154403 – ASSERT on SES selftest page when loading the page while WebInspector is open in debug builds

RESOLVED DUPLICATE of bug 152294 154403

ASSERT on SES selftest page when loading the page while WebInspector is open in debug builds

https://bugs.webkit.org/show_bug.cgi?id=154403

Summary ASSERT on SES selftest page when loading the page while WebInspector is open ...

Chris Dumez

Reported 2016-02-18 11:31:00 PST

Crash on SES selftest page when loading the page while WebInspector is open in debug builds: https://rawgit.com/tvcutsem/es-lab/master/src/ses/contract.html Trace: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Note: EXC_CORPSE_NOTIFY VM Regions Near 0xbbadbeef: --> __TEXT 000000010f456000-000000010f458000 [ 8K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: Bundle controller class: BrowserBundleController Process Model: Multiple Web Processes Global Trace Buffer (reverse chronological seconds): 88.533547 CFNetwork 0x00007fff8f681d29 Explicitly setting CF cookie storage singleton 88.533865 CFNetwork 0x00007fff8f6b8621 Explicitly setting cookie storage singleton Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000011399e487 WTFCrash + 39 (Assertions.cpp:322) 1 com.apple.JavaScriptCore 0x00000001133097f7 Inspector::InjectedScriptBase::makeCall(Deprecated::ScriptFunctionCall&, WTF::RefPtr<Inspector::InspectorValue>*) + 183 (InjectedScriptBase.cpp:98) 2 com.apple.JavaScriptCore 0x0000000113305a0d Inspector::InjectedScript::getDisplayableProperties(WTF::String&, WTF::String const&, bool, WTF::RefPtr<Inspector::Protocol::Array<Inspector::Protocol::Runtime::PropertyDescriptor> >*) + 253 (InjectedScript.cpp:136) 3 com.apple.JavaScriptCore 0x000000011339d9cb Inspector::InspectorRuntimeAgent::getDisplayableProperties(WTF::String&, WTF::String const&, bool const*, WTF::RefPtr<Inspector::Protocol::Array<Inspector::Protocol::Runtime::PropertyDescriptor> >&, WTF::RefPtr<Inspector::Protocol::Array<Inspector::Protocol::Runtime::InternalPropertyDescriptor> >&) + 283 (InspectorRuntimeAgent.cpp:192) 4 com.apple.JavaScriptCore 0x000000011339daba non-virtual thunk to Inspector::InspectorRuntimeAgent::getDisplayableProperties(WTF::String&, WTF::String const&, bool const*, WTF::RefPtr<Inspector::Protocol::Array<Inspector::Protocol::Runtime::PropertyDescriptor> >&, WTF::RefPtr<Inspector::Protocol::Array<Inspector::Protocol::Runtime::InternalPropertyDescriptor> >&) + 90 (InspectorRuntimeAgent.cpp:180) 5 com.apple.JavaScriptCore 0x000000011334887e Inspector::RuntimeBackendDispatcher::getDisplayableProperties(long, WTF::RefPtr<Inspector::InspectorObject>&&) + 718 (InspectorBackendDispatchers.cpp:5154) 6 com.apple.JavaScriptCore 0x0000000113346476 Inspector::RuntimeBackendDispatcher::dispatch(long, WTF::String const&, WTF::Ref<Inspector::InspectorObject>&&) + 886 (InspectorBackendDispatchers.cpp:4970) 7 com.apple.JavaScriptCore 0x0000000113317950 Inspector::BackendDispatcher::dispatch(WTF::String const&) + 2000 (InspectorBackendDispatcher.cpp:181) 8 com.apple.WebCore 0x000000011698651f WebCore::InspectorController::dispatchMessageFromFrontend(WTF::String const&) + 47 (InspectorController.cpp:386) 9 com.apple.WebKit 0x000000010fc07243 WebKit::WebInspector::sendMessageToBackend(WTF::String const&) + 83 (WebInspector.cpp:252) 10 com.apple.WebKit 0x000000010fc1435f void IPC::callMemberFunctionImpl<WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&), std::__1::tuple<WTF::String>, 0ul>(WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&), std::__1::tuple<WTF::String>&&, std::index_sequence<0ul>) + 159 (HandleMessage.h:17) 11 com.apple.WebKit 0x000000010fc142b8 void IPC::callMemberFunction<WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&), std::__1::tuple<WTF::String>, std::make_index_sequence<1ul> >(std::__1::tuple<WTF::String>&&, WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&)) + 88 (HandleMessage.h:23) 12 com.apple.WebKit 0x000000010fc13ed0 void IPC::handleMessage<Messages::WebInspector::SendMessageToBackend, WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&)>(IPC::MessageDecoder&, WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&)) + 240 (HandleMessage.h:93) 13 com.apple.WebKit 0x000000010fc1339a WebKit::WebInspector::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 1306 (WebInspectorMessageReceiver.cpp:77) 14 com.apple.WebKit 0x000000010fc13407 non-virtual thunk to WebKit::WebInspector::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 55 (WebInspectorMessageReceiver.cpp:37) 15 com.apple.WebKit 0x000000010f5174d3 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:892) 16 com.apple.WebKit 0x000000010f50e351 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 785 (Connection.cpp:924) 17 com.apple.WebKit 0x000000010f517acf IPC::Connection::dispatchOneMessage() + 1519 (Connection.cpp:953) 18 com.apple.WebKit 0x000000010f528e3d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:886) 19 com.apple.WebKit 0x000000010f528e0d void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:441) 20 com.apple.WebKit 0x000000010f528c5c std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 44 (functional:1407) 21 com.apple.JavaScriptCore 0x00000001132e2cda std::__1::function<void ()>::operator()() const + 26 (functional:1793) 22 com.apple.JavaScriptCore 0x00000001139e8272 WTF::RunLoop::performWork() + 306 (RunLoop.cpp:106) 23 com.apple.JavaScriptCore 0x00000001139e8a94 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 24 com.apple.CoreFoundation 0x00007fff985275c1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 25 com.apple.CoreFoundation 0x00007fff9851941c __CFRunLoopDoSources0 + 556 26 com.apple.CoreFoundation 0x00007fff9851893f __CFRunLoopRun + 927 27 com.apple.CoreFoundation 0x00007fff98518338 CFRunLoopRunSpecific + 296 28 com.apple.HIToolbox 0x00007fff9a7e4935 RunCurrentEventLoopInMode + 235 29 com.apple.HIToolbox 0x00007fff9a7e476f ReceiveNextEventCommon + 432 30 com.apple.HIToolbox 0x00007fff9a7e45af _BlockUntilNextEventMatchingListInModeWithFilter + 71 31 com.apple.AppKit 0x00007fff938cd0ee _DPSNextEvent + 1067 32 com.apple.AppKit 0x00007fff93c99943 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454 33 com.apple.WebCore 0x000000011631542a WebCore::EventLoop::cycle() + 138 (EventLoopMac.mm:34) 34 com.apple.WebCore 0x00000001174d2611 WebCore::PageScriptDebugServer::runEventLoopWhilePausedInternal() + 97 (PageScriptDebugServer.cpp:116) 35 com.apple.WebCore 0x00000001174d25a5 WebCore::PageScriptDebugServer::runEventLoopWhilePaused() + 21 (PageScriptDebugServer.cpp:109) 36 com.apple.JavaScriptCore 0x00000001137dde14 Inspector::ScriptDebugServer::handlePause(JSC::JSGlobalObject*, JSC::Debugger::ReasonForPause) + 116 (ScriptDebugServer.cpp:317) 37 com.apple.JavaScriptCore 0x0000000112dc62fd JSC::Debugger::pauseIfNeeded(JSC::ExecState*) + 637 (Debugger.cpp:660) 38 com.apple.JavaScriptCore 0x0000000112dc65bc JSC::Debugger::updateCallFrameAndPauseIfNeeded(JSC::ExecState*) + 60 (Debugger.cpp:612) 39 com.apple.JavaScriptCore 0x0000000112dc6a54 JSC::Debugger::didReachBreakpoint(JSC::ExecState*) + 100 (Debugger.cpp:767) 40 com.apple.JavaScriptCore 0x00000001133ae20b JSC::Interpreter::debug(JSC::ExecState*, JSC::DebugHookID) + 347 (Interpreter.cpp:1366) 41 com.apple.JavaScriptCore 0x00000001135ea25b llint_slow_path_debug + 123 (LLIntSlowPaths.cpp:1379) 42 com.apple.JavaScriptCore 0x00000001135f4ec4 llint_entry + 29472 43 com.apple.JavaScriptCore 0x00000001135f4471 llint_entry + 26829 44 com.apple.JavaScriptCore 0x00000001135f4471 llint_entry + 26829 45 com.apple.JavaScriptCore 0x00000001135f4471 llint_entry + 26829 46 com.apple.JavaScriptCore 0x00000001135f4471 llint_entry + 26829 47 com.apple.JavaScriptCore 0x00000001135f4471 llint_entry + 26829 48 com.apple.JavaScriptCore 0x00000001135ed98e vmEntryToJavaScript + 334 49 com.apple.JavaScriptCore 0x000000011340e6fa JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 218 (JITCode.cpp:80) 50 com.apple.JavaScriptCore 0x00000001133ac7b6 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4518 (Interpreter.cpp:972) 51 com.apple.JavaScriptCore 0x0000000112d97b60 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 480 (Completion.cpp:105) 52 com.apple.JavaScriptCore 0x0000000112d97c9e JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 94 (Completion.cpp:120) 53 com.apple.WebCore 0x00000001179b8beb WebCore::JSMainThreadExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 75 (JSMainThreadExecState.h:80) 54 com.apple.WebCore 0x00000001179b6766 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 326 (ScriptController.cpp:164) 55 com.apple.WebCore 0x00000001179b68cc WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ExceptionDetails*) + 76 (ScriptController.cpp:180) 56 com.apple.WebCore 0x00000001179c5ccb WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 491 (ScriptElement.cpp:314) 57 com.apple.WebCore 0x00000001179c4bb3 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1731 (ScriptElement.cpp:245) 58 com.apple.WebCore 0x0000000116711f2c WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 364 (HTMLScriptRunner.cpp:304) 59 com.apple.WebCore 0x0000000116711d3a WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 138 (HTMLScriptRunner.cpp:177) 60 com.apple.WebCore 0x0000000116638021 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 289 (HTMLDocumentParser.cpp:195) 61 com.apple.WebCore 0x0000000116638131 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 177 (HTMLDocumentParser.cpp:214) 62 com.apple.WebCore 0x000000011663749f WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 399 (HTMLDocumentParser.cpp:252) 63 com.apple.WebCore 0x00000001166370ce WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) + 174 (HTMLDocumentParser.cpp:167) 64 com.apple.WebCore 0x000000011663914f WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() + 383 (HTMLDocumentParser.cpp:488) 65 com.apple.WebCore 0x0000000116639557 WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 327 (HTMLDocumentParser.cpp:528) 66 com.apple.WebCore 0x000000011663959f non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 47 (HTMLDocumentParser.cpp:512) 67 com.apple.WebCore 0x0000000115ca7212 WebCore::CachedResource::checkNotify() + 130 (CachedResource.cpp:295) 68 com.apple.WebCore 0x0000000115ca7321 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) + 49 (CachedResource.cpp:313) 69 com.apple.WebCore 0x0000000115cc802e WebCore::CachedScript::finishLoading(WebCore::SharedBuffer*) + 126 (CachedScript.cpp:117) 70 com.apple.WebCore 0x0000000117c9ea54 WebCore::SubresourceLoader::didFinishLoading(double) + 532 (SubresourceLoader.cpp:386) 71 com.apple.WebKit 0x000000010fea6687 WebKit::WebResourceLoader::didFinishResourceLoad(double) + 151 (WebResourceLoader.cpp:154) 72 com.apple.WebKit 0x000000010feabbf3 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) + 163 (HandleMessage.h:17) 73 com.apple.WebKit 0x000000010feabb48 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 88 (HandleMessage.h:23) 74 com.apple.WebKit 0x000000010feaac62 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 226 (HandleMessage.h:93) 75 com.apple.WebKit 0x000000010feaa3dc WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 636 (WebResourceLoaderMessageReceiver.cpp:66) 76 com.apple.WebKit 0x000000010f8638b0 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 160 (NetworkProcessConnection.cpp:60) 77 com.apple.WebKit 0x000000010f5174d3 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:892) 78 com.apple.WebKit 0x000000010f50e351 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 785 (Connection.cpp:924) 79 com.apple.WebKit 0x000000010f517acf IPC::Connection::dispatchOneMessage() + 1519 (Connection.cpp:953) 80 com.apple.WebKit 0x000000010f528e3d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:886) 81 com.apple.WebKit 0x000000010f528e0d void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:441) 82 com.apple.WebKit 0x000000010f528c5c std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 44 (functional:1407) 83 com.apple.JavaScriptCore 0x00000001132e2cda std::__1::function<void ()>::operator()() const + 26 (functional:1793) 84 com.apple.JavaScriptCore 0x00000001139e83ad WTF::RunLoop::performWork() + 621 (RunLoop.cpp:123) 85 com.apple.JavaScriptCore 0x00000001139e8a94 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 86 com.apple.CoreFoundation 0x00007fff985275c1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 87 com.apple.CoreFoundation 0x00007fff9851941c __CFRunLoopDoSources0 + 556 88 com.apple.CoreFoundation 0x00007fff9851893f __CFRunLoopRun + 927 89 com.apple.CoreFoundation 0x00007fff98518338 CFRunLoopRunSpecific + 296 90 com.apple.HIToolbox 0x00007fff9a7e4935 RunCurrentEventLoopInMode + 235 91 com.apple.HIToolbox 0x00007fff9a7e476f ReceiveNextEventCommon + 432 92 com.apple.HIToolbox 0x00007fff9a7e45af _BlockUntilNextEventMatchingListInModeWithFilter + 71 93 com.apple.AppKit 0x00007fff938cd0ee _DPSNextEvent + 1067 94 com.apple.AppKit 0x00007fff93c99943 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454 95 com.apple.AppKit 0x00007fff938c2fc8 -[NSApplication run] + 682 96 com.apple.AppKit 0x00007fff93845520 NSApplicationMain + 1176 97 libxpc.dylib 0x00007fff99fcbf6c _xpc_objc_main + 793 98 libxpc.dylib 0x00007fff99fcd6bb xpc_main + 494 99 com.apple.WebKit.WebContent.Development 0x000000010f457110 main + 800 (XPCServiceMain.mm:114) 100 libdyld.dylib 0x00007fff97aed5ad start + 1

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2016-02-18 11:31:45 PST

<rdar://problem/24724611>

Joseph Pecoraro

Comment 2 2016-02-18 11:36:54 PST

This is an ASSERT that InjectedScriptSource did not throw an exception, but it did. We've seen this in the past if pages override builtin things (like `Set`).

Timothy Hatcher

Comment 3 2016-02-18 11:38:04 PST

Dupe to bug 152294?

Chris Dumez

Comment 4 2016-02-18 11:45:27 PST

file:///Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/WebInspectorUI.framework/Resources/Views/ScopeChainDetailsSidebarPanel.js:183:27: CONSOLE ERROR file:///Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/WebInspectorUI.framework/Resources/Views/ScopeChainDetailsSidebarPanel.js:183:27: CONSOLE ERROR file:///Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/WebInspectorUI.framework/Resources/Views/ScopeChainDetailsSidebarPanel.js:183:27: CONSOLE ERROR CONSOLE LOG Cannot convert null or undefined to object : contract.html line 217 cajaVM.confine(exprSrc, {fakeUrl: cfakeUrl, nested: cnested}, { sourceUrl: 'data:,' + encodeURIComponent(exprSrc) }); file:///Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/WebInspectorUI.framework/Resources/Models/GarbageCollection.js:32:23: CONSOLE ERROR

Joseph Pecoraro

Comment 5 2016-02-18 11:59:49 PST

This exception is thrown by user code. It seems like the page's code overrides `Object.prototype.__proto__`. InjectedScript, traversing the prototype chain using __proto__, encounters an error it doesn't expect caused by this code throwing. Here is where the TypeError is defined: > /** > * Repairs both getter and setter. If either are vulnerable, I don't > * care if the other seemed to pass the test. Better to make them > * both safe. > */ > function repair_UNDERBAR_PROTO_accessors_USE_GLOBAL() { > var gopd = Object.getOwnPropertyDescriptor; > > var oldDesc = gopd(Object.prototype, '__proto__'); > var oldGetter = oldDesc.get; > var oldSetter = oldDesc.set; > function newGetter() { > if (this === null || this === void 0) { > throw new TypeError('Cannot convert null or undefined to object'); > } else { > return oldGetter.call(this); > } > } > function newSetter(newProto) { > if (this === null || this === void 0) { > throw new TypeError('Cannot convert null or undefined to object'); > } else { > oldSetter.call(this, newProto); > } > } > Object.defineProperty(Object.prototype, '__proto__', { > get: oldGetter ? newGetter : void 0, > set: oldSetter ? newSetter : void 0 > }); > } And here is code that exercises it with a description (there is code exercising the getter and setter) > /** > * Detects https://bugs.webkit.org/show_bug.cgi?id=141865 > * > * <p>On Safari 7.0.5 (9537.77.4), the getter of the > * Object.prototype.__proto__ property, if applied to undefined, > * acts like a sloppy function would, coercing the undefined to the > * global object and returning the global object's [[Prototype]]. > */ > function test_UNDERBAR_PROTO_GETTER_USES_GLOBAL() { > var gopd = Object.getOwnPropertyDescriptor; > var getProto = Object.getPrototypeOf; > > var desc = gopd(Object.prototype, '__proto__'); > if (!desc) { return false; } > var getter = desc.get; > if (!getter) { return false; } > var globalProto = void 0; > try { > globalProto = getter(); > } catch (ex) { > if (ex instanceof TypeError && globalProto === void 0) { > return false; > } > return 'unexpected error: ' + ex; > } > if (getProto(global) === globalProto) { return true; } > return 'unexpected global.__proto__: ' + globalProto; > } That said, I did not investigate what code in InjectedScriptSource encounters this. I do think moving InjectedScriptSource to a builtin, and using @Object.@getPrototypeOf() instead of __proto__ would probably solve this.

Timothy Hatcher

Comment 6 2016-02-18 12:27:23 PST

*** This bug has been marked as a duplicate of bug 152294 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 152294

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Web Inspector

Assignee

Nobody

Reported

2016-02-18 11:31 PST

Modified

2016-02-18 12:27 PST History

CC List

7 users Show

URL

https://rawgit.com/tvcutsem/es-lab/master/src/ses/contract.html

Keywords InRadar

Depends on

Blocks