Avoid using stale InspectedContext pointers

BUG=657568
TEST=Manually, see bug report

Review-Url: https://codereview.chromium.org/2432163004
Cr-Commit-Position: refs/heads/master@{#40605}

AUTHORS

@@ -106,6 +106,7 @@ Paul Lind <plind44@gmail.com>
 Rafal Krypa <rafal@krypa.net>
 Refael Ackermann <refack@gmail.com>
 Rene Rebe <rene@exactcode.de>
+Rob Wu <rob@robwu.nl>
 Robert Mustacchi <rm@fingolfin.org>
 Robert Nagy <robert.nagy@gmail.com>
 Ryan Dahl <ry@tinyclouds.org>

src/inspector/injected-script.cc

@@ -99,10 +99,16 @@ std::unique_ptr<InjectedScript> InjectedScript::create(
       v8::Number::New(isolate, inspectedContext->contextId())};
   v8::MicrotasksScope microtasksScope(isolate,
                                       v8::MicrotasksScope::kDoNotRunMicrotasks);
+
+  int contextGroupId = inspectedContext->contextGroupId();
+  int contextId = inspectedContext->contextId();
+  V8InspectorImpl* inspector = inspectedContext->inspector();
   v8::Local<v8::Value> injectedScriptValue;
   if (!function->Call(context, windowGlobal, arraysize(info), info)
            .ToLocal(&injectedScriptValue))
     return nullptr;
+  if (inspector->getContext(contextGroupId, contextId) != inspectedContext)
+    return nullptr;
   if (!injectedScriptValue->IsObject()) return nullptr;
   return wrapUnique(new InjectedScript(inspectedContext,
                                        injectedScriptValue.As<v8::Object>(),

src/inspector/inspected-context.cc

@@ -73,9 +73,13 @@ v8::Isolate* InspectedContext::isolate() const {
   return m_inspector->isolate();
 }
 
-void InspectedContext::createInjectedScript() {
+bool InspectedContext::createInjectedScript() {
   DCHECK(!m_injectedScript);
-  m_injectedScript = InjectedScript::create(this);
+  std::unique_ptr<InjectedScript> injectedScript = InjectedScript::create(this);
+  // InjectedScript::create can destroy |this|.
+  if (!injectedScript) return false;
+  m_injectedScript = std::move(injectedScript);
+  return true;
 }
 
 void InspectedContext::discardInjectedScript() { m_injectedScript.reset(); }

src/inspector/inspected-context.h

@@ -35,7 +35,7 @@ class InspectedContext {
   V8InspectorImpl* inspector() const { return m_inspector; }
 
   InjectedScript* getInjectedScript() { return m_injectedScript.get(); }
-  void createInjectedScript();
+  bool createInjectedScript();
   void discardInjectedScript();
 
  private:

src/inspector/v8-inspector-session-impl.cc

@@ -187,8 +187,7 @@ InjectedScript* V8InspectorSessionImpl::findInjectedScript(
 
   const std::unique_ptr<InspectedContext>& context = contextsIt->second;
   if (!context->getInjectedScript()) {
-    context->createInjectedScript();
-    if (!context->getInjectedScript()) {
+    if (!context->createInjectedScript()) {
       *errorString = "Cannot access specified execution context";
       return nullptr;
     }

test/inspector/console/destroy-context-during-log-expected.txt

+{
+    type : string
+    value : First inspector activity after attaching inspector
+}
+{
+    type : string
+    value : End of test
+}

test/inspector/console/destroy-context-during-log.js

+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+const expression = `
+  Object.defineProperty(Object.prototype, 'RemoteObject', {
+    configurable: true,
+    set(v) {
+      delete Object.prototype.RemoteObject;
+      this.RemoteObject = v;
+
+      detachInspector();
+      setTimeout(function() {
+        // Attach the inspector again for the sake of establishing a
+        // communication channel with the frontend test runner.
+        attachInspector();
+        console.log("End of test");
+      }, 0);
+    },
+  });
+
+  // Before the whole script runs, the inspector is already attached.
+  // Re-attach the inspector and trigger the console API to make sure that the
+  // injected inspector script runs again (and triggers the above setter).
+  detachInspector();
+  attachInspector();
+  console.log("First inspector activity after attaching inspector");
+`;
+
+Protocol.Runtime.enable();
+Protocol.Runtime.evaluate({ expression: expression });
+
+Protocol.Runtime.onConsoleAPICalled(function(result) {
+  InspectorTest.logObject(result.params.args[0]);
+  if (result.params.args[0].value == "End of test") {
+    InspectorTest.completeTest();
+  }
+});

test/inspector/inspector-test.cc

@@ -212,6 +212,59 @@ class SetTimeoutExtension : public v8::Extension {
   }
 };
 
+class InspectorExtension : public v8::Extension {
+ public:
+  InspectorExtension()
+      : v8::Extension("v8_inspector/inspector",
+                      "native function attachInspector();"
+                      "native function detachInspector();") {}
+
+  virtual v8::Local<v8::FunctionTemplate> GetNativeFunctionTemplate(
+      v8::Isolate* isolate, v8::Local<v8::String> name) {
+    v8::Local<v8::Context> context = isolate->GetCurrentContext();
+    if (name->Equals(context,
+                     v8::String::NewFromUtf8(isolate, "attachInspector",
+                                             v8::NewStringType::kNormal)
+                         .ToLocalChecked())
+            .FromJust()) {
+      return v8::FunctionTemplate::New(isolate, InspectorExtension::Attach);
+    } else if (name->Equals(context,
+                            v8::String::NewFromUtf8(isolate, "detachInspector",
+                                                    v8::NewStringType::kNormal)
+                                .ToLocalChecked())
+                   .FromJust()) {
+      return v8::FunctionTemplate::New(isolate, InspectorExtension::Detach);
+    }
+    return v8::Local<v8::FunctionTemplate>();
+  }
+
+ private:
+  static void Attach(const v8::FunctionCallbackInfo<v8::Value>& args) {
+    v8::Isolate* isolate = args.GetIsolate();
+    v8::Local<v8::Context> context = isolate->GetCurrentContext();
+    v8_inspector::V8Inspector* inspector =
+        InspectorClientImpl::InspectorFromContext(context);
+    if (!inspector) {
+      fprintf(stderr, "Inspector client not found - cannot attach!");
+      Exit();
+    }
+    inspector->contextCreated(
+        v8_inspector::V8ContextInfo(context, 1, v8_inspector::StringView()));
+  }
+
+  static void Detach(const v8::FunctionCallbackInfo<v8::Value>& args) {
+    v8::Isolate* isolate = args.GetIsolate();
+    v8::Local<v8::Context> context = isolate->GetCurrentContext();
+    v8_inspector::V8Inspector* inspector =
+        InspectorClientImpl::InspectorFromContext(context);
+    if (!inspector) {
+      fprintf(stderr, "Inspector client not found - cannot detach!");
+      Exit();
+    }
+    inspector->contextDestroyed(context);
+  }
+};
+
 v8::Local<v8::String> ToString(v8::Isolate* isolate,
                                const v8_inspector::StringView& string) {
   if (string.is8Bit())
@@ -267,6 +320,8 @@ int main(int argc, char* argv[]) {
 
   SetTimeoutExtension set_timeout_extension;
   v8::RegisterExtension(&set_timeout_extension);
+  InspectorExtension inspector_extension;
+  v8::RegisterExtension(&inspector_extension);
   UtilsExtension utils_extension;
   v8::RegisterExtension(&utils_extension);
   SendMessageToBackendExtension send_message_to_backend_extension;
@@ -274,7 +329,8 @@ int main(int argc, char* argv[]) {
 
   v8::base::Semaphore ready_semaphore(0);
 
-  const char* backend_extensions[] = {"v8_inspector/setTimeout"};
+  const char* backend_extensions[] = {"v8_inspector/setTimeout",
+                                      "v8_inspector/inspector"};
   v8::ExtensionConfiguration backend_configuration(
       arraysize(backend_extensions), backend_extensions);
   TaskRunner backend_runner(&backend_configuration, false, &ready_semaphore);