When the debugger is about to activate (e.g. enter stepping mode), it first waits for all DFG compilations to complete. However, when the DFG completes, if compilation is successful, it will install a new DFG codeBlock. The CodeBlock installation process is required to register codeBlocks with the debugger. Debugger::registerCodeBlock() will eventually call CodeBlock::addBreakpoint() and/or CodeBlock::setSteppingMode() which may jettison the DFG codeBlock that we’re trying to install. Thereafter, chaos ensues.
<rdar://problem/16278811>
Some notes about the fix I will post soon: 1. Debugger::registerCodeBlock() eventually calls: a. CodeBlock::addBreakpoint() b. CodeBlock::setSteppingMode(). These 2 functions can jettison the code block, and this poses a problem if that happens during installation of said code block. 2. operationOptimize() will check if the debugger is stepping mode, or if the CodeBlock has any pending breakpoints before allowing a code block to be DFG compiled. If the base code block already has breakpoints enabled in it, we'll never optimize that code block, and hence, we'll never get to the scenario where we'll jettison the DFG code block for the reason of it having active breakpoints. If the debugger is already in stepping mode, we'll never optimize that code block, and hence, we'll never get to the scenario where we'll jettison the DFG code block for the reason of the debugger being in stepping mode. Which leaves ... 3. What happens if a DFG compilation is already in progress in a compiler thread and the debugger switches to stepping mode. The debugger is supposed to wait for all compilations to complete before switching to stepping mode. However, currently, the debugger is setting the stepping mode flag before compilation completes. This is the root cause of this bug. 4. What happens if a DFG compilation is already in progress in a compiler thread and the debugger adds a new breakpoint to the function for that code block. The debugger is supposed to wait for all compilations to complete before it applies the new breakpoint to the code blocks. And the debugger does behave correctly here (in Debugger::toggleBreakpoint()).
Created attachment 229486 [details] the patch
Comment on attachment 229486 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=229486&action=review > Source/JavaScriptCore/debugger/Debugger.cpp:250 > + // FIXME: We should never have to jettison a code block (due to pending breakpoints > + // or stepping mode) that is being registered. operationOptimize() should have > + // prevented the optimizing of such code blocks in the first place. Find a way to > + // express this with greater clarity in the code. Can you file a bugzilla bug for this and reference it here?
Created attachment 229490 [details] patch 2: with bug for fixme.
Landed in r167396: <http://trac.webkit.org/r167396>.