Changeset 249577 in webkit
- Timestamp:
- Sep 6, 2019 10:03:28 AM (5 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 1 deleted
- 5 edited
- 2 copied
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r249572 r249577 1 2019-09-06 Ryan Haddad <ryanhaddad@apple.com> 2 3 Unreviewed, rolling out r249566. 4 5 Causes inspector layout test crashes under GuardMalloc 6 7 Reverted changeset: 8 9 "Tail Deleted Frames shown in Web Inspector are sometimes 10 incorrect (Shadow Chicken)" 11 https://bugs.webkit.org/show_bug.cgi?id=201366 12 https://trac.webkit.org/changeset/249566 13 1 14 2019-09-06 Rob Buis <rbuis@igalia.com> 2 15 -
trunk/LayoutTests/inspector/debugger/evaluateOnCallFrame-exception.html
r249566 r249577 14 14 const returnByValue = true; 15 15 16 InspectorTest.debug(); 16 17 let suite = InspectorTest.createAsyncSuite("Debugger.evaluateOnCallFrame.Exception"); 17 18 -
trunk/LayoutTests/inspector/debugger/resources/tail-deleted-frames-from-vm-entry.js
r249576 r249577 6 6 if (i > 0) 7 7 return bar(i - 1); 8 debugger; 9 return 99; 8 return 25; 10 9 } -
trunk/LayoutTests/inspector/debugger/resources/tail-deleted-frames.js
r249576 r249577 2 2 function a() { 3 3 let x = 20; 4 debugger;4 x; 5 5 return x; 6 6 } … … 11 11 function c() { 12 12 let z = 60; 13 return b(); 13 return b(); 14 14 } 15 15 function startABC() { -
trunk/LayoutTests/platform/mac/TestExpectations
r249566 r249577 1060 1060 webkit.org/b/167711 [ Debug ] inspector/debugger/probe-manager-add-remove-actions.html [ Slow ] 1061 1061 webkit.org/b/168399 [ Debug ] inspector/debugger/search-scripts.html [ Pass Timeout ] 1062 webkit.org/b/181952 [ Debug ] inspector/debugger/tail-deleted-frames/tail-deleted-frames-vm-entry.html [ Slow ] 1062 webkit.org/b/181952 [ Debug ] inspector/debugger/tail-deleted-frames-from-vm-entry.html [ Slow ] 1063 webkit.org/b/169119 [ Debug ] inspector/debugger/tail-deleted-frames-this-value.html [ Pass Timeout ] 1063 1064 webkit.org/b/168387 [ Debug ] inspector/debugger/tail-recursion.html [ Pass Timeout ] 1064 1065 webkit.org/b/170127 inspector/dom-debugger/dom-breakpoints.html [ Pass Timeout ] -
trunk/Source/JavaScriptCore/ChangeLog
r249576 r249577 1 2019-09-06 Ryan Haddad <ryanhaddad@apple.com> 2 3 Unreviewed, rolling out r249566. 4 5 Causes inspector layout test crashes under GuardMalloc 6 7 Reverted changeset: 8 9 "Tail Deleted Frames shown in Web Inspector are sometimes 10 incorrect (Shadow Chicken)" 11 https://bugs.webkit.org/show_bug.cgi?id=201366 12 https://trac.webkit.org/changeset/249566 13 1 14 2019-09-06 Guillaume Emont <guijemont@igalia.com> 2 15 -
trunk/Source/JavaScriptCore/interpreter/ShadowChicken.cpp
r249566 r249577 46 46 47 47 if (isPrologue()) { 48 String name = "?"_s;49 if (auto* function = jsDynamicCast<JSFunction*>(callee->vm(), callee)) {50 name = function->name(callee->vm());51 if (name.isEmpty())52 name = "?"_s;53 }54 55 48 out.print( 56 49 "{callee = ", RawPointer(callee), ", frame = ", RawPointer(frame), ", callerFrame = ", 57 RawPointer(callerFrame), " , name = ", name, "}");50 RawPointer(callerFrame), "}"); 58 51 return; 59 52 } … … 70 63 void ShadowChicken::Frame::dump(PrintStream& out) const 71 64 { 72 String name = "?"_s;73 if (auto* function = jsDynamicCast<JSFunction*>(callee->vm(), callee)) {74 name = function->name(callee->vm());75 if (name.isEmpty())76 name = "?"_s;77 }78 79 65 out.print( 80 "{callee = ", *callee, ", frame = ", RawPointer(frame), ", isTailDeleted = ",81 isTailDeleted, " , name = ", name, "}");66 "{callee = ", RawPointer(callee), ", frame = ", RawPointer(frame), ", isTailDeleted = ", 67 isTailDeleted, "}"); 82 68 } 83 69 … … 85 71 : m_logSize(Options::shadowChickenLogSize()) 86 72 { 87 // Allow one additional packet beyond m_logEnd. This is useful for the moment we 88 // log a packet when the log is full and force an update. At that moment the packet 89 // that is being logged should be included in the update because it may be 90 // a critical prologue needed to rationalize the current machine stack with the 91 // shadow stack. 92 m_log = static_cast<Packet*>(fastZeroedMalloc(sizeof(Packet) * m_logSize + 1)); 73 m_log = static_cast<Packet*>(fastZeroedMalloc(sizeof(Packet) * m_logSize)); 93 74 m_logCursor = m_log; 94 75 m_logEnd = m_log + m_logSize; … … 102 83 void ShadowChicken::log(VM& vm, ExecState* exec, const Packet& packet) 103 84 { 104 // This write is allowed because we construct the log with space for 1 additional packet.85 update(vm, exec); 105 86 *m_logCursor++ = packet; 106 update(vm, exec);107 87 } 108 88 … … 163 143 } 164 144 145 165 146 if (ShadowChickenInternal::verbose) 166 147 dataLog(" Revised stack: ", listDump(m_stack), "\n"); … … 308 289 309 290 CallFrame* callFrame = visitor->callFrame(); 310 if (ShadowChickenInternal::verbose) { 311 dataLog(" Examining callFrame:", RawPointer(callFrame), ", callee:", RawPointer(callFrame->jsCallee()), ", callerFrame:", RawPointer(callFrame->callerFrame()), "\n"); 312 JSObject* callee = callFrame->jsCallee(); 313 if (auto* function = jsDynamicCast<JSFunction*>(callee->vm(), callee)) 314 dataLog(" Function = ", function->name(callee->vm()), "\n"); 315 } 316 291 if (ShadowChickenInternal::verbose) 292 dataLog(" Examining ", RawPointer(callFrame), "\n"); 317 293 if (callFrame == highestPointSinceLastTime) { 318 294 if (ShadowChickenInternal::verbose) 319 dataLog(" Bailing at ", RawPointer(callFrame), " because it's the highest point since last time\n"); 320 321 // FIXME: At this point the shadow stack may still have tail deleted frames 322 // that do not run into the current call frame but are left in the shadow stack. 323 // Those tail deleted frames should be validated somehow. 324 295 dataLog(" Bailing at ", RawPointer(callFrame), " because it's the highest point since last time.\n"); 325 296 return StackVisitor::Done; 326 297 } … … 348 319 && m_log[indexInLog].frame == toPush.last().frame) { 349 320 if (ShadowChickenInternal::verbose) 350 dataLog(" Going to loop through to find tail deleted frames using ", RawPointer(callFrame), "with indexInLog = ", indexInLog, " and push-stack top = ", toPush.last(), "\n");321 dataLog(" Going to loop through to find tail deleted frames with indexInLog = ", indexInLog, " and push-stack top = ", toPush.last(), "\n"); 351 322 for (;;) { 352 323 ASSERT(m_log[indexInLog].frame == toPush.last().frame); … … 370 341 } 371 342 indexInLog--; // Skip over the tail packet. 372 373 // FIXME: After a few iterations the tail packet referenced frame may not be the374 // same as the original callFrame for the real stack frame we started with.375 // It is unclear when we should break.376 343 377 344 if (!advanceIndexInLogTo(tailPacket.frame, nullptr, nullptr)) { … … 413 380 414 381 if (ShadowChickenInternal::verbose) 415 dataLog(" After pushing: ", listDump(m_stack), "\n");382 dataLog(" After pushing: ", *this, "\n"); 416 383 417 384 // Remove tail frames until the number of tail deleted frames is small enough. … … 481 448 out.print("\n"); 482 449 for (unsigned i = 0; i < limit; ++i) 483 out.print("\t", comma, "[", i, "] ",m_log[i], "\n");450 out.print("\t", comma, m_log[i], "\n"); 484 451 out.print("]}"); 485 452 }
Note: See TracChangeset
for help on using the changeset viewer.