Changeset 182034 in webkit

Timestamp:

Mar 26, 2015, 4:12:39 PM (10 years ago)

Author:

ggaren@apple.com

Message:

Assertion firing in JavaScriptCore/parser/parser.h for statesman.com site
​https://bugs.webkit.org/show_bug.cgi?id=142974

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

This patch does two things:

(1) Restore JavaScriptCore's sanitization of line and column numbers to
one-based values.

We need this because WebCore sometimes provides huge negative column
numbers.

(2) Solve the attribute event listener line numbering problem a different
way: Rather than offseting all line numbers by -1 in an attribute event
listener in order to arrange for a custom result, instead use an explicit
feature for saying "all errors in this code should map to this line number".

• bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedFunctionExecutable::link):
(JSC::UnlinkedFunctionExecutable::fromGlobalCode):

• bytecode/UnlinkedCodeBlock.h:
• interpreter/Interpreter.cpp:

(JSC::StackFrame::computeLineAndColumn):
(JSC::GetStackTraceFunctor::operator()):

• interpreter/Interpreter.h:
• interpreter/StackVisitor.cpp:

(JSC::StackVisitor::Frame::computeLineAndColumn):

• parser/ParserError.h:

(JSC::ParserError::toErrorObject): Plumb through an override line number.
When a function has an override line number, all syntax and runtime
errors in the function will map to it. This is useful for attribute event
listeners.

• parser/SourceCode.h:

(JSC::SourceCode::SourceCode): Restore the old sanitization of line and
column numbers to one-based integers. It was kind of a hack to remove this.

• runtime/Executable.cpp:

(JSC::ScriptExecutable::ScriptExecutable):
(JSC::FunctionExecutable::fromGlobalCode):

• runtime/Executable.h:

(JSC::ScriptExecutable::setOverrideLineNo):
(JSC::ScriptExecutable::hasOverrideLineNo):
(JSC::ScriptExecutable::overrideLineNo):

• runtime/FunctionConstructor.cpp:

(JSC::constructFunctionSkippingEvalEnabledCheck):

• runtime/FunctionConstructor.h: Plumb through an override line number.

Source/WebCore:

• bindings/js/JSLazyEventListener.cpp:

(WebCore::JSLazyEventListener::initializeJSFunction): Use the new override
line number API to guarantee that errors will map to the .html file locations
that we like.

• bindings/js/ScriptController.cpp:

(WebCore::ScriptController::eventHandlerPosition): Added a FIXME to cover
some cases where our line and column numbers are still nonsense.

LayoutTests:

No test covering this ASSERT because I couldn't design a way to reproduce
it after trying for a few hours. Simply loading the original ASSERTing
content from disk is not enough to reproduce this bug.

• fast/profiler/dead-time-expected.txt:
• fast/profiler/inline-event-handler-expected.txt:
• fast/profiler/stop-profiling-after-setTimeout-expected.txt: These are

progressions, where we used to get the line number wrong.

• fast/dom/attribute-event-listener-errors-expected.txt: Added.
• fast/dom/attribute-event-listener-errors.html: Added. This test covers

a subtle way in which the new mechanism for attribute event listener
line numbers is more accurate than the old one.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/dom/attribute-event-listener-errors-expected.txt (added)
• LayoutTests/fast/dom/attribute-event-listener-errors.html (added)
• LayoutTests/fast/profiler/dead-time-expected.txt (modified) (1 diff)
• LayoutTests/fast/profiler/inline-event-handler-expected.txt (modified) (1 diff)
• LayoutTests/fast/profiler/stop-profiling-after-setTimeout-expected.txt (modified) (1 diff)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp (modified) (3 diffs)
• Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h (modified) (1 diff)
• Source/JavaScriptCore/interpreter/Interpreter.cpp (modified) (3 diffs)
• Source/JavaScriptCore/interpreter/Interpreter.h (modified) (1 diff)
• Source/JavaScriptCore/interpreter/StackVisitor.cpp (modified) (1 diff)
• Source/JavaScriptCore/parser/ParserError.h (modified) (2 diffs)
• Source/JavaScriptCore/parser/SourceCode.h (modified) (2 diffs)
• Source/JavaScriptCore/runtime/Executable.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/Executable.h (modified) (3 diffs)
• Source/JavaScriptCore/runtime/FunctionConstructor.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/FunctionConstructor.h (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/js/JSLazyEventListener.cpp (modified) (3 diffs)
• Source/WebCore/bindings/js/ScriptController.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2015-03-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Assertion firing in JavaScriptCore/parser/parser.h for statesman.com site
+        https://bugs.webkit.org/show_bug.cgi?id=142974
+
+        Reviewed by Joseph Pecoraro.
+
+        No test covering this ASSERT because I couldn't design a way to reproduce
+        it after trying for a few hours. Simply loading the original ASSERTing
+        content from disk is not enough to reproduce this bug.
+
+        * fast/profiler/dead-time-expected.txt:
+        * fast/profiler/inline-event-handler-expected.txt:
+        * fast/profiler/stop-profiling-after-setTimeout-expected.txt: These are
+        progressions, where we used to get the line number wrong.
+
+        * fast/dom/attribute-event-listener-errors-expected.txt: Added.
+        * fast/dom/attribute-event-listener-errors.html: Added. This test covers
+        a subtle way in which the new mechanism for attribute event listener
+        line numbers is more accurate than the old one.
+
 2015-03-26  Brady Eidson  <beidson@apple.com>
 

trunk/LayoutTests/fast/profiler/dead-time-expected.txt

@@ -5 +5 @@
 Profile title: Dead time in profile.
 Thread_1 (no file) (line 0:0)
-   onload dead-time.html (line 20:52)
+   onload dead-time.html (line 21:52)
       startTest dead-time.html (line 13:1)
          setTimeout (no file) (line 0:0)

trunk/LayoutTests/fast/profiler/inline-event-handler-expected.txt

@@ -8 +8 @@
       getElementById (no file) (line 0:0)
       click (no file) (line 0:0)
-         onclick inline-event-handler.html (line 30:135)
+         onclick inline-event-handler.html (line 31:135)
             eventListener inline-event-handler.html (line 17:26)
                anonymousFunction profiler-test-JS-resources.js (line 29:37)

trunk/LayoutTests/fast/profiler/stop-profiling-after-setTimeout-expected.txt

@@ -5 +5 @@
 Profile title: Stop profiling from a timeout
 Thread_1 (no file) (line 0:0)
-   onload stop-profiling-after-setTimeout.html (line 20:52)
+   onload stop-profiling-after-setTimeout.html (line 21:52)
       startTest stop-profiling-after-setTimeout.html (line 13:1)
          setTimeout (no file) (line 0:0)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2015-03-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Assertion firing in JavaScriptCore/parser/parser.h for statesman.com site
+        https://bugs.webkit.org/show_bug.cgi?id=142974
+
+        Reviewed by Joseph Pecoraro.
+
+        This patch does two things:
+
+        (1) Restore JavaScriptCore's sanitization of line and column numbers to
+        one-based values.
+
+        We need this because WebCore sometimes provides huge negative column
+        numbers.
+
+        (2) Solve the attribute event listener line numbering problem a different
+        way: Rather than offseting all line numbers by -1 in an attribute event
+        listener in order to arrange for a custom result, instead use an explicit
+        feature for saying "all errors in this code should map to this line number".
+
+        * bytecode/UnlinkedCodeBlock.cpp:
+        (JSC::UnlinkedFunctionExecutable::link):
+        (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
+        * bytecode/UnlinkedCodeBlock.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::StackFrame::computeLineAndColumn):
+        (JSC::GetStackTraceFunctor::operator()):
+        * interpreter/Interpreter.h:
+        * interpreter/StackVisitor.cpp:
+        (JSC::StackVisitor::Frame::computeLineAndColumn):
+        * parser/ParserError.h:
+        (JSC::ParserError::toErrorObject): Plumb through an override line number.
+        When a function has an override line number, all syntax and runtime
+        errors in the function will map to it. This is useful for attribute event
+        listeners.
+ 
+        * parser/SourceCode.h:
+        (JSC::SourceCode::SourceCode): Restore the old sanitization of line and
+        column numbers to one-based integers. It was kind of a hack to remove this.
+
+        * runtime/Executable.cpp:
+        (JSC::ScriptExecutable::ScriptExecutable):
+        (JSC::FunctionExecutable::fromGlobalCode):
+        * runtime/Executable.h:
+        (JSC::ScriptExecutable::setOverrideLineNo):
+        (JSC::ScriptExecutable::hasOverrideLineNo):
+        (JSC::ScriptExecutable::overrideLineNo):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunctionSkippingEvalEnabledCheck):
+        * runtime/FunctionConstructor.h: Plumb through an override line number.
+
 2015-03-26  Filip Pizlo  <fpizlo@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp

@@ -133 +133 @@
 }
 
-FunctionExecutable* UnlinkedFunctionExecutable::link(VM& vm, const SourceCode& ownerSource)
+FunctionExecutable* UnlinkedFunctionExecutable::link(VM& vm, const SourceCode& ownerSource, int overrideLineNo)
 {
     SourceCode source = m_sourceOverride ? SourceCode(m_sourceOverride) : ownerSource;
@@ -146 +146 @@
 
     SourceCode code(source.provider(), startOffset, startOffset + m_sourceLength, firstLine, startColumn);
-    return FunctionExecutable::create(vm, code, this, firstLine, firstLine + m_lineCount, startColumn, endColumn);
-}
-
-UnlinkedFunctionExecutable* UnlinkedFunctionExecutable::fromGlobalCode(const Identifier& name, ExecState& exec, const SourceCode& source, JSObject*& exception)
+    FunctionExecutable* result = FunctionExecutable::create(vm, code, this, firstLine, firstLine + m_lineCount, startColumn, endColumn);
+    if (overrideLineNo != -1)
+        result->setOverrideLineNo(overrideLineNo);
+    return result;
+}
+
+UnlinkedFunctionExecutable* UnlinkedFunctionExecutable::fromGlobalCode(
+    const Identifier& name, ExecState& exec, const SourceCode& source, 
+    JSObject*& exception, int overrideLineNo)
 {
     ParserError error;
@@ -161 +166 @@
 
     if (error.isValid()) {
-        exception = error.toErrorObject(&globalObject, source);
+        exception = error.toErrorObject(&globalObject, source, overrideLineNo);
         return nullptr;
     }

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h

@@ -137 +137 @@
         ParserError&);
 
-    static UnlinkedFunctionExecutable* fromGlobalCode(const Identifier&, ExecState&, const SourceCode&, JSObject*& exception);
-
-    FunctionExecutable* link(VM&, const SourceCode&);
+    static UnlinkedFunctionExecutable* fromGlobalCode(
+        const Identifier&, ExecState&, const SourceCode&, JSObject*& exception, 
+        int overrideLineNo);
+
+    FunctionExecutable* link(VM&, const SourceCode&, int overrideLineNo = -1);
 
     void clearCodeForRecompilation()

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -441 +441 @@
     line = divotLine + lineOffset;
     column = divotColumn + (divotLine ? 1 : firstLineColumnOffset);
+
+    if (executable->hasOverrideLineNo())
+        line = executable->overrideLineNo();
 }
 
@@ -491 +494 @@
                     Strong<JSObject>(vm, visitor->callee()),
                     getStackFrameCodeType(visitor),
-                    Strong<ExecutableBase>(vm, codeBlock->ownerExecutable()),
+                    Strong<ScriptExecutable>(vm, codeBlock->ownerExecutable()),
                     Strong<UnlinkedCodeBlock>(vm, codeBlock->unlinkedCodeBlock()),
                     codeBlock->source(),
@@ -502 +505 @@
                 m_results.append(s);
             } else {
-                StackFrame s = { Strong<JSObject>(vm, visitor->callee()), StackFrameNativeCode, Strong<ExecutableBase>(), Strong<UnlinkedCodeBlock>(), 0, 0, 0, 0, 0, String()};
+                StackFrame s = { Strong<JSObject>(vm, visitor->callee()), StackFrameNativeCode, Strong<ScriptExecutable>(), Strong<UnlinkedCodeBlock>(), 0, 0, 0, 0, 0, String()};
                 m_results.append(s);
             }

trunk/Source/JavaScriptCore/interpreter/Interpreter.h

@@ -82 +82 @@
         Strong<JSObject> callee;
         StackFrameCodeType codeType;
-        Strong<ExecutableBase> executable;
+        Strong<ScriptExecutable> executable;
         Strong<UnlinkedCodeBlock> codeBlock;
         RefPtr<SourceProvider> code;

trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp

@@ -294 +294 @@
     line = divotLine + codeBlock->ownerExecutable()->lineNo();
     column = divotColumn + (divotLine ? 1 : codeBlock->firstLineColumnOffset());
+
+    if (codeBlock->ownerExecutable()->hasOverrideLineNo())
+        line = codeBlock->ownerExecutable()->overrideLineNo();
 }
 

trunk/Source/JavaScriptCore/parser/ParserError.h

@@ -86 +86 @@
     int line() const { return m_line; }
 
-    JSObject* toErrorObject(JSGlobalObject* globalObject, const SourceCode& source)
+    JSObject* toErrorObject(
+        JSGlobalObject* globalObject, const SourceCode& source, 
+        int overrideLineNo = -1)
     {
         switch (m_type) {
@@ -92 +94 @@
             return nullptr;
         case SyntaxError:
-            return addErrorInfo(globalObject->globalExec(), createSyntaxError(globalObject, m_message), m_line, source);
+            return addErrorInfo(
+                globalObject->globalExec(), 
+                createSyntaxError(globalObject, m_message), 
+                overrideLineNo == -1 ? m_line : overrideLineNo, source);
         case EvalError:
             return createSyntaxError(globalObject, m_message);

trunk/Source/JavaScriptCore/parser/SourceCode.h

@@ -64 +64 @@
             , m_startChar(0)
             , m_endChar(m_provider->source().length())
-            , m_firstLine(std::max(firstLine, 0))
-            , m_startColumn(std::max(startColumn, 0))
+            , m_firstLine(std::max(firstLine, 1))
+            , m_startColumn(std::max(startColumn, 1))
         {
         }
@@ -73 +73 @@
             , m_startChar(start)
             , m_endChar(end)
-            , m_firstLine(std::max(firstLine, 0))
-            , m_startColumn(std::max(startColumn, 0))
+            , m_firstLine(std::max(firstLine, 1))
+            , m_startColumn(std::max(startColumn, 1))
         {
         }

trunk/Source/JavaScriptCore/runtime/Executable.cpp

@@ -101 +101 @@
     , m_neverInline(false)
     , m_didTryToEnterInLoop(false)
+    , m_overrideLineNo(-1)
     , m_firstLine(-1)
     , m_lastLine(-1)
@@ -609 +610 @@
 }
 
-FunctionExecutable* FunctionExecutable::fromGlobalCode(const Identifier& name, ExecState& exec, const SourceCode& source, JSObject*& exception)
-{
-    UnlinkedFunctionExecutable* unlinkedExecutable = UnlinkedFunctionExecutable::fromGlobalCode(name, exec, source, exception);
+FunctionExecutable* FunctionExecutable::fromGlobalCode(
+    const Identifier& name, ExecState& exec, const SourceCode& source, 
+    JSObject*& exception, int overrideLineNo)
+{
+    UnlinkedFunctionExecutable* unlinkedExecutable = 
+        UnlinkedFunctionExecutable::fromGlobalCode(
+            name, exec, source, exception, overrideLineNo);
     if (!unlinkedExecutable)
         return nullptr;
-    return unlinkedExecutable->link(exec.vm(), source);
+
+    return unlinkedExecutable->link(exec.vm(), source, overrideLineNo);
 }
 

trunk/Source/JavaScriptCore/runtime/Executable.h

@@ -359 +359 @@
     const String& sourceURL() const { return m_source.provider()->url(); }
     int lineNo() const { return m_firstLine; }
+    void setOverrideLineNo(int overrideLineNo) { m_overrideLineNo = overrideLineNo; }
+    bool hasOverrideLineNo() const { return m_overrideLineNo != -1; }
+    int overrideLineNo() const { return m_overrideLineNo; }
     int lastLine() const { return m_lastLine; }
     unsigned startColumn() const { return m_startColumn; }
@@ -430 +433 @@
     bool m_neverInline;
     bool m_didTryToEnterInLoop;
+    int m_overrideLineNo;
     int m_firstLine;
     int m_lastLine;
@@ -550 +554 @@
         return executable;
     }
-    static FunctionExecutable* fromGlobalCode(const Identifier& name, ExecState&, const SourceCode&, JSObject*& exception);
+    static FunctionExecutable* fromGlobalCode(
+        const Identifier& name, ExecState&, const SourceCode&, 
+        JSObject*& exception, int overrideLineNo);
 
     static void destroy(JSCell*);

trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp

@@ -87 +87 @@
 }
 
-JSObject* constructFunctionSkippingEvalEnabledCheck(ExecState* exec, JSGlobalObject* globalObject, const ArgList& args, const Identifier& functionName, const String& sourceURL, const TextPosition& position)
+JSObject* constructFunctionSkippingEvalEnabledCheck(
+    ExecState* exec, JSGlobalObject* globalObject, const ArgList& args, 
+    const Identifier& functionName, const String& sourceURL, 
+    const TextPosition& position, int overrideLineNo)
 {
     // How we stringify functions is sometimes important for web compatibility.
@@ -114 +117 @@
     SourceCode source = makeSource(program, sourceURL, position);
     JSObject* exception = nullptr;
-    FunctionExecutable* function = FunctionExecutable::fromGlobalCode(functionName, *exec, source, exception);
+    FunctionExecutable* function = FunctionExecutable::fromGlobalCode(functionName, *exec, source, exception, overrideLineNo);
     if (!function) {
         ASSERT(exception);

trunk/Source/JavaScriptCore/runtime/FunctionConstructor.h

@@ -60 +60 @@
 JSObject* constructFunction(ExecState*, JSGlobalObject*, const ArgList&);
 
-JS_EXPORT_PRIVATE JSObject* constructFunctionSkippingEvalEnabledCheck(ExecState*, JSGlobalObject*, const ArgList&, const Identifier&, const String&, const WTF::TextPosition&);
+JS_EXPORT_PRIVATE JSObject* constructFunctionSkippingEvalEnabledCheck(
+    ExecState*, JSGlobalObject*, const ArgList&, const Identifier&, 
+    const String&, const WTF::TextPosition&, int overrideLineNo = -1);
 
 } // namespace JSC

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2015-03-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Assertion firing in JavaScriptCore/parser/parser.h for statesman.com site
+        https://bugs.webkit.org/show_bug.cgi?id=142974
+
+        Reviewed by Joseph Pecoraro.
+
+        * bindings/js/JSLazyEventListener.cpp:
+        (WebCore::JSLazyEventListener::initializeJSFunction): Use the new override
+        line number API to guarantee that errors will map to the .html file locations
+        that we like.
+
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::eventHandlerPosition): Added a FIXME to cover
+        some cases where our line and column numbers are still nonsense.
+
 2015-03-26  Beth Dakin  <bdakin@apple.com>
 

trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp

@@ -25 +25 @@
 #include "JSNode.h"
 #include "ScriptController.h"
+#include <runtime/Executable.h>
 #include <runtime/FunctionConstructor.h>
 #include <runtime/IdentifierInlines.h>
@@ -104 +105 @@
     args.append(jsStringWithCache(exec, m_code));
 
-    // Move our text position backward one line. Creating an anonymous function
-    // will add a line for a function declaration, but we want our line number
-    // to match up with where the attribute was declared.
-    TextPosition position(
-        OrdinalNumber::fromOneBasedInt(
-            m_position.m_line.oneBasedInt() - 1), m_position.m_column);
+    // We want all errors to refer back to the line on which our attribute was
+    // declared, regardless of any newlines in our JavaScript source text.
+    int overrideLineNo = m_position.m_line.oneBasedInt();
+
     JSObject* jsFunction = constructFunctionSkippingEvalEnabledCheck(
         exec, exec->lexicalGlobalObject(), args, Identifier(exec, m_functionName), 
-        m_sourceURL, position);
+        m_sourceURL, m_position, overrideLineNo);
 
     if (exec->hadException()) {
@@ -121 +120 @@
 
     JSFunction* listenerAsFunction = jsCast<JSFunction*>(jsFunction);
+
     if (m_originalNode) {
         if (!wrapper()) {

trunk/Source/WebCore/bindings/js/ScriptController.cpp

@@ -275 +275 @@
 TextPosition ScriptController::eventHandlerPosition() const
 {
+    // FIXME: If we are not currently parsing, we should use our current location
+    // in JavaScript, to cover cases like "element.setAttribute('click', ...)".
+
+    // FIXME: This location maps to the end of the HTML tag, and not to the
+    // exact column number belonging to the event handler attribute.
     ScriptableDocumentParser* parser = m_frame.document()->scriptableDocumentParser();
     if (parser)