RESOLVED INVALID99686
Web Inspector: [JSC] Crash in inspector when using strict mode 
https://bugs.webkit.org/show_bug.cgi?id=99686
Summary Web Inspector: [JSC] Crash in inspector when using strict mode
yeecheng.chin+webkit
Reported 2012-10-17 22:41:51 PDT
Created attachment 169347 [details] Test page. Open the inspector and reload to hit the debugger statement. The web inspector's JavaScript debugger would crash when inspecting code set in strict mode. In the attached test page, I have a "debugger" statement in the body onload event handler, which has "use strict" at the beginning (you may need to reload the page after opening the inspector). When the debugger statement has caused the debugger to pause, go to "Watch Expressions" and add a new expression "this" (which technically should be mapped to nothing under strict mode). Right after adding it the inspector should crash, and it sometimes crashes the whole Safari browser too.
Attachments
Test page. Open the inspector and reload to hit the debugger statement. (196 bytes, text/html)
2012-10-17 22:41 PDT, yeecheng.chin+webkit 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
yeecheng.chin+webkit
Comment 1 2012-10-17 22:43:34 PDT
Just more information. The process that crashed is called "WebKit2WebProcess.exe". After I dismiss the dialog usually it works fine, but sometimes I would get a pure virtual call error and the whole browser would crash.
Vsevolod Vlasov
Comment 2 2012-10-17 23:27:05 PDT
Sounds like JSC specific.
Yury Semikhatsky
Comment 3 2012-10-18 01:00:10 PDT
Should be the same issue as described in https://bugs.webkit.org/show_bug.cgi?id=83267
yeecheng.chin+webkit
Comment 4 2012-10-18 03:55:55 PDT
(In reply to comment #3) > Should be the same issue as described in https://bugs.webkit.org/show_bug.cgi?id=83267 It's not same issue. That bug is about wrapping code run in the console window (not the watch window) in a "with" statement causing an exception to be thrown. This is about putting "this" in the watch window causing the whole process to crash. I wrote some details on the cause on that bug, will try to find more about this one.
yeecheng.chin+webkit
Comment 5 2012-10-18 05:03:32 PDT
I've found the problem in the code. Basically in DebuggerCallFrame.cpp, there's a line that is like this: JSValue result = globalData.interpreter->execute(eval, m_callFrame, thisObject(), m_callFrame->scope()); The problem is thisObject() will return 0 in strict mode, and it then gets cast to a JSValue which is a bogus empty value. Seems like the interpreter requires the this object passed in to be a real JS value or it will break in multiple places. A fix would be to do this instead: JSObject* thisObj = thisObject(); JSValue result = globalData.interpreter->execute(eval, m_callFrame, thisObj ? JSValue(thisObj) : jsUndefined(), m_callFrame->scopeChain()); This way the this pointer gets bound to undefined which is the correct behavior in strict mode. This is similar to what JSJavaScriptCallFrame::thisObject(ExecState*) does
Geoffrey Garen
Comment 6 2012-10-18 08:35:29 PDT
I agree.
Radar WebKit Bug Importer
Comment 7 2012-10-18 12:20:26 PDT
<rdar://problem/12529052>
Brian Burg
Comment 8 2014-12-12 13:39:59 PST
Closing as invalid, as this bug pertains to the old inspector UI and/or its tests. Please file a new bug (https://www.webkit.org/new-inspector-bug) if the bug/feature/issue is still relevant to WebKit trunk.
Note You need to log in before you can comment on or make changes to this bug.