2011-05-15 Ilya Tikhonovsky <loislo@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: chromium renderer crash at eval in console.

        https://bugs.webkit.org/show_bug.cgi?id=60616
        Renderer of inspected page is crashing when modal dialog
        has been opened via console eval and page is reloaded.

        Test: inspector/console/console-long-eval-crash.html

        * inspector/CodeGeneratorInspector.pm:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::connectFrontend):
        (WebCore::InspectorController::dispatchMessageFromFrontend):
        * inspector/InspectorController.h:

2011-05-15  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: chromium renderer crash at eval in console.

        https://bugs.webkit.org/show_bug.cgi?id=60616
        Renderer of inspected page is crashing when modal dialog
        has been opened via console eval and page is reloaded.

        * inspector/console/console-long-eval-crash-expected.txt: Added.
        * inspector/console/console-long-eval-crash.html: Added.
        * platform/gtk/Skipped:
        * platform/mac-wk2/Skipped:
        * platform/qt-wk2/Skipped:
        * platform/win/Skipped:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@86507 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index ca117ee8e558a5ef785c393f9041e17626e105c8..9c46c05979cf5d4755030bf02bb04e51fede16d8 100644 (file)
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,20 @@
+2011-05-15  Ilya Tikhonovsky  <loislo@chromium.org>
+
+        Reviewed by Yury Semikhatsky.
+
+        Web Inspector: chromium renderer crash at eval in console.
+
+        https://bugs.webkit.org/show_bug.cgi?id=60616
+        Renderer of inspected page is crashing when modal dialog
+        has been opened via console eval and page is reloaded.
+
+        * inspector/console/console-long-eval-crash-expected.txt: Added.
+        * inspector/console/console-long-eval-crash.html: Added.
+        * platform/gtk/Skipped:
+        * platform/mac-wk2/Skipped:
+        * platform/qt-wk2/Skipped:
+        * platform/win/Skipped:
+
 2011-05-15  Eric Carlson  <eric.carlson@apple.com>
 
         Reviewed by Maciej Stachowiak.

diff --git a/LayoutTests/inspector/console/console-long-eval-crash-expected.txt b/LayoutTests/inspector/console/console-long-eval-crash-expected.txt
new file mode 100644 (file)
index 0000000..c6777ed
--- /dev/null
+++ b/LayoutTests/inspector/console/console-long-eval-crash-expected.txt
@@ -0,0 +1,3 @@
+Test that any long api call from the frontend will not crash the inspected page's renderer if the page is reloaded or frontend is closed in the middle.
+
+https://bugs.webkit.org/show_bug.cgi?id=60616

diff --git a/LayoutTests/inspector/console/console-long-eval-crash.html b/LayoutTests/inspector/console/console-long-eval-crash.html
new file mode 100644 (file)
index 0000000..75444bb
--- /dev/null
+++ b/LayoutTests/inspector/console/console-long-eval-crash.html
@@ -0,0 +1,31 @@
+<html>
+<head>
+<script src="../../http/tests/inspector/inspector-test.js"></script>
+<script src="../../http/tests/inspector/console-test.js"></script>
+<script>
+
+layoutTestController.setCanOpenWindows();
+
+function doDialog()
+{
+    layoutTestController.closeWebInspector();
+    showModalDialog('data:text/html,<script>setTimeout(close, 0);%3c/script>');
+    setTimeout(function(){layoutTestController.notifyDone();}, 0);
+}
+
+function test()
+{
+    RuntimeAgent.evaluate("doDialog()");
+}
+
+</script>
+</head>
+
+<body onload="runTest()">
+<p>
+Test that any long api call from the frontend will not crash the inspected page's renderer if the page is reloaded or frontend is closed in the middle.
+</p>
+<a href="https://bugs.webkit.org/show_bug.cgi?id=60616">https://bugs.webkit.org/show_bug.cgi?id=60616</a>
+
+</body>
+</html>

diff --git a/LayoutTests/platform/gtk/Skipped b/LayoutTests/platform/gtk/Skipped
index 86c4fad79f8e1b920b6ca20c2ce478b53842eca5..b2a76e5a7114ca85deba0ffeb0bb0a9ed11d0d97 100644 (file)
--- a/LayoutTests/platform/gtk/Skipped
+++ b/LayoutTests/platform/gtk/Skipped
@@ -1071,6 +1071,7 @@ fast/text/fake-italic.html
 fast/events/show-modal-dialog-onblur-onfocus.html
 fast/events/scroll-event-during-modal-dialog.html
 fast/harness/show-modal-dialog.html
+inspector/console/console-long-eval-crash.html
 sputnik/Conformance/10_Execution_Contexts/10.2_Entering_An_Execution_Context/10.2.2_Eval_Code/S10.2.2_A1.2_T10.html
 sputnik/Conformance/10_Execution_Contexts/10.2_Entering_An_Execution_Context/10.2.2_Eval_Code/S10.2.2_A1.1_T11.html
 sputnik/Conformance/10_Execution_Contexts/10.2_Entering_An_Execution_Context/10.2.2_Eval_Code/S10.2.2_A1.1_T2.html

diff --git a/LayoutTests/platform/mac-wk2/Skipped b/LayoutTests/platform/mac-wk2/Skipped
index 27ef01f9995bed0ab76088c56a5a5038977b1ddc..7d2e6cdebc08d7bcf5b8163d4cb5c0c65e6d9a94 100644 (file)
--- a/LayoutTests/platform/mac-wk2/Skipped
+++ b/LayoutTests/platform/mac-wk2/Skipped
@@ -1678,6 +1678,7 @@ http/tests/xmlhttprequest/re-login-async.html
 # WebKit2 needs showModalDialog
 fast/events/scroll-event-during-modal-dialog.html
 fast/harness/show-modal-dialog.html
+inspector/console/console-long-eval-crash.html
 
 # WebKit2 needs fullscreen support
 # https://bugs.webkit.org/show_bug.cgi?id=56318

diff --git a/LayoutTests/platform/mac/Skipped b/LayoutTests/platform/mac/Skipped
index 7a19212eb6e6d7ea25b163080f9c7ddce6a269ce..958cf8a2cc2f275ac75b6317496feb00aadd386d 100644 (file)
--- a/LayoutTests/platform/mac/Skipped
+++ b/LayoutTests/platform/mac/Skipped
@@ -357,3 +357,7 @@ fast/events/page-visibility-iframe-delete-test.html
 fast/events/page-visibility-iframe-move-test.html
 fast/events/page-visibility-iframe-propagation-test.html
 fast/events/page-visibility-transition-test.html
+
+# console long eval test is timeout 60616
+inspector/console/console-long-eval-crash.html
+

diff --git a/LayoutTests/platform/qt-wk2/Skipped b/LayoutTests/platform/qt-wk2/Skipped
index c21aee492320cf5c32b607212a2c6a9050840626..e1f40b2cb14770ed54a458cbd21029d6ce6acfcf 100644 (file)
--- a/LayoutTests/platform/qt-wk2/Skipped
+++ b/LayoutTests/platform/qt-wk2/Skipped
@@ -1952,6 +1952,7 @@ http/tests/xmlhttprequest/re-login-async.html
 
 # WebKit2 needs showModalDialog
 fast/harness/show-modal-dialog.html
+inspector/console/console-long-eval-crash.html
 
 # WebKit2 needs fullscreen support
 fullscreen/full-screen-css.html

diff --git a/LayoutTests/platform/win/Skipped b/LayoutTests/platform/win/Skipped
index 299bb0c79304a056102485913ceb46bf6e7b635b..05958fa69fa18ca9a8bdc4fb966520fd44e93c4e 100644 (file)
--- a/LayoutTests/platform/win/Skipped
+++ b/LayoutTests/platform/win/Skipped
@@ -1020,6 +1020,7 @@ fast/text/hyphens.html
 fast/events/show-modal-dialog-onblur-onfocus.html
 fast/harness/show-modal-dialog.html
 fast/events/scroll-event-during-modal-dialog.html
+inspector/console/console-long-eval-crash.html
 
 # These tests fail when showModalDialog is unsupported, even though they don't
 # rely on it directly http://webkit.org/b/53676

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index e8e0ea0afb52d3bb7b5ec20e77cd9def2a27b081..2dc80af4745dd445f5a611eba6705a5cb9d74cee 100644 (file)
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,21 @@
+2011-05-15  Ilya Tikhonovsky  <loislo@chromium.org>
+
+        Reviewed by Yury Semikhatsky.
+
+        Web Inspector: chromium renderer crash at eval in console.
+
+        https://bugs.webkit.org/show_bug.cgi?id=60616
+        Renderer of inspected page is crashing when modal dialog
+        has been opened via console eval and page is reloaded.
+
+        Test: inspector/console/console-long-eval-crash.html
+
+        * inspector/CodeGeneratorInspector.pm:
+        * inspector/InspectorController.cpp:
+        (WebCore::InspectorController::connectFrontend):
+        (WebCore::InspectorController::dispatchMessageFromFrontend):
+        * inspector/InspectorController.h:
+
 2011-05-15  Eric Carlson  <eric.carlson@apple.com>
 
         Reviewed by Maciej Stachowiak.

diff --git a/Source/WebCore/inspector/CodeGeneratorInspector.pm b/Source/WebCore/inspector/CodeGeneratorInspector.pm
index c8d7c2e73ac53282b91012b65ce133467302aedc..60b8446a95e8c2f07e82823fbe0a4b3ea22731ca 100644 (file)
--- a/Source/WebCore/inspector/CodeGeneratorInspector.pm
+++ b/Source/WebCore/inspector/CodeGeneratorInspector.pm
@@ -98,6 +98,9 @@ $typeTransform{"Frontend"} = {
 $typeTransform{"PassRefPtr"} = {
     "forwardHeader" => "wtf/PassRefPtr.h",
 };
+$typeTransform{"RefCounted"} = {
+    "forwardHeader" => "wtf/RefCounted.h",
+};
 $typeTransform{"InspectorFrontendChannel"} = {
     "forward" => "InspectorFrontendChannel",
     "header" => "InspectorFrontendChannel.h",
@@ -218,6 +221,7 @@ my $verbose;
 my $namespace;
 
 my $backendClassName;
+my $backendClassDeclaration;
 my $backendJSStubName;
 my %backendTypes;
 my @backendMethods;
@@ -278,10 +282,12 @@ sub GenerateModule
     $frontendTypes{"PassRefPtr"} = 1;
 
     $backendClassName = "InspectorBackendDispatcher";
+    $backendClassDeclaration = "InspectorBackendDispatcher: public RefCounted<InspectorBackendDispatcher>";
     $backendJSStubName = "InspectorBackendStub";
     $backendTypes{"Inspector"} = 1;
     $backendTypes{"InspectorFrontendChannel"} = 1;
     $backendTypes{"PassRefPtr"} = 1;
+    $backendTypes{"RefCounted"} = 1;
     $backendTypes{"Object"} = 1;
 }
 
@@ -389,7 +395,8 @@ sub generateFrontendFunction
         }
         push(@function, "    ${functionName}Message->setObject(\"params\", paramsObject);");
     }
-    push(@function, "    m_inspectorFrontendChannel->sendMessageToFrontend(${functionName}Message->toJSONString());");
+    push(@function, "    if (m_inspectorFrontendChannel)");
+    push(@function, "        m_inspectorFrontendChannel->sendMessageToFrontend(${functionName}Message->toJSONString());");
     push(@function, "}");
     push(@function, "");
     push(@frontendMethodsImpl, @function);
@@ -502,7 +509,8 @@ sub generateBackendFunction
     push(@function, "    responseMessage->setObject(\"result\", result);");
     push(@function, "");
     push(@function, "    responseMessage->setNumber(\"id\", callId);");
-    push(@function, "    m_inspectorFrontendChannel->sendMessageToFrontend(responseMessage->toJSONString());");
+    push(@function, "    if (m_inspectorFrontendChannel)");
+    push(@function, "        m_inspectorFrontendChannel->sendMessageToFrontend(responseMessage->toJSONString());");
     push(@function, "}");
     push(@function, "");
     push(@backendMethodsImpl, @function);
@@ -543,7 +551,8 @@ void ${backendClassName}::reportProtocolError(const long* const callId, CommonEr
         message->setNumber("id", *callId);
     else
         message->setValue("id", InspectorValue::null());
-    m_inspectorFrontendChannel->sendMessageToFrontend(message->toJSONString());
+    if (m_inspectorFrontendChannel)
+        m_inspectorFrontendChannel->sendMessageToFrontend(message->toJSONString());
 }
 EOF
     return split("\n", $reportProtocolError);
@@ -594,6 +603,7 @@ sub generateBackendDispatcher
     my $backendDispatcherBody = << "EOF";
 void ${backendClassName}::dispatch(const String& message)
 {
+    RefPtr<${backendClassName}> protect = this;
     typedef void (${backendClassName}::*CallHandler)(long callId, InspectorObject* messageObject);
     typedef HashMap<String, CallHandler> DispatchMap;
     DEFINE_STATIC_LOCAL(DispatchMap, dispatchMap, );
@@ -897,6 +907,7 @@ EOF
 sub generateHeader
 {
     my $className = shift;
+    my $classDeclaration = shift;
     my $types = shift;
     my $constructor = shift;
     my $constants = shift;
@@ -923,7 +934,7 @@ $forwardDeclarations
 
 typedef String ErrorString;
 
-class $className {
+class $classDeclaration {
 public:
 $constructor
 
@@ -1010,6 +1021,8 @@ sub generateBackendAgentFieldsAndConstructor
     push(@backendHead, @fieldInitializers);
     push(@backendHead, "    { }");
     push(@backendHead, "");
+    push(@backendHead, "    void clearFrontend() { m_inspectorFrontendChannel = 0; }");
+    push(@backendHead, "");
     push(@backendHead, "    enum CommonErrorCode {");
     push(@backendHead, "        ParseError = 0,");
     push(@backendHead, "        InvalidRequest,");
@@ -1041,7 +1054,7 @@ sub finish
     undef($SOURCE);
 
     open(my $HEADER, ">$outputHeadersDir/$frontendClassName.h") || die "Couldn't open file $outputHeadersDir/$frontendClassName.h";
-    print $HEADER generateHeader($frontendClassName, \%frontendTypes, $frontendConstructor, \@frontendConstantDeclarations, \@frontendMethods, join("\n", @frontendFooter));
+    print $HEADER generateHeader($frontendClassName, $frontendClassName, \%frontendTypes, $frontendConstructor, \@frontendConstantDeclarations, \@frontendMethods, join("\n", @frontendFooter));
     close($HEADER);
     undef($HEADER);
 
@@ -1067,7 +1080,7 @@ sub finish
     undef($SOURCE);
 
     open($HEADER, ">$outputHeadersDir/$backendClassName.h") || die "Couldn't open file $outputHeadersDir/$backendClassName.h";
-    print $HEADER join("\n", generateHeader($backendClassName, \%backendTypes, $backendConstructor, \@backendConstantDeclarations, \@backendMethods, join("\n", @backendFooter)));
+    print $HEADER join("\n", generateHeader($backendClassName, $backendClassDeclaration, \%backendTypes, $backendConstructor, \@backendConstantDeclarations, \@backendMethods, join("\n", @backendFooter)));
     close($HEADER);
     undef($HEADER);
 

diff --git a/Source/WebCore/inspector/InspectorController.cpp b/Source/WebCore/inspector/InspectorController.cpp
index 5ee62117b139bdd5f650be57b75a53d70da3640c..ee4359d88966fa5fcf241710f9b973e8cbb3527b 100644 (file)
--- a/Source/WebCore/inspector/InspectorController.cpp
+++ b/Source/WebCore/inspector/InspectorController.cpp
@@ -214,7 +214,7 @@ void InspectorController::connectFrontend()
     InspectorInstrumentation::frontendCreated();
 
     ASSERT(m_inspectorClient);
-    m_inspectorBackendDispatcher = adoptPtr(new InspectorBackendDispatcher(
+    m_inspectorBackendDispatcher = adoptRef(new InspectorBackendDispatcher(
         m_inspectorClient,
 #if ENABLE(OFFLINE_WEB_APPLICATIONS)
         m_applicationCacheAgent.get(),
@@ -256,6 +256,7 @@ void InspectorController::disconnectFrontend()
 {
     if (!m_inspectorFrontend)
         return;
+    m_inspectorBackendDispatcher->clearFrontend();
     m_inspectorBackendDispatcher.clear();
 
     // Destroying agents would change the state, but we don't want that.

diff --git a/Source/WebCore/inspector/InspectorController.h b/Source/WebCore/inspector/InspectorController.h
index 0e0f0d68d78e56bc6e932ef804776a9dc20a74df..6722418636a6f85d7e8247b17489cd7d97ab3933 100644 (file)
--- a/Source/WebCore/inspector/InspectorController.h
+++ b/Source/WebCore/inspector/InspectorController.h
@@ -152,7 +152,7 @@ private:
     OwnPtr<InspectorWorkerAgent> m_workerAgent;
 #endif
 
-    OwnPtr<InspectorBackendDispatcher> m_inspectorBackendDispatcher;
+    RefPtr<InspectorBackendDispatcher> m_inspectorBackendDispatcher;
     OwnPtr<InspectorFrontendClient> m_inspectorFrontendClient;
     OwnPtr<InspectorFrontend> m_inspectorFrontend;
     InspectorClient* m_inspectorClient;