Ignore:
Timestamp:
Aug 8, 2014, 11:50:19 PM (11 years ago)
Author:
[email protected]
Message:

REGRESSION: Inspector crashes when debugger is paused and injected scripts access window.screen().
<https://webkit.org/b/135656>

Not reviewed.

Rolling out r170680 which was merged to ToT in r172129.

Source/JavaScriptCore:

  • debugger/Debugger.h:
  • debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::scope):
(JSC::DebuggerCallFrame::evaluate):
(JSC::DebuggerCallFrame::invalidate):

  • debugger/DebuggerCallFrame.h:
  • debugger/DebuggerScope.cpp:

(JSC::DebuggerScope::DebuggerScope):
(JSC::DebuggerScope::finishCreation):
(JSC::DebuggerScope::visitChildren):
(JSC::DebuggerScope::className):
(JSC::DebuggerScope::getOwnPropertySlot):
(JSC::DebuggerScope::put):
(JSC::DebuggerScope::deleteProperty):
(JSC::DebuggerScope::getOwnPropertyNames):
(JSC::DebuggerScope::defineOwnProperty):
(JSC::DebuggerScope::next): Deleted.
(JSC::DebuggerScope::invalidateChain): Deleted.
(JSC::DebuggerScope::isWithScope): Deleted.
(JSC::DebuggerScope::isGlobalScope): Deleted.
(JSC::DebuggerScope::isFunctionScope): Deleted.

  • debugger/DebuggerScope.h:

(JSC::DebuggerScope::create):
(JSC::DebuggerScope::Iterator::Iterator): Deleted.
(JSC::DebuggerScope::Iterator::get): Deleted.
(JSC::DebuggerScope::Iterator::operator++): Deleted.
(JSC::DebuggerScope::Iterator::operator==): Deleted.
(JSC::DebuggerScope::Iterator::operator!=): Deleted.
(JSC::DebuggerScope::isValid): Deleted.
(JSC::DebuggerScope::jsScope): Deleted.
(JSC::DebuggerScope::begin): Deleted.
(JSC::DebuggerScope::end): Deleted.

  • inspector/JSJavaScriptCallFrame.cpp:

(Inspector::JSJavaScriptCallFrame::scopeType):
(Inspector::JSJavaScriptCallFrame::scopeChain):

  • inspector/JavaScriptCallFrame.h:

(Inspector::JavaScriptCallFrame::scopeChain):

  • inspector/ScriptDebugServer.cpp:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::debuggerScopeStructure): Deleted.

  • runtime/JSObject.h:

(JSC::JSObject::isWithScope): Deleted.

  • runtime/JSScope.h:
  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:

Source/WebCore:

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::attachDebugger):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/debugger/DebuggerScope.h

    r172176 r172372  
    3131namespace JSC {
    3232
    33 class DebuggerCallFrame;
    34 class JSScope;
    35 
    3633class DebuggerScope : public JSNonFinalObject {
    3734public:
    3835    typedef JSNonFinalObject Base;
    3936
    40     static DebuggerScope* create(VM& vm, JSScope* scope)
     37    static DebuggerScope* create(VM& vm, JSObject* object)
    4138    {
    42         DebuggerScope* debuggerScope = new (NotNull, allocateCell<DebuggerScope>(vm.heap)) DebuggerScope(vm, scope);
    43         debuggerScope->finishCreation(vm);
    44         return debuggerScope;
     39        DebuggerScope* activation = new (NotNull, allocateCell<DebuggerScope>(vm.heap)) DebuggerScope(vm);
     40        activation->finishCreation(vm, object);
     41        return activation;
    4542    }
    4643
     
    6057    }
    6158
    62     class Iterator {
    63     public:
    64         Iterator(DebuggerScope* node)
    65             : m_node(node)
    66         {
    67         }
     59protected:
     60    static const unsigned StructureFlags = OverridesGetOwnPropertySlot | JSObject::StructureFlags;
    6861
    69         DebuggerScope* get() { return m_node; }
    70         Iterator& operator++() { m_node = m_node->next(); return *this; }
    71         // postfix ++ intentionally omitted
    72 
    73         bool operator==(const Iterator& other) const { return m_node == other.m_node; }
    74         bool operator!=(const Iterator& other) const { return m_node != other.m_node; }
    75 
    76     private:
    77         DebuggerScope* m_node;
    78     };
    79 
    80     Iterator begin();
    81     Iterator end();
    82     DebuggerScope* next();
    83 
    84     void invalidateChain();
    85     bool isValid() const { return !!m_scope; }
    86 
    87     bool isWithScope() const;
    88     bool isGlobalScope() const;
    89     bool isFunctionScope() const;
     62    JS_EXPORT_PRIVATE void finishCreation(VM&, JSObject* activation);
    9063
    9164private:
    92     JS_EXPORT_PRIVATE DebuggerScope(VM&, JSScope*);
    93     JS_EXPORT_PRIVATE void finishCreation(VM&);
    94 
    95     JSScope* jsScope() const { return m_scope.get(); }
    96 
    97     static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesGetPropertyNames | JSObject::StructureFlags;
    98 
    99     WriteBarrier<JSScope> m_scope;
    100     WriteBarrier<DebuggerScope> m_next;
    101 
    102     friend class DebuggerCallFrame;
     65    JS_EXPORT_PRIVATE DebuggerScope(VM&);
     66    WriteBarrier<JSActivation> m_activation;
    10367};
    104 
    105 inline DebuggerScope::Iterator DebuggerScope::begin()
    106 {
    107     return Iterator(this);
    108 }
    109 
    110 inline DebuggerScope::Iterator DebuggerScope::end()
    111 {
    112     return Iterator(0);
    113 }
    11468
    11569} // namespace JSC
Note: See TracChangeset for help on using the changeset viewer.