Closed Bug 1546434 Opened 6 years ago Closed 5 years ago

Debugger clears breakpoints in eval script, loses generator resumption tracking when OSR'ing into Baseline

Categories

(Core :: JavaScript Engine, defect, P2)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1577639
Tracking Flags:
Tracking Status
firefox68 --- fix-optional

People

(Reporter: jandem, Unassigned)

Details

The test below fails (passes with --no-baseline or --baseline-eager):

test.js:18:1 Error: Assertion failed: got 9, expected 20

Problem is the code here:

https://searchfox.org/mozilla-central/rev/f46e2bf881d522a440b30cbf5cf8d76fc212eaf4/js/src/vm/Debugger.cpp#7771-7777

removeFromFrameMapsAndClearBreakpointsIn is also called on the "from" frame when we OSR from interpreter to Baseline. We shouldn't clear the script's breakpoints in that case.

var g = newGlobal({newCompartment: true});
var bphits = 0;
var handler = {hit: function (frame) { bphits++; }};
var dbg = Debugger(g);
var hits = 0;
dbg.onDebuggerStatement = function (frame) {
    var offs = frame.script.getLineOffsets(g.line0 + 3);
    for (var i = 0; i < offs.length; i++) {
        frame.script.setBreakpoint(offs[i], handler);
    }
    hits++;
};
g.eval("var line0 = Error().lineNumber;\n" +
       "debugger;\n" +                    // line0 + 1
       "for (var i = 0; i < 20; i++)\n" +  // line0 + 2
       "    result = 'ok';\n");           // line0 + 3
assertEq(hits, 1);
assertEq(bphits, 20);
Type: task → defect

Agreed. This will also break Debugger's ability to track generator frames across resumptions, as removeFromFrameMapsAndClearBreakpointsIn also the generator's entry from Debugger::generatorFrames. This is appropriate when the generator is closing - but replaceFrameGuts has nothing to do with generators closing.

Summary: Debugger clears breakpoints in eval script when OSR'ing into Baseline → Debugger clears breakpoints in eval script, loses generator resumption tracking when OSR'ing into Baseline
status-firefox68: --- → fix-optional
Priority: -- → P2

This is a duplicate of bug 1577639. Jim's comment about generatorFrames isn't accurate, not sure if it was a year ago but probably just misread since this code is kind of tough to follow. replaceFrameGuts will only ever touch generatorFrames in the OOM case because while it does call removeFromFrameMapsAndClearBreakpointsIn in the non-OOM case, the from pointer won't have any frames associated with it in that case and so removeFromFrameMapsAndClearBreakpointsIn will be a no-op.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.