• Simon Zünd's avatar
    [debug] Fix crash in debug scope search · 5242128f
    Simon Zünd authored
    This CL fixes a crash when we build the scope chain after re-parsing
    for Debugger.evaluateOnCallFrame.
    
    The following script causes the crash:
    
    class A {
      test(){
        debugger;
      }
      f = (x) => {}
    }
    let a = new A()
    a.test()
    
    The current scope search tries to be smart and descends deeper
    into the scope tree based on source position. That is not a sound
    approach as V8 doesn't guarantee that sibling scopes don't overlap.
    
    In the above case V8 creates an instance initializer scope where
    f is assigned (and the initializer scope is the parent scope for
    the arrow function). The problem is that the initializer scope
    uses the same source range as the class `A` itself, so when we
    look for the scope for `test`, we descend wrongly into the
    initializer scope and can't recover.
    
    The solution is to not try and be too smart:
      - First, find the closure scope with a straight-up DFS.
      - Once we have that, descend from there and try to find the
        closest fitting scope around the break position.
    
    R=bmeurer@chromium.org, jarin@chromium.org
    
    Bug: chromium:1348186
    Change-Id: Ic5e20c4d12b3d768f76a17367dc0f87bcc73763b
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807594Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
    Commit-Queue: Simon Zünd <szuend@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#82216}
    5242128f
evaluate-on-callframe-this.js 905 Bytes