Bug 28772

Summary:

Inspected tab craches in Chromium when there is an excpetion in user script

Product:

WebKit

Reporter:

Yury Semikhatsky <yurys>

Component:

WebCore JavaScript

Assignee:

Pavel Feldman <pfeldman>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

dglazkov, pfeldman

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

Windows XP

Attachments:

Description	Flags
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState.	none
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState.	none
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState.	dglazkov: review+

Yury Semikhatsky

Reported 2009-08-27 06:52:48 PDT

Inspected tab sometimes crashes with the following stack trace: Thread 0 *CRASHED* (EXCEPTION_ACCESS_VIOLATION @0x00000000) 0x6516ec11 [chrome.dll - api.cc:431] v8::Context::Enter() 0x64c8dac7 [chrome.dll - scriptscope.cpp:50] WebCore::ScriptScope::ScriptScope(WebCore::ScriptState *,bool) 0x64c52b8f [chrome.dll - inspectorfrontend.cpp:70] WebCore::InspectorFrontend::newScriptObject() 0x64c5384f [chrome.dll - consolemessage.cpp:80] WebCore::ConsoleMessage::addToConsole(WebCore::InspectorFrontend *) 0x64b3bde5 [chrome.dll - inspectorcontroller.cpp:378] WebCore::InspectorController::addConsoleMessage(WebCore::ScriptState *,WebCore::ConsoleMessage *) 0x64b3bd54 [chrome.dll - inspectorcontroller.cpp:361] WebCore::InspectorController::addMessageToConsole(WebCore::MessageSource,WebCore::MessageType,WebCore::MessageLevel,WebCore::String const &,unsigned int,WebCore::String const &) 0x64b3998a [chrome.dll - console.cpp:149] WebCore::Console::addMessage(WebCore::MessageSource,WebCore::MessageType,WebCore::MessageLevel,WebCore::String const &,unsigned int,WebCore::String const &) 0x64c50e68 [chrome.dll - v8consolemessage.cpp:62] WebCore::V8ConsoleMessage::dispatchNow(WebCore::Page *) 0x64c5100d [chrome.dll - v8consolemessage.cpp:125] WebCore::V8ConsoleMessage::handler(v8::Handle<v8::Message>,v8::Handle<v8::Value>) 0x651a85a0 [chrome.dll - messages.cc:140] v8::internal::MessageHandler::ReportMessage(v8::internal::MessageLocation *,v8::internal::Handle<v8::internal::Object>) 0x6518c93b [chrome.dll - top.cc:821] v8::internal::Top::ReportPendingMessages() 0x651a8c93 [chrome.dll - compiler.cc:283] v8::internal::Compiler::Compile(v8::internal::Handle<v8::internal::String>,v8::internal::Handle<v8::internal::Object>,int,int,v8::Extension *,v8::internal::ScriptDataImpl *) 0x6516df1a [chrome.dll - api.cc:1096] v8::Script::Compile(v8::Handle<v8::String>,v8::ScriptOrigin *,v8::ScriptData *) 0x64b37821 [chrome.dll - v8proxy.cpp:249] WebCore::V8Proxy::compileScript(v8::Handle<v8::String>,WebCore::String const &,int) 0x64b37acc [chrome.dll - v8proxy.cpp:347] WebCore::V8Proxy::evaluate(WebCore::ScriptSourceCode const &,WebCore::Node *) 0x64c50cd3 [chrome.dll - v8isolatedworld.cpp:73] WebCore::V8IsolatedWorld::evaluate(WTF::Vector<WebCore::ScriptSourceCode,0> const &,WebCore::V8Proxy *,int) 0x64acae6f [chrome.dll - webframe_impl.cc:1606] WebFrameImpl::ExecuteScriptInNewWorld(WebKit::WebScriptSource const *,int,int) 0x64eaa56a [chrome.dll - user_script_slave.cc:165] UserScriptSlave::InjectScripts(WebFrame *,UserScript::RunLocation) 0x64eb3bdf [chrome.dll - render_view.cc:1403] RenderView::DidFinishDocumentLoadForFrame(WebView *,WebFrame *) 0x64ad481f [chrome.dll - webframeloaderclient_impl.cc:330] WebFrameLoaderClient::dispatchDidFinishDocumentLoad() 0x6542d95f [chrome.dll + 0x0097d95f] 0x64afe914 [chrome.dll - document.cpp:3926] WebCore::Document::finishedParsing() 0x64d06774 [chrome.dll - htmlparser.cpp:1633] WebCore::HTMLParser::finished() 0x64c5fd41 [chrome.dll - htmltokenizer.cpp:1846] WebCore::HTMLTokenizer::end() 0x64c5fbe7 [chrome.dll - htmltokenizer.cpp:1790] WebCore::HTMLTokenizer::write(WebCore::SegmentedString const &,bool) 0x64c60409 [chrome.dll - htmltokenizer.cpp:2053] WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource *) 0x64cde6d2 [chrome.dll - cachedscript.cpp:55] WebCore::CachedScript::didAddClient(WebCore::CachedResourceClient *) 0x64c1f757 [chrome.dll - cachedresource.cpp:353] WebCore::CachedResource::switchClientsToRevalidatedResource() 0x64c2b5d3 [chrome.dll - cache.cpp:222] WebCore::Cache::revalidationSucceeded(WebCore::CachedResource *,WebCore::ResourceResponse const &) 0x64c2ebcd [chrome.dll - loader.cpp:454] WebCore::Loader::Host::didReceiveResponse(WebCore::SubresourceLoader *,WebCore::ResourceResponse const &) 0x64cf59e8 [chrome.dll - subresourceloader.cpp:137] WebCore::SubresourceLoader::didReceiveResponse(WebCore::ResourceResponse const &) 0x64c71d6a [chrome.dll - resourceloader.cpp:392] WebCore::ResourceLoader::didReceiveResponse(WebCore::ResourceHandle *,WebCore::ResourceResponse const &) 0x64d3d246 [chrome.dll - resourcehandle.cpp:124] WebCore::ResourceHandleInternal::didReceiveResponse(WebKit::WebURLLoader *,WebKit::WebURLResponse const &) 0x65072aea [chrome.dll - weburlloader_impl.cc:416] webkit_glue::WebURLLoaderImpl::Context::OnReceivedResponse(webkit_glue::ResourceLoaderBridge::ResponseInfo const &,bool) 0x65052663 [chrome.dll - resource_dispatcher.cc:346] ResourceDispatcher::OnReceivedResponse(int,ResourceResponseHead const &) 0x650537e0 [chrome.dll - ipc_message_utils.h:963] IPC::MessageWithTuple<Tuple2<int,ResourceResponseHead> >::Dispatch<ResourceDispatcher,void ( ResourceDispatcher::*)(int,ResourceResponseHead const &)>(IPC::Message const *,ResourceDispatcher *,void ( ResourceDispatcher::*)(int,ResourceResponseHead const &)) 0x65052b82 [chrome.dll - resource_dispatcher.cc:508] ResourceDispatcher::DispatchMessageW(IPC::Message const &) 0x6505252a [chrome.dll - resource_dispatcher.cc:292] ResourceDispatcher::OnMessageReceived(IPC::Message const &) 0x65050979 [chrome.dll - child_thread.cc:98] ChildThread::OnMessageReceived(IPC::Message const &) 0x64de0c1d [chrome.dll - ipc_channel_proxy.cc:184] IPC::ChannelProxy::Context::OnRemoveFilter(IPC::ChannelProxy::MessageFilter *) 0x64e982aa [chrome.dll - message_pump_default.cc:50] base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x64e87aee [chrome.dll - message_loop.cc:199] MessageLoop::RunInternal() 0x64e87ab7 [chrome.dll - message_loop.cc:181] MessageLoop::RunHandler() 0x64e87a5a [chrome.dll - message_loop.cc:155] MessageLoop::Run() 0x64ea40b2 [chrome.dll - renderer_main.cc:148] RendererMain(MainFunctionParams const &) 0x64ab36f9 [chrome.dll - chrome_dll_main.cc:505] ChromeMain 0x01192bb0 [chrome.exe - google_update_client.cc:96] google_update::GoogleUpdateClient::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,wchar_t *,char const *,int *) 0x01192fe2 [chrome.exe - chrome_exe_main.cc:94] wWinMain Thread 1 Related Chromium bug: http://code.google.com/p/chromium/issues/detail?id=20393

Attachments
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState. (8.97 KB, patch) 2009-08-27 07:34 PDT, Yury Semikhatsky	no flags	Details Formatted Diff Diff
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState. (8.30 KB, patch) 2009-08-27 07:39 PDT, Yury Semikhatsky	no flags	Details Formatted Diff Diff
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState. (8.89 KB, patch) 2009-08-27 07:58 PDT, Yury Semikhatsky	dglazkov: review+	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Yury Semikhatsky

Comment 1 2009-08-27 06:56:44 PDT

The crash happens because of recent change in V8Proxy::context(Frame*) behavior (https://bugs.webkit.org/show_bug.cgi?id=27701). V8Proxy::context(Frame*) now tries to get entered V8IsolatedWorld and compare its frame with the frame passed as parameter to V8Proxy::context. In case of web inspector the latter frame is always Page's main frame which means that the comparison will fail for all iframes.

Yury Semikhatsky

Comment 2 2009-08-27 07:34:15 PDT

Created attachment 38668 [details] Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState.

Yury Semikhatsky

Comment 3 2009-08-27 07:39:22 PDT

Created attachment 38669 [details] Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState.

Pavel Feldman

Comment 4 2009-08-27 07:49:41 PDT

> + ScriptState* scriptState = frame->page()->inspectorController()->frontendScriptState(); I do not see this accessor in the InspectorController. Rest looks good.

Yury Semikhatsky

Comment 5 2009-08-27 07:58:19 PDT

Created attachment 38670 [details] Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState. Added missing InspectorController.h

Dimitri Glazkov (Google)

Comment 6 2009-08-27 08:26:18 PDT

Comment on attachment 38670 [details] Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState. > + > + Need a short description and bug URL (OOPS!) Probably didn't mean to leave this one in. r=me. This makes ScriptQuarantinedObject inspector-specific, but that's ok.

Pavel Feldman

Comment 7 2009-08-27 08:31:54 PDT

I'd like to land this myself in coordination with the Chromium build cycle.

Pavel Feldman

Comment 8 2009-08-27 12:41:05 PDT

Committing to http://svn.webkit.org/repository/webkit/trunk ... M WebCore/ChangeLog M WebCore/bindings/v8/ScriptController.cpp M WebCore/bindings/v8/ScriptController.h M WebCore/bindings/v8/ScriptObjectQuarantine.cpp M WebCore/bindings/v8/ScriptScope.cpp M WebCore/bindings/v8/ScriptState.cpp M WebCore/bindings/v8/ScriptState.h M WebCore/bindings/v8/ScriptValue.h M WebCore/inspector/InspectorController.h Committed r47831

Note You need to log in before you can comment on or make changes to this bug.