Web Inspector: AsyncStackTrace nodes can be corrupted when truncating
authormattbaker@apple.com <mattbaker@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 1 Jul 2017 02:56:04 +0000 (02:56 +0000)
committermattbaker@apple.com <mattbaker@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 1 Jul 2017 02:56:04 +0000 (02:56 +0000)
commit71a60496a9f9b9662212ce44890079099325b7c2
treed99293aacf4fdb5eb0fe0a0d81b69ec090d874dc
parentd07c640826a97b9d1b659b986caab0e96a8f1d55
Web Inspector: AsyncStackTrace nodes can be corrupted when truncating
https://bugs.webkit.org/show_bug.cgi?id=173840
<rdar://problem/30840820>

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

When truncating an asynchronous stack trace, the parent chain is traversed
until a locked node is found. The path from this node to the root is shared
by more than one stack trace, and cannot be safely modified. Starting at
the first locked node, the path is cloned and becomes a new stack trace tree.

However, the clone operation initialized each new AsyncStackTrace node with
the original node's parent. This would increment the child count of the original
node. When cloning nodes, new nodes should not have their parent set until the
next node up the parent chain is cloned.

* inspector/AsyncStackTrace.cpp:
(Inspector::AsyncStackTrace::truncate):

LayoutTests:

Add a test for truncating a branching asynchronous stack trace.

* inspector/debugger/truncate-async-stack-trace-expected.txt: Added.
* inspector/debugger/truncate-async-stack-trace.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@219035 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/inspector/debugger/truncate-async-stack-trace-expected.txt [new file with mode: 0644]
LayoutTests/inspector/debugger/truncate-async-stack-trace.html [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/inspector/AsyncStackTrace.cpp