wdHlWYWx1 ZSA9IGFkZENvbnN0YW50RW1wdHlWYWx1ZSgpOworICAgIG1fc3RhdGljUHJvcGVydHlBbmFseXpl ci5tb3YoZHN0LT5pbmRleCgpLCBlbXB0eVZhbHVlLT5pbmRleCgpKTsKKyAgICBlbWl0T3Bjb2Rl KG9wX21vdik7CisgICAgaW5zdHJ1Y3Rpb25zKCkuYXBwZW5kKGRzdC0+aW5kZXgoKSk7CisgICAg aW5zdHJ1Y3Rpb25zKCkuYXBwZW5kKGVtcHR5VmFsdWUtPmluZGV4KCkpOworICAgIHJldHVybiBk c3Q7Cit9CisKIFJlZ2lzdGVySUQqIEJ5dGVjb2RlR2VuZXJhdG9yOjplbWl0TW92ZShSZWdpc3Rl cklEKiBkc3QsIFJlZ2lzdGVySUQqIHNyYykKIHsKKyAgICBBU1NFUlQoc3JjICE9IG1fZW1wdHlW YWx1ZVJlZ2lzdGVyKTsKKwogICAgIG1fc3RhdGljUHJvcGVydHlBbmFseXplci5tb3YoZHN0LT5p bmRleCgpLCBzcmMtPmluZGV4KCkpOwogICAgIGVtaXRPcGNvZGUob3BfbW92KTsKICAgICBpbnN0 cnVjdGlvbnMoKS5hcHBlbmQoZHN0LT5pbmRleCgpKTsKZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZh U2NyaXB0Q29yZS9ieXRlY29tcGlsZXIvQnl0ZWNvZGVHZW5lcmF0b3IuaCBiL1NvdXJjZS9KYXZh U2NyaXB0Q29yZS9ieXRlY29tcGlsZXIvQnl0ZWNvZGVHZW5lcmF0b3IuaAppbmRleCAxYzk5YWNh Li40ZmZlZjZiIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvYnl0ZWNvbXBpbGVy L0J5dGVjb2RlR2VuZXJhdG9yLmgKKysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb21w aWxlci9CeXRlY29kZUdlbmVyYXRvci5oCkBAIC00NTYsNiArNDU2LDcgQEAgbmFtZXNwYWNlIEpT QyB7CiAgICAgICAgIFJlZ2lzdGVySUQqIGVtaXROZXdEZWZhdWx0Q29uc3RydWN0b3IoUmVnaXN0 ZXJJRCogZHN0LCBDb25zdHJ1Y3RvcktpbmQsIGNvbnN0IElkZW50aWZpZXImIG5hbWUpOwogICAg ICAgICBSZWdpc3RlcklEKiBlbWl0TmV3UmVnRXhwKFJlZ2lzdGVySUQqIGRzdCwgUmVnRXhwKik7 CiAKKyAgICAgICAgUmVnaXN0ZXJJRCogZW1pdE1vdmVFbXB0eVZhbHVlKFJlZ2lzdGVySUQqIGRz dCk7CiAgICAgICAgIFJlZ2lzdGVySUQqIGVtaXRNb3ZlKFJlZ2lzdGVySUQqIGRzdCwgUmVnaXN0 ZXJJRCogc3JjKTsKIAogICAgICAgICBSZWdpc3RlcklEKiBlbWl0VG9OdW1iZXIoUmVnaXN0ZXJJ RCogZHN0LCBSZWdpc3RlcklEKiBzcmMpIHsgcmV0dXJuIGVtaXRVbmFyeU9wKG9wX3RvX251bWJl ciwgZHN0LCBzcmMpOyB9CmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvdGVzdHMv dHlwZVByb2ZpbGVyL2NsYXNzZXMuanMgYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvdGVzdHMvdHlw ZVByb2ZpbGVyL2NsYXNzZXMuanMKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMC4u N2U0NzAwYgotLS0gL2Rldi9udWxsCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0cy90 eXBlUHJvZmlsZXIvY2xhc3Nlcy5qcwpAQCAtMCwwICsxLDI5IEBACitsb2FkKCIuL2RyaXZlci9k cml2ZXIuanMiKTsKKworZnVuY3Rpb24gd3JhcHBlcigpIHsKKworY2xhc3MgQmFzZSB7IGNvbnN0 cnVjdG9yKCkgeyB0aGlzLl9iYXNlID0gdHJ1ZTsgfSB9OworY2xhc3MgRGVyaXZlZCBleHRlbmRz IEJhc2UgeyBjb25zdHJ1Y3RvcigpIHsgc3VwZXIoKTsgdGhpcy5fZGVyaXZlZCA9IHRydWU7IH0g fTsKKwordmFyIGJhc2VJbnN0YW5jZSA9IG5ldyBCYXNlOwordmFyIGRlcml2ZWRJbnN0YW5jZSA9 IG5ldyBEZXJpdmVkOworCit9Cit3cmFwcGVyKCk7CisKKy8vID09PT09PSBFbmQgdGVzdCBjYXNl cyA9PT09PT0KKwordmFyIHR5cGVzID0gZmluZFR5cGVGb3JFeHByZXNzaW9uKHdyYXBwZXIsICJi YXNlSW5zdGFuY2UgPSBuZXcgQmFzZSIpOworYXNzZXJ0KHR5cGVzLmdsb2JhbFR5cGVTZXQuZGlz cGxheVR5cGVOYW1lID09PSAiQmFzZSIsICJ2YXJpYWJsZSAnYmFzZUluc3RhbmNlJyBzaG91bGQg aGF2ZSBkaXNwbGF5VHlwZU5hbWUgJ0Jhc2UnIik7Cithc3NlcnQodHlwZXMuaW5zdHJ1Y3Rpb25U eXBlU2V0LmRpc3BsYXlUeXBlTmFtZSA9PT0gIkJhc2UiLCAidmFyaWFibGUgJ2Jhc2VJbnN0YW5j ZScgc2hvdWxkIGhhdmUgZGlzcGxheVR5cGVOYW1lICdCYXNlJyIpOworYXNzZXJ0KHR5cGVzLmlu c3RydWN0aW9uVHlwZVNldC5zdHJ1Y3R1cmVzLmxlbmd0aCA9PT0gMSwgIlZhcmlhYmxlICdiYXNl SW5zdGFuY2UnIHNob3VsZCBoYXZlIG9uZSBzdHJ1Y3R1cmUiKTsKK2Fzc2VydCh0eXBlcy5pbnN0 cnVjdGlvblR5cGVTZXQuc3RydWN0dXJlc1swXS5maWVsZHMubGVuZ3RoID09PSAxLCAidmFyaWFi bGUgJ2Jhc2VJbnN0YW5jZScgc2hvdWxkIGhhdmUgb25lIGZpZWxkOiBfYmFzZSIpOworYXNzZXJ0 KHR5cGVzLmluc3RydWN0aW9uVHlwZVNldC5zdHJ1Y3R1cmVzWzBdLmZpZWxkcy5pbmRleE9mKCJf YmFzZSIpICE9PSAtMSwgInZhcmlhYmxlICdiYXNlSW5zdGFuY2UnIHNob3VsZCBoYXZlIGZpZWxk ICdfYmFzZSciKTsKKwordHlwZXMgPSBmaW5kVHlwZUZvckV4cHJlc3Npb24od3JhcHBlciwgImRl cml2ZWRJbnN0YW5jZSA9IG5ldyBEZXJpdmVkIik7Cithc3NlcnQodHlwZXMuZ2xvYmFsVHlwZVNl dC5kaXNwbGF5VHlwZU5hbWUgPT09ICJEZXJpdmVkIiwgInZhcmlhYmxlICdkZXJpdmVkSW5zdGFu Y2UnIHNob3VsZCBoYXZlIGRpc3BsYXlUeXBlTmFtZSAnRGVyaXZlZCciKTsKK2Fzc2VydCh0eXBl cy5pbnN0cnVjdGlvblR5cGVTZXQuZGlzcGxheVR5cGVOYW1lID09PSAiRGVyaXZlZCIsICJ2YXJp YWJsZSAnZGVyaXZlZEluc3RhbmNlJyBzaG91bGQgaGF2ZSBkaXNwbGF5VHlwZU5hbWUgJ0Rlcml2 ZWQnIik7Cithc3NlcnQodHlwZXMuaW5zdHJ1Y3Rpb25UeXBlU2V0LnN0cnVjdHVyZXMubGVuZ3Ro ID09PSAxLCAiVmFyaWFibGUgJ2Rlcml2ZWRJbnN0YW5jZScgc2hvdWxkIGhhdmUgb25lIHN0cnVj dHVyZSIpOworYXNzZXJ0KHR5cGVzLmluc3RydWN0aW9uVHlwZVNldC5zdHJ1Y3R1cmVzWzBdLmZp ZWxkcy5sZW5ndGggPT09IDIsICJ2YXJpYWJsZSAnZGVyaXZlZEluc3RhbmNlJyBzaG91bGQgaGF2 ZSBvbmUgZmllbGQ6IF9iYXNlLF9kZXJpdmVkIik7Cithc3NlcnQodHlwZXMuaW5zdHJ1Y3Rpb25U eXBlU2V0LnN0cnVjdHVyZXNbMF0uZmllbGRzLmluZGV4T2YoIl9iYXNlIikgIT09IC0xLCAidmFy aWFibGUgJ2Rlcml2ZWRJbnN0YW5jZScgc2hvdWxkIGhhdmUgZmllbGQgJ19iYXNlJyIpOworYXNz ZXJ0KHR5cGVzLmluc3RydWN0aW9uVHlwZVNldC5zdHJ1Y3R1cmVzWzBdLmZpZWxkcy5pbmRleE9m KCJfZGVyaXZlZCIpICE9PSAtMSwgInZhcmlhYmxlICdkZXJpdmVkSW5zdGFuY2UnIHNob3VsZCBo YXZlIGZpZWxkICdfZGVyaXZlZCciKTsK