Bug 158104

Summary:

DebuggerCallFrame crashes when updated with the globalExec because neither ShadowChicken's algorithm nor StackVisitor's algorithm reasons about the globalExec

Product:

WebKit

Reporter:

Saam Barati <saam>

Component:

JavaScriptCore

Assignee:

Saam Barati <saam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bburg, benjamin, commit-queue, fpizlo, ggaren, gskachkov, joepeck, keith_miller, mark.lam, msaboff, nvasilyev, oliver, sukolsak, timothy, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
WIP	none
patch	none

Description Saam Barati 2016-05-25 18:27:34 PDT

Also, there is a bad assertion in ::create because the top frame is allowed to be a tail deleted frame.

Comment 1 Saam Barati 2016-05-26 13:14:32 PDT

I think we should special case this inside DebuggerCallFrame.

Comment 2 Saam Barati 2016-05-26 13:14:57 PDT

(In reply to comment #1)
> I think we should special case this inside DebuggerCallFrame.

To elaborate, I don't think it's correct to have ShadowChicken handle
this. It shouldn't have to reason about the globalExec()

Comment 3 Saam Barati 2016-05-26 17:14:22 PDT

rdar://problem/26467869

Comment 4 Saam Barati 2016-05-26 17:58:23 PDT

Created attachment 279931 [details]
WIP

this is a test case

Comment 5 Saam Barati 2016-05-27 14:32:45 PDT

Created attachment 279995 [details]
patch

Comment 6 Filip Pizlo 2016-05-27 14:34:21 PDT

Comment on attachment 279995 [details]
patch

lol

Comment 7 WebKit Commit Bot 2016-05-27 16:40:56 PDT

Comment on attachment 279995 [details]
patch

Clearing flags on attachment: 279995

Committed r201473: <http://trac.webkit.org/changeset/201473>

Comment 8 WebKit Commit Bot 2016-05-27 16:41:01 PDT

All reviewed patches have been landed.  Closing bug.