Bug 28772 - Inspected tab craches in Chromium when there is an excpetion in user script
Summary: Inspected tab craches in Chromium when there is an excpetion in user script
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows XP
: P2 Normal
Assignee: Pavel Feldman
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-27 06:52 PDT by Yury Semikhatsky
Modified: 2009-08-27 12:41 PDT (History)
2 users (show)

See Also:


Attachments
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState. (8.97 KB, patch)
2009-08-27 07:34 PDT, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState. (8.30 KB, patch)
2009-08-27 07:39 PDT, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState. (8.89 KB, patch)
2009-08-27 07:58 PDT, Yury Semikhatsky
dglazkov: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yury Semikhatsky 2009-08-27 06:52:48 PDT
Inspected tab sometimes crashes with the following stack trace:


Thread 0 *CRASHED* (EXCEPTION_ACCESS_VIOLATION @0x00000000)

0x6516ec11	 [chrome.dll	 - api.cc:431]	 v8::Context::Enter()
0x64c8dac7	 [chrome.dll	 - scriptscope.cpp:50]	 WebCore::ScriptScope::ScriptScope(WebCore::ScriptState *,bool)
0x64c52b8f	 [chrome.dll	 - inspectorfrontend.cpp:70]	 WebCore::InspectorFrontend::newScriptObject()
0x64c5384f	 [chrome.dll	 - consolemessage.cpp:80]	 WebCore::ConsoleMessage::addToConsole(WebCore::InspectorFrontend *)
0x64b3bde5	 [chrome.dll	 - inspectorcontroller.cpp:378]	 WebCore::InspectorController::addConsoleMessage(WebCore::ScriptState *,WebCore::ConsoleMessage *)
0x64b3bd54	 [chrome.dll	 - inspectorcontroller.cpp:361]	 WebCore::InspectorController::addMessageToConsole(WebCore::MessageSource,WebCore::MessageType,WebCore::MessageLevel,WebCore::String const &,unsigned int,WebCore::String const &)
0x64b3998a	 [chrome.dll	 - console.cpp:149]	 WebCore::Console::addMessage(WebCore::MessageSource,WebCore::MessageType,WebCore::MessageLevel,WebCore::String const &,unsigned int,WebCore::String const &)
0x64c50e68	 [chrome.dll	 - v8consolemessage.cpp:62]	 WebCore::V8ConsoleMessage::dispatchNow(WebCore::Page *)
0x64c5100d	 [chrome.dll	 - v8consolemessage.cpp:125]	 WebCore::V8ConsoleMessage::handler(v8::Handle<v8::Message>,v8::Handle<v8::Value>)
0x651a85a0	 [chrome.dll	 - messages.cc:140]	 v8::internal::MessageHandler::ReportMessage(v8::internal::MessageLocation *,v8::internal::Handle<v8::internal::Object>)
0x6518c93b	 [chrome.dll	 - top.cc:821]	 v8::internal::Top::ReportPendingMessages()
0x651a8c93	 [chrome.dll	 - compiler.cc:283]	 v8::internal::Compiler::Compile(v8::internal::Handle<v8::internal::String>,v8::internal::Handle<v8::internal::Object>,int,int,v8::Extension *,v8::internal::ScriptDataImpl *)
0x6516df1a	 [chrome.dll	 - api.cc:1096]	 v8::Script::Compile(v8::Handle<v8::String>,v8::ScriptOrigin *,v8::ScriptData *)
0x64b37821	 [chrome.dll	 - v8proxy.cpp:249]	 WebCore::V8Proxy::compileScript(v8::Handle<v8::String>,WebCore::String const &,int)
0x64b37acc	 [chrome.dll	 - v8proxy.cpp:347]	 WebCore::V8Proxy::evaluate(WebCore::ScriptSourceCode const &,WebCore::Node *)
0x64c50cd3	 [chrome.dll	 - v8isolatedworld.cpp:73]	 WebCore::V8IsolatedWorld::evaluate(WTF::Vector<WebCore::ScriptSourceCode,0> const &,WebCore::V8Proxy *,int)
0x64acae6f	 [chrome.dll	 - webframe_impl.cc:1606]	 WebFrameImpl::ExecuteScriptInNewWorld(WebKit::WebScriptSource const *,int,int)
0x64eaa56a	 [chrome.dll	 - user_script_slave.cc:165]	 UserScriptSlave::InjectScripts(WebFrame *,UserScript::RunLocation)
0x64eb3bdf	 [chrome.dll	 - render_view.cc:1403]	 RenderView::DidFinishDocumentLoadForFrame(WebView *,WebFrame *)
0x64ad481f	 [chrome.dll	 - webframeloaderclient_impl.cc:330]	 WebFrameLoaderClient::dispatchDidFinishDocumentLoad()
0x6542d95f	 [chrome.dll	 + 0x0097d95f]	
0x64afe914	 [chrome.dll	 - document.cpp:3926]	 WebCore::Document::finishedParsing()
0x64d06774	 [chrome.dll	 - htmlparser.cpp:1633]	 WebCore::HTMLParser::finished()
0x64c5fd41	 [chrome.dll	 - htmltokenizer.cpp:1846]	 WebCore::HTMLTokenizer::end()
0x64c5fbe7	 [chrome.dll	 - htmltokenizer.cpp:1790]	 WebCore::HTMLTokenizer::write(WebCore::SegmentedString const &,bool)
0x64c60409	 [chrome.dll	 - htmltokenizer.cpp:2053]	 WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource *)
0x64cde6d2	 [chrome.dll	 - cachedscript.cpp:55]	 WebCore::CachedScript::didAddClient(WebCore::CachedResourceClient *)
0x64c1f757	 [chrome.dll	 - cachedresource.cpp:353]	 WebCore::CachedResource::switchClientsToRevalidatedResource()
0x64c2b5d3	 [chrome.dll	 - cache.cpp:222]	 WebCore::Cache::revalidationSucceeded(WebCore::CachedResource *,WebCore::ResourceResponse const &)
0x64c2ebcd	 [chrome.dll	 - loader.cpp:454]	 WebCore::Loader::Host::didReceiveResponse(WebCore::SubresourceLoader *,WebCore::ResourceResponse const &)
0x64cf59e8	 [chrome.dll	 - subresourceloader.cpp:137]	 WebCore::SubresourceLoader::didReceiveResponse(WebCore::ResourceResponse const &)
0x64c71d6a	 [chrome.dll	 - resourceloader.cpp:392]	 WebCore::ResourceLoader::didReceiveResponse(WebCore::ResourceHandle *,WebCore::ResourceResponse const &)
0x64d3d246	 [chrome.dll	 - resourcehandle.cpp:124]	 WebCore::ResourceHandleInternal::didReceiveResponse(WebKit::WebURLLoader *,WebKit::WebURLResponse const &)
0x65072aea	 [chrome.dll	 - weburlloader_impl.cc:416]	 webkit_glue::WebURLLoaderImpl::Context::OnReceivedResponse(webkit_glue::ResourceLoaderBridge::ResponseInfo const &,bool)
0x65052663	 [chrome.dll	 - resource_dispatcher.cc:346]	 ResourceDispatcher::OnReceivedResponse(int,ResourceResponseHead const &)
0x650537e0	 [chrome.dll	 - ipc_message_utils.h:963]	 IPC::MessageWithTuple<Tuple2<int,ResourceResponseHead> >::Dispatch<ResourceDispatcher,void ( ResourceDispatcher::*)(int,ResourceResponseHead const &)>(IPC::Message const *,ResourceDispatcher *,void ( ResourceDispatcher::*)(int,ResourceResponseHead const &))
0x65052b82	 [chrome.dll	 - resource_dispatcher.cc:508]	 ResourceDispatcher::DispatchMessageW(IPC::Message const &)
0x6505252a	 [chrome.dll	 - resource_dispatcher.cc:292]	 ResourceDispatcher::OnMessageReceived(IPC::Message const &)
0x65050979	 [chrome.dll	 - child_thread.cc:98]	 ChildThread::OnMessageReceived(IPC::Message const &)
0x64de0c1d	 [chrome.dll	 - ipc_channel_proxy.cc:184]	 IPC::ChannelProxy::Context::OnRemoveFilter(IPC::ChannelProxy::MessageFilter *)
0x64e982aa	 [chrome.dll	 - message_pump_default.cc:50]	 base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x64e87aee	 [chrome.dll	 - message_loop.cc:199]	 MessageLoop::RunInternal()
0x64e87ab7	 [chrome.dll	 - message_loop.cc:181]	 MessageLoop::RunHandler()
0x64e87a5a	 [chrome.dll	 - message_loop.cc:155]	 MessageLoop::Run()
0x64ea40b2	 [chrome.dll	 - renderer_main.cc:148]	 RendererMain(MainFunctionParams const &)
0x64ab36f9	 [chrome.dll	 - chrome_dll_main.cc:505]	 ChromeMain
0x01192bb0	 [chrome.exe	 - google_update_client.cc:96]	 google_update::GoogleUpdateClient::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,wchar_t *,char const *,int *)
0x01192fe2	 [chrome.exe	 - chrome_exe_main.cc:94]	 wWinMain
Thread 1



Related Chromium bug: http://code.google.com/p/chromium/issues/detail?id=20393
Comment 1 Yury Semikhatsky 2009-08-27 06:56:44 PDT
The crash happens because of recent change in V8Proxy::context(Frame*) behavior (https://bugs.webkit.org/show_bug.cgi?id=27701). V8Proxy::context(Frame*) now tries to get entered V8IsolatedWorld and compare its frame with the frame passed as parameter to V8Proxy::context. In case of web inspector the latter frame is always Page's main frame which means that the comparison will fail for all iframes.
Comment 2 Yury Semikhatsky 2009-08-27 07:34:15 PDT
Created attachment 38668 [details]
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState.
Comment 3 Yury Semikhatsky 2009-08-27 07:39:22 PDT
Created attachment 38669 [details]
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState.
Comment 4 Pavel Feldman 2009-08-27 07:49:41 PDT
> +    ScriptState* scriptState = frame->page()->inspectorController()->frontendScriptState();

I do not see this accessor in the InspectorController.

Rest looks good.
Comment 5 Yury Semikhatsky 2009-08-27 07:58:19 PDT
Created attachment 38670 [details]
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState.

Added missing InspectorController.h
Comment 6 Dimitri Glazkov (Google) 2009-08-27 08:26:18 PDT
Comment on attachment 38670 [details]
Retrieve inspector frontend ScriptState from InspectorController. Keep explicit handle to the v8::Context in ScriptState.

> +
> +        Need a short description and bug URL (OOPS!)

Probably didn't mean to leave this one in.

r=me.

This makes ScriptQuarantinedObject inspector-specific, but that's ok.
Comment 7 Pavel Feldman 2009-08-27 08:31:54 PDT
I'd like to land this myself in coordination with the Chromium build cycle.
Comment 8 Pavel Feldman 2009-08-27 12:41:05 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ...
	M	WebCore/ChangeLog
	M	WebCore/bindings/v8/ScriptController.cpp
	M	WebCore/bindings/v8/ScriptController.h
	M	WebCore/bindings/v8/ScriptObjectQuarantine.cpp
	M	WebCore/bindings/v8/ScriptScope.cpp
	M	WebCore/bindings/v8/ScriptState.cpp
	M	WebCore/bindings/v8/ScriptState.h
	M	WebCore/bindings/v8/ScriptValue.h
	M	WebCore/inspector/InspectorController.h
Committed r47831