Closed Bug 1620087 Opened 5 years ago Closed 5 years ago

XPIDL methods with side-effects are executed with instant evaluation

Categories

(DevTools :: Console, defect, P2)

Product:
DevTools
Component:
Console
Platform:
Unspecified
macOS
Type:
defect

Tracking

(firefox75 verified)

Status:
VERIFIED FIXED
Milestone:
Firefox 75
Tracking Flags:
Tracking Status
firefox75 --- verified

People

(Reporter: MattN, Assigned: loganfsmyth)

References

(Blocks 1 open bug)

Details

Attachments

(4 files)

Screen Recording using console history
914.50 KB, video/quicktime
Details
Bug 1620087 - Part 3: Treat all realms as debuggees to avoid unexpected sideeffects. r=jlast!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1620087 - Part 1: Split the ECMAScript eager whitelist into its own file. r=jlast!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1620087 - Part 2: Exceptions during eager whitelist validation should terminate execution. r=jlast!
47 bytes, text/x-phabricator-request
Details | Review

Thank you for helping make Firefox better. If you are reporting a defect, please complete the following:

What were you doing?

Please tell us what site you were on, and what steps led to the error you are reporting

  1. Enable devtools.chrome.enabled and extensions.formautofill.reauth.enabled
  2. Execute let {OSKeyStore} = ChromeUtils.import("resource://formautofill/OSKeyStore.jsm"); in the Browser Console.
  3. Paste OSKeyStore.ensureLoggedIn(""); in the Browser Console input (with instant evaluation on).

What happened?

The browser crashes since it executed code that has side effects

What should have happened?

The code shouldn't have executed since it's an XPIDL method with side-effects.

Anything else we should know?

You can change the "" argument to a non-empty string to avoid the crash but still get unwanted execution causing a dialog to appear.

We should probably disable this feature by default in chrome contexts (Browser Console, Browser Toolbox).

Edit: added extensions.formautofill.reauth.enabled pref

Priority: -- → P2
Flags: needinfo?(loganfsmyth)

In the Browser Toolbox I instead get a devtools error from instant eval.:

InvisibleToDebugger: Error
ThreadSafeDevToolsUtils.js:90:13
    reportException resource://devtools/shared/ThreadSafeDevToolsUtils.js:90
    evaluateJSAsync resource://devtools/server/actors/webconsole.js:1089
    makeInfallible resource://devtools/shared/ThreadSafeDevToolsUtils.js:111

Looks like this is a side-effects of us having commented out https://bugzilla.mozilla.org/show_bug.cgi?id=1610532 to attempt to address the memory leak. I haven't looked closely, but presumably the browser console doesn't consider the jsm-scope global to be a debuggee by default, meaning that things in that realm can run with side-effects.

I'm hoping that we can just uncomment that line now that https://bugzilla.mozilla.org/show_bug.cgi?id=1617666 has landed, but since we never actually tracked down the cause of the leak, it's hard to be sure, we'll have to see whether we are still seeing leaks.

If the leaks persist and we can't uncomment that line, I agree that we'd have to consider disabling this feature for the browser console.

Flags: needinfo?(loganfsmyth)

Here's a Try run with the line uncommented: https://treeherder.mozilla.org/#/jobs?repo=try&revision=173eaacd348ea5fe3db9f4e8c798126aeaea0629

@jlast @nchevobbe Where was the leak in https://bugzilla.mozilla.org/show_bug.cgi?id=1610532 showing up? That issue unfortunately doesn't provide much info for me to go off of.

Flags: needinfo?(nchevobbe)
Flags: needinfo?(jlaster)
Assignee: nobody → loganfsmyth
Status: NEW → ASSIGNED

The leak was in devtools/client/debugger/test/mochitest/browser_dbg-log-points.js (see https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=284967214&repo=autoland&lineNumber=24979)

Flags: needinfo?(nchevobbe)

Splitting this list into its own file reduces the chances of accidentally
referencing incorrect globals.

The implementation's original placement in eval-with-debugger for instance
was accidentally pulling Reflect from resource://gre/modules/reflect.jsm
because that file also makes use of Reflect.parse. Rather than try to
keep it in that file and rename things, placing the list in its own
lazy-loaded file seems like the easiest and most future-proof approach.

I've run into this a couple times now, where as I'm tweaking things, I
accidentally introduce something that throws. The code as it was defaulted
to allowing calls to any native function that throws, which seems like a
bad idea, so this now defaults to termination when an error is encountered.

Depends on D65466

Attachment #9130979 - Attachment description: Bug 1620087 - Treat all realms as debuggees to avoid unexpected sideeffects. r=jlast! → Bug 1620087 - Part 3: Treat all realms as debuggees to avoid unexpected sideeffects. r=jlast!

Here's a new test run for the new patchs, since there was a failure in the old test run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f19324023175409a0b390e561c95bbeab649dd0e

Technically I think the change of placement for ensureSideEffectFreeNatives in Part 3 is enough to fix the test failure, but clean things up a lot too.

I also don't see any leaks in devtools/client/debugger/test/mochitest/browser_dbg-log-points.js

Pushed by loganfsmyth@gmail.com: https://hg.mozilla.org/integration/autoland/rev/62d4008a089a Part 1: Split the ECMAScript eager whitelist into its own file. r=nchevobbe https://hg.mozilla.org/integration/autoland/rev/a6efc9fb5e12 Part 2: Exceptions during eager whitelist validation should terminate execution. r=nchevobbe https://hg.mozilla.org/integration/autoland/rev/9e09d30270d6 Part 3: Treat all realms as debuggees to avoid unexpected sideeffects. r=nchevobbe
Pushed by csabou@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2bd4780e44f2 Part 1: Split the ECMAScript eager whitelist into its own file. r=nchevobbe https://hg.mozilla.org/integration/autoland/rev/8bbd93eba9e3 Part 2: Exceptions during eager whitelist validation should terminate execution. r=nchevobbe https://hg.mozilla.org/integration/autoland/rev/36c3c857a5a7 Part 3: Treat all realms as debuggees to avoid unexpected sideeffects. r=nchevobbe

Hmm, I'm not familiar with TV tests, is there a way for me to run this locally to understand what is going wrong? I'm expecting that test to pass and they do pass locally for me, so I'll have to look more into why they might fail in other conditions.

Flags: needinfo?(loganfsmyth) → needinfo?(csabou)

from the screenshot, we get a redeclaration of let loader(which make sense) Don't you see this when running the test with--repeat 2(or--verify`)?

I guess we can switch to use var which shouldn't trigger this error

Flags: needinfo?(csabou)

Filed Bug 1620222 to track those failures.

Regressions: 1620222

https://hg.mozilla.org/mozilla-central/rev/2bd4780e44f2
https://hg.mozilla.org/mozilla-central/rev/8bbd93eba9e3
https://hg.mozilla.org/mozilla-central/rev/36c3c857a5a7

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox75: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 75
Regressions: 1620557

Confirmed issue with 75.0a1 Build ID 20200304161940 on Windows 10.
Verified with 75.0b5 on Windows 10, macOS 10.15, Ubuntu 19.04.

Status: RESOLVED → VERIFIED
status-firefox75: fixedverified
Flags: qe-verify+
Flags: needinfo?(jlaster)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: