156413 2016-04-08 12:26:20 -0700 Debugger may dereference m_currentCallFrame even after the VM has gone idle 2016-04-08 14:21:28 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 saam saam benjamin commit-queue fpizlo ggaren gskachkov joepeck keith_miller mark.lam msaboff oliver sukolsak ysuzuki oldest_to_newest 1182253 0 saam 2016-04-08 12:26:20 -0700 This happens inside ::detach(). We may step over the end of the program and execution leads the VM to exit. Then, a GC happens, we collect the global object which leads us to detach the debugger. In detaching, we think we still have a valid m_currentCallFrame, we dereference it, and crash. The solution is to make sure we're paused when dereferencing this pointer inside ::detach(). 1182255 1 276026 saam 2016-04-08 12:32:32 -0700 Created attachment 276026 patch 1182257 2 276026 mark.lam 2016-04-08 12:35:22 -0700 Comment on attachment 276026 patch r=me. Would be better if you have a test. Or at least document why it's not possible to test. Or file a bug to land a test later. 1182289 3 saam 2016-04-08 13:30:31 -0700 (In reply to comment #2) > Comment on attachment 276026 [details] > patch > > r=me. > > Would be better if you have a test. Or at least document why it's not > possible to test. Or file a bug to land a test later. Thanks for the review. I opened a bug to investigate if it's doable to write a test. https://bugs.webkit.org/show_bug.cgi?id=156417 1182314 4 276026 commit-queue 2016-04-08 14:21:24 -0700 Comment on attachment 276026 patch Clearing flags on attachment: 276026 Committed r199249: <http://trac.webkit.org/changeset/199249> 1182315 5 commit-queue 2016-04-08 14:21:28 -0700 All reviewed patches have been landed. Closing bug. 276026 2016-04-08 12:32:32 -0700 2016-04-08 14:21:24 -0700 patch a-backup.diff text/plain 2166 saam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTk5MjM5KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIzIEBA CisyMDE2LTA0LTA4ICBTYWFtIGJhcmF0aSAgPHNiYXJhdGlAYXBwbGUuY29tPgorCisgICAgICAg IERlYnVnZ2VyIG1heSBkZXJlZmVyZW5jZSBtX2N1cnJlbnRDYWxsRnJhbWUgZXZlbiBhZnRlciB0 aGUgVk0gaGFzIGdvbmUgaWRsZQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9MTU2NDEzCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISku CisKKyAgICAgICAgVGhlcmUgaXMgYSBidWcgd2hlcmUgdGhlIGRlYnVnZ2VyIG1heSBkZXJlZmVy ZW5jZSBpdHMgbV9jdXJyZW50Q2FsbEZyYW1lCisgICAgICAgIHBvaW50ZXIgYWZ0ZXIgdGhhdCBw b2ludGVyIGJlY29tZXMgaW52YWxpZCB0byByZWFkIGZyb20uIFRoaXMgaGFwcGVucyBsaWtlIHNv OgorCisgICAgICAgIFdlIG1heSBzdGVwIG92ZXIgYW4gaW5zdHJ1Y3Rpb24gd2hpY2ggY2F1c2Vz IHRoZSBlbmQgb2YgZXhlY3V0aW9uIGZvciB0aGUKKyAgICAgICAgY3VycmVudCBwcm9ncmFtLiBU aGlzIGNhdXNlcyB0aGUgVk0gdG8gZXhpdC4gVGhlbiwgd2UgcGVyZm9ybSBhIEdDIHdoaWNoCisg ICAgICAgIGNhdXNlcyB1cyB0byBjb2xsZWN0IHRoZSBnbG9iYWwgb2JqZWN0LiBUaGUgZ2xvYmFs IG9iamVjdCBiZWluZyBjb2xsZWN0ZWQKKyAgICAgICAgY2F1c2VzIHVzIHRvIGRldGFjaCB0aGUg ZGVidWdnZXIuIEluIGRldGFjaGluZywgd2UgdGhpbmsgd2Ugc3RpbGwgaGF2ZSBhIAorICAgICAg ICB2YWxpZCBtX2N1cnJlbnRDYWxsRnJhbWUsIHdlIGRlcmVmZXJlbmNlIGl0LCBhbmQgY3Jhc2gu IFRoZSBzb2x1dGlvbiBpcyB0bworICAgICAgICBtYWtlIHN1cmUgd2UncmUgcGF1c2VkIHdoZW4g ZGVyZWZlcmVuY2luZyB0aGlzIHBvaW50ZXIgaW5zaWRlIDo6ZGV0YWNoKCkuCisKKyAgICAgICAg KiBkZWJ1Z2dlci9EZWJ1Z2dlci5jcHA6CisgICAgICAgIChKU0M6OkRlYnVnZ2VyOjpkZXRhY2gp OgorCiAyMDE2LTA0LTA4ICBCZW5qYW1pbiBQb3VsYWluICA8YnBvdWxhaW5AYXBwbGUuY29tPgog CiAgICAgICAgIFVJbnQzMlRvTnVtYmVyIHNob3VsZCBoYXZlIGFuIEludDUyIHBhdGgKSW5kZXg6 IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9kZWJ1Z2dlci9EZWJ1Z2dlci5jcHAKPT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQot LS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2RlYnVnZ2VyL0RlYnVnZ2VyLmNwcAkocmV2aXNpb24g MTk5MTY3KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2RlYnVnZ2VyL0RlYnVnZ2VyLmNwcAko d29ya2luZyBjb3B5KQpAQCAtMTYyLDcgKzE2Miw3IEBAIHZvaWQgRGVidWdnZXI6OmRldGFjaChK U0dsb2JhbE9iamVjdCogZ2wKICAgICAvLyBJZiB3ZSdyZSBkZXRhY2hpbmcgZnJvbSB0aGUgY3Vy cmVudGx5IGV4ZWN1dGluZyBnbG9iYWwgb2JqZWN0LCBtYW51YWxseSB0ZWFyIGRvd24gb3VyCiAg ICAgLy8gc3RhY2ssIHNpbmNlIHdlIHdvbid0IGdldCBmdXJ0aGVyIGRlYnVnZ2VyIGNhbGxiYWNr cyB0byBkbyBzby4gQWxzbywgcmVzdW1lIGV4ZWN1dGlvbiwKICAgICAvLyBzaW5jZSB0aGVyZSdz IG5vIHBvaW50IGluIHN0YXlpbmcgcGF1c2VkIG9uY2UgYSB3aW5kb3cgY2xvc2VzLgotICAgIGlm IChtX2N1cnJlbnRDYWxsRnJhbWUgJiYgbV9jdXJyZW50Q2FsbEZyYW1lLT52bUVudHJ5R2xvYmFs T2JqZWN0KCkgPT0gZ2xvYmFsT2JqZWN0KSB7CisgICAgaWYgKG1faXNQYXVzZWQgJiYgbV9jdXJy ZW50Q2FsbEZyYW1lICYmIG1fY3VycmVudENhbGxGcmFtZS0+dm1FbnRyeUdsb2JhbE9iamVjdCgp ID09IGdsb2JhbE9iamVjdCkgewogICAgICAgICBtX2N1cnJlbnRDYWxsRnJhbWUgPSAwOwogICAg ICAgICBtX3BhdXNlT25DYWxsRnJhbWUgPSAwOwogICAgICAgICBjb250aW51ZVByb2dyYW0oKTsK