I can't reproduce it with NTP and google.com. Could you provide link to page or javascript source from page where issues is reproducible?

Repro would be awesome.

This is happening in chrome://md-settings, in the source for md-settings/languages_page/languages.js. I don't know if it's specific to the CL I'm working on.

Thank you.
I try to debug this file and DCHECK isn't triggered. Could you explain in what line you set a breakpoint and provide small snippet of code with function that contains this line?
I think that is problem that some of statement in scope has uninitialized location.

I haven't found a repro case outside of my own development. I've uploaded a patch generated via `git diff 6adf4a13` if you care to apply it...

0. build out/Release with chromeos=1 component=shared_library dcheck_always_on=1
1. open chrome://md-settings/advanced
2. ctrl+shift+j
3. open source for md-settings/languages_page/languages.js
3. ctrl+f getEnabledLanguages_:
4. add a breakpoint to the next line (line 338)
5. reload

Sometimes the crash happens when the breakpoint is elsewhere -- not every line triggers it, but some lines do.


    Polymer({
    ....
      getEnabledLanguages_: function(translateTarget) {
        assert(CrSettingsPrefs.isInitialized); // <-- add the breakpoint here

Deleted: 604458.diff 95.2 KB

604458.diff 95.2 KB Download

Thanks! I can reproduce it.

Simplified repro scenario: type following code in DevTools console:

for (var a of [1])
  debugger;

Haha, yes that's a slightly easier repro. Thanks!

Nice. Converted to a d8 repro:

var Debug = debug.Debug;

function listener(event, exec_state, event_data, data) {
  if (event != Debug.DebugEvent.Break) return;
  try {
    exec_state.frame(0).allScopes();
  } catch (e) {
    exception = e;
  }
}


Debug.setListener(listener);

for (var a of [1]) 
debugger;

I can take over from here.

I think that scopes from V8 internal scripts doesn't have locations and we can just ignore it but I'm sure that you know better then me :)

I have a fix:

https://codereview.chromium.org/1901413002

This probably breaks some layout tests, so I'm checking whether I need to rebaseline any.

The scope causing this issue does not have any location associated because it's introduced by the parser for desugaring of for-of. I'm implementing the idea we discussed a while ago where scopes like this should not be exposed to the debugger.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/672983830f36222d90748ff588831b6dae565c38

commit 672983830f36222d90748ff588831b6dae565c38
Author: yangguo <yangguo@chromium.org>
Date: Fri Apr 22 10:46:42 2016

[debugger] Hide scopes that originate from desugaring.

Some scopes are introduced by the parser for desugaring and do not
have any positions associated. The debugger should not make them
visible.

Also add some missing source positions.

R=kozyatinskiy@chromium.org, rossberg@chromium.org
BUG= chromium:604458 
LOG=Y

Review URL: https://codereview.chromium.org/1901413002

Cr-Commit-Position: refs/heads/master@{#35721}

[modify] https://crrev.com/672983830f36222d90748ff588831b6dae565c38/src/ast/scopes.cc
[modify] https://crrev.com/672983830f36222d90748ff588831b6dae565c38/src/ast/scopes.h
[modify] https://crrev.com/672983830f36222d90748ff588831b6dae565c38/src/debug/debug-scopes.cc
[modify] https://crrev.com/672983830f36222d90748ff588831b6dae565c38/src/parsing/parser.cc
[modify] https://crrev.com/672983830f36222d90748ff588831b6dae565c38/test/mjsunit/debug-scopes.js
[modify] https://crrev.com/672983830f36222d90748ff588831b6dae565c38/test/mjsunit/es6/debug-blockscopes.js
[add] https://crrev.com/672983830f36222d90748ff588831b6dae565c38/test/mjsunit/es6/debug-scope-default-param-with-eval.js
[modify] https://crrev.com/672983830f36222d90748ff588831b6dae565c38/test/mjsunit/es6/regress/regress-468661.js