Changeset 164554 in webkit

Timestamp:

Feb 22, 2014, 9:44:05 PM (11 years ago)

Author:

mitz@apple.com

Message:

REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com
​https://bugs.webkit.org/show_bug.cgi?id=129227

Reviewed by Eric Carlson.

Reverted r164507.

Source/JavaScriptCore:

• API/JSBase.cpp:

(JSEvaluateScript):
(JSCheckScriptSyntax):

• API/JSObjectRef.cpp:

(JSObjectMakeFunction):
(JSObjectMakeArray):
(JSObjectMakeDate):
(JSObjectMakeError):
(JSObjectMakeRegExp):
(JSObjectGetProperty):
(JSObjectSetProperty):
(JSObjectGetPropertyAtIndex):
(JSObjectSetPropertyAtIndex):
(JSObjectDeleteProperty):
(JSObjectCallAsFunction):
(JSObjectCallAsConstructor):

• API/JSValue.mm:

(valueToArray):
(valueToDictionary):

• API/JSValueRef.cpp:

(JSValueIsEqual):
(JSValueIsInstanceOfConstructor):
(JSValueCreateJSONString):
(JSValueToNumber):
(JSValueToStringCopy):
(JSValueToObject):

• inspector/ConsoleMessage.cpp:

(Inspector::ConsoleMessage::ConsoleMessage):
(Inspector::ConsoleMessage::autogenerateMetadata):

• inspector/ConsoleMessage.h:
• inspector/JSGlobalObjectInspectorController.cpp:

(Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):

• inspector/JSGlobalObjectInspectorController.h:
• inspector/ScriptCallStack.cpp:
• inspector/ScriptCallStack.h:
• inspector/ScriptCallStackFactory.cpp:

(Inspector::createScriptCallStack):
(Inspector::createScriptCallStackForConsole):
(Inspector::createScriptCallStackFromException):

• inspector/ScriptCallStackFactory.h:
• inspector/agents/InspectorConsoleAgent.cpp:

(Inspector::InspectorConsoleAgent::enable):
(Inspector::InspectorConsoleAgent::addMessageToConsole):
(Inspector::InspectorConsoleAgent::count):

• inspector/agents/JSGlobalObjectDebuggerAgent.cpp:

(Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):

Source/WebCore:

• bindings/js/JSDOMBinding.cpp:

(WebCore::reportException):

• inspector/InspectorResourceAgent.cpp:

(WebCore::InspectorResourceAgent::buildInitiatorObject):

• inspector/PageDebuggerAgent.cpp:

(WebCore::PageDebuggerAgent::breakpointActionLog):

• inspector/TimelineRecordFactory.cpp:

(WebCore::TimelineRecordFactory::createGenericRecord):

• page/Console.cpp:

(WebCore::internalAddMessage):
(WebCore::Console::profile):
(WebCore::Console::profileEnd):
(WebCore::Console::timeEnd):

• page/ContentSecurityPolicy.cpp:

(WebCore::gatherSecurityPolicyViolationEventData):
(WebCore::ContentSecurityPolicy::reportViolation):

• page/DOMWindow.cpp:

(WebCore::DOMWindow::postMessage):

Source/WebInspectorUI:

• UserInterface/Views/ConsoleMessageImpl.js:

(WebInspector.ConsoleMessageImpl.prototype._formatMessage):
(WebInspector.ConsoleMessageImpl.prototype._populateStackTraceTreeElement):

Location:

trunk/Source

Files:

• JavaScriptCore/API/JSBase.cpp (modified) (3 diffs)
• JavaScriptCore/API/JSObjectRef.cpp (modified) (13 diffs)
• JavaScriptCore/API/JSValue.mm (modified) (5 diffs)
• JavaScriptCore/API/JSValueRef.cpp (modified) (8 diffs)
• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/inspector/ConsoleMessage.cpp (modified) (6 diffs)
• JavaScriptCore/inspector/ConsoleMessage.h (modified) (2 diffs)
• JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp (modified) (4 diffs)
• JavaScriptCore/inspector/JSGlobalObjectInspectorController.h (modified) (4 diffs)
• JavaScriptCore/inspector/ScriptCallStack.cpp (modified) (2 diffs)
• JavaScriptCore/inspector/ScriptCallStack.h (modified) (3 diffs)
• JavaScriptCore/inspector/ScriptCallStackFactory.cpp (modified) (3 diffs)
• JavaScriptCore/inspector/ScriptCallStackFactory.h (modified) (1 diff)
• JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp (modified) (5 diffs)
• JavaScriptCore/inspector/agents/JSGlobalObjectDebuggerAgent.cpp (modified) (1 diff)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/bindings/js/JSDOMBinding.cpp (modified) (1 diff)
• WebCore/inspector/InspectorResourceAgent.cpp (modified) (1 diff)
• WebCore/inspector/PageDebuggerAgent.cpp (modified) (1 diff)
• WebCore/inspector/TimelineRecordFactory.cpp (modified) (1 diff)
• WebCore/page/Console.cpp (modified) (4 diffs)
• WebCore/page/ContentSecurityPolicy.cpp (modified) (3 diffs)
• WebCore/page/DOMWindow.cpp (modified) (1 diff)
• WebInspectorUI/ChangeLog (modified) (1 diff)
• WebInspectorUI/UserInterface/Views/ConsoleMessageImpl.js (modified) (3 diffs)

trunk/Source/JavaScriptCore/API/JSBase.cpp

@@ -41 +41 @@
 #include <wtf/text/StringHash.h>
 
-#if ENABLE(REMOTE_INSPECTOR)
-#include "JSGlobalObjectInspectorController.h"
-#endif
-
 using namespace JSC;
 
@@ -70 +66 @@
         if (exception)
             *exception = toRef(exec, evaluationException);
-#if ENABLE(REMOTE_INSPECTOR)
-        // FIXME: If we have a debugger attached we could learn about ParseError exceptions through
-        // ScriptDebugServer::sourceParsed and this path could produce a duplicate warning. The
-        // Debugger path is currently ignored by inspector.
-        // NOTE: If we don't have a debugger, this SourceCode will be forever lost to the inspector.
-        // We could stash it in the inspector in case an inspector is ever opened.
-        globalObject->inspectorController().reportAPIException(exec, evaluationException);
-#endif
         return 0;
     }
@@ -107 +95 @@
         if (exception)
             *exception = toRef(exec, syntaxException);
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, syntaxException);
-#endif
         return false;
     }

trunk/Source/JavaScriptCore/API/JSObjectRef.cpp

@@ -56 +56 @@
 #include "RegExpConstructor.h"
 
-#if ENABLE(REMOTE_INSPECTOR)
-#include "JSGlobalObjectInspectorController.h"
-#endif
-
 using namespace JSC;
 
@@ -150 +146 @@
     JSObject* result = constructFunction(exec, exec->lexicalGlobalObject(), args, nameID, sourceURL->string(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first()));
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         result = 0;
     }
@@ -182 +174 @@
 
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         result = 0;
     }
@@ -210 +198 @@
     JSObject* result = constructDate(exec, exec->lexicalGlobalObject(), argList);
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         result = 0;
     }
@@ -237 +221 @@
 
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         result = 0;
     }
@@ -265 +245 @@
     JSObject* result = constructRegExp(exec, exec->lexicalGlobalObject(),  argList);
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         result = 0;
     }
@@ -333 +309 @@
     JSValue jsValue = jsObject->get(exec, propertyName->identifier(&exec->vm()));
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
     }
     return toRef(exec, jsValue);
@@ -366 +338 @@
 
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
     }
 }
@@ -389 +357 @@
     JSValue jsValue = jsObject->get(exec, propertyIndex);
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
     }
     return toRef(exec, jsValue);
@@ -415 +379 @@
     jsObject->methodTable()->putByIndex(jsObject, exec, propertyIndex, jsValue, false);
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
     }
 }
@@ -438 +398 @@
     bool result = jsObject->methodTable()->deleteProperty(jsObject, exec, propertyName->identifier(&exec->vm()));
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
     }
     return result;
@@ -586 +542 @@
     JSValueRef result = toRef(exec, call(exec, jsObject, callType, callData, jsThisObject, argList));
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         result = 0;
     }
@@ -627 +579 @@
     JSObjectRef result = toRef(construct(exec, jsObject, constructType, constructData, argList));
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         result = 0;
     }

trunk/Source/JavaScriptCore/API/JSValue.mm

@@ -21 +21 @@
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
  */
 
@@ -48 +48 @@
 #import <wtf/text/StringHash.h>
 
-#if ENABLE(REMOTE_INSPECTOR)
-#import "CallFrame.h"
-#import "JSGlobalObject.h"
-#import "JSGlobalObjectInspectorController.h"
-#endif
-
 #if JSC_OBJC_API_ENABLED
 
@@ -635 +629 @@
     return last;
 }
-
-#if ENABLE(REMOTE_INSPECTOR)
-static void reportExceptionToInspector(JSGlobalContextRef context, JSC::JSValue exception)
-{
-    JSC::ExecState* exec = toJS(context);
-    exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exception);
-}
-#endif
 
 static JSContainerConvertor::Task valueToObjectWithoutCopy(JSGlobalContextRef context, JSValueRef value)
@@ -796 +782 @@
 
     JSC::APIEntryShim shim(toJS(context));
-    if (!(JSValueIsNull(context, value) || JSValueIsUndefined(context, value))) {
-        JSC::JSObject* exceptionObject = JSC::createTypeError(toJS(context), ASCIILiteral("Cannot convert primitive to NSArray"));
-        *exception = toRef(exceptionObject);
-#if ENABLE(REMOTE_INSPECTOR)
-        reportExceptionToInspector(context, exceptionObject);
-#endif
-    }
+    if (!(JSValueIsNull(context, value) || JSValueIsUndefined(context, value)))
+        *exception = toRef(JSC::createTypeError(toJS(context), ASCIILiteral("Cannot convert primitive to NSArray")));
     return nil;
 }
@@ -818 +799 @@
 
     JSC::APIEntryShim shim(toJS(context));
-    if (!(JSValueIsNull(context, value) || JSValueIsUndefined(context, value))) {
-        JSC::JSObject* exceptionObject = JSC::createTypeError(toJS(context), ASCIILiteral("Cannot convert primitive to NSDictionary"));
-        *exception = toRef(exceptionObject);
-#if ENABLE(REMOTE_INSPECTOR)
-        reportExceptionToInspector(context, exceptionObject);
-#endif
-    }
+    if (!(JSValueIsNull(context, value) || JSValueIsUndefined(context, value)))
+        *exception = toRef(JSC::createTypeError(toJS(context), ASCIILiteral("Cannot convert primitive to NSDictionary")));
     return nil;
 }

trunk/Source/JavaScriptCore/API/JSValueRef.cpp

@@ -21 +21 @@
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
  */
 
@@ -47 +47 @@
 #if PLATFORM(MAC)
 #include <mach-o/dyld.h>
-#endif
-
-#if ENABLE(REMOTE_INSPECTOR)
-#include "JSGlobalObjectInspectorController.h"
 #endif
 
@@ -207 +203 @@
     bool result = JSValue::equal(exec, jsA, jsB); // false if an exception is thrown
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
     }
     return result;
@@ -249 +241 @@
     bool result = jsConstructor->hasInstance(exec, jsValue); // false if an exception is thrown
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
     }
     return result;
@@ -357 +345 @@
         *exception = 0;
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         return 0;
     }
@@ -395 +379 @@
     double number = jsValue.toNumber(exec);
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         number = QNaN;
     }
@@ -420 +400 @@
     RefPtr<OpaqueJSString> stringRef(OpaqueJSString::create(jsValue.toString(exec)->value(exec)));
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         stringRef.clear();
     }
@@ -445 +421 @@
     JSObjectRef objectRef = toRef(jsValue.toObject(exec));
     if (exec->hadException()) {
-        JSValue exceptionValue = exec->exception();
-        if (exception)
-            *exception = toRef(exec, exceptionValue);
-        exec->clearException();
-#if ENABLE(REMOTE_INSPECTOR)
-        exec->vmEntryGlobalObject()->inspectorController().reportAPIException(exec, exceptionValue);
-#endif
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
         objectRef = 0;
     }
     return objectRef;
-}
+}    
 
 void JSValueProtect(JSContextRef ctx, JSValueRef value)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2014-02-22  Dan Bernstein  <mitz@apple.com>
+
+        REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com
+        https://bugs.webkit.org/show_bug.cgi?id=129227
+
+        Reviewed by Eric Carlson.
+
+        Reverted r164507.
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript):
+        (JSCheckScriptSyntax):
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunction):
+        (JSObjectMakeArray):
+        (JSObjectMakeDate):
+        (JSObjectMakeError):
+        (JSObjectMakeRegExp):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectGetPropertyAtIndex):
+        (JSObjectSetPropertyAtIndex):
+        (JSObjectDeleteProperty):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        * API/JSValue.mm:
+        (valueToArray):
+        (valueToDictionary):
+        * API/JSValueRef.cpp:
+        (JSValueIsEqual):
+        (JSValueIsInstanceOfConstructor):
+        (JSValueCreateJSONString):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        * inspector/ConsoleMessage.cpp:
+        (Inspector::ConsoleMessage::ConsoleMessage):
+        (Inspector::ConsoleMessage::autogenerateMetadata):
+        * inspector/ConsoleMessage.h:
+        * inspector/JSGlobalObjectInspectorController.cpp:
+        (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
+        * inspector/JSGlobalObjectInspectorController.h:
+        * inspector/ScriptCallStack.cpp:
+        * inspector/ScriptCallStack.h:
+        * inspector/ScriptCallStackFactory.cpp:
+        (Inspector::createScriptCallStack):
+        (Inspector::createScriptCallStackForConsole):
+        (Inspector::createScriptCallStackFromException):
+        * inspector/ScriptCallStackFactory.h:
+        * inspector/agents/InspectorConsoleAgent.cpp:
+        (Inspector::InspectorConsoleAgent::enable):
+        (Inspector::InspectorConsoleAgent::addMessageToConsole):
+        (Inspector::InspectorConsoleAgent::count):
+        * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
+        (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
+
 2014-02-22  Joseph Pecoraro  <pecoraro@apple.com>
 

trunk/Source/JavaScriptCore/inspector/ConsoleMessage.cpp

@@ -46 +46 @@
 namespace Inspector {
 
-ConsoleMessage::ConsoleMessage(MessageSource source, MessageType type, MessageLevel level, const String& message, unsigned long requestIdentifier)
+ConsoleMessage::ConsoleMessage(bool canGenerateCallStack, MessageSource source, MessageType type, MessageLevel level, const String& message, unsigned long requestIdentifier)
     : m_source(source)
     , m_type(type)
@@ -57 +57 @@
     , m_requestId(IdentifiersFactory::requestId(requestIdentifier))
 {
-}
-
-ConsoleMessage::ConsoleMessage(MessageSource source, MessageType type, MessageLevel level, const String& message, const String& url, unsigned line, unsigned column, JSC::ExecState* state, unsigned long requestIdentifier)
+    autogenerateMetadata(canGenerateCallStack);
+}
+
+ConsoleMessage::ConsoleMessage(bool canGenerateCallStack, MessageSource source, MessageType type, MessageLevel level, const String& message, const String& url, unsigned line, unsigned column, JSC::ExecState* state, unsigned long requestIdentifier)
     : m_source(source)
     , m_type(type)
@@ -70 +71 @@
     , m_requestId(IdentifiersFactory::requestId(requestIdentifier))
 {
-    autogenerateMetadata(state);
-}
-
-ConsoleMessage::ConsoleMessage(MessageSource source, MessageType type, MessageLevel level, const String& message, PassRefPtr<ScriptCallStack> callStack, unsigned long requestIdentifier)
-    : m_source(source)
-    , m_type(type)
-    , m_level(level)
-    , m_message(message)
-    , m_url()
+    autogenerateMetadata(canGenerateCallStack, state);
+}
+
+ConsoleMessage::ConsoleMessage(bool, MessageSource source, MessageType type, MessageLevel level, const String& message, PassRefPtr<ScriptCallStack> callStack, unsigned long requestIdentifier)
+    : m_source(source)
+    , m_type(type)
+    , m_level(level)
+    , m_message(message)
+    , m_arguments(nullptr)
     , m_line(0)
     , m_column(0)
@@ -84 +85 @@
     , m_requestId(IdentifiersFactory::requestId(requestIdentifier))
 {
+    if (callStack && callStack->size()) {
+        const ScriptCallFrame& frame = callStack->at(0);
+        m_url = frame.sourceURL();
+        m_line = frame.lineNumber();
+        m_column = frame.columnNumber();
+    }
     m_callStack = callStack;
-
-    const ScriptCallFrame* frame = m_callStack ? m_callStack->firstNonNativeCallFrame() : nullptr;
-    if (frame) {
-        m_url = frame->sourceURL();
-        m_line = frame->lineNumber();
-        m_column = frame->columnNumber();
-    }
-}
-
-ConsoleMessage::ConsoleMessage(MessageSource source, MessageType type, MessageLevel level, const String& message, PassRefPtr<ScriptArguments> arguments, JSC::ExecState* state, unsigned long requestIdentifier)
+}
+
+ConsoleMessage::ConsoleMessage(bool canGenerateCallStack, MessageSource source, MessageType type, MessageLevel level, const String& message, PassRefPtr<ScriptArguments> arguments, JSC::ExecState* state, unsigned long requestIdentifier)
     : m_source(source)
     , m_type(type)
@@ -106 +106 @@
     , m_requestId(IdentifiersFactory::requestId(requestIdentifier))
 {
-    autogenerateMetadata(state);
+    autogenerateMetadata(canGenerateCallStack, state);
 }
 
@@ -113 +113 @@
 }
 
-void ConsoleMessage::autogenerateMetadata(JSC::ExecState* state)
-{
-    if (!state)
-        return;
-
+// FIXME: Remove the generate without ExecState path. The caller should always provide an ExecState.
+void ConsoleMessage::autogenerateMetadata(bool /*canGenerateCallStack*/, JSC::ExecState* state)
+{
     if (m_type == MessageType::EndGroup)
         return;
 
-    // FIXME: Should this really be using "for console" in the generic ConsoleMessage autogeneration? This can skip the first frame.
-    m_callStack = createScriptCallStackForConsole(state, ScriptCallStack::maxCallStackSizeToCapture);
-
-    if (const ScriptCallFrame* frame = m_callStack->firstNonNativeCallFrame()) {
-        m_url = frame->sourceURL();
-        m_line = frame->lineNumber();
-        m_column = frame->columnNumber();
+    if (state)
+        m_callStack = createScriptCallStackForConsole(state);
+    // else if (canGenerateCallStack)
+    //     m_callStack = createScriptCallStack(ScriptCallStack::maxCallStackSizeToCapture, true);
+    else
         return;
-    }
+
+    if (m_callStack && m_callStack->size()) {
+        const ScriptCallFrame& frame = m_callStack->at(0);
+        m_url = frame.sourceURL();
+        m_line = frame.lineNumber();
+        m_column = frame.columnNumber();
+        return;
+    }
+
+    m_callStack.clear();
 }
 

trunk/Source/JavaScriptCore/inspector/ConsoleMessage.h

@@ -52 +52 @@
     WTF_MAKE_FAST_ALLOCATED;
 public:
-    ConsoleMessage(MessageSource, MessageType, MessageLevel, const String& message, unsigned long requestIdentifier = 0);
-    ConsoleMessage(MessageSource, MessageType, MessageLevel, const String& message, const String& url, unsigned line, unsigned column, JSC::ExecState* = nullptr, unsigned long requestIdentifier = 0);
-    ConsoleMessage(MessageSource, MessageType, MessageLevel, const String& message, PassRefPtr<ScriptCallStack>, unsigned long requestIdentifier = 0);
-    ConsoleMessage(MessageSource, MessageType, MessageLevel, const String& message, PassRefPtr<ScriptArguments>, JSC::ExecState*, unsigned long requestIdentifier = 0);
+    ConsoleMessage(bool canGenerateCallStack, MessageSource, MessageType, MessageLevel, const String& message, unsigned long requestIdentifier = 0);
+    ConsoleMessage(bool canGenerateCallStack, MessageSource, MessageType, MessageLevel, const String& message, const String& url, unsigned line, unsigned column, JSC::ExecState* = nullptr, unsigned long requestIdentifier = 0);
+    ConsoleMessage(bool canGenerateCallStack, MessageSource, MessageType, MessageLevel, const String& message, PassRefPtr<ScriptCallStack>, unsigned long requestIdentifier = 0);
+    ConsoleMessage(bool canGenerateCallStack, MessageSource, MessageType, MessageLevel, const String& message, PassRefPtr<ScriptArguments>, JSC::ExecState*, unsigned long requestIdentifier = 0);
     ~ConsoleMessage();
 
@@ -75 +75 @@
 
 private:
-    void autogenerateMetadata(JSC::ExecState* = nullptr);
+    void autogenerateMetadata(bool canGenerateCallStack, JSC::ExecState* = nullptr);
 
     MessageSource m_source;

trunk/Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp

@@ -30 +30 @@
 
 #include "Completion.h"
-#include "ErrorHandlingScope.h"
 #include "InjectedScriptHost.h"
 #include "InjectedScriptManager.h"
@@ -40 +39 @@
 #include "JSGlobalObjectDebuggerAgent.h"
 #include "JSGlobalObjectRuntimeAgent.h"
-#include "ScriptCallStack.h"
-#include "ScriptCallStackFactory.h"
-#include <cxxabi.h>
-#include <dlfcn.h>
-#include <execinfo.h>
 
 using namespace JSC;
@@ -58 +52 @@
     auto consoleAgent = std::make_unique<JSGlobalObjectConsoleAgent>(m_injectedScriptManager.get());
     auto debuggerAgent = std::make_unique<JSGlobalObjectDebuggerAgent>(m_injectedScriptManager.get(), m_globalObject, consoleAgent.get());
-
-    m_consoleAgent = consoleAgent.get();
 
     runtimeAgent->setScriptDebugServer(&debuggerAgent->scriptDebugServer());
@@ -110 +102 @@
 }
 
-void JSGlobalObjectInspectorController::appendAPIBacktrace(ScriptCallStack* callStack)
-{
-    static const int framesToShow = 31;
-    static const int framesToSkip = 3; // WTFGetBacktrace, appendAPIBacktrace, reportAPIException.
-
-    void* samples[framesToShow + framesToSkip];
-    int frames = framesToShow + framesToSkip;
-    WTFGetBacktrace(samples, &frames);
-
-    void** stack = samples + framesToSkip;
-    int size = frames - framesToSkip;
-    for (int i = 0; i < size; ++i) {
-        const char* mangledName = nullptr;
-        char* cxaDemangled = nullptr;
-        Dl_info info;
-        if (dladdr(stack[i], &info) && info.dli_sname)
-            mangledName = info.dli_sname;
-        if (mangledName)
-            cxaDemangled = abi::__cxa_demangle(mangledName, nullptr, nullptr, nullptr);
-        if (mangledName || cxaDemangled)
-            callStack->append(ScriptCallFrame(cxaDemangled ? cxaDemangled : mangledName, ASCIILiteral("[native code]"), 0, 0));
-        else
-            callStack->append(ScriptCallFrame(ASCIILiteral("?"), ASCIILiteral("[native code]"), 0, 0));
-        free(cxaDemangled);
-    }
-}
-
-void JSGlobalObjectInspectorController::reportAPIException(ExecState* exec, JSValue exception)
-{
-    if (isTerminatedExecutionException(exception))
-        return;
-
-    ErrorHandlingScope errorScope(exec->vm());
-
-    RefPtr<ScriptCallStack> callStack = createScriptCallStackFromException(exec, exception, ScriptCallStack::maxCallStackSizeToCapture);
-    appendAPIBacktrace(callStack.get());
-
-    // FIXME: <http://webkit.org/b/115087> Web Inspector: Should not evaluate JavaScript handling exceptions
-    // If this is a custom exception object, call toString on it to try and get a nice string representation for the exception.
-    String errorMessage = exception.toString(exec)->value(exec);
-    exec->clearException();
-
-    m_consoleAgent->addMessageToConsole(MessageSource::JS, MessageType::Log, MessageLevel::Error, errorMessage, callStack);
-}
-
 InspectorFunctionCallHandler JSGlobalObjectInspectorController::functionCallHandler() const
 {

trunk/Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.h

@@ -38 +38 @@
 class ExecState;
 class JSGlobalObject;
-class JSValue;
 }
 
@@ -45 +44 @@
 class InjectedScriptManager;
 class InspectorBackendDispatcher;
-class InspectorConsoleAgent;
 class InspectorFrontendChannel;
-class ScriptCallStack;
 
 class JSGlobalObjectInspectorController final : public InspectorEnvironment {
@@ -62 +59 @@
     void globalObjectDestroyed();
 
-    void reportAPIException(JSC::ExecState*, JSC::JSValue exception);
-
     virtual bool developerExtrasEnabled() const override { return true; }
     virtual bool canAccessInspectedScriptState(JSC::ExecState*) const override { return true; }
@@ -72 +67 @@
 
 private:
-    void appendAPIBacktrace(ScriptCallStack* callStack);
-
     JSC::JSGlobalObject& m_globalObject;
     std::unique_ptr<InjectedScriptManager> m_injectedScriptManager;
-    InspectorConsoleAgent* m_consoleAgent;
     InspectorAgentRegistry m_agents;
     InspectorFrontendChannel* m_inspectorFrontendChannel;

trunk/Source/JavaScriptCore/inspector/ScriptCallStack.cpp

@@ -37 +37 @@
 namespace Inspector {
 
-PassRefPtr<ScriptCallStack> ScriptCallStack::create()
-{
-    return adoptRef(new ScriptCallStack);
-}
-
 PassRefPtr<ScriptCallStack> ScriptCallStack::create(Vector<ScriptCallFrame>& frames)
 {
     return adoptRef(new ScriptCallStack(frames));
-}
-
-ScriptCallStack::ScriptCallStack()
-{
 }
 
@@ -69 +60 @@
 {
     return m_frames.size();
-}
-
-const ScriptCallFrame* ScriptCallStack::firstNonNativeCallFrame() const
-{
-    if (!m_frames.size())
-        return nullptr;
-
-    for (size_t i = 0; i < m_frames.size(); ++i) {
-        const ScriptCallFrame& frame = m_frames[i];
-        if (frame.sourceURL() != "[native code]")
-            return &frame;
-    }
-
-    return nullptr;
-}
-
-void ScriptCallStack::append(const ScriptCallFrame& frame)
-{
-    m_frames.append(frame);
 }
 

trunk/Source/JavaScriptCore/inspector/ScriptCallStack.h

@@ -48 +48 @@
     static const size_t maxCallStackSizeToCapture = 200;
     
-    static PassRefPtr<ScriptCallStack> create();
     static PassRefPtr<ScriptCallStack> create(Vector<ScriptCallFrame>&);
 
@@ -55 +54 @@
     const ScriptCallFrame& at(size_t) const;
     size_t size() const;
-
-    const ScriptCallFrame* firstNonNativeCallFrame() const;
-
-    void append(const ScriptCallFrame&);
 
     bool isEqual(ScriptCallStack*) const;
@@ -67 +62 @@
 
 private:
-    ScriptCallStack();
     ScriptCallStack(Vector<ScriptCallFrame>&);
 

trunk/Source/JavaScriptCore/inspector/ScriptCallStackFactory.cpp

@@ -84 +84 @@
 };
 
-PassRefPtr<ScriptCallStack> createScriptCallStack(JSC::ExecState* exec, size_t maxStackSize)
+PassRefPtr<ScriptCallStack> createScriptCallStack(JSC::ExecState* exec, size_t maxStackSize, bool emptyIsAllowed)
 {
-    if (!exec)
-        return ScriptCallStack::create();
-
     Vector<ScriptCallFrame> frames;
 
-    CallFrame* frame = exec->vm().topCallFrame;
-    CreateScriptCallStackFunctor functor(false, frames, maxStackSize);
-    frame->iterate(functor);
+    if (exec) {
+        CallFrame* frame = exec->vm().topCallFrame;
+        CreateScriptCallStackFunctor functor(false, frames, maxStackSize);
+        frame->iterate(functor);
+    }
+
+    if (frames.isEmpty() && !emptyIsAllowed) {
+        // No frames found. It may happen in the case where
+        // a bound function is called from native code for example.
+        // Fallback to setting lineNumber to 0, and source and function name to "undefined".
+        frames.append(ScriptCallFrame(ASCIILiteral("undefined"), ASCIILiteral("undefined"), 0, 0));
+    }
 
     return ScriptCallStack::create(frames);
 }
 
-PassRefPtr<ScriptCallStack> createScriptCallStackForConsole(JSC::ExecState* exec, size_t maxStackSize)
+PassRefPtr<ScriptCallStack> createScriptCallStack(JSC::ExecState* exec, size_t maxStackSize)
 {
-    if (!exec)
-        return ScriptCallStack::create();
-
     Vector<ScriptCallFrame> frames;
 
@@ -117 +120 @@
 }
 
-static void extractSourceInformationFromException(JSC::ExecState* exec, JSObject* exceptionObject, int* lineNumber, int* columnNumber, String* sourceURL)
+PassRefPtr<ScriptCallStack> createScriptCallStackForConsole(JSC::ExecState* exec)
 {
-    // FIXME: <http://webkit.org/b/115087> Web Inspector: Should not need to evaluate JavaScript handling exceptions
-    JSValue lineValue = exceptionObject->getDirect(exec->vm(), Identifier(exec, "line"));
-    *lineNumber = lineValue && lineValue.isNumber() ? int(lineValue.toNumber(exec)) : 0;
-    JSValue columnValue = exceptionObject->getDirect(exec->vm(), Identifier(exec, "column"));
-    *columnNumber = columnValue && columnValue.isNumber() ? int(columnValue.toNumber(exec)) : 0;
-    JSValue sourceURLValue = exceptionObject->getDirect(exec->vm(), Identifier(exec, "sourceURL"));
-    *sourceURL = sourceURLValue && sourceURLValue.isString() ? sourceURLValue.toString(exec)->value(exec) : String("undefined");
-    exec->clearException();
+    // FIXME: Caller should use createScriptCallStack alternative with the exec and appropriate max.
+    return createScriptCallStack(exec, ScriptCallStack::maxCallStackSizeToCapture);
 }
 
@@ -134 +131 @@
     RefCountedArray<StackFrame> stackTrace = exec->vm().exceptionStack();
     for (size_t i = 0; i < stackTrace.size() && i < maxStackSize; i++) {
+        if (!stackTrace[i].callee && frames.size())
+            break;
+
         unsigned line;
         unsigned column;
         stackTrace[i].computeLineAndColumn(line, column);
         String functionName = stackTrace[i].friendlyFunctionName(exec);
-        frames.append(ScriptCallFrame(functionName, stackTrace[i].friendlySourceURL(), line, column));
+        frames.append(ScriptCallFrame(functionName, stackTrace[i].sourceURL, line, column));
     }
 
-    // Fallback to getting at least the line and sourceURL from the exception object if it has values and the exceptionStack doesn't.
-    JSObject* exceptionObject = exception.toObject(exec);
-    if (exception.isObject()) {
-        int lineNumber;
-        int columnNumber;
-        String exceptionSourceURL;
-        if (!frames.size()) {
-            extractSourceInformationFromException(exec, exceptionObject, &lineNumber, &columnNumber, &exceptionSourceURL);
-            frames.append(ScriptCallFrame(String(), exceptionSourceURL, lineNumber, columnNumber));
-        } else {
-            if (stackTrace[0].sourceURL.isEmpty()) {
-                const ScriptCallFrame& firstCallFrame = frames.first();
-                extractSourceInformationFromException(exec, exceptionObject, &lineNumber, &columnNumber, &exceptionSourceURL);
-                frames[0] = ScriptCallFrame(firstCallFrame.functionName(), exceptionSourceURL, lineNumber, columnNumber);
-            }
+    // FIXME: <http://webkit.org/b/115087> Web Inspector: WebCore::reportException should not evaluate JavaScript handling exceptions
+    // Fallback to getting at least the line and sourceURL from the exception if it has values and the exceptionStack doesn't.
+    if (frames.size() > 0) {
+        const ScriptCallFrame& firstCallFrame = frames.first();
+        JSObject* exceptionObject = exception.toObject(exec);
+        if (exception.isObject() && firstCallFrame.sourceURL().isEmpty()) {
+            JSValue lineValue = exceptionObject->getDirect(exec->vm(), Identifier(exec, "line"));
+            int lineNumber = lineValue && lineValue.isNumber() ? int(lineValue.toNumber(exec)) : 0;
+            JSValue columnValue = exceptionObject->getDirect(exec->vm(), Identifier(exec, "column"));
+            int columnNumber = columnValue && columnValue.isNumber() ? int(columnValue.toNumber(exec)) : 0;
+            JSValue sourceURLValue = exceptionObject->getDirect(exec->vm(), Identifier(exec, "sourceURL"));
+            String exceptionSourceURL = sourceURLValue && sourceURLValue.isString() ? sourceURLValue.toString(exec)->value(exec) : ASCIILiteral("undefined");
+            frames[0] = ScriptCallFrame(firstCallFrame.functionName(), exceptionSourceURL, lineNumber, columnNumber);
         }
     }

trunk/Source/JavaScriptCore/inspector/ScriptCallStackFactory.h

@@ -46 +46 @@
 
 // FIXME: The subtle differences between these should be eliminated.
+JS_EXPORT_PRIVATE PassRefPtr<ScriptCallStack> createScriptCallStack(JSC::ExecState*, size_t maxStackSize, bool emptyIsAllowed);
 JS_EXPORT_PRIVATE PassRefPtr<ScriptCallStack> createScriptCallStack(JSC::ExecState*, size_t maxStackSize);
-JS_EXPORT_PRIVATE PassRefPtr<ScriptCallStack> createScriptCallStackForConsole(JSC::ExecState*, size_t maxStackSize);
+JS_EXPORT_PRIVATE PassRefPtr<ScriptCallStack> createScriptCallStackForConsole(JSC::ExecState*);
 JS_EXPORT_PRIVATE PassRefPtr<ScriptCallStack> createScriptCallStackFromException(JSC::ExecState*, JSC::JSValue& exception, size_t maxStackSize);
 JS_EXPORT_PRIVATE PassRefPtr<ScriptArguments> createScriptArguments(JSC::ExecState*, unsigned skipArgumentCount);

trunk/Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp

@@ -81 +81 @@
 
     if (m_expiredConsoleMessageCount) {
-        ConsoleMessage expiredMessage(MessageSource::Other, MessageType::Log, MessageLevel::Warning, String::format("%d console messages are not shown.", m_expiredConsoleMessageCount));
+        ConsoleMessage expiredMessage(!isWorkerAgent(), MessageSource::Other, MessageType::Log, MessageLevel::Warning, String::format("%d console messages are not shown.", m_expiredConsoleMessageCount));
         expiredMessage.addToFrontend(m_frontendDispatcher.get(), m_injectedScriptManager, false);
     }
@@ -129 +129 @@
     }
 
-    addConsoleMessage(std::make_unique<ConsoleMessage>(source, type, level, message, callStack, requestIdentifier));
+    addConsoleMessage(std::make_unique<ConsoleMessage>(!isWorkerAgent(), source, type, level, message, callStack, requestIdentifier));
 }
 
@@ -142 +142 @@
     }
 
-    addConsoleMessage(std::make_unique<ConsoleMessage>(source, type, level, message, arguments, state, requestIdentifier));
+    addConsoleMessage(std::make_unique<ConsoleMessage>(!isWorkerAgent(), source, type, level, message, arguments, state, requestIdentifier));
 }
 
@@ -155 +155 @@
     }
 
-    addConsoleMessage(std::make_unique<ConsoleMessage>(source, type, level, message, scriptID, lineNumber, columnNumber, state, requestIdentifier));
+    bool canGenerateCallStack = !isWorkerAgent() && m_frontendDispatcher;
+    addConsoleMessage(std::make_unique<ConsoleMessage>(canGenerateCallStack, source, type, level, message, scriptID, lineNumber, columnNumber, state, requestIdentifier));
 }
 
@@ -197 +198 @@
 void InspectorConsoleAgent::count(JSC::ExecState* state, PassRefPtr<ScriptArguments> arguments)
 {
-    RefPtr<ScriptCallStack> callStack(createScriptCallStackForConsole(state, ScriptCallStack::maxCallStackSizeToCapture));
+    RefPtr<ScriptCallStack> callStack(createScriptCallStackForConsole(state));
     const ScriptCallFrame& lastCaller = callStack->at(0);
     // Follow Firebug's behavior of counting with null and undefined title in

trunk/Source/JavaScriptCore/inspector/agents/JSGlobalObjectDebuggerAgent.cpp

@@ -70 +70 @@
 void JSGlobalObjectDebuggerAgent::breakpointActionLog(JSC::ExecState* exec, const String& message)
 {
-    m_consoleAgent->addMessageToConsole(MessageSource::JS, MessageType::Log, MessageLevel::Log, message, createScriptCallStack(exec, ScriptCallStack::maxCallStackSizeToCapture), 0);
+    m_consoleAgent->addMessageToConsole(MessageSource::JS, MessageType::Log, MessageLevel::Log, message, createScriptCallStack(exec, ScriptCallStack::maxCallStackSizeToCapture, true), 0);
 }
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2014-02-22  Dan Bernstein  <mitz@apple.com>
+
+        REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com
+        https://bugs.webkit.org/show_bug.cgi?id=129227
+
+        Reviewed by Eric Carlson.
+
+        Reverted r164507.
+
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::reportException):
+        * inspector/InspectorResourceAgent.cpp:
+        (WebCore::InspectorResourceAgent::buildInitiatorObject):
+        * inspector/PageDebuggerAgent.cpp:
+        (WebCore::PageDebuggerAgent::breakpointActionLog):
+        * inspector/TimelineRecordFactory.cpp:
+        (WebCore::TimelineRecordFactory::createGenericRecord):
+        * page/Console.cpp:
+        (WebCore::internalAddMessage):
+        (WebCore::Console::profile):
+        (WebCore::Console::profileEnd):
+        (WebCore::Console::timeEnd):
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::gatherSecurityPolicyViolationEventData):
+        (WebCore::ContentSecurityPolicy::reportViolation):
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::postMessage):
+
 2014-02-22  Joseph Pecoraro  <pecoraro@apple.com>
 

trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp

@@ -172 +172 @@
     int columnNumber = 0;
     String exceptionSourceURL;
-    if (const ScriptCallFrame* callFrame = callStack->firstNonNativeCallFrame()) {
-        lineNumber = callFrame->lineNumber();
-        columnNumber = callFrame->columnNumber();
-        exceptionSourceURL = callFrame->sourceURL();
+    if (callStack->size()) {
+        const ScriptCallFrame& frame = callStack->at(0);
+        lineNumber = frame.lineNumber();
+        columnNumber = frame.columnNumber();
+        exceptionSourceURL = frame.sourceURL();
+    } else {
+        // There may not be an exceptionStack for a <script> SyntaxError. Fallback to getting at least the line and sourceURL from the exception.
+        JSObject* exceptionObject = exception.toObject(exec);
+        JSValue lineValue = exceptionObject->getDirect(exec->vm(), Identifier(exec, "line"));
+        lineNumber = lineValue && lineValue.isNumber() ? int(lineValue.toNumber(exec)) : 0;
+        JSValue columnValue = exceptionObject->getDirect(exec->vm(), Identifier(exec, "column"));
+        columnNumber = columnValue && columnValue.isNumber() ? int(columnValue.toNumber(exec)) : 0;
+        JSValue sourceURLValue = exceptionObject->getDirect(exec->vm(), Identifier(exec, "sourceURL"));
+        exceptionSourceURL = sourceURLValue && sourceURLValue.isString() ? sourceURLValue.toString(exec)->value(exec) : ASCIILiteral("undefined");
     }
 

trunk/Source/WebCore/inspector/InspectorResourceAgent.cpp

@@ -440 +440 @@
 PassRefPtr<Inspector::TypeBuilder::Network::Initiator> InspectorResourceAgent::buildInitiatorObject(Document* document)
 {
-    RefPtr<ScriptCallStack> stackTrace = createScriptCallStack(JSMainThreadExecState::currentState(), ScriptCallStack::maxCallStackSizeToCapture);
+    RefPtr<ScriptCallStack> stackTrace = createScriptCallStack(JSMainThreadExecState::currentState(), ScriptCallStack::maxCallStackSizeToCapture, true);
     if (stackTrace && stackTrace->size() > 0) {
         RefPtr<Inspector::TypeBuilder::Network::Initiator> initiatorObject = Inspector::TypeBuilder::Network::Initiator::create()

trunk/Source/WebCore/inspector/PageDebuggerAgent.cpp

@@ -118 +118 @@
 void PageDebuggerAgent::breakpointActionLog(JSC::ExecState* exec, const String& message)
 {
-    m_pageAgent->page()->console().addMessage(MessageSource::JS, MessageLevel::Log, message, createScriptCallStack(exec, ScriptCallStack::maxCallStackSizeToCapture));
+    m_pageAgent->page()->console().addMessage(MessageSource::JS, MessageLevel::Log, message, createScriptCallStack(exec, ScriptCallStack::maxCallStackSizeToCapture, true));
 }
 

trunk/Source/WebCore/inspector/TimelineRecordFactory.cpp

@@ -58 +58 @@
 
     if (maxCallStackDepth) {
-        RefPtr<ScriptCallStack> stackTrace = createScriptCallStack(JSMainThreadExecState::currentState(), maxCallStackDepth);
+        RefPtr<ScriptCallStack> stackTrace = createScriptCallStack(JSMainThreadExecState::currentState(), maxCallStackDepth, true);
         if (stackTrace && stackTrace->size())
             record->setValue("stackTrace", stackTrace->buildInspectorArray());

trunk/Source/WebCore/page/Console.cpp

@@ -78 +78 @@
 
     size_t stackSize = printTrace ? ScriptCallStack::maxCallStackSizeToCapture : 1;
-    RefPtr<ScriptCallStack> callStack(createScriptCallStackForConsole(state, stackSize));
+    RefPtr<ScriptCallStack> callStack(createScriptCallStack(state, stackSize));
     const ScriptCallFrame& lastCaller = callStack->at(0);
 
@@ -204 +204 @@
     ScriptProfiler::start(state, resolvedTitle);
 
-    RefPtr<ScriptCallStack> callStack(createScriptCallStackForConsole(state, 1));
+    RefPtr<ScriptCallStack> callStack(createScriptCallStack(state, 1));
     const ScriptCallFrame& lastCaller = callStack->at(0);
     InspectorInstrumentation::addStartProfilingMessageToConsole(page, resolvedTitle, lastCaller.lineNumber(), lastCaller.columnNumber(), lastCaller.sourceURL());
@@ -223 +223 @@
 
     m_profiles.append(profile);
-    RefPtr<ScriptCallStack> callStack(createScriptCallStackForConsole(state, 1));
+    RefPtr<ScriptCallStack> callStack(createScriptCallStack(state, 1));
     InspectorInstrumentation::addProfile(page, profile, callStack);
 }
@@ -234 +234 @@
 void Console::timeEnd(JSC::ExecState* state, const String& title)
 {
-    RefPtr<ScriptCallStack> callStack(createScriptCallStackForConsole(state, 1));
+    RefPtr<ScriptCallStack> callStack(createScriptCallStackForConsole(state));
     InspectorInstrumentation::stopConsoleTiming(m_frame, title, callStack.release());
 }

trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

@@ -170 +170 @@
     ASSERT_NOT_REACHED();
     return FeatureObserver::NumberOfFeatures;
+}
+
+const ScriptCallFrame& getFirstNonNativeFrame(PassRefPtr<ScriptCallStack> stack)
+{
+    int frameNumber = 0;
+    if (!stack->at(0).lineNumber() && stack->size() > 1 && stack->at(1).lineNumber())
+        frameNumber = 1;
+
+    return stack->at(frameNumber);
 }
 
@@ -1719 +1728 @@
     init.lineNumber = 0;
 
-    RefPtr<ScriptCallStack> stack = createScriptCallStack(JSMainThreadExecState::currentState(), 2);
-    const ScriptCallFrame* callFrame = stack->firstNonNativeCallFrame();
-    if (callFrame && callFrame->lineNumber()) {
-        URL source = URL(URL(), callFrame->sourceURL());
+    RefPtr<ScriptCallStack> stack = createScriptCallStack(JSMainThreadExecState::currentState(), 2, false);
+    if (!stack)
+        return;
+
+    const ScriptCallFrame& callFrame = getFirstNonNativeFrame(stack);
+
+    if (callFrame.lineNumber()) {
+        URL source = URL(ParsedURLString, callFrame.sourceURL());
         init.sourceFile = stripURLForUseInReport(document, source);
-        init.lineNumber = callFrame->lineNumber();
+        init.lineNumber = callFrame.lineNumber();
     }
 }
@@ -1765 +1778 @@
 
     RefPtr<InspectorObject> cspReport = InspectorObject::create();
-    cspReport->setString(ASCIILiteral("document-uri"), document->url().strippedForUseAsReferrer());
-    cspReport->setString(ASCIILiteral("referrer"), document->referrer());
-    cspReport->setString(ASCIILiteral("violated-directive"), directiveText);
+    cspReport->setString("document-uri", document->url().strippedForUseAsReferrer());
+    cspReport->setString("referrer", document->referrer());
+    cspReport->setString("violated-directive", directiveText);
 #if ENABLE(CSP_NEXT)
     if (experimentalFeaturesEnabled())
-        cspReport->setString(ASCIILiteral("effective-directive"), effectiveDirective);
+        cspReport->setString("effective-directive", effectiveDirective);
 #else
     UNUSED_PARAM(effectiveDirective);
 #endif
-    cspReport->setString(ASCIILiteral("original-policy"), header);
-    cspReport->setString(ASCIILiteral("blocked-uri"), stripURLForUseInReport(document, blockedURL));
-
-    RefPtr<ScriptCallStack> stack = createScriptCallStack(JSMainThreadExecState::currentState(), 2);
-    const ScriptCallFrame* callFrame = stack->firstNonNativeCallFrame();
-    if (callFrame && callFrame->lineNumber()) {
-        URL source = URL(URL(), callFrame->sourceURL());
-        cspReport->setString(ASCIILiteral("source-file"), stripURLForUseInReport(document, source));
-        cspReport->setNumber(ASCIILiteral("line-number"), callFrame->lineNumber());
+    cspReport->setString("original-policy", header);
+    cspReport->setString("blocked-uri", stripURLForUseInReport(document, blockedURL));
+
+    RefPtr<ScriptCallStack> stack = createScriptCallStack(JSMainThreadExecState::currentState(), 2, false);
+    if (stack) {
+        const ScriptCallFrame& callFrame = getFirstNonNativeFrame(stack);
+
+        if (callFrame.lineNumber()) {
+            URL source = URL(ParsedURLString, callFrame.sourceURL());
+            cspReport->setString("source-file", stripURLForUseInReport(document, source));
+            cspReport->setNumber("line-number", callFrame.lineNumber());
+        }
     }
 
     RefPtr<InspectorObject> reportObject = InspectorObject::create();
-    reportObject->setObject(ASCIILiteral("csp-report"), cspReport.release());
+    reportObject->setObject("csp-report", cspReport.release());
 
     RefPtr<FormData> report = FormData::create(reportObject->toJSONString().utf8());

trunk/Source/WebCore/page/DOMWindow.cpp

@@ -847 +847 @@
     RefPtr<ScriptCallStack> stackTrace;
     if (InspectorInstrumentation::consoleAgentEnabled(sourceDocument))
-        stackTrace = createScriptCallStack(JSMainThreadExecState::currentState(), ScriptCallStack::maxCallStackSizeToCapture);
+        stackTrace = createScriptCallStack(JSMainThreadExecState::currentState(), ScriptCallStack::maxCallStackSizeToCapture, true);
 
     // Schedule the message.

trunk/Source/WebInspectorUI/ChangeLog

@@ +1 @@
+2014-02-22  Dan Bernstein  <mitz@apple.com>
+
+        REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com
+        https://bugs.webkit.org/show_bug.cgi?id=129227
+
+        Reviewed by Eric Carlson.
+
+        Reverted r164507.
+
+        * UserInterface/Views/ConsoleMessageImpl.js:
+        (WebInspector.ConsoleMessageImpl.prototype._formatMessage):
+        (WebInspector.ConsoleMessageImpl.prototype._populateStackTraceTreeElement):
+
 2014-02-21  Timothy Hatcher  <timothy@apple.com>
 

trunk/Source/WebInspectorUI/UserInterface/Views/ConsoleMessageImpl.js

@@ -110 +110 @@
 
         if (this.source !== WebInspector.ConsoleMessage.MessageSource.Network || this._request) {
-            var firstNonNativeCallFrame = this._firstNonNativeCallFrame();
-            if (firstNonNativeCallFrame) {
-                var urlElement = this._linkifyCallFrame(firstNonNativeCallFrame);
+            if (this._stackTrace && this._stackTrace.length && this._stackTrace[0].url) {
+                var urlElement = this._linkifyCallFrame(this._stackTrace[0]);
                 this._formattedMessage.appendChild(urlElement);
-            } else if (this.url && !this._shouldHideURL(this.url)) {
+            } else if (this.url && this.url !== "undefined") {
                 var urlElement = this._linkifyLocation(this.url, this.line, this.column);
                 this._formattedMessage.appendChild(urlElement);
@@ -145 +144 @@
     {
         return !!this._stackTrace && this._stackTrace.length && (this.source === WebInspector.ConsoleMessage.MessageSource.Network || this.level === WebInspector.ConsoleMessage.MessageLevel.Error || this.type === WebInspector.ConsoleMessage.MessageType.Trace);
-    },
-
-    _shouldHideURL: function(url)
-    {
-        return url === "undefined" || url === "[native code]";
-    },
-
-    _firstNonNativeCallFrame: function()
-    {
-        if (!this._stackTrace)
-            return null;
-
-        for (var i = 0; i < this._stackTrace.length; i++) {
-            var frame = this._stackTrace[i];
-            if (!frame.url || frame.url === "[native code]")
-                continue;
-            return frame;
-        }
-
-        return null;
     },
 
@@ -548 +527 @@
             content.appendChild(messageTextElement);
 
-            if (frame.url && !this._shouldHideURL(frame.url)) {
+            if (frame.url) {
                 var urlElement = this._linkifyCallFrame(frame);
                 content.appendChild(urlElement);