Fix handling of recompiling code for optimized and inlined functions

The debugger preparation did not take optimized functions - including inlined function into account. This caused the full-code used for deoptimization to be the "lazy compile" builtin which did not work and caused V8 to crash. R=yangguo@chromium.org BUG=chromium:105375, v8:1782 TEST=test/mjsunit/debug-break-inline.js Review URL: http://codereview.chromium.org//8728031 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10094 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-11-30 11:48:35 +00:00 · 2011-11-30 11:48:35 +00:00 · 5ccdb3b692
commit 5ccdb3b692
parent 8dc728126e
3 changed files with 121 additions and 7 deletions
--- a/src/debug.cc
+++ b/src/debug.cc
@ -1780,17 +1780,29 @@ void Debug::PrepareForBreakPoints() {
      // values and performing a heap iteration.
      AssertNoAllocation no_allocation;

-      // Find all non-optimized code functions with activation frames on
-      // the stack.
+      // Find all non-optimized code functions with activation frames
+      // on the stack. This includes functions which have optimized
+      // activations (including inlined functions) on the stack as the
+      // non-optimized code is needed for the lazy deoptimization.
      for (JavaScriptFrameIterator it(isolate_); !it.done(); it.Advance()) {
        JavaScriptFrame* frame = it.frame();
-        if (frame->function()->IsJSFunction()) {
+        if (frame->is_optimized()) {
+          List<JSFunction*> functions(Compiler::kMaxInliningLevels + 1);
+          frame->GetFunctions(&functions);
+          for (int i = 0; i < functions.length(); i++) {
+            if (!functions[i]->shared()->code()->has_debug_break_slots()) {
+              active_functions.Add(Handle<JSFunction>(functions[i]));
+            }
+          }
+        } else if (frame->function()->IsJSFunction()) {
          JSFunction* function = JSFunction::cast(frame->function());
          if (function->code()->kind() == Code::FUNCTION &&
-              !function->code()->has_debug_break_slots())
+              !function->code()->has_debug_break_slots()) {
            active_functions.Add(Handle<JSFunction>(function));
+          }
        }
      }
+
      // Sort the functions on the object pointer value to prepare for
      // the binary search below.
      active_functions.Sort(HandleObjectPointerCompare<JSFunction>);
@ -1838,6 +1850,9 @@ void Debug::PrepareForBreakPoints() {

      // Make sure that the shared full code is compiled with debug
      // break slots.
+      if (function->code() == *lazy_compile) {
+        function->set_code(shared->code());
+      }
      Handle<Code> current_code(function->code());
      if (shared->code()->has_debug_break_slots()) {
        // if the code is already recompiled to have break slots skip
@ -1862,7 +1877,7 @@ void Debug::PrepareForBreakPoints() {
      }
      Handle<Code> new_code(shared->code());

-      // Find the function and patch return address.
+      // Find the function and patch the return address.
      for (JavaScriptFrameIterator it(isolate_); !it.done(); it.Advance()) {
        JavaScriptFrame* frame = it.frame();
        // If the current frame is for this function in its
--- a/test/mjsunit/debug-break-inline.js
+++ b/test/mjsunit/debug-break-inline.js
@ -0,0 +1,100 @@
+// Copyright 2011 the V8 project authors. All rights reserved.
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+//       notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+//       copyright notice, this list of conditions and the following
+//       disclaimer in the documentation and/or other materials provided
+//       with the distribution.
+//     * Neither the name of Google Inc. nor the names of its
+//       contributors may be used to endorse or promote products derived
+//       from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Flags: --expose-debug-as debug --allow-natives-syntax
+
+// This test tests that deoptimization due to debug breaks works for
+// inlined functions where the full-code is generated before the
+// debugger is attached.
+//
+//See http://code.google.com/p/chromium/issues/detail?id=105375
+
+// Get the Debug object exposed from the debug context global object.
+Debug = debug.Debug;
+
+var count = 0;
+var break_count = 0;
+
+// Debug event listener which sets a breakpoint first time it is hit
+// and otherwise counts break points hit and checks that the expected
+// state is reached.
+function listener(event, exec_state, event_data, data) {
+  if (event == Debug.DebugEvent.Break) {
+    break_count++;
+    if (break_count == 1) {
+      Debug.setBreakPoint(g, 3);
+
+      for (var i = 0; i < exec_state.frameCount(); i++) {
+        var frame = exec_state.frame(i);
+        // When function f is optimized (1 means YES, see runtime.cc) we
+        // expect an optimized frame for f and g.
+        if (%GetOptimizationStatus(f) == 1) {
+          if (i == 1) {
+            assertTrue(frame.isOptimizedFrame());
+            assertTrue(frame.isInlinedFrame());
+            assertEquals(4 - i, frame.inlinedFrameIndex());
+          } else if (i == 2) {
+            assertTrue(frame.isOptimizedFrame());
+            assertFalse(frame.isInlinedFrame());
+          } else {
+            assertFalse(frame.isOptimizedFrame());
+            assertFalse(frame.isInlinedFrame());
+          }
+        }
+      }
+    }
+  }
+}
+
+function f() {
+  g();
+}
+
+function g() {
+  count++;
+  h();
+  var b = 1;  // Break point is set here.
+}
+
+function h() {
+  debugger;
+}
+
+f();f();f();
+%OptimizeFunctionOnNextCall(f);
+f();
+
+// Add the debug event listener.
+Debug.setListener(listener);
+
+f();
+
+assertEquals(5, count);
+assertEquals(2, break_count);
+
+// Get rid of the debug event listener.
+Debug.setListener(null);
--- a/test/mjsunit/debug-step-3.js
+++ b/test/mjsunit/debug-step-3.js
@ -82,8 +82,7 @@ bp = Debug.setBreakPoint(f, 3);
 // Step through the function ensuring that the var statements are hit as well.
 prepare_step_test();
 f();
-// TODO(1782): Fix issue to bring back this assert.
-//assertEquals(4, step_count);
+assertEquals(4, step_count);

 // Clear the breakpoint and check that no stepping happens.
 Debug.clearBreakPoint(bp);