RESOLVED FIXED 127508
REGRESSION: crash when evaluating JavaScript expression in breakpoint action
https://bugs.webkit.org/show_bug.cgi?id=127508
Summary REGRESSION: crash when evaluating JavaScript expression in breakpoint action
Blaze Burg
Reported 2014-01-23 13:30:10 PST
Steps to reproduce: 1. Set a breakpoint in the linked page, on tetris.js:95. 2. Edit the breakpoint and add the action "Evaluate Scritp" with expression = "e" (or anything) 3. Press a key in the game This will crash inside ScriptDebugServer::evaluateBreakpointAction(), in the call to evaluate the expression. This seems to be a recent regression; perhaps the call frame is getting stale somehow. This blocks further upstreaming of probes backend and UI, since it leaves no way to test probes functionality (which evaluates expressions using the same evaluation code).
Attachments
stack trace and dump (64.36 KB, application/octet-stream)
2014-01-24 12:19 PST, Blaze Burg
no flags
Radar WebKit Bug Importer
Comment 1 2014-01-23 13:34:51 PST
Timothy Hatcher
Comment 2 2014-01-23 19:41:52 PST
Is it because the action is throwing an exception?
Blaze Burg
Comment 3 2014-01-24 09:55:26 PST
As far as I can tell, no. Even evaluating a local variable causes it to crash for me. Could you try to reproduce?
Blaze Burg
Comment 4 2014-01-24 12:19:27 PST
Created attachment 222136 [details] stack trace and dump
Mark Lam
Comment 5 2014-01-24 18:59:10 PST
I've reproduced the issue. There 2 issues at play here: 1. When I enter the expression "e" into the "Evaluate Script" text box, I see auto completion which suggested that "else" as the text that I might want to enter. I click outside the text box, and this rejects the auto complete suggestion as far as what is shown to me. However, later on, when I press a key and trigger the breakpoint, the expression gets passed to DebuggerCallFrame::evaluateWithCallFrame() to be evaluated. There, I see that the script string passed in is "else", not "e". That means the inspector UI lied when it told me that the script to eval is "e". Given this bad script, … 2. DebuggerCallFrame::evaluateWithCallFrame() fails to create an executable for it. An exception is thrown. However, DebuggerCallFrame::evaluateWithCallFrame() clears the exception in the VM, and proceeds to attempt to execute the null executable. This results in a crash. I've filed <https://webkit.org/b/127600> to track the second issue. I'll leave this bug to track the Inspector UI issue.
Mark Lam
Comment 6 2014-01-24 19:13:57 PST
<https://webkit.org/b/127600> has been fixed, and I no longer see any crash with the steps provided in this bug. If you're still seeing a crash, please let me know the new steps to reproduce it. Thanks.
Timothy Hatcher
Comment 7 2014-01-24 21:08:03 PST
Lets file a new bug about the editor confusion.
Note You need to log in before you can comment on or make changes to this bug.