Fix GC-unsafe use of BreakLocationIterator.

src/debug.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/api.h"
 #include "src/arguments.h"
 #include "src/bootstrapper.h"
 #include "src/code-stubs.h"
@@ skipping 369 matching lines @@
     Handle<Code> target_code(Code::GetCodeFromTargetAddress(target));
     if (target_code->kind() == Code::STUB) {
       return CodeStub::GetMajorKey(*target_code) == CodeStub::CallFunction;
     }
     return target_code->is_call_stub();
   }
   return false;
 }
 
 
-void BreakLocationIterator::PrepareStepIn(Isolate* isolate) {
-#ifdef DEBUG
-  HandleScope scope(isolate);
-  // Step in can only be prepared if currently positioned on an IC call,
-  // construct call or CallFunction stub call.
-  Address target = rinfo()->target_address();
-  Handle<Code> target_code(Code::GetCodeFromTargetAddress(target));
-  // All the following stuff is needed only for assertion checks so the code
-  // is wrapped in ifdef.
-  Handle<Code> maybe_call_function_stub = target_code;
-  if (IsDebugBreak()) {
-    Address original_target = original_rinfo()->target_address();
-    maybe_call_function_stub =
-        Handle<Code>(Code::GetCodeFromTargetAddress(original_target));
-  }
-  bool is_call_function_stub =
-      (maybe_call_function_stub->kind() == Code::STUB &&
-       CodeStub::GetMajorKey(*maybe_call_function_stub) ==
-           CodeStub::CallFunction);
-
-  // Step in through construct call requires no changes to the running code.
-  // Step in through getters/setters should already be prepared as well
-  // because caller of this function (Debug::PrepareStep) is expected to
-  // flood the top frame's function with one shot breakpoints.
-  // Step in through CallFunction stub should also be prepared by caller of
-  // this function (Debug::PrepareStep) which should flood target function
-  // with breakpoints.
-  DCHECK(RelocInfo::IsConstructCall(rmode()) ||
-         target_code->is_inline_cache_stub() ||
-         is_call_function_stub);
-#endif
-}
-
-
 // Check whether the break point is at a position which will exit the function.
 bool BreakLocationIterator::IsExit() const {
   return (RelocInfo::IsJSReturn(rmode()));
 }
 
 
 bool BreakLocationIterator::HasBreakPoint() {
   return debug_info_->HasBreakPoint(code_position());
 }
 
@@ skipping 930 matching lines @@
 
   // Get the debug info (create it if it does not exist).
   Handle<JSFunction> function(frame->function());
   Handle<SharedFunctionInfo> shared(function->shared());
   if (!EnsureDebugInfo(shared, function)) {
     // Return if ensuring debug info failed.
     return;
   }
   Handle<DebugInfo> debug_info = GetDebugInfo(shared);
 
-  // Find the break location where execution has stopped.
-  BreakLocationIterator it(debug_info, ALL_BREAK_LOCATIONS);
-  // pc points to the instruction after the current one, possibly a break
-  // location as well. So the "- 1" to exclude it from the search.
-  it.FindBreakLocationFromAddress(frame->pc() - 1);
-
   // Compute whether or not the target is a call target.
   bool is_load_or_store = false;
   bool is_inline_cache_stub = false;
   bool is_at_restarted_function = false;
+  bool is_exit = false;
+  bool is_construct_call = false;
   Handle<Code> call_function_stub;
 
-  if (thread_local_.restarter_frame_function_pointer_ == NULL) {
-    if (RelocInfo::IsCodeTarget(it.rinfo()->rmode())) {
-      bool is_call_target = false;
-      Address target = it.rinfo()->target_address();
-      Code* code = Code::GetCodeFromTargetAddress(target);
-      if (code->is_call_stub()) {
-        is_call_target = true;
+  {
+    // Find the break location where execution has stopped.
+    DisallowHeapAllocation no_gc;
+    BreakLocationIterator it(debug_info, ALL_BREAK_LOCATIONS);
+
+    // pc points to the instruction after the current one, possibly a break
+    // location as well. So the "- 1" to exclude it from the search.
+    it.FindBreakLocationFromAddress(frame->pc() - 1);
+
+    is_exit = it.IsExit();
+
+    if (thread_local_.restarter_frame_function_pointer_ == NULL) {
+      if (RelocInfo::IsCodeTarget(it.rinfo()->rmode())) {
+        bool is_call_target = false;
+        Address target = it.rinfo()->target_address();
+        Code* code = Code::GetCodeFromTargetAddress(target);
+
+        is_call_target = code->is_call_stub();
+        is_construct_call = RelocInfo::IsConstructCall(it.rmode());
+        is_inline_cache_stub = code->is_inline_cache_stub();
+        is_load_or_store = is_inline_cache_stub && !is_call_target;
+
+        // Check if target code is CallFunction stub.
+        Code* maybe_call_function_stub = code;
+        // If there is a breakpoint at this line look at the original code to
+        // check if it is a CallFunction stub.
+        if (it.IsDebugBreak()) {
+          Address original_target = it.original_rinfo()->target_address();
+          maybe_call_function_stub =
+              Code::GetCodeFromTargetAddress(original_target);
+        }
+        if ((maybe_call_function_stub->kind() == Code::STUB &&
+             CodeStub::GetMajorKey(maybe_call_function_stub) ==
+                 CodeStub::CallFunction) ||
+            maybe_call_function_stub->is_call_stub()) {
+          // Save reference to the code as we may need it to find out arguments
+          // count for 'step in' later.
+          call_function_stub = Handle<Code>(maybe_call_function_stub);
+        }
       }
-      if (code->is_inline_cache_stub()) {
-        is_inline_cache_stub = true;
-        is_load_or_store = !is_call_target;
-      }
-
-      // Check if target code is CallFunction stub.
-      Code* maybe_call_function_stub = code;
-      // If there is a breakpoint at this line look at the original code to
-      // check if it is a CallFunction stub.
-      if (it.IsDebugBreak()) {
-        Address original_target = it.original_rinfo()->target_address();
-        maybe_call_function_stub =
-            Code::GetCodeFromTargetAddress(original_target);
-      }
-      if ((maybe_call_function_stub->kind() == Code::STUB &&
-           CodeStub::GetMajorKey(maybe_call_function_stub) ==
-               CodeStub::CallFunction) ||
-          maybe_call_function_stub->is_call_stub()) {
-        // Save reference to the code as we may need it to find out arguments
-        // count for 'step in' later.
-        call_function_stub = Handle<Code>(maybe_call_function_stub);
-      }
+    } else {
+      is_at_restarted_function = true;
     }
-  } else {
-    is_at_restarted_function = true;
   }
 
   // If this is the last break code target step out is the only possibility.
-  if (it.IsExit() || step_action == StepOut) {
+  if (is_exit || step_action == StepOut) {
     if (step_action == StepOut) {
       // Skip step_count frames starting with the current one.
       while (step_count-- > 0 && !frames_it.done()) {
         frames_it.Advance();
       }
     } else {
-      DCHECK(it.IsExit());
+      DCHECK(is_exit);
       frames_it.Advance();
     }
     // Skip builtin functions on the stack.
     while (!frames_it.done() &&
            frames_it.frame()->function()->IsFromNativeScript()) {
       frames_it.Advance();
     }
     // Step out: If there is a JavaScript caller frame, we need to
     // flood it with breakpoints.
     if (!frames_it.done()) {
       // Fill the function to return to with one-shot break points.
       JSFunction* function = frames_it.frame()->function();
       FloodWithOneShot(Handle<JSFunction>(function));
       // Set target frame pointer.
       ActivateStepOut(frames_it.frame());
     }
-  } else if (!(is_inline_cache_stub || RelocInfo::IsConstructCall(it.rmode()) ||
-               !call_function_stub.is_null() || is_at_restarted_function)
-             || step_action == StepNext || step_action == StepMin) {
+  } else if (!(is_inline_cache_stub || is_construct_call ||
+               !call_function_stub.is_null() || is_at_restarted_function) ||
+             step_action == StepNext || step_action == StepMin) {
     // Step next or step min.
 
     // Fill the current function with one-shot break points.
     // If we are stepping into another frame, only fill calls and returns.
     FloodWithOneShot(function, step_action == StepFrame ? CALLS_AND_RETURNS
                                                         : ALL_BREAK_LOCATIONS);
 
     // Remember source position and frame to handle step next.
     thread_local_.last_statement_position_ =
         debug_info->code()->SourceStatementPosition(frame->pc());
@@ skipping 66 matching lines @@
       // Remember source position and frame to handle step in getter/setter. If
       // there is a custom getter/setter it will be handled in
       // Object::Get/SetPropertyWithAccessor, otherwise the step action will be
       // propagated on the next Debug::Break.
       thread_local_.last_statement_position_ =
           debug_info->code()->SourceStatementPosition(frame->pc());
       thread_local_.last_fp_ = frame->UnpaddedFP();
     }
 
     // Step in or Step in min
-    it.PrepareStepIn(isolate_);
+    // Step in through construct call requires no changes to the running code.
+    // Step in through getters/setters should already be prepared as well
+    // because caller of this function (Debug::PrepareStep) is expected to
+    // flood the top frame's function with one shot breakpoints.
+    // Step in through CallFunction stub should also be prepared by caller of
+    // this function (Debug::PrepareStep) which should flood target function
+    // with breakpoints.
+    DCHECK(is_construct_call || is_inline_cache_stub ||
+           !call_function_stub.is_null());
     ActivateStepIn(frame);
   }
 }
 
 
 // Check whether the current debug break should be reported to the debugger. It
 // is used to have step next and step in only report break back to the debugger
 // if on a different frame or in a different statement. In some situations
 // there will be several break points in the same statement when the code is
 // flooded with one-shot break points. This function helps to perform several
@@ skipping 1946 matching lines @@
   logger_->DebugEvent("Put", message.text());
 }
 
 
 void LockingCommandMessageQueue::Clear() {
   base::LockGuard<base::Mutex> lock_guard(&mutex_);
   queue_.Clear();
 }
 
 } }  // namespace v8::internal