New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 636914 link

Starred by 3 users
Status: WontFix
Owner:
yangguo@chromium.org
Closed: Jul 2017
Cc:
jgruber@chromium.org
kozyatinskiy@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug



Sign in to add a comment

some debug steps are skipped

Reported by hu...@cumallover.me, Aug 11 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.46 Safari/537.36

Steps to reproduce the problem:
    "use strict";

    function sub1 () {
        debugger;
        // any native function here seems to do it
        return window.toString();
    }

    function sub2 () {
        2 + 2;
    }

    sub1();
    sub2();

1. paste and run this script in the console (it should pause at the debugger statement)
2. click "step into next function call" once so you're at `return window.toString();`
3. click "step into next function call"

What is the expected behavior?
it should be at end of the "sub1" function with the return value

What went wrong?
it skips to the body of the "sub2" function

Did this work before? N/A 

Chrome version: 53.0.2785.46  Channel: beta
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 22.0 r0

also tested on chrome canary 54.0.2825.0 64-bit

Comment 1 by kozyatinskiy@chromium.org, Aug 11 2016

Owner: kozyatinskiy@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 2 by kozyatinskiy@chromium.org, Aug 30 2016

Labels: Needs-Feedback
Could you run this script in console on about:blank page?
I can't reproduce it in M53, M54 and ToT maybe custom toString method is defined in page context or some custom window property.

Comment 3 by hu...@cumallover.me, Aug 30 2016 

sorry, seems like you need "Experimental JavaScript" enabled in chrome://flags for the bug to occur

Comment 4 by kozyatinskiy@chromium.org, Aug 30 2016

Labels: -OS-Windows -Pri-2 -Needs-Feedback -Arch-x86_64 OS-All Pri-1
Thanks! With this flag I'm able to reproduce it, will take a look.

Comment 5 by kozyatinskiy@chromium.org, Aug 31 2016

Cc: kozyatinskiy@chromium.org
Components: -Platform>DevTools Blink>JavaScript
Owner: yangguo@chromium.org
It's V8 issue.
I attached script for d8.
d8 debug-step-into-native-in-return.js --expose-debug-as debug will print 5.
d8 debug-step-into-native-in-return.js --expose-debug-as debug --harmony will print 2 (actually execution will be resumed on step into native function call).
debug-step-into-native-in-return.js
379 bytes View Download

Comment 6 by yangguo@chromium.org, Sep 13 2016

Cc: jgruber@chromium.org

Comment 7 by jgruber@chromium.org, Sep 27 2016 

Simplified regression test attached.
regress-crbug-636914.js
566 bytes View Download

Comment 8 by jgruber@chromium.org, Sep 27 2016 

The required parts for reproduction are: --harmony, and a strict mode function which calls into a native function.

Comment 9 by jgruber@chromium.org, Sep 27 2016 

And the specific flag is --harmony-tailcalls.
Project Member

Comment 10 by bugdroid1@chromium.org, Jul 13 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/1769f892cef0822e6a8b5334e2ad909a0c33e906

commit 1769f892cef0822e6a8b5334e2ad909a0c33e906
Author: Adam Klein <adamk@chromium.org>
Date: Thu Jul 13 19:29:05 2017

[cleanup] Remove always-off support for tail calls

The tail call implementation is hidden behind the --harmony-tailcalls
flag, which is off-by-default (and has been unstaged since February).
It is known to be broken in a variety of cases, including clusterfuzz
security issues (see sample Chromium issues below). To avoid letting
the implementation bitrot further on trunk, this patch removes it.

Bug: v8:4698,  chromium:636914 ,  chromium:724746 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I9cb547101456a582374fdf7b1a3f044a9ef33e5c
Reviewed-on: https://chromium-review.googlesource.com/569069
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46651}
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/api.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/assembler.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/assembler.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/ast/ast.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/ast/ast.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/ast/prettyprinter.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/bootstrapper.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/arm/builtins-arm.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/arm64/builtins-arm64.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/builtins-call-gen.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/builtins-call.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/builtins-definitions.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/builtins-interpreter-gen.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/builtins-interpreter.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/builtins.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/ia32/builtins-ia32.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/mips/builtins-mips.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/mips64/builtins-mips64.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/builtins/x64/builtins-x64.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/code-factory.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/code-factory.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/code-stubs.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/code-stubs.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/ast-graph-builder.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/bytecode-graph-builder.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/bytecode-graph-builder.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/code-generator.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/frame-states.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/frame-states.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/instruction-selector.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/js-call-reducer.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/js-generic-lowering.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/js-inlining.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/js-inlining.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/js-operator.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/js-operator.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/compiler/js-typed-lowering.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/debug/debug.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/debug/debug.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/deoptimizer.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/deoptimizer.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/external-reference-table.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/flag-definitions.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/full-codegen/arm/full-codegen-arm.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/full-codegen/arm64/full-codegen-arm64.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/full-codegen/full-codegen.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/full-codegen/full-codegen.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/full-codegen/ia32/full-codegen-ia32.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/full-codegen/mips/full-codegen-mips.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/full-codegen/mips64/full-codegen-mips64.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/full-codegen/x64/full-codegen-x64.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/globals.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/interpreter/bytecode-array-builder.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/interpreter/bytecode-generator.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/interpreter/bytecodes.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/interpreter/interpreter-assembler.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/interpreter/interpreter-assembler.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/interpreter/interpreter-generator.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/interpreter/interpreter-intrinsics-generator.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/isolate.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/isolate.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/objects.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/parsing/parse-info.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/parsing/parse-info.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/parsing/parser-base.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/parsing/parser.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/parsing/parser.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/runtime/runtime-test.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/src/runtime/runtime.h
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/cctest/interpreter/test-interpreter.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/cctest/test-debug.cc
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/debugger/debug/es6/debug-stepin-tailcalls.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/debugger/debug/es6/debug-stepout-tailcalls.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/compiler/deopt-accessors5.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/compiler/deopt-accessors6.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/compiler/regress-628773.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest-shard0.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest-shard1.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest-shard2.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest-shard3.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest-shard4.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest-shard5.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest-shard6.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest-shard7.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest-shard8.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest-shard9.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-megatest.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-proxies.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call-simple.js
[delete] https://crrev.com/415fd8d8d1060502ad52c095aa18cd05f75d3af5/test/mjsunit/es6/tail-call.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/mjsunit.status
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-593299.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-crbug-537444.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-crbug-593697-2.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-crbug-595615.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-crbug-598998.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-crbug-601617.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-crbug-604680.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-crbug-608278.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-crbug-648539.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-crbug-658691.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/mjsunit/regress/regress-crbug-685634.js
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/test262/test262.status
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/unittests/interpreter/bytecode-array-builder-unittest.cc
[modify] https://crrev.com/1769f892cef0822e6a8b5334e2ad909a0c33e906/test/unittests/interpreter/interpreter-assembler-unittest.cc

Comment 11 by adamk@chromium.org, Jul 13 2017

Status: WontFix (was: Assigned)

Sign in to add a comment