124078 – Web Inspector: Crash when closing the Inspector while debugging an exception inside a breakpoint condition.

RESOLVED FIXED Bug 124078

Web Inspector: Crash when closing the Inspector while debugging an exception inside a breakpoint condition.

https://bugs.webkit.org/show_bug.cgi?id=124078

Summary Web Inspector: Crash when closing the Inspector while debugging an exception ...

Alexandru Chiculita

Reported 2013-11-08 15:53:31 PST

1. Add a condition that throws an exception. 2. Wait until the debugger stops on the condition. 3. Close the inspector. More details in comment 8 from in https://bugs.webkit.org/show_bug.cgi?id=124065#c8 . Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000001135b6590 JSC::Register::jsValue() const + 16 (Register.h:118) 1 com.apple.JavaScriptCore 0x00000001135bb335 JSC::Register::scope() const + 21 (JSScope.h:229) 2 com.apple.JavaScriptCore 0x00000001135bb295 JSC::ExecState::scope() const + 37 (CallFrame.h:49) 3 com.apple.JavaScriptCore 0x00000001135b51c9 JSC::ExecState::vm() const + 25 (JSScope.h:234) 4 com.apple.JavaScriptCore 0x00000001135cd425 JSC::ExecState::interpreter() + 21 (CallFrame.h:82) 5 com.apple.JavaScriptCore 0x00000001138a57d1 JSC::Interpreter::ErrorHandlingMode::ErrorHandlingMode(JSC::ExecState*) + 33 (Interpreter.cpp:91) 6 com.apple.JavaScriptCore 0x00000001138a579d JSC::Interpreter::ErrorHandlingMode::ErrorHandlingMode(JSC::ExecState*) + 29 (Interpreter.cpp:96) 7 com.apple.WebCore 0x00000001156a2be7 WebCore::reportException(JSC::ExecState*, JSC::JSValue, WebCore::CachedScript*) + 71 (JSDOMBinding.cpp:151) 8 com.apple.WebCore 0x00000001160c9bb2 WebCore::ScriptDebugServer::hasBreakpoint(long, WTF::TextPosition const&, WebCore::ScriptBreakpoint*) const + 962 (ScriptDebugServer.cpp:207) 9 com.apple.WebCore 0x00000001160ca0f5 WebCore::ScriptDebugServer::pauseIfNeeded(JSC::ExecState*) + 261 (ScriptDebugServer.cpp:512) 10 com.apple.WebCore 0x00000001160caefc WebCore::ScriptDebugServer::updateCallFrameAndPauseIfNeeded(JSC::ExecState*) + 60 (ScriptDebugServer.cpp:492) 11 com.apple.WebCore 0x00000001160caf9f WebCore::ScriptDebugServer::atStatement(JSC::ExecState*) + 47 (ScriptDebugServer.cpp:555) 12 com.apple.JavaScriptCore 0x00000001138aacfe JSC::Interpreter::debug(JSC::ExecState*, JSC::DebugHookID) + 190 (Interpreter.cpp:1267) 13 com.apple.JavaScriptCore 0x0000000113a09b2b llint_slow_path_debug + 123 (LLIntSlowPaths.cpp:1274) 14 com.apple.JavaScriptCore 0x0000000113a11a42 llint_op_debug + 50 15 com.apple.JavaScriptCore 0x00000001138c64ed JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 61 (JITCode.cpp:49) 16 com.apple.JavaScriptCore 0x00000001138a9c5f JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1455 (Interpreter.cpp:958) 17 com.apple.JavaScriptCore 0x000000011362612e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 (CallData.cpp:39) 18 com.apple.WebCore 0x000000011561390b WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 91 (JSMainThreadExecState.h:53) 19 com.apple.WebCore 0x000000011574eaef WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1199 (JSEventListener.cpp:132) 20 com.apple.WebCore 0x000000011509da41 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 721 (EventTarget.cpp:285) 21 com.apple.WebCore 0x000000011509d38e WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 334 (EventTarget.cpp:232) 22 com.apple.WebCore 0x0000000115c7e2fc WebCore::Node::handleLocalEvents(WebCore::Event&) + 156 (Node.cpp:1958) 23 com.apple.WebCore 0x0000000115071dd1 WebCore::EventContext::handleLocalEvents(WebCore::Event&) const + 177 (EventContext.cpp:55) 24 com.apple.WebCore 0x00000001150720e7 WebCore::MouseOrFocusEventContext::handleLocalEvents(WebCore::Event&) const + 343 (EventContext.cpp:87) 25 com.apple.WebCore 0x0000000115073314 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&, WebCore::WindowEventContext&) + 356 (EventDispatcher.cpp:276) 26 com.apple.WebCore 0x0000000115072e60 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 800 (EventDispatcher.cpp:331) 27 com.apple.WebCore 0x0000000115c7e37d WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 45 (Node.cpp:1972) 28 com.apple.WebCore 0x000000011504a074 WebCore::Element::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Element*) + 484 (Element.cpp:239) 29 com.apple.WebCore 0x00000001150815c4 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 212 (EventHandler.cpp:2341) 30 com.apple.WebCore 0x0000000115083a92 WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 1282 (EventHandler.cpp:1900) 31 com.apple.WebCore 0x00000001150922e8 WebCore::EventHandler::passMouseReleaseEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 120 (EventHandlerMac.mm:659) 32 com.apple.WebCore 0x000000011508392d WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 925 (EventHandler.cpp:1893) 33 com.apple.WebKit2 0x0000000112163912 WebKit::handleMouseEvent(WebKit::WebMouseEvent const&, WebKit::WebPage*, bool) + 322 (WebPage.cpp:1579) 34 com.apple.WebKit2 0x0000000112163767 WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) + 711 (WebPage.cpp:1623) 35 com.apple.WebKit2 0x00000001121bfc87 void CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&), WebKit::WebMouseEvent>(std::__1::tuple<WebKit::WebMouseEvent>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) + 151 (HandleMessage.h:21) 36 com.apple.WebKit2 0x00000001121adca6 void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) + 182 (HandleMessage.h:375) 37 com.apple.WebKit2 0x00000001121a7d97 WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 1447 (WebPageMessageReceiver.cpp:120) 38 com.apple.WebKit2 0x00000001121680f9 WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 537 (WebPage.cpp:3073) 39 com.apple.WebKit2 0x0000000112168147 non-virtual thunk to WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 55 (WebPage.cpp:3073) 40 com.apple.WebKit2 0x0000000111e5c040 CoreIPC::MessageReceiverMap::dispatchMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 496 (MessageReceiverMap.cpp:87) 41 com.apple.WebKit2 0x000000011229809a WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 58 (WebProcess.cpp:636) 42 com.apple.WebKit2 0x0000000111d92643 CoreIPC::Connection::dispatchMessage(CoreIPC::MessageDecoder&) + 51 (Connection.cpp:789) 43 com.apple.WebKit2 0x0000000111d8acf0 CoreIPC::Connection::dispatchMessage(std::__1::unique_ptr<CoreIPC::MessageDecoder, std::__1::default_delete<CoreIPC::MessageDecoder> >) + 368 (Connection.cpp:809) 44 com.apple.WebKit2 0x0000000111d923d1 CoreIPC::Connection::dispatchOneMessage() + 1377 (Connection.cpp:835) 45 com.apple.WebKit2 0x0000000111d9ed52 WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator()(CoreIPC::Connection*) + 114 (Functional.h:218) 46 com.apple.WebKit2 0x0000000111d9ecd5 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() + 53 (Functional.h:496) 47 com.apple.WebKit2 0x0000000111da67f2 WTF::Function<void ()>::operator()() const + 114 (Functional.h:704) 48 com.apple.WebKit2 0x0000000111da676c std::__1::__function::__func<WTF::Function<void ()>, std::__1::allocator<WTF::Function<void ()> >, void ()>::operator()() + 60 (functional:1059) 49 com.apple.WebCore 0x00000001160a3d5a std::__1::function<void ()>::operator()() const + 26 (functional:1435) 50 com.apple.WebCore 0x00000001160a38f4 WebCore::RunLoop::performWork() + 276 (RunLoop.cpp:106) 51 com.apple.WebCore 0x00000001160a4f24 WebCore::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 52 com.apple.CoreFoundation 0x00007fff94d208f1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 53 com.apple.CoreFoundation 0x00007fff94d12062 __CFRunLoopDoSources0 + 242 54 com.apple.CoreFoundation 0x00007fff94d117ef __CFRunLoopRun + 831 55 com.apple.CoreFoundation 0x00007fff94d11275 CFRunLoopRunSpecific + 309 56 com.apple.HIToolbox 0x00007fff92e5bf0d RunCurrentEventLoopInMode + 226 57 com.apple.HIToolbox 0x00007fff92e5bcb7 ReceiveNextEventCommon + 479 58 com.apple.HIToolbox 0x00007fff92e5babc _BlockUntilNextEventMatchingListInModeWithFilter + 65 59 com.apple.AppKit 0x00007fff98b2f28e _DPSNextEvent + 1434 60 com.apple.AppKit 0x00007fff98b2e8db -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122 61 com.apple.AppKit 0x00007fff98b229cc -[NSApplication run] + 553 62 com.apple.AppKit 0x00007fff98b0d803 NSApplicationMain + 940 63 com.apple.XPCService 0x00007fff948d3c0f _xpc_main + 385 64 libxpc.dylib 0x00007fff91082b2e xpc_main + 399 65 com.apple.WebKit.WebContent.Development 0x000000010c011375 main + 37 66 libdyld.dylib 0x00007fff98a425fd start + 1

Attachments
Test case - Breakpoint actions (1.89 KB, text/html) 2013-11-08 18:26 PST, Alexandru Chiculita	no flags	Details
Patch V1 (29.60 KB, patch) 2013-11-11 16:03 PST, Alexandru Chiculita	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2013-11-08 15:54:01 PST

<rdar://problem/15429298>

Alexandru Chiculita

Comment 2 2013-11-08 16:58:52 PST

Breakpoint actions have the same issue. Just that they hit an assert instead, because there's already a callframe on the stack when it tries to debug the exception that happens while handling the breakpoint action. It might be better to just disable this use-case and disable the uncaught exceptions handler while executing breakpoint conditions and actions. Otherwise we have to make the Debugger:m_currentDebuggerCallFrame use a stack instead. 1 0x115ea7d40 WTFCrash 2 0x11590c25a JSC::DebuggerCallFrameScope::DebuggerCallFrameScope(JSC::Debugger&) 3 0x1158fe10d JSC::DebuggerCallFrameScope::DebuggerCallFrameScope(JSC::Debugger&) 4 0x1158fc233 JSC::Debugger::pauseIfNeeded(JSC::ExecState*) 5 0x1158fc54c JSC::Debugger::updateCallFrameAndPauseIfNeeded(JSC::ExecState*) 6 0x1158fc627 JSC::Debugger::exception(JSC::ExecState*, JSC::JSValue, bool) 7 0x115b1f72c JSC::Interpreter::unwind(JSC::ExecState*&, JSC::JSValue&) 8 0x115b4035d JSC::genericUnwind(JSC::VM*, JSC::ExecState*, JSC::JSValue) 9 0x115c8150a llint_slow_path_handle_exception 10 0x115c876fb llint_throw_from_slow_path_trampoline

Alexandru Chiculita

Comment 3 2013-11-08 18:26:18 PST

Created attachment 216473 [details] Test case - Breakpoint actions Test case for actions. Copy the file into LayoutTests/inspector-protocol/debugger/ and run it with the test runner.

Alexandru Chiculita

Comment 4 2013-11-11 16:03:06 PST

Created attachment 216619 [details] Patch V1

Joseph Pecoraro

Comment 5 2013-11-11 17:00:54 PST

Comment on attachment 216619 [details] Patch V1 View in context: https://bugs.webkit.org/attachment.cgi?id=216619&action=review r=me, nice! > LayoutTests/inspector-protocol/debugger/breakpoint-action-with-exception.html:47 > + function completeTest() > + { > + // Reset the pauseOnException state before ending the test. > + InspectorTest.sendCommand("Debugger.setPauseOnExceptions", {state: "none"}); > + InspectorTest.completeTest(); > + } Ideally DumpRenderTree could enforce a clean slate before running each test. But this is good for now.

WebKit Commit Bot

Comment 6 2013-11-11 17:27:56 PST

Comment on attachment 216619 [details] Patch V1 Rejecting attachment 216619 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.appspot.com', '--bot-id=webkit-cq-03', 'land-attachment', '--force-clean', '--non-interactive', '--parent-command=commit-queue', 216619, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Last 500 characters of output: -> origin/master Partial-rebuilding .git/svn/refs/remotes/origin/master/.rev_map.268f45cc-cd09-0410-ab3c-d52691b4dbfc ... Currently at 159083 = 2dfecd17d522cd531fc8061985e3c75f3c18c0e7 r159084 = d34c02cc29ee6b7ebf683ad19525ee74c7906abe r159088 = 6f9ac118a7d0e00fb62c7ba6c44ea0137c6cf5ce Done rebuilding .git/svn/refs/remotes/origin/master/.rev_map.268f45cc-cd09-0410-ab3c-d52691b4dbfc First, rewinding head to replay your work on top of it... Fast-forwarded master to refs/remotes/origin/master. Full output: http://webkit-queues.appspot.com/results/22908509

WebKit Commit Bot

Comment 7 2013-11-12 07:39:47 PST

Comment on attachment 216619 [details] Patch V1 Clearing flags on attachment: 216619 Committed r159110: <http://trac.webkit.org/changeset/159110>

WebKit Commit Bot

Comment 8 2013-11-12 07:39:49 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component Web Inspector

Assignee

Alexandru Chiculita

Reported

2013-11-08 15:53 PST

Modified

2013-11-12 07:39 PST History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks