[debug] fix scaling prefix patching for debug evaluate

R=jgruber@chromium.org

Bug: chromium:882664
Change-Id: I12248de9a01839433daa40e8273a18a15a9867bb
Reviewed-on: https://chromium-review.googlesource.com/1221547
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55910}

src/debug/debug-evaluate.cc

@@ -961,12 +961,7 @@ void DebugEvaluate::ApplySideEffectChecks(
   for (interpreter::BytecodeArrayIterator it(bytecode_array); !it.done();
        it.Advance()) {
     interpreter::Bytecode bytecode = it.current_bytecode();
-    if (BytecodeRequiresRuntimeCheck(bytecode)) {
-      interpreter::Bytecode debugbreak =
-          interpreter::Bytecodes::GetDebugBreak(bytecode);
-      bytecode_array->set(it.current_offset(),
-                          interpreter::Bytecodes::ToByte(debugbreak));
-    }
+    if (BytecodeRequiresRuntimeCheck(bytecode)) it.ApplyDebugBreak();
   }
 }
 

src/debug/debug.cc

@@ -280,15 +280,12 @@ void BreakIterator::SkipToPosition(int position) {
 void BreakIterator::SetDebugBreak() {
   DebugBreakType debug_break_type = GetDebugBreakType();
   if (debug_break_type == DEBUGGER_STATEMENT) return;
+  HandleScope scope(isolate());
   DCHECK(debug_break_type >= DEBUG_BREAK_SLOT);
-  BytecodeArray* bytecode_array = debug_info_->DebugBytecodeArray();
-  interpreter::Bytecode bytecode =
-      interpreter::Bytecodes::FromByte(bytecode_array->get(code_offset()));
-  if (interpreter::Bytecodes::IsDebugBreak(bytecode)) return;
-  interpreter::Bytecode debugbreak =
-      interpreter::Bytecodes::GetDebugBreak(bytecode);
-  bytecode_array->set(code_offset(),
-                      interpreter::Bytecodes::ToByte(debugbreak));
+  Handle<BytecodeArray> bytecode_array(debug_info_->DebugBytecodeArray(),
+                                       isolate());
+  interpreter::BytecodeArrayAccessor(bytecode_array, code_offset())
+      .ApplyDebugBreak();
 }
 
 void BreakIterator::ClearDebugBreak() {
@@ -2125,6 +2122,8 @@ void Debug::ClearSideEffectChecks(Handle<DebugInfo> debug_info) {
   Handle<BytecodeArray> original(debug_info->OriginalBytecodeArray(), isolate_);
   for (interpreter::BytecodeArrayIterator it(debug_bytecode); !it.done();
        it.Advance()) {
+    // Restore from original. This may copy only the scaling prefix, which is
+    // correct, since we patch scaling prefixes to debug breaks if exists.
     debug_bytecode->set(it.current_offset(),
                         original->get(it.current_offset()));
   }

src/interpreter/bytecode-array-accessor.cc

@@ -28,6 +28,19 @@ void BytecodeArrayAccessor::SetOffset(int offset) {
   UpdateOperandScale();
 }
 
+void BytecodeArrayAccessor::ApplyDebugBreak() {
+  // Get the raw bytecode from the bytecode array. This may give us a
+  // scaling prefix, which we can patch with the matching debug-break
+  // variant.
+  interpreter::Bytecode bytecode =
+      interpreter::Bytecodes::FromByte(bytecode_array_->get(bytecode_offset_));
+  if (interpreter::Bytecodes::IsDebugBreak(bytecode)) return;
+  interpreter::Bytecode debugbreak =
+      interpreter::Bytecodes::GetDebugBreak(bytecode);
+  bytecode_array_->set(bytecode_offset_,
+                       interpreter::Bytecodes::ToByte(debugbreak));
+}
+
 void BytecodeArrayAccessor::UpdateOperandScale() {
   if (OffsetInBounds()) {
     uint8_t current_byte = bytecode_array()->get(bytecode_offset_);

src/interpreter/bytecode-array-accessor.h

@@ -70,6 +70,8 @@ class V8_EXPORT_PRIVATE BytecodeArrayAccessor {
 
   void SetOffset(int offset);
 
+  void ApplyDebugBreak();
+
   Bytecode current_bytecode() const;
   int current_bytecode_size() const;
   int current_offset() const { return bytecode_offset_; }

test/debugger/regress/regress-crbug-882664.js

+// Copyright 2018 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+function provoke_scaling_prefix() {
+  var a = [0];
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++; a[0]++;
+  return a;
+}
+
+Debug = debug.Debug;
+
+function success(expectation, source) {
+  const result = Debug.evaluateGlobal(source, true).value();
+  assertEquals(expectation, result);
+}
+
+success([216], "provoke_scaling_prefix()");