<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[167396] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/167396">167396</a></dd>
<dt>Author</dt> <dd>mark.lam@apple.com</dd>
<dt>Date</dt> <dd>2014-04-16 16:07:49 -0700 (Wed, 16 Apr 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>Crash in CodeBlock::setOptimizationThresholdBasedOnCompilationResult() when the debugger activates.
<https://webkit.org/b/131747>
Reviewed by Filip Pizlo.
When the debugger is about to activate (e.g. enter stepping mode), it first
waits for all DFG compilations to complete. However, when the DFG completes,
if compilation is successful, it will install a new DFG codeBlock. The
CodeBlock installation process is required to register codeBlocks with the
debugger. Debugger::registerCodeBlock() will eventually call
CodeBlock::setSteppingMode() which may jettison the DFG codeBlock that we're
trying to install. Thereafter, chaos ensues.
This jettison'ing only happens because the debugger currently set its
m_steppingMode flag before waiting for compilation to complete. The fix is
simply to set that flag only after compilation is complete.
* debugger/Debugger.cpp:
(JSC::Debugger::setSteppingMode):
(JSC::Debugger::registerCodeBlock):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoredebuggerDebuggercpp">trunk/Source/JavaScriptCore/debugger/Debugger.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (167395 => 167396)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2014-04-16 22:54:23 UTC (rev 167395)
+++ trunk/Source/JavaScriptCore/ChangeLog 2014-04-16 23:07:49 UTC (rev 167396)
</span><span class="lines">@@ -1,3 +1,26 @@
</span><ins>+2014-04-16 Mark Lam <mark.lam@apple.com>
+
+ Crash in CodeBlock::setOptimizationThresholdBasedOnCompilationResult() when the debugger activates.
+ <https://webkit.org/b/131747>
+
+ Reviewed by Filip Pizlo.
+
+ When the debugger is about to activate (e.g. enter stepping mode), it first
+ waits for all DFG compilations to complete. However, when the DFG completes,
+ if compilation is successful, it will install a new DFG codeBlock. The
+ CodeBlock installation process is required to register codeBlocks with the
+ debugger. Debugger::registerCodeBlock() will eventually call
+ CodeBlock::setSteppingMode() which may jettison the DFG codeBlock that we're
+ trying to install. Thereafter, chaos ensues.
+
+ This jettison'ing only happens because the debugger currently set its
+ m_steppingMode flag before waiting for compilation to complete. The fix is
+ simply to set that flag only after compilation is complete.
+
+ * debugger/Debugger.cpp:
+ (JSC::Debugger::setSteppingMode):
+ (JSC::Debugger::registerCodeBlock):
+
</ins><span class="cx"> 2014-04-16 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><span class="cx"> Discern between NaNs that would be safe to tag and NaNs that need some purification before tagging
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredebuggerDebuggercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/debugger/Debugger.cpp (167395 => 167396)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/debugger/Debugger.cpp 2014-04-16 22:54:23 UTC (rev 167395)
+++ trunk/Source/JavaScriptCore/debugger/Debugger.cpp 2014-04-16 23:07:49 UTC (rev 167396)
</span><span class="lines">@@ -232,18 +232,22 @@
</span><span class="cx">
</span><span class="cx"> void Debugger::setSteppingMode(SteppingMode mode)
</span><span class="cx"> {
</span><del>- if (mode == m_steppingMode)
</del><ins>+ if (mode == m_steppingMode || !m_vm)
</ins><span class="cx"> return;
</span><ins>+
+ m_vm->waitForCompilationsToComplete();
+
</ins><span class="cx"> m_steppingMode = mode;
</span><del>-
- if (!m_vm)
- return;
</del><span class="cx"> SetSteppingModeFunctor functor(this, mode);
</span><del>- forEachCodeBlock(functor);
</del><ins>+ m_vm->heap.forEachCodeBlock(functor);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Debugger::registerCodeBlock(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><ins>+ // FIXME: We should never have to jettison a code block (due to pending breakpoints
+ // or stepping mode) that is being registered. operationOptimize() should have
+ // prevented the optimizing of such code blocks in the first place. Find a way to
+ // express this with greater clarity in the code. See <https://webkit.org/b131771>.
</ins><span class="cx"> applyBreakpoints(codeBlock);
</span><span class="cx"> if (isStepping())
</span><span class="cx"> codeBlock->setSteppingMode(CodeBlock::SteppingModeEnabled);
</span></span></pre>
</div>
</div>
</body>
</html>