V8 implements accessors defined in C++ via FunctionTemplates in a lazy
manner. When userland JS uses the accessor, V8 calls the corresponding
C++ code directly. Only when the user JS obtains a reference to the
function object itself (e.g. via Reflect.getOwnPropertyDescriptor) does
V8 instantiate a JSFunction object.
This makes breakpoint logic tricky. The debugger requires a JSFunction
when the user wants to set a breakpoint on such an accessor.
There is already some logic in place that forces instantiation of
accessors with a breakpoint on them.
Unfortunately that logic forgot to also install the
"DebugBreakTrampoline" on the instantiated JSFunction that will
actually pause execution. This CL fixes that.
Note that this is not the whole fix. Contexts deserialized from
snapshots need a heap walk that also forces instantation of the
accessors.
R=bmeurer@chromium.org
Bug: chromium:1368554
Change-Id: I346f614f380859b6419ae1df0ec6b0ca8234120a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4000702
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84032}
cfec66ea12