Bug 50868 - inspector/debugger-step-out.html crashing intermittently in the bots
Summary: inspector/debugger-step-out.html crashing intermittently in the bots
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (Deprecated) (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 50889 50987
  Show dependency treegraph
 
Reported: 2010-12-11 03:35 PST by Xan Lopez
Modified: 2010-12-24 09:51 PST (History)
10 users (show)

See Also:


Attachments
Test page (279 bytes, text/html)
2010-12-23 08:32 PST, Yury Semikhatsky
no flags Details
Patch (15.30 KB, patch)
2010-12-24 06:28 PST, Yury Semikhatsky
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Xan Lopez 2010-12-11 03:35:15 PST
I'll skip that test in the GTK+ bots for now.

Thread 1 (Thread 21704):
#0  0xf584a774 in WebCore::CSSStyleDeclaration::getPropertyValue (
    this=0xeea97368, propertyName=...)
    at ../../WebCore/css/CSSStyleDeclaration.cpp:53
#1  0xf5b2e570 in WebCore::InspectorStyle::buildObjectForStyle (
    this=0xefa34be0) at ../../WebCore/inspector/InspectorStyleSheet.cpp:141
#2  0xf5b3203b in WebCore::InspectorStyleSheet::buildObjectForStyle (
    this=0xeea97448, style=0xea0729e0)
    at ../../WebCore/inspector/InspectorStyleSheet.cpp:739
#3  0xf5af3aec in WebCore::InspectorCSSAgent::getStylesForNode2 (
    this=0x86fda78, nodeId=4, result=0xffcd7ac4)
    at ../../WebCore/inspector/InspectorCSSAgent.cpp:186
#4  0xf60dc095 in WebCore::InspectorBackendDispatcher::getStylesForNode2 (
    this=0x86d3db8, callId=5, requestMessageObject=0xed9bb8f0)
    at DerivedSources/WebCore/InspectorBackendDispatcher.cpp:1929
#5  0xf60e6a00 in WebCore::InspectorBackendDispatcher::dispatch (
    this=0x86d3db8, message=...)
    at DerivedSources/WebCore/InspectorBackendDispatcher.cpp:2816
#6  0xf5b1c695 in WebCore::InspectorFrontendClientLocal::sendMessageToBackend
    (this=0xee229490, message=...)
    at ../../WebCore/inspector/InspectorFrontendClientLocal.cpp:154
#7  0xf5b1ce0d in WebCore::InspectorFrontendHost::sendMessageToBackend (
    this=0xf0e59650, message=...)
    at ../../WebCore/inspector/InspectorFrontendHost.cpp:223
#8  0xf620c809 in WebCore::jsInspectorFrontendHostPrototypeFunctionSendMessageToBackend (exec=0xf1728788)
    at DerivedSources/WebCore/JSInspectorFrontendHost.cpp:404
#9  0xf25382aa in ?? ()
#10 0xf649016e in JSC::JITCode::execute (this=0xede100a4, 
    registerFile=0xf242044c, callFrame=0xf17284a0, globalData=0xf241df50)
    at ../../JavaScriptCore/jit/JITCode.h:77
#11 0xf648d548 in JSC::Interpreter::executeCall (this=0xf2420440, 
    callFrame=0xf1728458, function=0xf16ef700, callType=JSC::CallTypeJS, 
    callData=..., thisValue=..., args=...)
    at ../../JavaScriptCore/interpreter/Interpreter.cpp:849
#12 0xf65213d6 in JSC::call (exec=0xf1728458, functionObject=..., 
    callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...)
    at ../../JavaScriptCore/runtime/CallData.cpp:38
#13 0xf655e8dd in JSC::JSObject::put (this=0xf14f4f80, exec=0xf1728458, 
    propertyName=..., value=..., slot=...)
    at ../../JavaScriptCore/runtime/JSObject.cpp:146
#14 0xf64d1dba in JSC::JSValue::put (this=0xffcd8c34, exec=0xf1728458, 
    propertyName=..., value=..., slot=...)
    at ../../JavaScriptCore/runtime/JSObject.h:700
#15 0xf64c3b6b in cti_op_put_by_id_generic (args=0xffcd8c60)
    at ../../JavaScriptCore/jit/JITStubs.cpp:1419
#16 0xf64c2c80 in JSC::JITThunks::tryCacheGetByID (callFrame=0xf1424000, 
    codeBlock=0xf242044c, returnAddress=..., baseValue=..., propertyName=..., 
    slot=..., stubInfo=0xffcd8cd8)
    at ../../JavaScriptCore/jit/JITStubs.cpp:974
#17 0xf649016e in JSC::JITCode::execute (this=0xedd552c4, 
    registerFile=0xf242044c, callFrame=0xf1728458, globalData=0xf241df50)
    at ../../JavaScriptCore/jit/JITCode.h:77
#18 0xf648d548 in JSC::Interpreter::executeCall (this=0xf2420440, 
    callFrame=0xf17281c8, function=0xf14c4080, callType=JSC::CallTypeJS, 
    callData=..., thisValue=..., args=...)
    at ../../JavaScriptCore/interpreter/Interpreter.cpp:849
#19 0xf65213d6 in JSC::call (exec=0xf17281c8, functionObject=..., 
    callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...)
    at ../../JavaScriptCore/runtime/CallData.cpp:38
#20 0xf655e8dd in JSC::JSObject::put (this=0xf14f4880, exec=0xf17281c8, 
    propertyName=..., value=..., slot=...)
    at ../../JavaScriptCore/runtime/JSObject.cpp:146
#21 0xf64d1dba in JSC::JSValue::put (this=0xffcd8fbc, exec=0xf17281c8, 
    propertyName=..., value=..., slot=...)
    at ../../JavaScriptCore/runtime/JSObject.h:700
#22 0xf64c3eba in cti_op_put_by_id (args=0xffcd8ff0)
    at ../../JavaScriptCore/jit/JITStubs.cpp:1456
#23 0xf64c2c80 in JSC::JITThunks::tryCacheGetByID (callFrame=0xeffc406c, 
    codeBlock=0xf242044c, returnAddress=..., baseValue=..., propertyName=..., 
    slot=..., stubInfo=0xffcd9068)
    at ../../JavaScriptCore/jit/JITStubs.cpp:974
#24 0xf649016e in JSC::JITCode::execute (this=0xe9e72c2c, 
    registerFile=0xf242044c, callFrame=0xf1728038, globalData=0xf241df50)
    at ../../JavaScriptCore/jit/JITCode.h:77
#25 0xf648d548 in JSC::Interpreter::executeCall (this=0xf2420440, 
    callFrame=0xee1670cc, function=0xf1289680, callType=JSC::CallTypeJS, 
    callData=..., thisValue=..., args=...)
    at ../../JavaScriptCore/interpreter/Interpreter.cpp:849
#26 0xf65213d6 in JSC::call (exec=0xee1670cc, functionObject=..., 
    callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...)
    at ../../JavaScriptCore/runtime/CallData.cpp:38
#27 0xf572511c in WebCore::JSMainThreadExecState::call (exec=0xee1670cc, 
    functionObject=..., callType=JSC::CallTypeJS, callData=..., 
    thisValue=..., args=...)
    at ../../WebCore/bindings/js/JSMainThreadExecState.h:48
#28 0xf577d3f1 in WebCore::ScheduledAction::executeFunctionInContext (
    this=0xee4b8b00, globalObject=0xf16c6f00, thisValue=..., 
    context=0xe9e446b0) at ../../WebCore/bindings/js/ScheduledAction.cpp:106
#29 0xf577d604 in WebCore::ScheduledAction::execute (this=0xee4b8b00, 
    document=0xe9e44678) at ../../WebCore/bindings/js/ScheduledAction.cpp:128
#30 0xf577d19e in WebCore::ScheduledAction::execute (this=0xee4b8b00, 
    context=0xe9e446b0) at ../../WebCore/bindings/js/ScheduledAction.cpp:76
#31 0xf5c18394 in WebCore::DOMTimer::fired (this=0xee4b8b20)
    at ../../WebCore/page/DOMTimer.cpp:131
#32 0xf5d12724 in WebCore::ThreadTimers::sharedTimerFiredInternal (
    this=0x8721c80) at ../../WebCore/platform/ThreadTimers.cpp:112
#33 0xf5d1266b in WebCore::ThreadTimers::sharedTimerFired ()
    at ../../WebCore/platform/ThreadTimers.cpp:90
#34 0xf60457b5 in timeout_cb ()
    at ../../WebCore/platform/gtk/SharedTimerGtk.cpp:49
#35 0xf4c17f8c in g_timeout_dispatch (source=0xedc4a938, callback=0xffcd78a8, 
    user_data=0x0) at /tmp/buildd/glib2.0-2.27.5.2010128/glib/gmain.c:3877
#36 0xf4c175c5 in g_main_dispatch (context=0x86bae28)
    at /tmp/buildd/glib2.0-2.27.5.2010128/glib/gmain.c:2440
#37 g_main_context_dispatch (context=0x86bae28)
    at /tmp/buildd/glib2.0-2.27.5.2010128/glib/gmain.c:3013
#38 0xf4c1bb78 in g_main_context_iterate (context=0x86bae28, 
    block=<value optimized out>, dispatch=1, self=0x86971b0)
    at /tmp/buildd/glib2.0-2.27.5.2010128/glib/gmain.c:3091
#39 0xf4c1c0b7 in g_main_loop_run (loop=0xf137c570)
    at /tmp/buildd/glib2.0-2.27.5.2010128/glib/gmain.c:3299
#40 0xf50d7dc9 in IA__gtk_main ()
    at /build/buildd-gtk+2.0_2.20.1-1-i386-Ixfflh/gtk+2.0-2.20.1/gtk/gtkmain.c:1219
#41 0x0805def1 in runTest (testPathOrURL=...)
    at ../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:655
#42 0x0805d615 in runTestingServerLoop ()
    at ../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:469
#43 0x0805f349 in main (argc=2, argv=0xffcd9f74)
    at ../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:1096
Comment 1 Xan Lopez 2010-12-11 04:53:01 PST
inspector/styles-source-lines-inline.html is also crashing.
Comment 2 Eric Seidel (no email) 2010-12-23 00:36:57 PST
Another bot saw the crash: https://bugs.webkit.org/show_bug.cgi?id=51035#c16
Comment 3 Yury Semikhatsky 2010-12-23 07:17:00 PST
I was able to reproduce this crash by simply running DumpRenderTree on Qt Linux Debug with the following command line(note that the test is different):

gdb --args WebKitBuild/Debug/bin/DumpRenderTree  LayoutTests/inspector/console-command-clear.html <...> LayoutTests/inspector/console-command-clear.html


Stack dump is:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5dc9a2b in WebCore::CSSStyleDeclaration::getPropertyValue (this=0x1355480, propertyName=...)
    at ../../../WebCore/css/CSSStyleDeclaration.cpp:53
53          return getPropertyValue(propID);
(gdb) bt
#0  0x00007ffff5dc9a2b in WebCore::CSSStyleDeclaration::getPropertyValue (this=0x1355480, propertyName=...)
    at ../../../WebCore/css/CSSStyleDeclaration.cpp:53
#1  0x00007ffff6152fe6 in WebCore::InspectorStyle::buildObjectForStyle (this=0x9d7620) at ../../../WebCore/inspector/InspectorStyleSheet.cpp:141
#2  0x00007ffff6158987 in WebCore::InspectorStyleSheet::buildObjectForStyle (this=0xe05410, style=0x884630)
    at ../../../WebCore/inspector/InspectorStyleSheet.cpp:739
#3  0x00007ffff60e29b1 in WebCore::InspectorCSSAgent::getStylesForNode2 (this=0x566580, nodeId=5, result=0x7fffffff7870)
    at ../../../WebCore/inspector/InspectorCSSAgent.cpp:186
#4  0x00007ffff5c08dad in WebCore::InspectorBackendDispatcher::getStylesForNode2 (this=0x4f2260, callId=7, requestMessageObject=0x8843e0)
    at generated/InspectorBackendDispatcher.cpp:1445
#5  0x00007ffff5c2214b in WebCore::InspectorBackendDispatcher::dispatch (this=0x4f2260, message=...)
    at generated/InspectorBackendDispatcher.cpp:2875
#6  0x00007ffff613b4c3 in WebCore::InspectorFrontendClientLocal::sendMessageToBackend (this=0xb87110, message=...)
    at ../../../WebCore/inspector/InspectorFrontendClientLocal.cpp:154
#7  0x00007ffff613c298 in WebCore::InspectorFrontendHost::sendMessageToBackend (this=0x6918e0, message=...)
    at ../../../WebCore/inspector/InspectorFrontendHost.cpp:223
#8  0x00007ffff5a4dd61 in WebCore::jsInspectorFrontendHostPrototypeFunctionSendMessageToBackend (exec=0x7fff65dc85e0)
    at generated/JSInspectorFrontendHost.cpp:405
#9  0x00007fff661c81b8 in ?? ()
#10 0x00007fffffff97a0 in ?? ()
#11 0x00007fff664cc6e3 in ?? ()
#12 0x00007fffffff9720 in ?? ()
#13 0x00000000007439c0 in ?? ()
#14 0x0000000000000005 in ?? ()
#15 0x00007fff65d45440 in ?? ()
#16 0x00007fff6622b4a7 in ?? ()
#17 0x00007ffff5cac3cf in JSC::Register::Register (this=0xffff000000000000) at ../../../JavaScriptCore/interpreter/Register.h:106
#18 0x00007ffff68919e1 in JSC::JITCode::execute (this=0x1531b98, registerFile=0x7fffe800c838, callFrame=0x7fff65dc82f8, globalData=0x7fffe806e220)
    at ../../../JavaScriptCore/jit/JITCode.h:77
#19 0x00007ffff688e7cd in JSC::Interpreter::executeCall (this=0x7fffe800c820, callFrame=0x7fff65dc82b0, function=0x7fff65d5ba40, 
    callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../../JavaScriptCore/interpreter/Interpreter.cpp:849
#20 0x00007ffff68badc7 in JSC::call (exec=0x7fff65dc82b0, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...)
    at ../../../JavaScriptCore/runtime/CallData.cpp:38
#21 0x00007ffff68fa869 in JSC::JSObject::put (this=0x7fff65ceaf00, exec=0x7fff65dc82b0, propertyName=..., value=..., slot=...)
    at ../../../JavaScriptCore/runtime/JSObject.cpp:146
#22 0x00007ffff68a95f4 in JSC::JSValue::put (this=0x7fffffff9c40, exec=0x7fff65dc82b0, propertyName=..., value=..., slot=...)
    at ../../../JavaScriptCore/runtime/JSObject.h:700
#23 0x00007ffff689ae7f in JSC::cti_op_put_by_id_generic (args=0x7fffffff9c80) at ../../../JavaScriptCore/jit/JITStubs.cpp:1419
#24 0x00007ffff6899e68 in JSC::JITThunks::tryCacheGetByID (callFrame=0x7fffffff9c00, codeBlock=0x7ffff689b022, returnAddress=..., baseValue=..., 
    propertyName=..., slot=..., stubInfo=0x7fffe806e220) at ../../../JavaScriptCore/jit/JITStubs.cpp:974
#25 0x00007ffff68919e1 in JSC::JITCode::execute (this=0x129b8a8, registerFile=0x7fffe800c838, callFrame=0x7fff65dc82b0, globalData=0x7fffe806e220)
    at ../../../JavaScriptCore/jit/JITCode.h:77
#26 0x00007ffff688e7cd in JSC::Interpreter::executeCall (this=0x7fffe800c820, callFrame=0x7fff65dc8230, function=0x7fff65d78000, 
    callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../../JavaScriptCore/interpreter/Interpreter.cpp:849
#27 0x00007ffff68badc7 in JSC::call (exec=0x7fff65dc8230, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...)
    at ../../../JavaScriptCore/runtime/CallData.cpp:38
#28 0x00007ffff68fa869 in JSC::JSObject::put (this=0x7fff65cea840, exec=0x7fff65dc8230, propertyName=..., value=..., slot=...)
    at ../../../JavaScriptCore/runtime/JSObject.cpp:146
#29 0x00007ffff68a95f4 in JSC::JSValue::put (this=0x7fffffffa1d0, exec=0x7fff65dc8230, propertyName=..., value=..., slot=...)
    at ../../../JavaScriptCore/runtime/JSObject.h:700
#30 0x00007ffff689b203 in JSC::cti_op_put_by_id (args=0x7fffffffa220) at ../../../JavaScriptCore/jit/JITStubs.cpp:1456
#31 0x00007ffff6899e68 in JSC::JITThunks::tryCacheGetByID (callFrame=0x7fff663802be, codeBlock=0x7fffffffa220, returnAddress=..., baseValue=..., 
    propertyName=..., slot=..., stubInfo=0x7fffe806e220) at ../../../JavaScriptCore/jit/JITStubs.cpp:974
#32 0x00007ffff68919e1 in JSC::JITCode::execute (this=0xd88408, registerFile=0x7fffe800c838, callFrame=0x7fff65dc8038, globalData=0x7fffe806e220)
    at ../../../JavaScriptCore/jit/JITCode.h:77
#33 0x00007ffff688e7cd in JSC::Interpreter::executeCall (this=0x7fffe800c820, callFrame=0x687698, function=0x7ffff7ee6600, 
    callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../../JavaScriptCore/interpreter/Interpreter.cpp:849
#34 0x00007ffff68badc7 in JSC::call (exec=0x687698, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...)
    at ../../../JavaScriptCore/runtime/CallData.cpp:38
#35 0x00007ffff5c8d69b in WebCore::JSMainThreadExecState::call (exec=0x687698, functionObject=..., callType=JSC::CallTypeJS, callData=..., 
    thisValue=..., args=...) at ../../../WebCore/bindings/js/JSMainThreadExecState.h:48
#36 0x00007ffff5cd5dc3 in WebCore::ScheduledAction::executeFunctionInContext (this=0x6322f0, globalObject=0x7fff65d45440, thisValue=..., context=
    0x69c7f8) at ../../../WebCore/bindings/js/ScheduledAction.cpp:106
#37 0x00007ffff5cd5ffc in WebCore::ScheduledAction::execute (this=0x6322f0, document=0x69c790)
    at ../../../WebCore/bindings/js/ScheduledAction.cpp:128
#38 0x00007ffff5cd5b82 in WebCore::ScheduledAction::execute (this=0x6322f0, context=0x69c7f8)
    at ../../../WebCore/bindings/js/ScheduledAction.cpp:76
#39 0x00007ffff6229107 in WebCore::DOMTimer::fired (this=0x911940) at ../../../WebCore/page/DOMTimer.cpp:131
#40 0x00007ffff633b334 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7fffe803ee70) at ../../../WebCore/platform/ThreadTimers.cpp:112
#41 0x00007ffff633b267 in WebCore::ThreadTimers::sharedTimerFired () at ../../../WebCore/platform/ThreadTimers.cpp:90
#42 0x00007ffff65497a4 in WebCore::SharedTimerQt::timerEvent (this=0x7fffe803eed0, ev=0x7fffffffaf00)
    at ../../../WebCore/platform/qt/SharedTimerQt.cpp:116
#43 0x00007ffff2a76a63 in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4
#44 0x00007ffff326822c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#45 0x00007ffff326e6fb in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#46 0x00007ffff2a6706c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#47 0x00007ffff2a93d42 in ?? () from /usr/lib/libQtCore.so.4
#48 0x00007ffff2a90848 in ?? () from /usr/lib/libQtCore.so.4
#49 0x00007fffefd818c2 in g_main_dispatch (context=0x51ea10) at /tmp/glib2.0.0xzuTt/glib2.0-2.24.1/glib/gmain.c:1960
#50 IA__g_main_context_dispatch (context=0x51ea10) at /tmp/glib2.0.0xzuTt/glib2.0-2.24.1/glib/gmain.c:2513
#51 0x00007fffefd85748 in g_main_context_iterate (context=0x51ea10, block=<value optimized out>, dispatch=<value optimized out>, 
    self=<value optimized out>) at /tmp/glib2.0.0xzuTt/glib2.0-2.24.1/glib/gmain.c:2591
#52 0x00007fffefd858fc in IA__g_main_context_iteration (context=0x51ea10, may_block=1) at /tmp/glib2.0.0xzuTt/glib2.0-2.24.1/glib/gmain.c:2654
#53 0x00007ffff2a90513 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#54 0x00007ffff331846e in ?? () from /usr/lib/libQtGui.so.4
#55 0x00007ffff2a65992 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#56 0x00007ffff2a65d6c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#57 0x00007ffff2a69aab in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#58 0x0000000000437c58 in main (argc=205, argv=0x7fffffffb468) at /usr/local/google/home/yurys/WebKitGit/Tools/DumpRenderTree/qt/main.cpp:168
Comment 4 Yury Semikhatsky 2010-12-23 08:16:04 PST
(In reply to comment #3)

The problem is that the style referenced from InspectorStyle::m_style is stale, even though the Element in InspectorStyleSheetForInlineStyle::m_element field of its container is the same as the considered Element.


The prob

(gdb) f 1
#1  0x00007ffff6152fe6 in WebCore::InspectorStyle::buildObjectForStyle (this=0x9d7620) at ../../../WebCore/inspector/InspectorStyleSheet.cpp:141
141         propertiesObject->setString("width", m_style->getPropertyValue("width"));
(gdb) p *this->m_style
$50 = {<WebCore::StyleBase> = {<WTF::RefCounted<WebCore::StyleBase>> = {<WTF::RefCountedBase> = {m_refCount = 1131377775,
        m_deletionHasBegun = 97,
        m_adoptionIsRequired = 115}, <WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, <No data fields>}, _vptr.StyleBase = 0x67207b2020202020, m_parent = 0x6f63203b3938203d}, <No data fields>}
(gdb)
Comment 5 Yury Semikhatsky 2010-12-23 08:31:21 PST
Steps to reproduce:

1. Open attached page.
2. Open inspector and select <div id="counter"> in the DOM tree.
3. Click Test button.
4. Select another element in the DOM tree and than return back to the div.

Result:
Browser crashes.
Comment 6 Yury Semikhatsky 2010-12-23 08:32:28 PST
Created attachment 77337 [details]
Test page
Comment 7 Yury Semikhatsky 2010-12-24 06:28:45 PST
Created attachment 77413 [details]
Patch
Comment 8 Yury Semikhatsky 2010-12-24 06:31:39 PST
With this patch applied I can't reproduce the crash above using the described scenario. I'm not sure what was the reason for not using RefPtrs from the very beginning in InspectorStyle and InspectorCSSAgent for referencing DOM elements and CSS model elements.

(In reply to comment #7)
> Created an attachment (id=77413) [details]
> Patch
Comment 9 Alexander Pavlov (apavlov) 2010-12-24 06:39:14 PST
Comment on attachment 77413 [details]
Patch

The change looks good, but we should be wary of holding a stale RefPtr<CSSStyleDeclaration> that has been dereferenced by the inspected page elements (this is the root cause of the crashes we are observing), which implies that most likely the data in the Web Inspector and the inspected page will be inconsistent.
Comment 10 Yury Semikhatsky 2010-12-24 08:22:14 PST
(In reply to comment #9)
> (From update of attachment 77413 [details])
> The change looks good, but we should be wary of holding a stale RefPtr<CSSStyleDeclaration> that has been dereferenced by the inspected page elements (this is the root cause of the crashes we are observing), which implies that most likely the data in the Web Inspector and the inspected page will be inconsistent.

I'm pretty sure that the cause of the crash is that the StyledElement pointer is stale as well because I was able to reproduce the crash couple of times even with all pointers to CSS objects being RefPtrs but with raw Element pointer in InspectorStyleSheetForInlineStyle::m_element. Anyways incorrect behavior of CSS inspector is a less severe issue than non-deterministic crashes of all inspector tests. You will be able to roll out this patch locally if you want to use the crashes to spot the real problem in the code.
Comment 11 Yury Semikhatsky 2010-12-24 09:51:54 PST
Committed r74637: <http://trac.webkit.org/changeset/74637>