Title: [200617] trunk
- Revision
- 200617
- Author
- [email protected]
- Date
- 2016-05-09 23:36:42 -0700 (Mon, 09 May 2016)
Log Message
Web Inspector: CRASH under JSC::DebuggerCallFrame::thisValue when hitting breakpoint
https://bugs.webkit.org/show_bug.cgi?id=157442
<rdar://problem/24172015>
Patch by Joseph Pecoraro <[email protected]> on 2016-05-09
Reviewed by Saam Barati.
Source/_javascript_Core:
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::thisValueForCallFrame):
When the thisValue is JSValue() return undefined and avoid calling
toThisValue which would lead to a crash. Having `this` be an empty
JSValue could happen inside an ES6 class constructor, before
calling super.
LayoutTests:
* inspector/debugger/break-in-constructor-before-super-expected.txt: Added.
* inspector/debugger/break-in-constructor-before-super.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (200616 => 200617)
--- trunk/LayoutTests/ChangeLog 2016-05-10 06:07:30 UTC (rev 200616)
+++ trunk/LayoutTests/ChangeLog 2016-05-10 06:36:42 UTC (rev 200617)
@@ -1,3 +1,14 @@
+2016-05-09 Joseph Pecoraro <[email protected]>
+
+ Web Inspector: CRASH under JSC::DebuggerCallFrame::thisValue when hitting breakpoint
+ https://bugs.webkit.org/show_bug.cgi?id=157442
+ <rdar://problem/24172015>
+
+ Reviewed by Saam Barati.
+
+ * inspector/debugger/break-in-constructor-before-super-expected.txt: Added.
+ * inspector/debugger/break-in-constructor-before-super.html: Added.
+
2016-05-09 Simon Fraser <[email protected]>
iOS-scrolling test cleanup.
Added: trunk/LayoutTests/inspector/debugger/break-in-constructor-before-super-expected.txt (0 => 200617)
--- trunk/LayoutTests/inspector/debugger/break-in-constructor-before-super-expected.txt (rev 0)
+++ trunk/LayoutTests/inspector/debugger/break-in-constructor-before-super-expected.txt 2016-05-10 06:36:42 UTC (rev 200617)
@@ -0,0 +1,11 @@
+CONSOLE MESSAGE: line 16: before super
+CONSOLE MESSAGE: line 19: after super
+Pause in constructor before super should not crash.
+
+
+== Running test suite: PauseInConstructorBeforeSuper
+-- Running test case: TriggerPauseInConstructorBeforeSuper
+PASS: Paused
+PASS: `this` should be undefined and not cause a crash.
+PASS: Resumed
+
Added: trunk/LayoutTests/inspector/debugger/break-in-constructor-before-super.html (0 => 200617)
--- trunk/LayoutTests/inspector/debugger/break-in-constructor-before-super.html (rev 0)
+++ trunk/LayoutTests/inspector/debugger/break-in-constructor-before-super.html 2016-05-10 06:36:42 UTC (rev 200617)
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script>
+class Parent {
+ constructor()
+ {
+ this.x = 1;
+ }
+};
+
+class Child extends Parent {
+ constructor()
+ {
+ console.log("before super");
+ debugger;
+ super();
+ console.log("after super");
+ }
+};
+
+function triggerPause() {
+ new Child;
+}
+
+function test()
+{
+ InspectorProtocol.sendCommand("Debugger.enable", {});
+ InspectorProtocol.sendCommand("Debugger.setBreakpointsActive", {active: true});
+
+ let suite = ProtocolTest.createAsyncSuite("PauseInConstructorBeforeSuper");
+
+ suite.addTestCase({
+ name: "TriggerPauseInConstructorBeforeSuper",
+ description: "Trigger a pause in a constructor before calling super should not crash.",
+ test: (resolve, reject) => {
+ ProtocolTest.evaluateInPage("triggerPause()");
+
+ InspectorProtocol.eventHandler["Debugger.paused"] = (messageObject) => {
+ ProtocolTest.pass("Paused");
+
+ let callFrameIdentifier = messageObject.params.callFrames[0].callFrameId;
+ InspectorProtocol.sendCommand("Debugger.evaluateOnCallFrame", {callFrameId: callFrameIdentifier, _expression_: "this"}, (messageObject) => {
+ ProtocolTest.expectThat(messageObject.result.result.type === "undefined", "`this` should be undefined and not cause a crash.");
+ });
+
+ InspectorProtocol.sendCommand("Debugger.resume");
+ };
+
+ InspectorProtocol.eventHandler["Debugger.resumed"] = (messageObject) => {
+ ProtocolTest.pass("Resumed");
+ resolve();
+ };
+ }
+ });
+
+ suite.runTestCasesAndFinish();
+}
+</script>
+</head>
+<body _onload_="runTest()">
+<p>Pause in constructor before super should not crash.</p>
+</body>
+</html>
Modified: trunk/Source/_javascript_Core/ChangeLog (200616 => 200617)
--- trunk/Source/_javascript_Core/ChangeLog 2016-05-10 06:07:30 UTC (rev 200616)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-05-10 06:36:42 UTC (rev 200617)
@@ -1,3 +1,18 @@
+2016-05-09 Joseph Pecoraro <[email protected]>
+
+ Web Inspector: CRASH under JSC::DebuggerCallFrame::thisValue when hitting breakpoint
+ https://bugs.webkit.org/show_bug.cgi?id=157442
+ <rdar://problem/24172015>
+
+ Reviewed by Saam Barati.
+
+ * debugger/DebuggerCallFrame.cpp:
+ (JSC::DebuggerCallFrame::thisValueForCallFrame):
+ When the thisValue is JSValue() return undefined and avoid calling
+ toThisValue which would lead to a crash. Having `this` be an empty
+ JSValue could happen inside an ES6 class constructor, before
+ calling super.
+
2016-05-09 Filip Pizlo <[email protected]>
Unreviewed, fix cloop.
Modified: trunk/Source/_javascript_Core/debugger/DebuggerCallFrame.cpp (200616 => 200617)
--- trunk/Source/_javascript_Core/debugger/DebuggerCallFrame.cpp 2016-05-10 06:07:30 UTC (rev 200616)
+++ trunk/Source/_javascript_Core/debugger/DebuggerCallFrame.cpp 2016-05-10 06:36:42 UTC (rev 200617)
@@ -256,14 +256,17 @@
JSValue DebuggerCallFrame::thisValueForCallFrame(CallFrame* callFrame)
{
if (!callFrame)
- return jsNull();
+ return jsUndefined();
+ if (!callFrame->thisValue())
+ return jsUndefined();
+
ECMAMode ecmaMode = NotStrictMode;
CodeBlock* codeBlock = callFrame->codeBlock();
if (codeBlock && codeBlock->isStrictMode())
ecmaMode = StrictMode;
- JSValue thisValue = callFrame->thisValue().toThis(callFrame, ecmaMode);
- return thisValue;
+
+ return callFrame->thisValue().toThis(callFrame, ecmaMode);
}
} // namespace JSC
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
