-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify "report an exception" #958
Comments
In particular in relation to the tests in https://bugzilla.mozilla.org/show_bug.cgi?id=1259784 |
I at first thought this was best solved by having "report an exception" explicitly specify which global the error goes to. However, I realize that doesn't really work, as we actually need the information on which script caused the exception, for filename (and line/column number) purposes. I am pretty sure that the relevant script should generally be GetActiveScriptOrModule's [[HostDefined]] value (i.e. its corresponding HTML "script"). As discussed in the new #1189, there are scenarios where this returns null. Maybe this means that #1189 needs to expand to have a "backup incumbent script stack", not a "backup incumbent settings object stack". /cc @bzbarsky. |
Dang, nope, that makes no sense, because of cases like the user clicking on a button with throwing error handlers. In that case there's no GetActiveScriptOrModule() and no backup possible while inside the "dispatch an event" algorithm. Nevermind... |
The way this was meant to work, which everyone agreed on back when this was last discussed and when Hixie wrote the spec for this, before the later changes to it was like so:
At the time, it seemed to me that the "invoking callbacks" section in HTML made this all fairly clear. It looks like that's all been removed since then, so now nothing specifies things... It doesn't help (but is far for the course) that some UAs agreed on all the above at the time and then never actually changed their behavior to align with the resulting spec. |
So, looking through the old https://html.spec.whatwg.org/commit-snapshots/5fa33f072011f29ed56adb0f2f63bb4404c92aae#calling-scripts, I don't see how this was made clear. Error reporting has always been ambiguous and said
As I said over in whatwg/webidl#113 (comment) (sorry for splitting the discussion), I see two options for specifying this. The one not based on entry settings objects, but instead based on the settings object of the script that declared the function that threw an exception, seems simpler to me, since we need that script for its filename/line number/column number anyway. |
The function that threw an exception may not have been declared in a script at all. It can be a built-in function. |
And I guess it's possible that after the various discussion about this stuff things never made it back into the spec after all. :( I distinctly recall there being language proposed that made all this much clearer than what you link to. :( |
For posterity: @bzbarsky and I worked out a plan for fixing this in whatwg/webidl#113 (comment) (steps 2-4) plus @bzbarsky's subsequent reply (on which I agree with all points). I've explained where this fits in my priority queue of "fix script execution" at the bottom of whatwg/webidl#113 (comment). |
The plan: Fix "report the exception"/"report an error"Happening in #10404. The goal is to consolidate both of the existing algorithms "report the exception" and "report an error" into a single new algorithm, and update all call sites.
The contents of this algorithm will be based on "report an error", with the following notable differences:
Then, update all call sites of these two algorithms. Only do this for HTML for now, and it would be done in the same PR that updates the algorithm. Port these changes to rejected promisesNow tracked in #10515. This might be best done as part of the previous PR. Essentially, get rid of the "handled" and "not handled" concepts, and incorporate the developer console part directly into the algorithm. Change how web developer code invocation works in Web IDLNow tracked in whatwg/webidl#1423. We add a new optional named parameter rethrowExceptions (a boolean) to the following three algorithms in the Web IDL spec:
It defaults to false. When it is false, we introduce the following new behavior: any exceptions thrown by web developer code get caught and routed to HTML's new "report the exception". ("Web developer code" is roughly everything between the "prepare" and "cleanup" steps, including both argument conversion and the actual code invocation.) The exact global and script to pass for these is unclear at this time. We can initially leave them as Fix all call sitesTracked as part of whatwg/webidl#1423 and #10516. Now we need to audit all the call sites of the algorithms we've changed: In most cases, the pattern is that another spec is using invoke (or friends), then catching exceptions and routing them to "report the exception". After the above changes, this can be simplified to just calling invoke; the exception will be reported automatically through the shared infrastructure. If another spec is using invoke and not catching exceptions, this might be an unintentional bug. In that case, we can leave it as-is. Or it might be intentional that they want the exception to bubble out, or be caught with a different reaction than reporting the exception. In that case the spec will need to be updated to pass the new rethrowExceptions parameter. If another spec is directly using "report the exception", it will need to be given the appropriate new arguments, and possibly update its return value handling. Further work on nailing down the specificsTracked in #10514 for muting and to-be-filed for which global. At this point we've got good infrastructure, centralized in HTML and Web IDL. But a few core specifics are still unclear:
The way to resolve these involves writing web platform tests, and/or code inspection of browser codebases. There are likely interop problems, especially for muting as discussed downthread. A test suite to illustrate the problems is step 1; after that we can discuss the desired resolution. Any work on this sub-task feels like a bonus to me. If we accomplish the mostly-editorial refactoring above, we can split this work into new issues. |
The muted flag situation is hard: in reality the important thing is whether the script that threw the exception is muted, not the script that we're immediately invoking. So if we load a cross-origin (muted) script with a function named I'd be quite interested in what UAs do in practice with the muted error thing in various situations... |
@TimothyGu pointed out that the confusion here, especially about which global to use, also applies to unhandledrejection. |
To be clear, this is only important in the spec's current conception of muting. I in practice, for the sort of cases where you call a function that calls another function that throws, muting is pointless because you can just catch the exception and get all the info out of it. One case where muting is really important, and the reason it was added, is during initial script execution. At that point the only thing on the stack is the cross-site script (assuming you're not just reporting a SyntaxError in it), and the page should not be able to extract information via "error" listeners that it can't get otherwise from the cross-site file. Arguably muting is also relevant when browser code directly invokes callbacks from a cross-site script, for similar reasons... Anyway, it would be good if the spec actually clearly defined muting, ideally in a way that does not involve dynamic introspection of the "scripted stuff" stack.... Defining it in terms of the way script is being entered, for example, would address the actual use cases without requiring that sort of introspection. |
It seems like it might be more consistent to only mute errors from compiling the script, and not from running it. |
Consider a "script" that looks like this:
That will compile fine, thanks to the wonders of ASI and the comma operator, but leak "Doe" in the |
Thank you for the example. |
One thing we should clarify about filename is that it's from before redirects. Additionally, if it's from before redirects we wouldn't need to mute it. |
This ties into the current behavior in Firefox that I think we should specify. Firefox only exposes the filename/URL before any redirect. This means it should be okay to expose that URL even for cross-origin scripts. (You don't get any additional information, you can already tell which specifc script failed to load and you can obviously read This testcase shows that Firefox always uses the initial (pre-redirect) URL and doesn't censor it in script error events for cross-origin scripts. Chrome censors the filename and uses the final (post-redirect) URL. |
I've made a little headway here (spec code health rotation) according to @domenic's plan above. Mentioning this only to avoid duplicate work (not near ready). |
This algorithm directly includes the error propagation and fallback behavior, and requires callers to supply the global scope to be used, rather than magically inferring it. Call sites within HTML are replaced, but there is more work yet to be done.
Here is an idea on how to reduce the hand-waving for line number, column number, URL, and script. And maybe muting, if muting is a property of script.
I think this is less of a priority than figuring out an interoperable story for muting that everyone agrees is ideal, though. It might be a useful technique for specifying that interoperable story, once we got there. So to recap the current plan:
|
@ljharb @codehag @littledan @Ms2ger @syg thoughts on #958 (comment)? Would be nice to have exception handling detailed a bit better. |
@annevk the proposed hook seems plausible to me as far as providing extra data, but any behavior hosts alter about error stack traces risks making https://github.com/tc39/proposal-error-stacks even more difficult to advance, and should be done very carefully. |
I haven't worked on this for a while so, please excuse any dumb thoughts here. cc @smaug---- because you may have some insights here.
overall agree that we could spec this better. Would like to hear from @littledan and @syg and since I am probably not the best person to do a deep dive right now, cc @dminor for that potentially if he has time. |
I appreciate the work being done here, but have no time to look in detail at the proposed changes, unfortunately. |
Since we're coming close to completely a first milestone in the plan here, I'm starting to want to split this into multiple issues. I've created a new topic: error reporting label and broken out:
|
@jeremyroman, I'm happy to merge this once you file the two issues for the cases where the global interop is not clear. Draft commit message:
|
What is "the relevant script"?
Edit by @domenic: the current plan to be executed in order to fix this bug is #958 (comment). Comments between here and there are by now somewhat misleading and historical
The text was updated successfully, but these errors were encountered: