Bug 32554 - Create injected script instance per inspected frame context
Summary: Create injected script instance per inspected frame context
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (Deprecated) (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Yury Semikhatsky
URL:
Keywords:
Depends on: 32920 33016 33469 33523
Blocks: 31587
  Show dependency treegraph
 
Reported: 2009-12-15 05:42 PST by Yury Semikhatsky
Modified: 2010-01-23 02:15 PST (History)
7 users (show)

See Also:


Attachments
initial patch (70.56 KB, patch)
2009-12-28 12:04 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (65.12 KB, patch)
2009-12-30 05:48 PST, Yury Semikhatsky
abarth: review-
Details | Formatted Diff | Diff
patch (65.34 KB, patch)
2010-01-08 01:56 PST, Yury Semikhatsky
abarth: review-
Details | Formatted Diff | Diff
patch (65.24 KB, patch)
2010-01-11 02:31 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (65.28 KB, patch)
2010-01-11 02:39 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (65.27 KB, patch)
2010-01-11 02:54 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (55.61 KB, patch)
2010-01-12 06:29 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (57.11 KB, patch)
2010-01-13 04:35 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (78.72 KB, patch)
2010-01-14 09:52 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (78.25 KB, patch)
2010-01-14 09:59 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (82.67 KB, patch)
2010-01-18 01:38 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (82.47 KB, patch)
2010-01-18 02:06 PST, Yury Semikhatsky
pfeldman: review+
Details | Formatted Diff | Diff
patch (93.69 KB, patch)
2010-01-20 08:37 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (91.14 KB, patch)
2010-01-20 09:11 PST, Yury Semikhatsky
levin: review-
Details | Formatted Diff | Diff
patch (91.71 KB, patch)
2010-01-20 13:24 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
Diff between the two latest patches (2.22 KB, patch)
2010-01-20 13:28 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (3.29 KB, patch)
2010-01-21 08:28 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (1.38 KB, patch)
2010-01-21 13:55 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (1.33 KB, patch)
2010-01-21 14:08 PST, Yury Semikhatsky
no flags Details | Formatted Diff | Diff
patch (93.34 KB, patch)
2010-01-22 05:08 PST, Yury Semikhatsky
pfeldman: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yury Semikhatsky 2009-12-15 05:42:54 PST
Currently there is one InjectedScript instance per inspected page which means that it has access to all frames contents. This may lead to security problems. To protect against them WebKit uses quaranined objects, Chromium currently has utility context which basically has the same proviledges as the main frame in the page. Would much better to have each InjectedScript instance access exactly one frame and send all data in serialized form to the frontend by means of InjectedScriptHost.

This should allow inspecting iframes from different domains and should make it possible to get rid of quarantined objects since all the communication with the inspected frame would be serialized:
Inspected Frame <--> InjectedScript -->o-- InjectedScriptHost --> InspectorFrontend
(all the messages between InjectedScript and InjectedScriptHost should be serialized).
Comment 1 Yury Semikhatsky 2009-12-28 12:04:38 PST
Created attachment 45566 [details]
initial patch

The idea of the change is to compile all JavaScript routines(InjectedScript) required by the Web Inspector directly in the context of the inspected frame. The only interface for the InjectedScript to talk to the inspector is InjectedScriptHost. All the data passed to and received from the InjectedScript are supposed to be serialized. We cannot rely on window.JSON object from the inspected context as the object may have been modified by the inspected script. In the patch I'm using custom JSON serializer but I'm going to employ SerializedScriptValue for serializing the data. Serializing all messages and having separate InjectedScript instance per inspected context allows to get rid of object quarantines.

InjectedScript instance is cached on the inspected context. To avoid cluttering inspected global object, reference to InjectedScript is stored as a property of JSDOMGlobalObject in case of JSC and as a hidden property on the context's global object in case of V8.

There are two major types of operations that require InjectedScript instance:
1) DOM Tree and CSS styles inspection.
2) Inspection of JS objects including evaluation results, objects written to console and call stack variables.
In the first case we can find frame to which inspected DOM node belongs and use InjectedScript from that frame. To handle the latter case each InjectedScript object is assigned unique id. This id is stored as a part of corresponding object proxies so that when inspector frontend needs to access the InjectedScript it can find the InjectedScript instance by that id. So each action that is supposed to be executed by InjectedScript is accompanied with either DOM Node id or InjectedSript id.

There is one persistent reference to InjectedScript JS object from native part of the inspector that is mapping from id to InjectedScript. The mapping is cleared on Page navigation.

This patch should be broken down into several smaller pieces but I think as a whole it gives a better understanding on the change.
Comment 2 Yury Semikhatsky 2009-12-30 05:48:46 PST
Created attachment 45659 [details]
patch
Comment 3 WebKit Review Bot 2009-12-30 05:50:20 PST
Attachment 45659 [details] did not pass style-queue:

Failed to run "WebKitTools/Scripts/check-webkit-style" exit_code: 1
Last 3072 characters of output:
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:50:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:51:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:52:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:57:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:58:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:59:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:62:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:63:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:64:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:67:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:68:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:69:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:70:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:71:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:72:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:73:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:74:  Weird number of spaces at line-start.  Are you using a 4-space indent?  [whitespace/indent] [3]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:206:  One line control clauses should not use braces.  [whitespace/braces] [4]
WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp:204:  An else statement can be removed when the prior "if" concludes with a return, break, continue or goto statement.  [readability/control_flow] [4]
Total errors found: 20
Comment 4 Adam Barth 2009-12-30 17:29:12 PST
Comment on attachment 45659 [details]
patch

Would you be willing to fix the style nits?
Comment 5 Yury Semikhatsky 2010-01-08 01:56:45 PST
Created attachment 46120 [details]
patch

Fixed style errors.
Comment 6 Adam Barth 2010-01-08 23:15:54 PST
Comment on attachment 46120 [details]
patch

No ChangeLog.

This code is fantastically complicated but there are no tests!  How will we avoid breaking this in the future?

 82     v8::Handle<v8::Context> utilityContext = scriptState->context();
 83     v8::Context::Scope contextScope(utilityContext);

It's important to use local handles in v8::Context::Scope.  Is scriptState->context() a local handle?  The risk is the persistent handle might be disposed while this context is still on the stack -> disaster.

 1380   var backslashesRe = /\\["\\\/bfnrtu]/g;
 1381   var simpleValuesRe =
 1382       /"[^"\\\n\r\u2028\u2029\x00-\x08\x10-\x1f\x80-\x9f]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g;
 1383   var openBracketsRe = /(?:^|:|,)(?:[\s\u2028\u2029]*\[)+/g;
 1384   var remainderRe = /^[\],:{}\s\u2028\u2029]*$/;

Why aren't we using the native JSON parser?

I have no idea whether the rest is correct, but hopefully we have other folks who can review it.  R- for no ChangeLog.

I'm concerned about the lack of tests in this area.
Comment 7 Adam Barth 2010-01-08 23:18:33 PST
For the DOM and CSS properties, you can just use the isolated worlds mechanism.  That will give you a safe context from which to examine the page.  Of course, you won't be able to see the JS objects.
Comment 8 Adam Barth 2010-01-08 23:20:19 PST
w.r.t. worrying about the page overwriting window.JSON, doesn't the utility context have a native JSON object?  Why can't we just use that?

This patch is very, very complicated.  Why can't we just use an isolated world with an "unsafeWindow" property that points to the raw global object of the inspected page?  From there you can crawl the JavaScript objects.
Comment 9 Pavel Feldman 2010-01-09 01:25:00 PST
(In reply to comment #6)

> This code is fantastically complicated but there are no tests!  How will we
> avoid breaking this in the future?

Some inspector tests are using injected scripts. If they continue working fine after the migration from quarantines to the injected scripts, we should be fine from the inspector standpoint. There is also a test on cross-domain style inspection that is currently failing, but should start passing after the patch. We probably should include it into this patch.

It does not look fantastically complicated to me, but I am well aware of the context. What parts confuse you? We should make clear it reads well for everybody.

> Why aren't we using the native JSON parser?

When standard JSON stringifier finds toJSON property on an object, it uses it instead of its own generic implementation. Libraries such as prototype add this property to all the objects out there, hence confusing the stringifier. The goal here is to prevent page from affecting the serialization. Of course, page is always capable of adding stuff to the prototype (i.e. add properties or define getters/setters), but we will sanitize and process only the stuff we understand. (InjectedScript is primarily about dom inspection)

> I have no idea whether the rest is correct, but hopefully we have other folks
> who can review it.  R- for no ChangeLog.

I'll do the inspector-related review. We will need someone to validate the JSC part as well.

(In reply to comment #7)
> For the DOM and CSS properties, you can just use the isolated worlds mechanism.
>  That will give you a safe context from which to examine the page.  Of course,
> you won't be able to see the JS objects.

DOM inspection implies inspection of the node properties, including JS ones.

(In reply to comment #8)
> w.r.t. worrying about the page overwriting window.JSON, doesn't the utility
> context have a native JSON object?  Why can't we just use that?
> 

I think I covered it above. It is not JSON we worry about, it is toJSON.

> This patch is very, very complicated.  Why can't we just use an isolated world
> with an "unsafeWindow" property that points to the raw global object of the
> inspected page?  From there you can crawl the JavaScript objects.

That was the original idea. But then we thought we could avoid duping the number of worlds and managing these worlds lifetime. I think what you are suggesting is not reducing the complexity, but is increasing it. What part of the patch would is remove? ScriptObject-related part we need for not diverging inspector implementation, JSON-related part is needed for pushing information further into the frontend entity.
Comment 10 Adam Barth 2010-01-09 01:52:28 PST
> It does not look fantastically complicated to me, but I am well aware of the
> context. What parts confuse you? We should make clear it reads well for
> everybody.

There's a lot of direct manipulation of V8 in strange ways.  For example, you seems to be grabbing the global object out of one context and using it as the global object for a script compiled into another context.  More over, you don't actually grab the global object from the first context, you bypass the proxy object to get at the "inner" window.  That's all super subtle stuff.

For example, what do the security checks do when they see a context like this?  They're used to figuring out the DOMWindow from a normally arranged context (e.g., with a WindowProxy object).  What does the other code do that assumes it can find the inner window by looking at the Global()->GetPrototype()? 

You have a bunch of locations where you're grabbing a v8::Handle and sticking it in a V8::Context:Scope.  You need to always using a v8::Local for that purpose otherwise you risk memory corruption if your v8:: Persistent gets Disposed.

At one point in the patch, you've got a weak reference to a V8 object that's involved in manually twiddling the refcounts on a WebCore object.  Does that mean we can enter WebCore destructors during GC?  Do we let that happen elsewhere?

> I'll do the inspector-related review. We will need someone to validate the JSC
> part as well.

If you're confident in reviewing this patch, then that's good enough for me.  This stuff is just complicated.  It's taken a long time to beat the bugs out of the normal way of doing all this stuff, and that gets hammered on by the web and has an entire suite of tests.

> DOM inspection implies inspection of the node properties, including JS ones.

Ok.  You're more familiar with the needs of the inspector than I am.

> That was the original idea. But then we thought we could avoid duping the
> number of worlds and managing these worlds lifetime.

I don't understand what you mean here.  Don't you have to manage the lifetime of the utility context?

> I think what you are
> suggesting is not reducing the complexity, but is increasing it. What part of
> the patch would is remove?

All the magical bits about that create a context that got half another context spliced into it.  All the call sites to compile and execute script.

I don't know that what I'm suggesting is the right approach.  It's just scary to me that we're going to create all these exotic V8 objects and situations.
Comment 11 Pavel Feldman 2010-01-09 02:36:13 PST
(In reply to comment #10)

> There's a lot of direct manipulation of V8 in strange ways.  For example, you
> seems to be grabbing the global object out of one context and using it as the
> global object for a script compiled into another context. 

There are no additional contexts, it is just the naming and comments that make it confusing.

> +    // Create utility context. At the moment we inject the script directly into the inspected context.
> +    v8::Handle<v8::Context> utilityContext = scriptState->context();

I'll make sure to mention it in review.
Comment 12 Yury Semikhatsky 2010-01-11 02:28:36 PST
(In reply to comment #6)
> (From update of attachment 46120 [details])
> No ChangeLog.
>
There is no ChangeLog entry since I'm going to break this patch down into a few smaller ones so that they don't break Chromium build. However, I wanted to show the whole change first to get feedback on it.

>  82     v8::Handle<v8::Context> utilityContext = scriptState->context();
>  83     v8::Context::Scope contextScope(utilityContext);
> 
> It's important to use local handles in v8::Context::Scope.  Is
> scriptState->context() a local handle?  The risk is the persistent handle might
> be disposed while this context is still on the stack -> disaster.
>
In general that is true but in this particular case we know that the context will exist while the scriptState exists. In the method body no specific properties of Local handle are used so I preferred to use just Handle. But you are right to make the code more clear I will change Handle to Local where appropriate.


>  1380   var backslashesRe = /\\["\\\/bfnrtu]/g;
>  1381   var simpleValuesRe =
>  1382      
> /"[^"\\\n\r\u2028\u2029\x00-\x08\x10-\x1f\x80-\x9f]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g;
>  1383   var openBracketsRe = /(?:^|:|,)(?:[\s\u2028\u2029]*\[)+/g;
>  1384   var remainderRe = /^[\],:{}\s\u2028\u2029]*$/;
> 
> Why aren't we using the native JSON parser?
> 
Pavel already commented this, we need to protect inspectors code against custom toJSON methods and against modified window.JSON object. 


(In reply to comment #8)
> w.r.t. worrying about the page overwriting window.JSON, doesn't the utility
> context have a native JSON object?  Why can't we just use that?
> 
There are no additional contexts any longer. All the code is compiled right in the inspected context. And it uses the same global object. The variables naming is misleading, it remained from the previous Chromium implementation. I'll rename them.


(In reply to comment #10)
> There's a lot of direct manipulation of V8 in strange ways.  For example, you
> seems to be grabbing the global object out of one context and using it as the
> global object for a script compiled into another context.  More over, you don't
> actually grab the global object from the first context, you bypass the proxy
> object to get at the "inner" window.  That's all super subtle stuff.
> 
There is no additional context, utilityContext is just the same instance as the inspected context and the injected script is compiled in that context and with its global object. We bypass the proxy object to store reference to the InjectedScript object on its prototype so that it is collected along with the prototype on Page navigation.

> For example, what do the security checks do when they see a context like this? 
> They're used to figuring out the DOMWindow from a normally arranged context
> (e.g., with a WindowProxy object).  What does the other code do that assumes it
> can find the inner window by looking at the Global()->GetPrototype()? 
>
We use the prototype only for referencing the InjectedScript instance. In the all other places the proxy object is used.

 
> You have a bunch of locations where you're grabbing a v8::Handle and sticking
> it in a V8::Context:Scope.  You need to always using a v8::Local for that
> purpose otherwise you risk memory corruption if your v8:: Persistent gets
> Disposed.
> 
Done.

> At one point in the patch, you've got a weak reference to a V8 object that's
> involved in manually twiddling the refcounts on a WebCore object.  Does that
> mean we can enter WebCore destructors during GC?
Yes, that's correct. 

> Do we let that happen elsewhere?
>
V8 bindings do that. We couldn't reuse that implementation because we had to create V8 wrappers in the utility context while the bindings code always expects the context to be a window context. Now that we inject the script directly into the inspected context it should be possible to create it using the generic v8 bindings facilities.

> > That was the original idea. But then we thought we could avoid duping the
> > number of worlds and managing these worlds lifetime.
> 
> I don't understand what you mean here.  Don't you have to manage the lifetime
> of the utility context?
> 
We need to manage only lifetime of the InjectedScript instance. We store it as a hidden property on the global proxy prototype so that it's automatically collected by GC when the prototype is collected.
Comment 13 Yury Semikhatsky 2010-01-11 02:31:44 PST
Created attachment 46264 [details]
patch
Comment 14 WebKit Review Bot 2010-01-11 02:33:16 PST
Attachment 46264 [details] did not pass style-queue:

Failed to run "WebKitTools/Scripts/check-webkit-style" exit_code: 1
WebCore/inspector/InspectorController.cpp:1845:  One line control clauses should not use braces.  [whitespace/braces] [4]
Total errors found: 1
Comment 15 Yury Semikhatsky 2010-01-11 02:39:34 PST
Created attachment 46265 [details]
patch

Renamed utilityContext to inspectedContext, changed Handle to Local.
Comment 16 WebKit Review Bot 2010-01-11 02:45:35 PST
Attachment 46265 [details] did not pass style-queue:

Failed to run "WebKitTools/Scripts/check-webkit-style" exit_code: 1
WebCore/inspector/InspectorController.cpp:1845:  One line control clauses should not use braces.  [whitespace/braces] [4]
Total errors found: 1
Comment 17 Yury Semikhatsky 2010-01-11 02:54:41 PST
Created attachment 46266 [details]
patch

Fixed style error.
Comment 18 Yury Semikhatsky 2010-01-12 06:29:09 PST
Created attachment 46368 [details]
patch
Comment 19 Yury Semikhatsky 2010-01-13 04:35:09 PST
Created attachment 46444 [details]
patch

Replaced goog.json implementation with http://www.json.org/json2.js
Comment 20 Timothy Hatcher 2010-01-13 04:48:45 PST
Comment on attachment 46444 [details]
patch

We don't need json2.js. We have native JSON in JSC and V8. We should use it.
Comment 21 Timothy Hatcher 2010-01-13 04:51:04 PST
Is that the only option if we need to ignore toJSON? Maybe we need an extension (argument) to JSON.stringify that ignores it.
Comment 22 Yury Semikhatsky 2010-01-13 04:57:52 PST
(In reply to comment #21)
> Is that the only option if we need to ignore toJSON? Maybe we need an extension
> (argument) to JSON.stringify that ignores it.

I'd like to switch to SerializedScriptValue instead of JSON when v8 implementation of it is landed so I view this as a temporary measure. Having an argument in JSON.stringify that would allow to make the serializer ignore toJSON methods would solve the problem but it would require adding non-standard argument and also there is still a chance the application has modified JSON.serialize.
Comment 23 Timothy Hatcher 2010-01-13 05:01:10 PST
OK. Please file a bug about removing json2.js and the desire to use SerializedScriptValue.
Comment 24 Yury Semikhatsky 2010-01-13 05:14:00 PST
(In reply to comment #23)
> OK. Please file a bug about removing json2.js and the desire to use
> SerializedScriptValue.

Done. Bug 32554.
Comment 25 Pavel Feldman 2010-01-13 05:37:36 PST
Change was big, I commented on it using http://codereview.chromium.org/542055.
Comment 26 Yury Semikhatsky 2010-01-14 09:52:03 PST
Created attachment 46578 [details]
patch
Comment 27 Yury Semikhatsky 2010-01-14 09:52:56 PST
(In reply to comment #25)
> Change was big, I commented on it using http://codereview.chromium.org/542055.

Addressed all the comments.
Comment 28 Yury Semikhatsky 2010-01-14 09:59:11 PST
Created attachment 46579 [details]
patch
Comment 29 Pavel Feldman 2010-01-14 11:05:39 PST
Posted review comments at http://codereview.chromium.org/542055:

http://codereview.chromium.org/542055/diff/4001/5013
File inspector/InjectedScriptHost.cpp (right):

http://codereview.chromium.org/542055/diff/4001/5013#newcode183
inspector/InjectedScriptHost.cpp:183: ScriptObject injectedScript =
m_idToInjectedScript.get(injectedScriptId);
check for 0 - it is asynchronous.

http://codereview.chromium.org/542055/diff/4001/5025
File inspector/InspectorBackend.cpp (right):

http://codereview.chromium.org/542055/diff/4001/5025#newcode272
inspector/InspectorBackend.cpp:272: bool injectedScriptIdIsNodeId =
injectedScriptId <= 0;
FIXME?

http://codereview.chromium.org/542055/diff/4001/5014
File inspector/InspectorController.cpp (right):

http://codereview.chromium.org/542055/diff/4001/5014#newcode1867
inspector/InspectorController.cpp:1867: ASSERT(false);
you hit this due to async nature of stuff too.

http://codereview.chromium.org/542055/diff/4001/5011
File inspector/InspectorFrontend.cpp (right):

http://codereview.chromium.org/542055/diff/4001/5011#newcode108
inspector/InspectorFrontend.cpp:108: ScriptFunctionCall
wrapFunction(scriptState, injectedScript, "wrapAndStringifyObject");
I really don't like double-json.

http://codereview.chromium.org/542055/diff/4001/5022
File inspector/InspectorFrontend.h (right):

http://codereview.chromium.org/542055/diff/4001/5022#newcode62
inspector/InspectorFrontend.h:62: ScriptArray newScriptArray();
We should enforce typing here and introduce FrontendArray/Object so that
inspected objects don't get into malicious context.

http://codereview.chromium.org/542055/diff/4001/5032
File inspector/front-end/ConsoleView.js (right):

http://codereview.chromium.org/542055/diff/4001/5032#newcode540
inspector/front-end/ConsoleView.js:540:
InjectedScriptAccess.pushNodeToFrontend(object.injectedScriptId, object,
printNode);
InjectedScriptAccess has too many parameters in calls already. I think we
should
use following notation instead:

InjectedScriptAccess.get(object.injectedScriptId).pushNodeToFrontend(object,
printNode); That way you don't force clients to have injected script id as the
first argument of the method.

http://codereview.chromium.org/542055/diff/4001/5039
File inspector/front-end/Database.js (right):

http://codereview.chromium.org/542055/diff/4001/5039#newcode98
inspector/front-end/Database.js:98: InjectedScriptAccess.executeSql(0 /* For
now
use main frame injected script. */, this._id, query, callback);
FIXME?

http://codereview.chromium.org/542055/diff/4001/5038
File inspector/front-end/ElementsPanel.js (right):

http://codereview.chromium.org/542055/diff/4001/5038#newcode239
inspector/front-end/ElementsPanel.js:239: InjectedScriptAccess.nodeByPath(0 /*
main frame injected script id */, this._selectedPathOnReset,
selectLastSelectedNode.bind(this));
InjectedScriptAccess.getDefault() here and below.

http://codereview.chromium.org/542055/diff/4001/5020
File inspector/front-end/InjectedScript.js (right):

http://codereview.chromium.org/542055/diff/4001/5020#newcode913
inspector/front-end/InjectedScript.js:913: return "";
it was a convention - false means "i failed".

http://codereview.chromium.org/542055/diff/4001/5021
File inspector/front-end/InjectedScriptAccess.js (right):

http://codereview.chromium.org/542055/diff/4001/5021#newcode52
inspector/front-end/InjectedScriptAccess.js:52: WebInspector.log(methodName + '
' + injectedScriptId + ' ' + (typeof injectedScriptId));
remove log

http://codereview.chromium.org/542055/diff/4001/5019
File inspector/front-end/inspector.js (right):

http://codereview.chromium.org/542055/diff/4001/5019#newcode396
inspector/front-end/inspector.js:396:
InspectorBackend.setInjectedScriptSource(injectedScriptSource.join(''));
do not use single quotes.
"(" + injectedScriptConstructor + ")"

http://codereview.chromium.org/542055/diff/4001/5019#newcode1156
inspector/front-end/inspector.js:1156: callFrames = JSON.parse(callFrames);
Don't like this either.

http://codereview.chromium.org/542055/diff/4001/5019#newcode1225
inspector/front-end/inspector.js:1225:
parsedArguments.push(JSON.parse(arguments[i]));
Should not need this - FrontendObject in WebKit, dispatch via parse in Chromium
should make us safe.
Comment 30 Yury Semikhatsky 2010-01-18 01:38:23 PST
Created attachment 46801 [details]
patch

Addressed the comments.

http://codereview.chromium.org/542055/diff/4001/5013
File inspector/InjectedScriptHost.cpp (right):

http://codereview.chromium.org/542055/diff/4001/5013#newcode183
inspector/InjectedScriptHost.cpp:183: ScriptObject injectedScript =
m_idToInjectedScript.get(injectedScriptId);
On 2010/01/14 18:59:03, pfeldman wrote:
> check for 0 - it is asynchronous.

Done.

http://codereview.chromium.org/542055/diff/4001/5025
File inspector/InspectorBackend.cpp (right):

http://codereview.chromium.org/542055/diff/4001/5025#newcode272
inspector/InspectorBackend.cpp:272: bool injectedScriptIdIsNodeId =
injectedScriptId <= 0;
On 2010/01/14 18:59:03, pfeldman wrote:
> FIXME?

Done.

http://codereview.chromium.org/542055/diff/4001/5014
File inspector/InspectorController.cpp (right):

http://codereview.chromium.org/542055/diff/4001/5014#newcode1867
inspector/InspectorController.cpp:1867: ASSERT(false);
On 2010/01/14 18:59:03, pfeldman wrote:
> you hit this due to async nature of stuff too.

Done.

http://codereview.chromium.org/542055/diff/4001/5032
File inspector/front-end/ConsoleView.js (right):

http://codereview.chromium.org/542055/diff/4001/5032#newcode540
inspector/front-end/ConsoleView.js:540:
InjectedScriptAccess.pushNodeToFrontend(object.injectedScriptId, object,
printNode);
On 2010/01/14 18:59:03, pfeldman wrote:
> InjectedScriptAccess has too many parameters in calls already. I think we
should
> use following notation instead:
> 
> InjectedScriptAccess.get(object.injectedScriptId).pushNodeToFrontend(object,
> printNode); That way you don't force clients to have injected script id as the
> first argument of the method.

Done.

http://codereview.chromium.org/542055/diff/4001/5039
File inspector/front-end/Database.js (right):

http://codereview.chromium.org/542055/diff/4001/5039#newcode98
inspector/front-end/Database.js:98: InjectedScriptAccess.executeSql(0 /* For now
use main frame injected script. */, this._id, query, callback);
On 2010/01/14 18:59:03, pfeldman wrote:
> FIXME?

Done.

http://codereview.chromium.org/542055/diff/4001/5038
File inspector/front-end/ElementsPanel.js (right):

http://codereview.chromium.org/542055/diff/4001/5038#newcode239
inspector/front-end/ElementsPanel.js:239: InjectedScriptAccess.nodeByPath(0 /*
main frame injected script id */, this._selectedPathOnReset,
selectLastSelectedNode.bind(this));
On 2010/01/14 18:59:03, pfeldman wrote:
> InjectedScriptAccess.getDefault() here and below.

Done.

http://codereview.chromium.org/542055/diff/4001/5020
File inspector/front-end/InjectedScript.js (right):

http://codereview.chromium.org/542055/diff/4001/5020#newcode913
inspector/front-end/InjectedScript.js:913: return "";
On 2010/01/14 18:59:03, pfeldman wrote:
> it was a convention - false means "i failed".

Reverted. Would be nice to document this unobvious convention, otherwise it
looks like a bug.

http://codereview.chromium.org/542055/diff/4001/5021
File inspector/front-end/InjectedScriptAccess.js (right):

http://codereview.chromium.org/542055/diff/4001/5021#newcode52
inspector/front-end/InjectedScriptAccess.js:52: WebInspector.log(methodName + '
' + injectedScriptId + ' ' + (typeof injectedScriptId));
On 2010/01/14 18:59:03, pfeldman wrote:
> remove log

Done.

http://codereview.chromium.org/542055/diff/4001/5019
File inspector/front-end/inspector.js (right):

http://codereview.chromium.org/542055/diff/4001/5019#newcode396
inspector/front-end/inspector.js:396:
InspectorBackend.setInjectedScriptSource(injectedScriptSource.join(''));
On 2010/01/14 18:59:03, pfeldman wrote:
> do not use single quotes.
> "(" + injectedScriptConstructor + ")"

Done.

http://codereview.chromium.org/542055/diff/4001/5019#newcode1156
inspector/front-end/inspector.js:1156: callFrames = JSON.parse(callFrames);
On 2010/01/14 18:59:03, pfeldman wrote:
> Don't like this either.

This will disappear once we switch to SerializedScriptValue.
Comment 31 Yury Semikhatsky 2010-01-18 02:06:20 PST
Created attachment 46806 [details]
patch
Comment 32 Pavel Feldman 2010-01-18 02:20:55 PST
Comment on attachment 46806 [details]
patch

This looks right, but the change is very large. Please test it well. (Styles, databases, local stores, etc.).
Comment 33 Yury Semikhatsky 2010-01-19 06:31:34 PST
Committing to http://svn.webkit.org/repository/webkit/trunk ...
	M	LayoutTests/ChangeLog
	M	LayoutTests/inspector/styles-iframe.html
	M	WebCore/ChangeLog
	M	WebCore/bindings/js/JSInjectedScriptHostCustom.cpp
	M	WebCore/bindings/js/ScriptController.cpp
	M	WebCore/bindings/js/ScriptController.h
	M	WebCore/bindings/js/ScriptObject.h
	M	WebCore/bindings/js/ScriptValue.cpp
	M	WebCore/bindings/js/ScriptValue.h
	M	WebCore/bindings/v8/ScriptObject.h
	M	WebCore/bindings/v8/ScriptValue.h
	M	WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp
	M	WebCore/inspector/ConsoleMessage.cpp
	M	WebCore/inspector/ConsoleMessage.h
	M	WebCore/inspector/InjectedScriptHost.cpp
	M	WebCore/inspector/InjectedScriptHost.h
	M	WebCore/inspector/InjectedScriptHost.idl
	M	WebCore/inspector/InspectorBackend.cpp
	M	WebCore/inspector/InspectorBackend.h
	M	WebCore/inspector/InspectorBackend.idl
	M	WebCore/inspector/InspectorController.cpp
	M	WebCore/inspector/InspectorController.h
	M	WebCore/inspector/InspectorFrontend.cpp
	M	WebCore/inspector/InspectorFrontend.h
	M	WebCore/inspector/front-end/AuditsPanel.js
	M	WebCore/inspector/front-end/ConsoleView.js
	M	WebCore/inspector/front-end/DOMAgent.js
	M	WebCore/inspector/front-end/Database.js
	M	WebCore/inspector/front-end/ElementsPanel.js
	M	WebCore/inspector/front-end/ElementsTreeOutline.js
	M	WebCore/inspector/front-end/EventListenersSidebarPane.js
	M	WebCore/inspector/front-end/InjectedScript.js
	M	WebCore/inspector/front-end/InjectedScriptAccess.js
	M	WebCore/inspector/front-end/MetricsSidebarPane.js
	M	WebCore/inspector/front-end/ObjectPropertiesSection.js
	M	WebCore/inspector/front-end/ObjectProxy.js
	M	WebCore/inspector/front-end/PropertiesSidebarPane.js
	M	WebCore/inspector/front-end/ResourcesPanel.js
	M	WebCore/inspector/front-end/ScriptsPanel.js
	M	WebCore/inspector/front-end/StylesSidebarPane.js
	M	WebCore/inspector/front-end/WatchExpressionsSidebarPane.js
	M	WebCore/inspector/front-end/inspector.js
Committed r53467
Comment 34 Yury Semikhatsky 2010-01-19 09:01:54 PST
Reverted in r53469. Browser crashes if there are already some console messages when opening Web Inspector.
Comment 35 Yury Semikhatsky 2010-01-20 08:37:11 PST
Created attachment 47038 [details]
patch

Fixed the issue with console messages. Added unit test.
Comment 36 Yury Semikhatsky 2010-01-20 09:11:19 PST
Created attachment 47039 [details]
patch
Comment 37 Yury Semikhatsky 2010-01-20 09:45:25 PST
Committing to http://svn.webkit.org/repository/webkit/trunk ...
        M	LayoutTests/ChangeLog
	A	LayoutTests/inspector/console-log-before-inspector-open-expected.txt
	A	LayoutTests/inspector/console-log-before-inspector-open.html
	M	LayoutTests/inspector/styles-iframe.html
	M	WebCore/ChangeLog
	M	WebCore/bindings/js/JSInjectedScriptHostCustom.cpp
	M	WebCore/bindings/js/ScriptCallStack.h
	M	WebCore/bindings/js/ScriptController.cpp
	M	WebCore/bindings/js/ScriptController.h
	M	WebCore/bindings/js/ScriptObject.h
	M	WebCore/bindings/js/ScriptValue.cpp
	M	WebCore/bindings/js/ScriptValue.h
	M	WebCore/bindings/v8/ScriptObject.h
	M	WebCore/bindings/v8/ScriptValue.h
	M	WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp
	M	WebCore/inspector/ConsoleMessage.cpp
	M	WebCore/inspector/ConsoleMessage.h
	M	WebCore/inspector/InjectedScriptHost.cpp
	M	WebCore/inspector/InjectedScriptHost.h
	M	WebCore/inspector/InjectedScriptHost.idl
	M	WebCore/inspector/InspectorBackend.cpp
	M	WebCore/inspector/InspectorBackend.h
	M	WebCore/inspector/InspectorBackend.idl
	M	WebCore/inspector/InspectorController.cpp
	M	WebCore/inspector/InspectorController.h
	M	WebCore/inspector/InspectorFrontend.cpp
	M	WebCore/inspector/InspectorFrontend.h
	M	WebCore/inspector/front-end/AuditsPanel.js
	M	WebCore/inspector/front-end/ConsoleView.js
	M	WebCore/inspector/front-end/DOMAgent.js
	M	WebCore/inspector/front-end/Database.js
	M	WebCore/inspector/front-end/ElementsPanel.js
	M	WebCore/inspector/front-end/ElementsTreeOutline.js
	M	WebCore/inspector/front-end/EventListenersSidebarPane.js
	M	WebCore/inspector/front-end/InjectedScript.js
	M	WebCore/inspector/front-end/InjectedScriptAccess.js
	M	WebCore/inspector/front-end/MetricsSidebarPane.js
	M	WebCore/inspector/front-end/ObjectPropertiesSection.js
	M	WebCore/inspector/front-end/ObjectProxy.js
	M	WebCore/inspector/front-end/PropertiesSidebarPane.js
	M	WebCore/inspector/front-end/ResourcesPanel.js
	M	WebCore/inspector/front-end/ScriptsPanel.js
	M	WebCore/inspector/front-end/StylesSidebarPane.js
	M	WebCore/inspector/front-end/WatchExpressionsSidebarPane.js
	M	WebCore/inspector/front-end/inspector.js
Committed r53552
Comment 38 David Levin 2010-01-20 11:27:13 PST
Comment on attachment 47039 [details]
patch

Patch rolled out due to lots of fast/profile layout test failures.
Comment 39 David Levin 2010-01-20 11:28:21 PST
Rolled out change with http://trac.webkit.org/changeset/53558
Comment 40 Yury Semikhatsky 2010-01-20 13:24:14 PST
Created attachment 47058 [details]
patch

Make profiler tests pass.
Comment 41 Yury Semikhatsky 2010-01-20 13:28:33 PST
Created attachment 47059 [details]
Diff between the two latest patches
Comment 42 Yury Semikhatsky 2010-01-21 08:28:10 PST
Created attachment 47123 [details]
patch

This is a part of the big patch that I'd like to commit first so that we can prepare Chromium for the new code.
Comment 43 Yury Semikhatsky 2010-01-21 13:55:34 PST
Created attachment 47144 [details]
patch

This patch is needed to prepare Chromium for the changes in the signature of InspectorBackend::dispatchOnInjectedScript before the bigger patch is committed, otherwise chromium build will break.
Comment 44 Eric Seidel (no email) 2010-01-21 14:01:50 PST
Attachment 47144 [details] did not build on mac:
Build output: http://webkit-commit-queue.appspot.com/results/204238
Comment 45 Yury Semikhatsky 2010-01-21 14:08:15 PST
Created attachment 47146 [details]
patch

Fixed warnings on Mac.
Comment 46 Pavel Feldman 2010-01-22 01:28:40 PST
Comment on attachment 47146 [details]
patch

Looks good provided that it is a temporary measure. Please add a FIXME and follow up with the migration shortly.
Comment 47 Yury Semikhatsky 2010-01-22 01:43:20 PST
(In reply to comment #46)
> (From update of attachment 47146 [details])
> Looks good provided that it is a temporary measure. Please add a FIXME and
> follow up with the migration shortly.
Done.
Comment 48 Yury Semikhatsky 2010-01-22 01:44:15 PST
Comment on attachment 47146 [details]
patch

Committing to http://svn.webkit.org/repository/webkit/trunk ...
	M	WebCore/ChangeLog
	M	WebCore/inspector/InspectorBackend.h
Committed r53689

Clearing flags.
Comment 49 Yury Semikhatsky 2010-01-22 05:08:47 PST
Created attachment 47192 [details]
patch
Comment 50 Yury Semikhatsky 2010-01-23 02:15:31 PST
Landed in r53766.