38535 2010-05-04 11:29:24 -0700 WebKit crashes at DebuggerCallFrame::functionName() if m_callFrame is the top global callframe. 2010-12-23 15:11:05 -0800 1 1 1 Unclassified WebKit WebKit Misc. 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED InRadar P2 Normal --- 1 yongjun_zhang yongjun_zhang abarth bolsinga commit-queue darin eric ggaren oliver webkit.review.bot yongjun_zhang oldest_to_newest 220681 0 yongjun_zhang 2010-05-04 11:29:24 -0700 When an app is using WebKit and it also implements WebScriptDebuggerDelegate::exceptionWasRaised to sniff exceptions thrown from JS engine, and then uses [WebScriptCallFrame functionName] to get the function which throws the exception. If the call frame is the top global call frame, [WebScriptCallFrame functionName] crashes. The reason is JSC::DebuggerCallFrame::functionName() doesn't check if the call frame is a Program or or Function before calling m_callFrame->callee(). For global call frame, m_callFrame->callee() return 0 and it crashes later on in asFunction(). 220689 1 55032 yongjun_zhang 2010-05-04 11:40:58 -0700 Created attachment 55032 Bailout if callframe's callee is null. 220702 2 bolsinga 2010-05-04 12:03:22 -0700 <rdar://problem/7928746> 220714 3 55032 darin 2010-05-04 12:36:03 -0700 Comment on attachment 55032 Bailout if callframe's callee is null. Looks OK. r=me 220803 4 55032 commit-queue 2010-05-04 15:01:50 -0700 Comment on attachment 55032 Bailout if callframe's callee is null. Clearing flags on attachment: 55032 Committed r58779: <http://trac.webkit.org/changeset/58779> 220804 5 commit-queue 2010-05-04 15:01:55 -0700 All reviewed patches have been landed. Closing bug. 220823 6 webkit.review.bot 2010-05-04 15:33:51 -0700 http://trac.webkit.org/changeset/58779 might have broken Qt Linux Release The following changes are on the blame list: http://trac.webkit.org/changeset/58779 http://trac.webkit.org/changeset/58780 325870 7 yongjun_zhang 2010-12-22 20:15:11 -0800 Reopen this since we still see crashes on the same spot when global top frame is called with functionName. 325876 8 yongjun_zhang 2010-12-22 20:30:30 -0800 It crashes only in the case when the exception is throw from the second most top frame, aka. its caller frame is the top most frame, AND the top most frame is an anonymous function (like an eventHandler). In this case, m_callFrame->callee() in JSC::debuggerCallFrame::functionName() returns 0x2. We need to check if this callFrame is top callFrame in [WebScriptCallFrame functionName]. 325877 9 77301 yongjun_zhang 2010-12-22 20:37:41 -0800 Created attachment 77301 Check if this CallFrame is top call frame in [WebScriptCallFrame functionName]. 326101 10 77301 darin 2010-12-23 08:44:25 -0800 Comment on attachment 77301 Check if this CallFrame is top call frame in [WebScriptCallFrame functionName]. View in context: https://bugs.webkit.org/attachment.cgi?id=77301&action=review > WebKit/mac/WebView/WebScriptDebugDelegate.mm:207 > + if (!_private->caller) > + return nil; Checking this seems OK, but random; not clearly connected to the rest of this function. Could you give more detail on what fails when caller is 0? Why is adding this check the best fix? Should we be making a fix inside the JavaScriptcore functionName function? 326104 11 darin 2010-12-23 08:46:28 -0800 There must be a way to fix this in JavaScriptCore. I’m not satisfied with the current patch. Geoff, Ollie, ideas? 326122 12 yongjun_zhang 2010-12-23 09:54:19 -0800 (In reply to comment #10) > (From update of attachment 77301 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=77301&action=review > > > WebKit/mac/WebView/WebScriptDebugDelegate.mm:207 > > + if (!_private->caller) > > + return nil; > > Checking this seems OK, but random; not clearly connected to the rest of this function. Could you give more detail on what fails when caller is 0? Why is adding this check the best fix? Should we be making a fix inside the JavaScriptcore functionName function? (In reply to comment #11) > There must be a way to fix this in JavaScriptCore. I’m not satisfied with the current patch. Geoff, Ollie, ideas? I agree we should fix it in JavaScriptCore. Here is what I saw. For top call frames, the caller is 0 and functionName of a top callframe is nil. As far as I understand, top call frame's callee (in JSC::DebuggerCallFrame::functionName()) should be 0, that way, we can bail out in DebuggerCallFrame::functionName() quickly (which is http://trac.webkit.org/changeset/58779 did). The odd thing is for this particular top call frame, the callee in DebuggerCallFrame is 0x2, seems like it was read from a wrong offset in the RegisterFile, and it crashes later on in asFunction(m_callFrame->callee()). Geoff, Ollie, any idea why the callee is 0x2 in this case? 326226 13 yongjun_zhang 2010-12-23 12:40:36 -0800 It turns out WebScriptDebugger in WebKit has empty implementations for willExecuteProgram and didExecuteProgram. As a result, if the top call frame is from a program, WebKitScriptDebugger doesn't record that callframe as the top frame, and WebScriptDebugger's callframe stack is wrong from this point. That could cause crash if we trying to access the top call from from this stack when an exception throws because the saved top frame could be invalid. 326234 14 77362 yongjun_zhang 2010-12-23 12:48:07 -0800 Created attachment 77362 Maintain top callframe in willExecuteProgram and didExecuteProgram to keep WebScriptDebugger's callframe stack in sync with JavaScriptCore's stack. 326237 15 77363 yongjun_zhang 2010-12-23 12:56:47 -0800 Created attachment 77363 Maintain top callframe in willExecuteProgram and didExecuteProgram to keep WebScriptDebugger's callframe stack in sync with JavaScriptCore's stack. 326244 16 77363 darin 2010-12-23 13:02:10 -0800 Comment on attachment 77363 Maintain top callframe in willExecuteProgram and didExecuteProgram to keep WebScriptDebugger's callframe stack in sync with JavaScriptCore's stack. Looks good. How did you test? 326262 17 yongjun_zhang 2010-12-23 13:33:06 -0800 (In reply to comment #16) > (From update of attachment 77363 [details]) > Looks good. How did you test? thanks. I tested with the app in <rdar://problem/7928746>, and the crash doesn't happen after the fix. It would be nice to have an unit test for this, but it involves a WebKit based app which using WebScriptDebugger API directly. 326308 18 77363 commit-queue 2010-12-23 15:10:57 -0800 Comment on attachment 77363 Maintain top callframe in willExecuteProgram and didExecuteProgram to keep WebScriptDebugger's callframe stack in sync with JavaScriptCore's stack. Clearing flags on attachment: 77363 Committed r74586: <http://trac.webkit.org/changeset/74586> 326309 19 commit-queue 2010-12-23 15:11:05 -0800 All reviewed patches have been landed. Closing bug. 55032 2010-05-04 11:40:58 -0700 2010-05-04 15:01:50 -0700 Bailout if callframe's callee is null. DebuggerCallFrame.patch text/plain 1672 yongjun_zhang SW5kZXg6IEphdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBKYXZhU2NyaXB0 Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDU4NzY3KQorKysgSmF2YVNjcmlwdENvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTAtMDUtMDQgIFlvbmdqdW4g WmhhbmcgIDx5b25nanVuX3poYW5nQGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBO T0JPRFkgKE9PUFMhKS4KKworICAgICAgICBXZWJLaXQgY3Jhc2hlcyBhdCBEZWJ1Z2dlckNhbGxG cmFtZTo6ZnVuY3Rpb25OYW1lKCkgaWYgbV9jYWxsRnJhbWUgaXMgdGhlIHRvcCBnbG9iYWwgY2Fs bGZyYW1lLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9 Mzg1MzUKKworICAgICAgICBEb24ndCBjYWxsIGFzRnVuY3Rpb24gaWYgY2FsbGVlIGlzIG5vdCBh IEZ1bmN0aW9uVHlwZSB0byBwcmV2ZW50IGFzc2VydGlvbiBmYWlsdXJlCisgICAgICAgIGluIEpT Q2VsbDo6aXNPYmplY3QoKS4KKworICAgICAgICAqIGRlYnVnZ2VyL0RlYnVnZ2VyQ2FsbEZyYW1l LmNwcDoKKyAgICAgICAgKEpTQzo6RGVidWdnZXJDYWxsRnJhbWU6OmZ1bmN0aW9uTmFtZSk6Cisg ICAgICAgIChKU0M6OkRlYnVnZ2VyQ2FsbEZyYW1lOjpjYWxjdWxhdGVkRnVuY3Rpb25OYW1lKToK KwogMjAxMC0wNS0wNCAgSmVkcnplaiBOb3dhY2tpICA8amVkcnplai5ub3dhY2tpQG5va2lhLmNv bT4KIAogICAgICAgICBSZXZpZXdlZCBieSBIb2xnZXIgRnJleXRoZXIuCkluZGV4OiBKYXZhU2Ny aXB0Q29yZS9kZWJ1Z2dlci9EZWJ1Z2dlckNhbGxGcmFtZS5jcHAKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gSmF2 YVNjcmlwdENvcmUvZGVidWdnZXIvRGVidWdnZXJDYWxsRnJhbWUuY3BwCShyZXZpc2lvbiA1ODc2 NCkKKysrIEphdmFTY3JpcHRDb3JlL2RlYnVnZ2VyL0RlYnVnZ2VyQ2FsbEZyYW1lLmNwcAkod29y a2luZyBjb3B5KQpAQCAtNDEsNiArNDEsOSBAQCBjb25zdCBVU3RyaW5nKiBEZWJ1Z2dlckNhbGxG cmFtZTo6ZnVuY3RpCiAgICAgaWYgKCFtX2NhbGxGcmFtZS0+Y29kZUJsb2NrKCkpCiAgICAgICAg IHJldHVybiAwOwogCisgICAgaWYgKCFtX2NhbGxGcmFtZS0+Y2FsbGVlKCkpCisgICAgICAgIHJl dHVybiAwOworCiAgICAgSlNGdW5jdGlvbiogZnVuY3Rpb24gPSBhc0Z1bmN0aW9uKG1fY2FsbEZy YW1lLT5jYWxsZWUoKSk7CiAgICAgaWYgKCFmdW5jdGlvbikKICAgICAgICAgcmV0dXJuIDA7CkBA IC01MSw3ICs1NCwxMCBAQCBVU3RyaW5nIERlYnVnZ2VyQ2FsbEZyYW1lOjpjYWxjdWxhdGVkRnVu CiB7CiAgICAgaWYgKCFtX2NhbGxGcmFtZS0+Y29kZUJsb2NrKCkpCiAgICAgICAgIHJldHVybiBV U3RyaW5nKCk7Ci0gICAgCisKKyAgICBpZiAoIW1fY2FsbEZyYW1lLT5jYWxsZWUoKSkKKyAgICAg ICAgcmV0dXJuIFVTdHJpbmcoKTsKKwogICAgIEpTRnVuY3Rpb24qIGZ1bmN0aW9uID0gYXNGdW5j dGlvbihtX2NhbGxGcmFtZS0+Y2FsbGVlKCkpOwogICAgIGlmICghZnVuY3Rpb24pCiAgICAgICAg IHJldHVybiBVU3RyaW5nKCk7Cg== 77301 2010-12-22 20:37:41 -0800 2010-12-23 12:48:07 -0800 Check if this CallFrame is top call frame in [WebScriptCallFrame functionName]. call_frame_crash.patch text/plain 1527 yongjun_zhang SW5kZXg6IFdlYktpdC9tYWMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYktpdC9tYWMvQ2hh bmdlTG9nCShyZXZpc2lvbiA3NDUzMSkKKysrIFdlYktpdC9tYWMvQ2hhbmdlTG9nCSh3b3JraW5n IGNvcHkpCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTAtMTItMjIgIFlvbmdqdW4gWmhhbmcgIDx5b25n anVuX3poYW5nQGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMh KS4KKworICAgICAgICBXZWJLaXQgY3Jhc2hlcyBhdCBEZWJ1Z2dlckNhbGxGcmFtZTo6ZnVuY3Rp b25OYW1lKCkgaWYgbV9jYWxsRnJhbWUgaXMgdGhlIHRvcCBnbG9iYWwgY2FsbGZyYW1lLgorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9Mzg1MzUKKworICAg ICAgICBJdCBjcmFzaGVzIG9ubHkgaW4gdGhlIGNhc2Ugd2hlbiB0aGUgZXhjZXB0aW9uIGlzIHRo cm93IGZyb20gdGhlIHNlY29uZCBtb3N0IHRvcCBmcmFtZSwgYWthLiBpdHMgY2FsbGVyIGZyYW1l CisgICAgICAgIGlzIHRoZSB0b3AgbW9zdCBmcmFtZSwgQU5EIHRoZSB0b3AgbW9zdCBmcmFtZSBp cyBhbiBhbm9ueW1vdXMgZnVuY3Rpb24gKGxpa2UgYW4gZXZlbnRIYW5kbGVyKS4gIFdlIG5lZWQg dG8KKyAgICAgICAgY2hlY2sgaWYgdGhpcyBjYWxsRnJhbWUgaXMgdG9wIGNhbGxGcmFtZSBpbiBb V2ViU2NyaXB0Q2FsbEZyYW1lIGZ1bmN0aW9uTmFtZV0uCisKKyAgICAgICAgKiBXZWJWaWV3L1dl YlNjcmlwdERlYnVnRGVsZWdhdGUubW06CisgICAgICAgICgtW1dlYlNjcmlwdENhbGxGcmFtZSBm dW5jdGlvbk5hbWVdKToKKwogMjAxMC0xMi0yMiAgU2ltb24gRnJhc2VyICA8c2ltb24uZnJhc2Vy QGFwcGxlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBieSBEYXJpbiBBZGxlci4KSW5kZXg6IFdl YktpdC9tYWMvV2ViVmlldy9XZWJTY3JpcHREZWJ1Z0RlbGVnYXRlLm1tCj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IFdlYktpdC9tYWMvV2ViVmlldy9XZWJTY3JpcHREZWJ1Z0RlbGVnYXRlLm1tCShyZXZpc2lvbiA3 NDUwNSkKKysrIFdlYktpdC9tYWMvV2ViVmlldy9XZWJTY3JpcHREZWJ1Z0RlbGVnYXRlLm1tCSh3 b3JraW5nIGNvcHkpCkBAIC0yMDIsNyArMjAyLDEwIEBAIC0gKE5TU3RyaW5nICopZnVuY3Rpb25O YW1lCiB7CiAgICAgaWYgKCFfcHJpdmF0ZS0+ZGVidWdnZXJDYWxsRnJhbWUpCiAgICAgICAgIHJl dHVybiBuaWw7Ci0KKyAgICAKKyAgICBpZiAoIV9wcml2YXRlLT5jYWxsZXIpCisgICAgICAgIHJl dHVybiBuaWw7CisgICAgCiAgICAgY29uc3QgVVN0cmluZyogZnVuY3Rpb25OYW1lID0gX3ByaXZh dGUtPmRlYnVnZ2VyQ2FsbEZyYW1lLT5mdW5jdGlvbk5hbWUoKTsKICAgICByZXR1cm4gZnVuY3Rp b25OYW1lID8gdG9OU1N0cmluZygqZnVuY3Rpb25OYW1lKSA6IG5pbDsKIH0K 77362 2010-12-23 12:48:07 -0800 2010-12-23 12:56:47 -0800 Maintain top callframe in willExecuteProgram and didExecuteProgram to keep WebScriptDebugger's callframe stack in sync with JavaScriptCore's stack. top_callframe_crash.patch text/plain 3554 yongjun_zhang SW5kZXg6IFdlYktpdC9tYWMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYktpdC9tYWMvQ2hh bmdlTG9nCShyZXZpc2lvbiA3NDU3MykKKysrIFdlYktpdC9tYWMvQ2hhbmdlTG9nCSh3b3JraW5n IGNvcHkpCkBAIC0xLDMgKzEsMjIgQEAKKzIwMTAtMTItMjMgIFlvbmdqdW4gWmhhbmcgIDx5b25n anVuX3poYW5nQGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMh KS4KKworICAgICAgICBXZWJLaXQgY3Jhc2hlcyBhdCBEZWJ1Z2dlckNhbGxGcmFtZTo6ZnVuY3Rp b25OYW1lKCkgaWYgbV9jYWxsRnJhbWUgaXMgdGhlIHRvcCBnbG9iYWwgY2FsbGZyYW1lLgorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9Mzg1MzUKKworICAg ICAgICBXZWJTY3JpcHREZWJ1Z2dlciBpbiBXZWJLaXQgaGFzIGVtcHR5IGltcGxlbWVudGF0aW9u cyBmb3Igd2lsbEV4ZWN1dGVQcm9ncmFtIGFuZCBkaWRFeGVjdXRlUHJvZ3JhbS4gIEFzIGEgcmVz dWx0LAorICAgICAgICBpZiB0aGUgdG9wIGNhbGwgZnJhbWUgaXMgZnJvbSBhIHByb2dyYW0sIFdl YktpdFNjcmlwdERlYnVnZ2VyIGRvZXNuJ3QgcmVjb3JkIHRoYXQgY2FsbGZyYW1lIGFzIHRoZSB0 b3AgZnJhbWUsIGFuZAorICAgICAgICBXZWJTY3JpcHREZWJ1Z2dlcidzIGNhbGxmcmFtZSBzdGFj ayBpcyB3cm9uZyBmcm9tIHRoaXMgcG9pbnQuICBUaGF0IGNvdWxkIGNhdXNlIGNyYXNoIGlmIHdl IHRyeWluZyB0byBhY2Nlc3MgdGhlIHRvcAorICAgICAgICBjYWxsIGZyYW1lIGZyb20gdGhpcyBz dGFjayB3aGVuIGFuIGV4Y2VwdGlvbiB0aHJvd3MgYmVjYXVzZSB0aGUgc2F2ZWQgdG9wIGZyYW1l IGNvdWxkIGJlIGludmFsaWQuCisKKyAgICAgICAgVG8gZml4IHRoYXQsIHdlIG5lZWQgdG8gbWFp bnRhaW4gdGhlIGNhbGwgZnJhbWUgc3RhY2sgaW4gd2lsbEV4ZWN1dGVQcm9ncmFtIGFuZCBkaWRF eGVjdXRlUHJvZ3JhbSwgYXMgd2UgZGlkIGluCisgICAgICAgIGNhbGxFdmVudCBhbmQgcmV0dXJu RXZlbnQuCisKKyAgICAgICAgKiBXZWJWaWV3L1dlYlNjcmlwdERlYnVnZ2VyLm1tOgorICAgICAg ICAoV2ViU2NyaXB0RGVidWdnZXI6OndpbGxFeGVjdXRlUHJvZ3JhbSk6CisgICAgICAgIChXZWJT Y3JpcHREZWJ1Z2dlcjo6ZGlkRXhlY3V0ZVByb2dyYW0pOgorCiAyMDEwLTEyLTIyICBTYW0gV2Vp bmlnICA8c2FtQHdlYmtpdC5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGFyaW4gQWRsZXIu CkluZGV4OiBXZWJLaXQvbWFjL1dlYlZpZXcvV2ViU2NyaXB0RGVidWdnZXIubW0KPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gV2ViS2l0L21hYy9XZWJWaWV3L1dlYlNjcmlwdERlYnVnZ2VyLm1tCShyZXZpc2lvbiA3 NDU2OSkKKysrIFdlYktpdC9tYWMvV2ViVmlldy9XZWJTY3JpcHREZWJ1Z2dlci5tbQkod29ya2lu ZyBjb3B5KQpAQCAtMjIwLDEwICsyMjAsNDMgQEAgdm9pZCBXZWJTY3JpcHREZWJ1Z2dlcjo6ZXhj ZXB0aW9uKGNvbnN0IAogCiB2b2lkIFdlYlNjcmlwdERlYnVnZ2VyOjp3aWxsRXhlY3V0ZVByb2dy YW0oY29uc3QgRGVidWdnZXJDYWxsRnJhbWUmIGRlYnVnZ2VyQ2FsbEZyYW1lLCBpbnRwdHJfdCBz b3VyY2VJRCwgaW50IGxpbmVubykKIHsKKyAgICBpZiAobV9jYWxsaW5nRGVsZWdhdGUpCisgICAg ICAgIHJldHVybjsKKworICAgIG1fY2FsbGluZ0RlbGVnYXRlID0gdHJ1ZTsKKworICAgIFdlYkZy YW1lICp3ZWJGcmFtZSA9IHRvV2ViRnJhbWUoZGVidWdnZXJDYWxsRnJhbWUuZHluYW1pY0dsb2Jh bE9iamVjdCgpKTsKKworICAgIG1fdG9wQ2FsbEZyYW1lLmFkb3B0TlMoW1tXZWJTY3JpcHRDYWxs RnJhbWUgYWxsb2NdIF9pbml0V2l0aEdsb2JhbE9iamVjdDpjb3JlKHdlYkZyYW1lKS0+c2NyaXB0 KCktPndpbmRvd1NjcmlwdE9iamVjdCgpIGRlYnVnZ2VyOnRoaXMgY2FsbGVyOm1fdG9wQ2FsbEZy YW1lLmdldCgpIGRlYnVnZ2VyQ2FsbEZyYW1lOmRlYnVnZ2VyQ2FsbEZyYW1lXSk7CisKKyAgICBX ZWJWaWV3ICp3ZWJWaWV3ID0gW3dlYkZyYW1lIHdlYlZpZXddOworICAgIFdlYlNjcmlwdERlYnVn RGVsZWdhdGVJbXBsZW1lbnRhdGlvbkNhY2hlKiBpbXBsZW1lbnRhdGlvbnMgPSBXZWJWaWV3R2V0 U2NyaXB0RGVidWdEZWxlZ2F0ZUltcGxlbWVudGF0aW9ucyh3ZWJWaWV3KTsKKyAgICBpZiAoaW1w bGVtZW50YXRpb25zLT5kaWRFbnRlckNhbGxGcmFtZUZ1bmMpCisgICAgICAgIENhbGxTY3JpcHRE ZWJ1Z0RlbGVnYXRlKGltcGxlbWVudGF0aW9ucy0+ZGlkRW50ZXJDYWxsRnJhbWVGdW5jLCB3ZWJW aWV3LCBAc2VsZWN0b3Iod2ViVmlldzpkaWRFbnRlckNhbGxGcmFtZTpzb3VyY2VJZDpsaW5lOmZv cldlYkZyYW1lOiksIG1fdG9wQ2FsbEZyYW1lLmdldCgpLCBzb3VyY2VJRCwgbGluZW5vLCB3ZWJG cmFtZSk7CisKKyAgICBtX2NhbGxpbmdEZWxlZ2F0ZSA9IGZhbHNlOwogfQogCiB2b2lkIFdlYlNj cmlwdERlYnVnZ2VyOjpkaWRFeGVjdXRlUHJvZ3JhbShjb25zdCBEZWJ1Z2dlckNhbGxGcmFtZSYg ZGVidWdnZXJDYWxsRnJhbWUsIGludHB0cl90IHNvdXJjZUlELCBpbnQgbGluZW5vKQogeworICAg IGlmIChtX2NhbGxpbmdEZWxlZ2F0ZSkKKyAgICAgICAgcmV0dXJuOworCisgICAgbV9jYWxsaW5n RGVsZWdhdGUgPSB0cnVlOworCisgICAgV2ViRnJhbWUgKndlYkZyYW1lID0gdG9XZWJGcmFtZShk ZWJ1Z2dlckNhbGxGcmFtZS5keW5hbWljR2xvYmFsT2JqZWN0KCkpOworICAgIFdlYlZpZXcgKndl YlZpZXcgPSBbd2ViRnJhbWUgd2ViVmlld107CisKKyAgICBbbV90b3BDYWxsRnJhbWUuZ2V0KCkg X3NldERlYnVnZ2VyQ2FsbEZyYW1lOmRlYnVnZ2VyQ2FsbEZyYW1lXTsKKworICAgIFdlYlNjcmlw dERlYnVnRGVsZWdhdGVJbXBsZW1lbnRhdGlvbkNhY2hlKiBpbXBsZW1lbnRhdGlvbnMgPSBXZWJW aWV3R2V0U2NyaXB0RGVidWdEZWxlZ2F0ZUltcGxlbWVudGF0aW9ucyh3ZWJWaWV3KTsKKyAgICBp ZiAoaW1wbGVtZW50YXRpb25zLT53aWxsTGVhdmVDYWxsRnJhbWVGdW5jKQorICAgICAgICBDYWxs U2NyaXB0RGVidWdEZWxlZ2F0ZShpbXBsZW1lbnRhdGlvbnMtPndpbGxMZWF2ZUNhbGxGcmFtZUZ1 bmMsIHdlYlZpZXcsIEBzZWxlY3Rvcih3ZWJWaWV3OndpbGxMZWF2ZUNhbGxGcmFtZTpzb3VyY2VJ ZDpsaW5lOmZvcldlYkZyYW1lOiksIG1fdG9wQ2FsbEZyYW1lLmdldCgpLCBzb3VyY2VJRCwgbGlu ZW5vLCB3ZWJGcmFtZSk7CisKKyAgICBbbV90b3BDYWxsRnJhbWUuZ2V0KCkgX2NsZWFyRGVidWdn ZXJDYWxsRnJhbWVdOworICAgIG1fdG9wQ2FsbEZyYW1lID0gW21fdG9wQ2FsbEZyYW1lLmdldCgp IGNhbGxlcl07CisKKyAgICBtX2NhbGxpbmdEZWxlZ2F0ZSA9IGZhbHNlOwogfQogCiB2b2lkIFdl YlNjcmlwdERlYnVnZ2VyOjpkaWRSZWFjaEJyZWFrcG9pbnQoY29uc3QgRGVidWdnZXJDYWxsRnJh bWUmLCBpbnRwdHJfdCwgaW50KQo= 77363 2010-12-23 12:56:47 -0800 2010-12-23 15:10:57 -0800 Maintain top callframe in willExecuteProgram and didExecuteProgram to keep WebScriptDebugger's callframe stack in sync with JavaScriptCore's stack. top_callframe_crash.patch text/plain 2058 yongjun_zhang SW5kZXg6IFdlYktpdC9tYWMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYktpdC9tYWMvQ2hh bmdlTG9nCShyZXZpc2lvbiA3NDU3MykKKysrIFdlYktpdC9tYWMvQ2hhbmdlTG9nCSh3b3JraW5n IGNvcHkpCkBAIC0xLDMgKzEsMjIgQEAKKzIwMTAtMTItMjMgIFlvbmdqdW4gWmhhbmcgIDx5b25n anVuX3poYW5nQGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMh KS4KKworICAgICAgICBXZWJLaXQgY3Jhc2hlcyBhdCBEZWJ1Z2dlckNhbGxGcmFtZTo6ZnVuY3Rp b25OYW1lKCkgaWYgbV9jYWxsRnJhbWUgaXMgdGhlIHRvcCBnbG9iYWwgY2FsbGZyYW1lLgorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9Mzg1MzUKKworICAg ICAgICBXZWJTY3JpcHREZWJ1Z2dlciBpbiBXZWJLaXQgaGFzIGVtcHR5IGltcGxlbWVudGF0aW9u cyBmb3Igd2lsbEV4ZWN1dGVQcm9ncmFtIGFuZCBkaWRFeGVjdXRlUHJvZ3JhbS4gIEFzIGEgcmVz dWx0LAorICAgICAgICBpZiB0aGUgdG9wIGNhbGwgZnJhbWUgaXMgZnJvbSBhIHByb2dyYW0sIFdl YktpdFNjcmlwdERlYnVnZ2VyIGRvZXNuJ3QgcmVjb3JkIHRoYXQgY2FsbGZyYW1lIGFzIHRoZSB0 b3AgZnJhbWUsIGFuZAorICAgICAgICBXZWJTY3JpcHREZWJ1Z2dlcidzIGNhbGxmcmFtZSBzdGFj ayBpcyB3cm9uZyBmcm9tIHRoaXMgcG9pbnQuICBUaGF0IGNvdWxkIGNhdXNlIGNyYXNoIGlmIHdl IHRyeWluZyB0byBhY2Nlc3MgdGhlIHRvcAorICAgICAgICBjYWxsIGZyYW1lIGZyb20gdGhpcyBz dGFjayB3aGVuIGFuIGV4Y2VwdGlvbiB0aHJvd3MgYmVjYXVzZSB0aGUgc2F2ZWQgdG9wIGZyYW1l IGNvdWxkIGJlIGludmFsaWQuCisKKyAgICAgICAgVG8gZml4IHRoYXQsIHdlIG5lZWQgdG8gbWFp bnRhaW4gdGhlIGNhbGwgZnJhbWUgc3RhY2sgaW4gd2lsbEV4ZWN1dGVQcm9ncmFtIGFuZCBkaWRF eGVjdXRlUHJvZ3JhbSwgYXMgd2UgZGlkIGluCisgICAgICAgIGNhbGxFdmVudCBhbmQgcmV0dXJu RXZlbnQuCisKKyAgICAgICAgKiBXZWJWaWV3L1dlYlNjcmlwdERlYnVnZ2VyLm1tOgorICAgICAg ICAoV2ViU2NyaXB0RGVidWdnZXI6OndpbGxFeGVjdXRlUHJvZ3JhbSk6CisgICAgICAgIChXZWJT Y3JpcHREZWJ1Z2dlcjo6ZGlkRXhlY3V0ZVByb2dyYW0pOgorCiAyMDEwLTEyLTIyICBTYW0gV2Vp bmlnICA8c2FtQHdlYmtpdC5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGFyaW4gQWRsZXIu CkluZGV4OiBXZWJLaXQvbWFjL1dlYlZpZXcvV2ViU2NyaXB0RGVidWdnZXIubW0KPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gV2ViS2l0L21hYy9XZWJWaWV3L1dlYlNjcmlwdERlYnVnZ2VyLm1tCShyZXZpc2lvbiA3 NDU2OSkKKysrIFdlYktpdC9tYWMvV2ViVmlldy9XZWJTY3JpcHREZWJ1Z2dlci5tbQkod29ya2lu ZyBjb3B5KQpAQCAtMjIwLDEwICsyMjAsMTIgQEAgdm9pZCBXZWJTY3JpcHREZWJ1Z2dlcjo6ZXhj ZXB0aW9uKGNvbnN0IAogCiB2b2lkIFdlYlNjcmlwdERlYnVnZ2VyOjp3aWxsRXhlY3V0ZVByb2dy YW0oY29uc3QgRGVidWdnZXJDYWxsRnJhbWUmIGRlYnVnZ2VyQ2FsbEZyYW1lLCBpbnRwdHJfdCBz b3VyY2VJRCwgaW50IGxpbmVubykKIHsKKyAgICBjYWxsRXZlbnQoZGVidWdnZXJDYWxsRnJhbWUs IHNvdXJjZUlELCBsaW5lbm8pOwogfQogCiB2b2lkIFdlYlNjcmlwdERlYnVnZ2VyOjpkaWRFeGVj dXRlUHJvZ3JhbShjb25zdCBEZWJ1Z2dlckNhbGxGcmFtZSYgZGVidWdnZXJDYWxsRnJhbWUsIGlu dHB0cl90IHNvdXJjZUlELCBpbnQgbGluZW5vKQogeworICAgIHJldHVybkV2ZW50KGRlYnVnZ2Vy Q2FsbEZyYW1lLCBzb3VyY2VJRCwgbGluZW5vKTsKIH0KIAogdm9pZCBXZWJTY3JpcHREZWJ1Z2dl cjo6ZGlkUmVhY2hCcmVha3BvaW50KGNvbnN0IERlYnVnZ2VyQ2FsbEZyYW1lJiwgaW50cHRyX3Qs IGludCkK