[inspector] fixed taskHeapSnapshot on pause

Blink uses access checks to be sure that objects from one context doesn't access objects in another. Heap profiler uses current context to call this checks, we need to be sure that current context is empty to allow heap profiler collect all objects without crash. BUG=chromium:661223 R=alph@chromium.org,ulan@chromium.org Review-Url: https://codereview.chromium.org/2669393002 Cr-Commit-Position: refs/heads/master@{#42939}

[inspector] fixed taskHeapSnapshot on pause
Blink uses access checks to be sure that objects from one context doesn't access objects in another. Heap profiler uses current context to call this checks, we need to be sure that current context is empty to allow heap profiler collect all objects without crash. BUG=chromium:661223 R=alph@chromium.org,ulan@chromium.org Review-Url: https://codereview.chromium.org/2669393002 Cr-Commit-Position: refs/heads/master@{#42939}
39afa5af · kozyatinskiy · Commit bot · 79837f5f · 39afa5af · 39afa5af
Commit 39afa5af authored Feb 04, 2017 by kozyatinskiy Committed by Commit bot Feb 04, 2017
4 changed files
--- a/src/profiler/heap-snapshot-generator.cc
+++ b/src/profiler/heap-snapshot-generator.cc
@@ -2492,6 +2492,20 @@ HeapSnapshotGenerator::HeapSnapshotGenerator(
      heap_(heap) {
 }

+namespace {
+class NullContextScope {
+ public:
+  explicit NullContextScope(Isolate* isolate)
+      : isolate_(isolate), prev_(isolate->context()) {
+    isolate_->set_context(nullptr);
+  }
+  ~NullContextScope() { isolate_->set_context(prev_); }
+
+ private:
+  Isolate* isolate_;
+  Context* prev_;
+};
+}  //  namespace

 bool HeapSnapshotGenerator::GenerateSnapshot() {
  v8_heap_explorer_.TagGlobalObjects();
@@ -2505,6 +2519,8 @@ bool HeapSnapshotGenerator::GenerateSnapshot() {
  heap_->CollectAllGarbage(Heap::kMakeHeapIterableMask,
                           GarbageCollectionReason::kHeapProfiler);

+  NullContextScope null_context_scope(heap_->isolate());
+
 #ifdef VERIFY_HEAP
  Heap* debug_heap = heap_;
  if (FLAG_verify_heap) {

--- a/test/inspector/heap-profiler/take-heap-snapshot-on-pause-expected.txt
+++ b/test/inspector/heap-profiler/take-heap-snapshot-on-pause-expected.txt
+Checks that takeHeapSnapshot uses empty accessing_context for access checks.
+Successfully finished
--- a/test/inspector/heap-profiler/take-heap-snapshot-on-pause.js
+++ b/test/inspector/heap-profiler/take-heap-snapshot-on-pause.js
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+print('Checks that takeHeapSnapshot uses empty accessing_context for access \
+checks.');
+
+InspectorTest.addScript(`
+function testFunction() {
+  var array = [ createObjectWithStrictCheck() ];
+  debugger;
+}
+//# sourceURL=test.js`);
+
+Protocol.Debugger.onScriptParsed(message => {
+  Protocol.HeapProfiler.takeHeapSnapshot({ reportProgress: false })
+    .then(() => Protocol.Debugger.resume());
+});
+
+Protocol.Debugger.enable();
+Protocol.HeapProfiler.enable();
+Protocol.Runtime.evaluate({ expression: 'testFunction()' })
+  .then(() => InspectorTest.log('Successfully finished'))
+  .then(InspectorTest.completeTest);
--- a/test/inspector/inspector-test.cc
+++ b/test/inspector/inspector-test.cc
@@ -320,6 +320,13 @@ class SetTimeoutExtension : public v8::Extension {
  }
 };

+bool StrictAccessCheck(v8::Local<v8::Context> accessing_context,
+                       v8::Local<v8::Object> accessed_object,
+                       v8::Local<v8::Value> data) {
+  CHECK(accessing_context.IsEmpty());
+  return accessing_context.IsEmpty();
+}
+
 class InspectorExtension : public v8::Extension {
 public:
  InspectorExtension()
@@ -327,7 +334,8 @@ class InspectorExtension : public v8::Extension {
                      "native function attachInspector();"
                      "native function detachInspector();"
                      "native function setMaxAsyncTaskStacks();"
-                      "native function breakProgram();") {}
+                      "native function breakProgram();"
+                      "native function createObjectWithStrictCheck();") {}

  virtual v8::Local<v8::FunctionTemplate> GetNativeFunctionTemplate(
      v8::Isolate* isolate, v8::Local<v8::String> name) {
@@ -358,6 +366,13 @@ class InspectorExtension : public v8::Extension {
                   .FromJust()) {
      return v8::FunctionTemplate::New(isolate,
                                       InspectorExtension::BreakProgram);
+    } else if (name->Equals(context, v8::String::NewFromUtf8(
+                                         isolate, "createObjectWithStrictCheck",
+                                         v8::NewStringType::kNormal)
+                                         .ToLocalChecked())
+                   .FromJust()) {
+      return v8::FunctionTemplate::New(
+          isolate, InspectorExtension::CreateObjectWithStrictCheck);
    }
    return v8::Local<v8::FunctionTemplate>();
  }
@@ -418,6 +433,20 @@ class InspectorExtension : public v8::Extension {
    v8_inspector::StringView details_view(details.start(), details.length());
    session->breakProgram(reason_view, details_view);
  }
+
+  static void CreateObjectWithStrictCheck(
+      const v8::FunctionCallbackInfo<v8::Value>& args) {
+    if (args.Length() != 0) {
+      fprintf(stderr, "Internal error: createObjectWithStrictCheck().");
+      Exit();
+    }
+    v8::Local<v8::ObjectTemplate> templ =
+        v8::ObjectTemplate::New(args.GetIsolate());
+    templ->SetAccessCheckCallback(&StrictAccessCheck);
+    args.GetReturnValue().Set(
+        templ->NewInstance(args.GetIsolate()->GetCurrentContext())
+            .ToLocalChecked());
+  }
 };

 v8::Local<v8::String> ToString(v8::Isolate* isolate,