[debug] Fix crash when live editing unused inner functions

This CL fixes a wrong assumption in the LiveEdit machinery. Namely the assumption that every FunctionLiteral the parser finds, will have a corresponding SFI created by the compiler. This assumption does not hold in all cases. Inner functions that are never referenced by the outer function don't get an SFI. R=bmeurer@chromium.org Fixed: chromium:1328453 Change-Id: I674f023f948954c1fcae04a4aa2afb69ea1642aa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663443 Commit-Queue: Simon Zünd <szuend@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/main@{#80735}
2022-05-25 08:33:12 +02:00 · 2022-05-25 08:33:12 +02:00 · 9e27dbca79
commit 9e27dbca79
parent ca18e979b3
4 changed files with 45 additions and 1 deletions
--- a/src/debug/liveedit.cc
+++ b/src/debug/liveedit.cc
@ -1107,7 +1107,11 @@ void LiveEdit::PatchScript(Isolate* isolate, Handle<Script> script,
  for (const auto& mapping : changed) {
    FunctionData* data = nullptr;
    if (!function_data_map.Lookup(new_script, mapping.second, &data)) continue;
-    Handle<SharedFunctionInfo> new_sfi = data->shared.ToHandleChecked();
+    Handle<SharedFunctionInfo> new_sfi;
+    // In most cases the new FunctionLiteral should also have an SFI, but there
+    // are some exceptions. E.g the compiler doesn't create SFIs for
+    // inner functions that are never referenced.
+    if (!data->shared.ToHandle(&new_sfi)) continue;
    DCHECK_EQ(new_sfi->script(), *new_script);

    if (!function_data_map.Lookup(script, mapping.first, &data)) continue;
--- a/test/inspector/inspector.status
+++ b/test/inspector/inspector.status
@ -431,6 +431,7 @@
  'print-method-not-found': [SKIP],
  'regress/regress-crbug-1147552': [SKIP],
  'regress/regress-crbug-1183664': [SKIP],
+  'regress/regress-crbug-1328453': [SKIP],
  'runtime/add-binding': [SKIP],
  'runtime/await-promise': [SKIP],
  'runtime/call-function-on-async': [SKIP],
--- a/test/inspector/regress/regress-crbug-1328453-expected.txt
+++ b/test/inspector/regress/regress-crbug-1328453-expected.txt
@ -0,0 +1,9 @@
+Don't crash when live editing an unused inner function [crbug.com/1328453]
+{
+    id : <messageId>
+    result : {
+        callFrames : [
+        ]
+        stackChanged : false
+    }
+}
--- a/test/inspector/regress/regress-crbug-1328453.js
+++ b/test/inspector/regress/regress-crbug-1328453.js
@ -0,0 +1,30 @@
+// Copyright 2022 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+const {contextGroup, Protocol} = InspectorTest.start(
+  'Don\'t crash when live editing an unused inner function [crbug.com/1328453]');
+
+contextGroup.addScript(`
+function outerFn() {
+  function innerFn() {
+    console.log("aa");  // We'll edit the "aa".
+  }
+}`);
+
+const updatedScript = `
+function outerFn() {
+  function innerFn() {
+    console.log("aabb");
+  }
+}`;
+
+(async () => {
+  Protocol.Debugger.enable();
+  const { params: {scriptId} } = await Protocol.Debugger.onceScriptParsed();
+
+  const response = await Protocol.Debugger.setScriptSource({ scriptId, scriptSource: updatedScript });
+  InspectorTest.logMessage(response);
+
+  InspectorTest.completeTest();
+})();