Summary: | Web Inspector: Source directives lost when using Function constructor repeatedly | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Joseph Pecoraro <joepeck> | ||||||
Component: | Web Inspector | Assignee: | Joseph Pecoraro <joepeck> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | bburg, commit-queue, ggaren, graouts, joepeck, keith_miller, mark.lam, mattbaker, msaboff, nvasilyev, saam, timothy, webkit-bug-importer | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Bug Depends on: | |||||||||
Bug Blocks: | 156022 | ||||||||
Attachments: |
|
Description
Joseph Pecoraro
2016-04-21 13:26:02 PDT
Created attachment 276954 [details]
[PATCH] Proposed Fix
Comment on attachment 276954 [details]
[PATCH] Proposed Fix
What about cached non-function code, like program code?
> What about cached non-function code, like program code? I was unable to get them to reproduce this issue. The cases I know about are: - Program or Module - <script> / API typically have a URL which dominates even if a sourceURL - Eval - eval() may have a sourceURL - Function - Function() may have a sourceURL - HTML inline event listeners <body onload="foo"> Programs, at least from a web page, don't seem to have this issue. This handles `Function()`. I couldn't reproduce the issue with `eval`. For example: <script> console.log(eval("\n//# sourceURL=test.js\nconsole.log(1)")); console.log(eval("\n//# sourceURL=test.js\nconsole.log(2)")); </script> Most of the time the cache is avoided if breakpoints are on which would cause DebuggerOn, but even with breakpoints disabled this was not cached because of TDZ speculation: (lldb) f frame #0: 0x0000000104e35678 JavaScriptCore`JSC::UnlinkedEvalCodeBlock* JSC::CodeCache::getGlobalCodeBlock ... at CodeCache.cpp:91 88 // FIXME: We should do something smart for TDZ instead of just disabling caching. 89 // https://bugs.webkit.org/show_bug.cgi?id=154010 90 bool canCache = debuggerMode == DebuggerOff && profilerMode == ProfilerOff && !vm.typeProfiler() && !vm.controlFlowProfiler() && !variablesUnderTDZ->size(); -> 91 if (cache && canCache) { (lldb) p canCache (bool) $12 = false (lldb) p variablesUnderTDZ->size() (unsigned int) $17 = 1 I'll investigate this a bit further. > I'll investigate this a bit further.
The TDZ variable here was "this", heh.
(In reply to comment #4) > > What about cached non-function code, like program code? > > I was unable to get them to reproduce this issue. > > The cases I know about are: > > - Program or Module > - <script> / API typically have a URL which dominates even if a > sourceURL We may be seeing this with Programs and <script> in 150009. > We may be seeing this with Programs and <script> in 150009. Well, somehow I'm seeing this in bug 150009, and adding identical code to CodeCache for Programs makes this work. I have had no luck creating a reduction for it yet. (In reply to comment #7) > I have had no luck creating a reduction for it yet. Nevermind, my reduction was working I was just seeing unexpected results because of special handling in the Web Inspector for <script>s, which will need to be addressed separately. (In reply to comment #5) > > I'll investigate this a bit further. > > The TDZ variable here was "this", heh. This seems like it could be a legitimate bug though. It seems the eval code cache might always be getting thwarted by `this` even if `this` is not used? I'll ask Saam tomorrow. Created attachment 277007 [details]
[PATCH] Proposed Fix
Comment on attachment 277007 [details]
[PATCH] Proposed Fix
r=me
Comment on attachment 277007 [details] [PATCH] Proposed Fix Clearing flags on attachment: 277007 Committed r199939: <http://trac.webkit.org/changeset/199939> All reviewed patches have been landed. Closing bug. |