Changeset 172372 in webkit


Ignore:
Timestamp:
Aug 8, 2014 11:50:19 PM (10 years ago)
Author:
mark.lam@apple.com
Message:

REGRESSION: Inspector crashes when debugger is paused and injected scripts access window.screen().
<https://webkit.org/b/135656>

Not reviewed.

Rolling out r170680 which was merged to ToT in r172129.

Source/JavaScriptCore:

  • debugger/Debugger.h:
  • debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::scope):
(JSC::DebuggerCallFrame::evaluate):
(JSC::DebuggerCallFrame::invalidate):

  • debugger/DebuggerCallFrame.h:
  • debugger/DebuggerScope.cpp:

(JSC::DebuggerScope::DebuggerScope):
(JSC::DebuggerScope::finishCreation):
(JSC::DebuggerScope::visitChildren):
(JSC::DebuggerScope::className):
(JSC::DebuggerScope::getOwnPropertySlot):
(JSC::DebuggerScope::put):
(JSC::DebuggerScope::deleteProperty):
(JSC::DebuggerScope::getOwnPropertyNames):
(JSC::DebuggerScope::defineOwnProperty):
(JSC::DebuggerScope::next): Deleted.
(JSC::DebuggerScope::invalidateChain): Deleted.
(JSC::DebuggerScope::isWithScope): Deleted.
(JSC::DebuggerScope::isGlobalScope): Deleted.
(JSC::DebuggerScope::isFunctionScope): Deleted.

  • debugger/DebuggerScope.h:

(JSC::DebuggerScope::create):
(JSC::DebuggerScope::Iterator::Iterator): Deleted.
(JSC::DebuggerScope::Iterator::get): Deleted.
(JSC::DebuggerScope::Iterator::operator++): Deleted.
(JSC::DebuggerScope::Iterator::operator==): Deleted.
(JSC::DebuggerScope::Iterator::operator!=): Deleted.
(JSC::DebuggerScope::isValid): Deleted.
(JSC::DebuggerScope::jsScope): Deleted.
(JSC::DebuggerScope::begin): Deleted.
(JSC::DebuggerScope::end): Deleted.

  • inspector/JSJavaScriptCallFrame.cpp:

(Inspector::JSJavaScriptCallFrame::scopeType):
(Inspector::JSJavaScriptCallFrame::scopeChain):

  • inspector/JavaScriptCallFrame.h:

(Inspector::JavaScriptCallFrame::scopeChain):

  • inspector/ScriptDebugServer.cpp:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::debuggerScopeStructure): Deleted.

  • runtime/JSObject.h:

(JSC::JSObject::isWithScope): Deleted.

  • runtime/JSScope.h:
  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:

Source/WebCore:

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::attachDebugger):

Location:
trunk/Source
Files:
17 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r172324 r172372  
     12014-08-08  Mark Lam  <mark.lam@apple.com>
     2
     3        REGRESSION: Inspector crashes when debugger is paused and injected scripts access window.screen().
     4        <https://webkit.org/b/135656>
     5
     6        Not reviewed.
     7
     8        Rolling out r170680 which was merged to ToT in r172129.
     9
     10        * debugger/Debugger.h:
     11        * debugger/DebuggerCallFrame.cpp:
     12        (JSC::DebuggerCallFrame::scope):
     13        (JSC::DebuggerCallFrame::evaluate):
     14        (JSC::DebuggerCallFrame::invalidate):
     15        * debugger/DebuggerCallFrame.h:
     16        * debugger/DebuggerScope.cpp:
     17        (JSC::DebuggerScope::DebuggerScope):
     18        (JSC::DebuggerScope::finishCreation):
     19        (JSC::DebuggerScope::visitChildren):
     20        (JSC::DebuggerScope::className):
     21        (JSC::DebuggerScope::getOwnPropertySlot):
     22        (JSC::DebuggerScope::put):
     23        (JSC::DebuggerScope::deleteProperty):
     24        (JSC::DebuggerScope::getOwnPropertyNames):
     25        (JSC::DebuggerScope::defineOwnProperty):
     26        (JSC::DebuggerScope::next): Deleted.
     27        (JSC::DebuggerScope::invalidateChain): Deleted.
     28        (JSC::DebuggerScope::isWithScope): Deleted.
     29        (JSC::DebuggerScope::isGlobalScope): Deleted.
     30        (JSC::DebuggerScope::isFunctionScope): Deleted.
     31        * debugger/DebuggerScope.h:
     32        (JSC::DebuggerScope::create):
     33        (JSC::DebuggerScope::Iterator::Iterator): Deleted.
     34        (JSC::DebuggerScope::Iterator::get): Deleted.
     35        (JSC::DebuggerScope::Iterator::operator++): Deleted.
     36        (JSC::DebuggerScope::Iterator::operator==): Deleted.
     37        (JSC::DebuggerScope::Iterator::operator!=): Deleted.
     38        (JSC::DebuggerScope::isValid): Deleted.
     39        (JSC::DebuggerScope::jsScope): Deleted.
     40        (JSC::DebuggerScope::begin): Deleted.
     41        (JSC::DebuggerScope::end): Deleted.
     42        * inspector/JSJavaScriptCallFrame.cpp:
     43        (Inspector::JSJavaScriptCallFrame::scopeType):
     44        (Inspector::JSJavaScriptCallFrame::scopeChain):
     45        * inspector/JavaScriptCallFrame.h:
     46        (Inspector::JavaScriptCallFrame::scopeChain):
     47        * inspector/ScriptDebugServer.cpp:
     48        * runtime/JSGlobalObject.cpp:
     49        (JSC::JSGlobalObject::reset):
     50        (JSC::JSGlobalObject::visitChildren):
     51        * runtime/JSGlobalObject.h:
     52        (JSC::JSGlobalObject::debuggerScopeStructure): Deleted.
     53        * runtime/JSObject.h:
     54        (JSC::JSObject::isWithScope): Deleted.
     55        * runtime/JSScope.h:
     56        * runtime/VM.cpp:
     57        (JSC::VM::VM):
     58        * runtime/VM.h:
     59
    1602014-08-07  Saam Barati  <sbarati@apple.com>
    261
  • trunk/Source/JavaScriptCore/debugger/Debugger.h

    r172129 r172372  
    3434namespace JSC {
    3535
    36 class CodeBlock;
    3736class ExecState;
    3837class JSGlobalObject;
  • trunk/Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp

    r172129 r172372  
    3131
    3232#include "CodeBlock.h"
    33 #include "DebuggerScope.h"
    3433#include "Interpreter.h"
    3534#include "JSActivation.h"
     
    3837#include "Parser.h"
    3938#include "StackVisitor.h"
    40 #include "StrongInlines.h"
    4139
    4240namespace JSC {
     
    109107}
    110108
    111 DebuggerScope* DebuggerCallFrame::scope()
    112 {
    113     ASSERT(isValid());
    114     if (!isValid())
    115         return 0;
    116 
    117     if (!m_scope) {
    118         VM& vm = m_callFrame->vm();
    119         CodeBlock* codeBlock = m_callFrame->codeBlock();
    120         if (codeBlock && codeBlock->needsActivation() && !m_callFrame->hasActivation()) {
    121             ASSERT(!m_callFrame->scope()->isWithScope());
    122             JSActivation* activation = JSActivation::create(vm, m_callFrame, codeBlock);
    123             m_callFrame->setActivation(activation);
    124             m_callFrame->setScope(activation);
    125         }
    126 
    127         m_scope.set(vm, DebuggerScope::create(vm, m_callFrame->scope()));
    128     }
    129     return m_scope.get();
     109JSScope* DebuggerCallFrame::scope() const
     110{
     111    ASSERT(isValid());
     112    if (!isValid())
     113        return 0;
     114
     115    CodeBlock* codeBlock = m_callFrame->codeBlock();
     116    if (codeBlock && codeBlock->needsActivation() && !m_callFrame->hasActivation()) {
     117        JSActivation* activation = JSActivation::create(*codeBlock->vm(), m_callFrame, codeBlock);
     118        m_callFrame->setActivation(activation);
     119        m_callFrame->setScope(activation);
     120    }
     121
     122    return m_callFrame->scope();
    130123}
    131124
     
    170163
    171164    JSValue thisValue = thisValueForCallFrame(callFrame);
    172     JSValue result = vm.interpreter->execute(eval, callFrame, thisValue, scope()->jsScope());
     165    JSValue result = vm.interpreter->execute(eval, callFrame, thisValue, scope());
    173166    if (vm.exception()) {
    174167        exception = vm.exception();
     
    182175{
    183176    m_callFrame = nullptr;
    184     if (m_scope) {
    185         m_scope->invalidateChain();
    186         m_scope.clear();
    187     }
    188177    RefPtr<DebuggerCallFrame> frame = m_caller.release();
    189178    while (frame) {
  • trunk/Source/JavaScriptCore/debugger/DebuggerCallFrame.h

    r172129 r172372  
    3030#define DebuggerCallFrame_h
    3131
     32#include "CallFrame.h"
    3233#include "DebuggerPrimitives.h"
    33 #include "Strong.h"
    3434#include <wtf/PassRefPtr.h>
    3535#include <wtf/RefCounted.h>
     
    3737
    3838namespace JSC {
    39 
    40 class DebuggerScope;
    41 class ExecState;
    42 typedef ExecState CallFrame;
    4339
    4440class DebuggerCallFrame : public RefCounted<DebuggerCallFrame> {
     
    6359
    6460    JS_EXPORT_PRIVATE JSGlobalObject* vmEntryGlobalObject() const;
    65     JS_EXPORT_PRIVATE DebuggerScope* scope();
     61    JS_EXPORT_PRIVATE JSScope* scope() const;
    6662    JS_EXPORT_PRIVATE String functionName() const;
    6763    JS_EXPORT_PRIVATE Type type() const;
     
    8379    RefPtr<DebuggerCallFrame> m_caller;
    8480    TextPosition m_position;
    85     // The DebuggerCallFrameScope is responsible for calling invalidate() which,
    86     // in turn, will clear this strong ref.
    87     Strong<DebuggerScope> m_scope;
    8881};
    8982
  • trunk/Source/JavaScriptCore/debugger/DebuggerScope.cpp

    r172129 r172372  
    2929#include "JSActivation.h"
    3030#include "JSCInlines.h"
    31 #include "JSWithScope.h"
    3231
    3332namespace JSC {
     
    3736const ClassInfo DebuggerScope::s_info = { "DebuggerScope", &Base::s_info, 0, CREATE_METHOD_TABLE(DebuggerScope) };
    3837
    39 DebuggerScope::DebuggerScope(VM& vm, JSScope* scope)
    40     : JSNonFinalObject(vm, scope->globalObject()->debuggerScopeStructure())
     38DebuggerScope::DebuggerScope(VM& vm)
     39    : JSNonFinalObject(vm, vm.debuggerScopeStructure.get())
    4140{
    42     ASSERT(scope);
    43     m_scope.set(vm, this, scope);
    4441}
    4542
    46 void DebuggerScope::finishCreation(VM& vm)
     43void DebuggerScope::finishCreation(VM& vm, JSObject* activation)
    4744{
    4845    Base::finishCreation(vm);
     46    ASSERT(activation);
     47    ASSERT(activation->isActivationObject());
     48    m_activation.set(vm, this, jsCast<JSActivation*>(activation));
    4949}
    5050
     
    5454    ASSERT_GC_OBJECT_INHERITS(thisObject, info());
    5555    JSObject::visitChildren(thisObject, visitor);
    56     visitor.append(&thisObject->m_scope);
    57     visitor.append(&thisObject->m_next);
     56    visitor.append(&thisObject->m_activation);
    5857}
    5958
    6059String DebuggerScope::className(const JSObject* object)
    6160{
    62     const DebuggerScope* scope = jsCast<const DebuggerScope*>(object);
    63     ASSERT(scope->isValid());
    64     if (!scope->isValid())
    65         return String();
    66     JSObject* thisObject = JSScope::objectAtScope(scope->jsScope());
    67     return thisObject->methodTable()->className(thisObject);
     61    const DebuggerScope* thisObject = jsCast<const DebuggerScope*>(object);
     62    return thisObject->m_activation->methodTable()->className(thisObject->m_activation.get());
    6863}
    6964
    7065bool DebuggerScope::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
    7166{
    72     DebuggerScope* scope = jsCast<DebuggerScope*>(object);
    73     ASSERT(scope->isValid());
    74     if (!scope->isValid())
    75         return false;
    76     JSObject* thisObject = JSScope::objectAtScope(scope->jsScope());
    77     return thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot);
     67    DebuggerScope* thisObject = jsCast<DebuggerScope*>(object);
     68    return thisObject->m_activation->methodTable()->getOwnPropertySlot(thisObject->m_activation.get(), exec, propertyName, slot);
    7869}
    7970
    8071void DebuggerScope::put(JSCell* cell, ExecState* exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
    8172{
    82     DebuggerScope* scope = jsCast<DebuggerScope*>(cell);
    83     ASSERT(scope->isValid());
    84     if (!scope->isValid())
    85         return;
    86     JSObject* thisObject = JSScope::objectAtScope(scope->jsScope());
    87     thisObject->methodTable()->put(thisObject, exec, propertyName, value, slot);
     73    DebuggerScope* thisObject = jsCast<DebuggerScope*>(cell);
     74    thisObject->m_activation->methodTable()->put(thisObject->m_activation.get(), exec, propertyName, value, slot);
    8875}
    8976
    9077bool DebuggerScope::deleteProperty(JSCell* cell, ExecState* exec, PropertyName propertyName)
    9178{
    92     DebuggerScope* scope = jsCast<DebuggerScope*>(cell);
    93     ASSERT(scope->isValid());
    94     if (!scope->isValid())
    95         return false;
    96     JSObject* thisObject = JSScope::objectAtScope(scope->jsScope());
    97     return thisObject->methodTable()->deleteProperty(thisObject, exec, propertyName);
     79    DebuggerScope* thisObject = jsCast<DebuggerScope*>(cell);
     80    return thisObject->m_activation->methodTable()->deleteProperty(thisObject->m_activation.get(), exec, propertyName);
    9881}
    9982
    10083void DebuggerScope::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
    10184{
    102     DebuggerScope* scope = jsCast<DebuggerScope*>(object);
    103     ASSERT(scope->isValid());
    104     if (!scope->isValid())
    105         return;
    106     JSObject* thisObject = JSScope::objectAtScope(scope->jsScope());
    107     thisObject->methodTable()->getPropertyNames(thisObject, exec, propertyNames, mode);
     85    DebuggerScope* thisObject = jsCast<DebuggerScope*>(object);
     86    thisObject->m_activation->methodTable()->getPropertyNames(thisObject->m_activation.get(), exec, propertyNames, mode);
    10887}
    10988
    11089bool DebuggerScope::defineOwnProperty(JSObject* object, ExecState* exec, PropertyName propertyName, const PropertyDescriptor& descriptor, bool shouldThrow)
    11190{
    112     DebuggerScope* scope = jsCast<DebuggerScope*>(object);
    113     ASSERT(scope->isValid());
    114     if (!scope->isValid())
    115         return false;
    116     JSObject* thisObject = JSScope::objectAtScope(scope->jsScope());
    117     return thisObject->methodTable()->defineOwnProperty(thisObject, exec, propertyName, descriptor, shouldThrow);
    118 }
    119 
    120 DebuggerScope* DebuggerScope::next()
    121 {
    122     ASSERT(isValid());
    123     if (!m_next && m_scope->next()) {
    124         VM& vm = *m_scope->vm();
    125         DebuggerScope* nextScope = create(vm, m_scope->next());
    126         m_next.set(vm, this, nextScope);
    127     }
    128     return m_next.get();
    129 }
    130 
    131 void DebuggerScope::invalidateChain()
    132 {
    133     DebuggerScope* scope = this;
    134     while (scope) {
    135         ASSERT(scope->isValid());
    136         DebuggerScope* nextScope = scope->m_next.get();
    137         scope->m_next.clear();
    138         scope->m_scope.clear();
    139         scope = nextScope;
    140     }
    141 }
    142 
    143 bool DebuggerScope::isWithScope() const
    144 {
    145     return m_scope->isWithScope();
    146 }
    147 
    148 bool DebuggerScope::isGlobalScope() const
    149 {
    150     return m_scope->isGlobalObject();
    151 }
    152 
    153 bool DebuggerScope::isFunctionScope() const
    154 {
    155     // In the current debugger implementation, every function will create an
    156     // activation object. Hence, an activation object implies a function scope.
    157     return m_scope->isActivationObject();
     91    DebuggerScope* thisObject = jsCast<DebuggerScope*>(object);
     92    return thisObject->m_activation->methodTable()->defineOwnProperty(thisObject->m_activation.get(), exec, propertyName, descriptor, shouldThrow);
    15893}
    15994
  • trunk/Source/JavaScriptCore/debugger/DebuggerScope.h

    r172176 r172372  
    3131namespace JSC {
    3232
    33 class DebuggerCallFrame;
    34 class JSScope;
    35 
    3633class DebuggerScope : public JSNonFinalObject {
    3734public:
    3835    typedef JSNonFinalObject Base;
    3936
    40     static DebuggerScope* create(VM& vm, JSScope* scope)
     37    static DebuggerScope* create(VM& vm, JSObject* object)
    4138    {
    42         DebuggerScope* debuggerScope = new (NotNull, allocateCell<DebuggerScope>(vm.heap)) DebuggerScope(vm, scope);
    43         debuggerScope->finishCreation(vm);
    44         return debuggerScope;
     39        DebuggerScope* activation = new (NotNull, allocateCell<DebuggerScope>(vm.heap)) DebuggerScope(vm);
     40        activation->finishCreation(vm, object);
     41        return activation;
    4542    }
    4643
     
    6057    }
    6158
    62     class Iterator {
    63     public:
    64         Iterator(DebuggerScope* node)
    65             : m_node(node)
    66         {
    67         }
     59protected:
     60    static const unsigned StructureFlags = OverridesGetOwnPropertySlot | JSObject::StructureFlags;
    6861
    69         DebuggerScope* get() { return m_node; }
    70         Iterator& operator++() { m_node = m_node->next(); return *this; }
    71         // postfix ++ intentionally omitted
    72 
    73         bool operator==(const Iterator& other) const { return m_node == other.m_node; }
    74         bool operator!=(const Iterator& other) const { return m_node != other.m_node; }
    75 
    76     private:
    77         DebuggerScope* m_node;
    78     };
    79 
    80     Iterator begin();
    81     Iterator end();
    82     DebuggerScope* next();
    83 
    84     void invalidateChain();
    85     bool isValid() const { return !!m_scope; }
    86 
    87     bool isWithScope() const;
    88     bool isGlobalScope() const;
    89     bool isFunctionScope() const;
     62    JS_EXPORT_PRIVATE void finishCreation(VM&, JSObject* activation);
    9063
    9164private:
    92     JS_EXPORT_PRIVATE DebuggerScope(VM&, JSScope*);
    93     JS_EXPORT_PRIVATE void finishCreation(VM&);
    94 
    95     JSScope* jsScope() const { return m_scope.get(); }
    96 
    97     static const unsigned StructureFlags = OverridesGetOwnPropertySlot | OverridesGetPropertyNames | JSObject::StructureFlags;
    98 
    99     WriteBarrier<JSScope> m_scope;
    100     WriteBarrier<DebuggerScope> m_next;
    101 
    102     friend class DebuggerCallFrame;
     65    JS_EXPORT_PRIVATE DebuggerScope(VM&);
     66    WriteBarrier<JSActivation> m_activation;
    10367};
    104 
    105 inline DebuggerScope::Iterator DebuggerScope::begin()
    106 {
    107     return Iterator(this);
    108 }
    109 
    110 inline DebuggerScope::Iterator DebuggerScope::end()
    111 {
    112     return Iterator(0);
    113 }
    11468
    11569} // namespace JSC
  • trunk/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp

    r172129 r172372  
    2929#if ENABLE(INSPECTOR)
    3030
    31 #include "DebuggerScope.h"
    3231#include "Error.h"
    3332#include "JSCJSValue.h"
     
    9796    int index = exec->argument(0).asInt32();
    9897
    99     DebuggerScope* scopeChain = impl().scopeChain();
    100     DebuggerScope::Iterator end = scopeChain->end();
     98    JSScope* scopeChain = impl().scopeChain();
     99    ScopeChainIterator end = scopeChain->end();
     100
     101    // FIXME: We should be identifying and returning CATCH_SCOPE appropriately.
    101102
    102103    bool foundLocalScope = false;
    103     for (DebuggerScope::Iterator iter = scopeChain->begin(); iter != end; ++iter) {
    104         DebuggerScope* scope = iter.get();
    105 
    106         if (!foundLocalScope && scope->isFunctionScope()) {
    107             // First function scope is the local scope, each successive one is a closure.
    108             if (!index)
    109                 return jsNumber(JSJavaScriptCallFrame::LOCAL_SCOPE);
    110             foundLocalScope = true;
     104    for (ScopeChainIterator iter = scopeChain->begin(); iter != end; ++iter) {
     105        JSObject* scope = iter.get();
     106        if (scope->isActivationObject()) {
     107            if (!foundLocalScope) {
     108                // First activation object is local scope, each successive activation object is closure.
     109                if (!index)
     110                    return jsNumber(JSJavaScriptCallFrame::LOCAL_SCOPE);
     111                foundLocalScope = true;
     112            } else if (!index)
     113                return jsNumber(JSJavaScriptCallFrame::CLOSURE_SCOPE);
    111114        }
    112115
    113116        if (!index) {
    114             if (scope->isWithScope())
    115                 return jsNumber(JSJavaScriptCallFrame::WITH_SCOPE);
    116             if (scope->isGlobalScope()) {
    117                 ASSERT(++iter == end);
     117            // Last in the chain is global scope.
     118            if (++iter == end)
    118119                return jsNumber(JSJavaScriptCallFrame::GLOBAL_SCOPE);
    119             }
    120             // FIXME: We should be identifying and returning CATCH_SCOPE appropriately.
    121             ASSERT(scope->isFunctionScope());
    122             return jsNumber(JSJavaScriptCallFrame::CLOSURE_SCOPE);
     120            return jsNumber(JSJavaScriptCallFrame::WITH_SCOPE);
    123121        }
    124122
     
    160158        return jsNull();
    161159
    162     DebuggerScope* scopeChain = impl().scopeChain();
    163     DebuggerScope::Iterator iter = scopeChain->begin();
    164     DebuggerScope::Iterator end = scopeChain->end();
     160    JSScope* scopeChain = impl().scopeChain();
     161    ScopeChainIterator iter = scopeChain->begin();
     162    ScopeChainIterator end = scopeChain->end();
    165163
    166164    // We must always have something in the scope chain.
  • trunk/Source/JavaScriptCore/inspector/JavaScriptCallFrame.h

    r172129 r172372  
    11/*
    2  * Copyright (C) 2008, 2013-2014 Apple Inc. All Rights Reserved.
     2 * Copyright (C) 2008, 2013 Apple Inc. All Rights Reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    5454    String functionName() const { return m_debuggerCallFrame->functionName(); }
    5555    JSC::DebuggerCallFrame::Type type() const { return m_debuggerCallFrame->type(); }
    56     JSC::DebuggerScope* scopeChain() const { return m_debuggerCallFrame->scope(); }
     56    JSC::JSScope* scopeChain() const { return m_debuggerCallFrame->scope(); }
    5757    JSC::JSGlobalObject* vmEntryGlobalObject() const { return m_debuggerCallFrame->vmEntryGlobalObject(); }
    5858
  • trunk/Source/JavaScriptCore/inspector/ScriptDebugServer.cpp

    r172129 r172372  
    3535
    3636#include "DebuggerCallFrame.h"
    37 #include "DebuggerScope.h"
    3837#include "JSJavaScriptCallFrame.h"
    3938#include "JSLock.h"
  • trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

    r172129 r172372  
    4646#include "DatePrototype.h"
    4747#include "Debugger.h"
    48 #include "DebuggerScope.h"
    4948#include "Error.h"
    5049#include "ErrorConstructor.h"
     
    322321    m_activationStructure.set(vm, this, JSActivation::createStructure(vm, this, jsNull()));
    323322    m_strictEvalActivationStructure.set(vm, this, StrictEvalActivation::createStructure(vm, this, jsNull()));
    324     m_debuggerScopeStructure.set(m_vm, this, DebuggerScope::createStructure(m_vm, this, jsNull()));
    325323    m_withScopeStructure.set(vm, this, JSWithScope::createStructure(vm, this, jsNull()));
    326324
     
    665663#endif
    666664
    667     visitor.append(&thisObject->m_debuggerScopeStructure);
    668665    visitor.append(&thisObject->m_withScopeStructure);
    669666    visitor.append(&thisObject->m_strictEvalActivationStructure);
  • trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

    r172129 r172372  
    187187#endif
    188188
    189     WriteBarrier<Structure> m_debuggerScopeStructure;
    190189    WriteBarrier<Structure> m_withScopeStructure;
    191190    WriteBarrier<Structure> m_strictEvalActivationStructure;
     
    393392#endif
    394393
    395     Structure* debuggerScopeStructure() const { return m_debuggerScopeStructure.get(); }
    396394    Structure* withScopeStructure() const { return m_withScopeStructure.get(); }
    397395    Structure* strictEvalActivationStructure() const { return m_strictEvalActivationStructure.get(); }
  • trunk/Source/JavaScriptCore/runtime/JSObject.h

    r172176 r172372  
    595595    bool isActivationObject() const;
    596596    bool isErrorInstance() const;
    597     bool isWithScope() const;
    598597
    599598    JS_EXPORT_PRIVATE void seal(VM&);
     
    11521151}
    11531152
    1154 inline bool JSObject::isWithScope() const
    1155 {
    1156     return type() == WithScopeType;
    1157 }
    1158 
    11591153inline void JSObject::setStructureAndButterfly(VM& vm, Structure* structure, Butterfly* butterfly)
    11601154{
  • trunk/Source/JavaScriptCore/runtime/JSScope.h

    r172129 r172372  
    151151    static size_t offsetOfNext();
    152152
    153     static JSObject* objectAtScope(JSScope*);
     153    JS_EXPORT_PRIVATE static JSObject* objectAtScope(JSScope*);
    154154
    155155    static JSValue resolve(ExecState*, JSScope*, const Identifier&);
  • trunk/Source/JavaScriptCore/runtime/VM.cpp

    r172176 r172372  
    4141#include "DFGLongLivedState.h"
    4242#include "DFGWorklist.h"
     43#include "DebuggerScope.h"
    4344#include "ErrorInstance.h"
    4445#include "FTLThunks.h"
     
    206207    structureStructure.set(*this, Structure::createStructure(*this));
    207208    structureRareDataStructure.set(*this, StructureRareData::createStructure(*this, 0, jsNull()));
     209    debuggerScopeStructure.set(*this, DebuggerScope::createStructure(*this, 0, jsNull()));
    208210    terminatedExecutionErrorStructure.set(*this, TerminatedExecutionError::createStructure(*this, 0, jsNull()));
    209211    stringStructure.set(*this, JSString::createStructure(*this, 0, jsNull()));
  • trunk/Source/JavaScriptCore/runtime/VM.h

    r172176 r172372  
    241241        Strong<Structure> structureStructure;
    242242        Strong<Structure> structureRareDataStructure;
     243        Strong<Structure> debuggerScopeStructure;
    243244        Strong<Structure> terminatedExecutionErrorStructure;
    244245        Strong<Structure> stringStructure;
  • trunk/Source/WebCore/ChangeLog

    r172367 r172372  
     12014-08-08  Mark Lam  <mark.lam@apple.com>
     2
     3        REGRESSION: Inspector crashes when debugger is paused and injected scripts access window.screen().
     4        <https://webkit.org/b/135656>
     5
     6        Not reviewed.
     7
     8        Rolling out r170680 which was merged to ToT in r172129.
     9
     10        * bindings/js/ScriptController.cpp:
     11        (WebCore::ScriptController::attachDebugger):
     12
    1132014-08-08  Peyton Randolph  <prandolph@apple.com>
    214
  • trunk/Source/WebCore/bindings/js/ScriptController.cpp

    r172129 r172372  
    308308
    309309    JSDOMWindow* globalObject = shell->window();
    310     JSLockHolder lock(globalObject->vm());
    311310    if (debugger)
    312311        debugger->attach(globalObject);
Note: See TracChangeset for help on using the changeset viewer.