fix(inspector): Fix app crashes on second debugger attach#835
fix(inspector): Fix app crashes on second debugger attach#835mbektchiev merged 12 commits intoreleasefrom
Conversation
|
Can one of the admins verify this patch? |
ginev
force-pushed
the
tdermendzhiev/fix-crash-on-debugging
branch
2 times, most recently
from
b626581 to
153d45f
Compare
|
@KristinaKoeva - could you please take a look at this PR and comment on the following questions:
|
After the debugger frontend is detached certain RefPtr properties are cleaned up and recreated on a subsequent connection which is causing a crash due to improper reference management. Making the *m_backendDispatcher* property persist between different connections fixes the bug.
… session Every time the debugger is detached the IO channel should be closed in order the next connection to be successful. Otherwise the connection attempt will fail with a bad descriptor error.
mbektchiev
force-pushed
the
tdermendzhiev/fix-crash-on-debugging
branch
from
153d45f to
429ef7f
Compare
|
The original webkit source was not the same at the time we wrote this logic :) The delay is there because otherwise you will have an open socket for as long as the application lives. Did the webkit update broke the second attach attempt ? |
|
@KristinaKoeva - thanks. This is helpful. The issue with the RefPtr objects comes because of the fact that we recreate the DomainBackendDispatcher each time. It registers with the main Backend Dispatcher's HashMap of dispatchers and chains its supplemental dispatchers. The first iteration of this is OK but the second one causes us to find an invalid RefPtr from the HashMap and chain it to our DomainBackendDispatcher here: https://github.com/NativeScript/ios-runtime/blob/master/src/NativeScript/inspector/DomainBackendDispatcher.cpp#L31-L33 |
Refactor connection and disconnection logic: * Separate error and connection handlers * Separate listen socket and data socket handling and disconnection * Add method for checking whether there's an active frontend connection * Reject any new connections when there's an active one
The code was deleted in one of the previous refactorings
* VM locks in TNSRuntime+Inspector * Move catch scope declarations in locked sections * Synchronize dispatch IO channel and global inspector variable access across worker threads - all callbacks may be called in an arbitrary thread and we need to make sure that they don't run simultaneously. * Guard against deadlocks by always releasing the inspector lock before dealing with JSC VM
mbektchiev
force-pushed
the
tdermendzhiev/fix-crash-on-debugging
branch
from
69066e4 to
64a8a9b
Compare
| if (inspector) { | ||
| return nil; | ||
| // Keep a working copy for calling into the VM after releasing inspectorLock | ||
| TNSRuntimeInspector* tempInspector = nil; |
There was a problem hiding this comment.
Move declaration to assignment line.
| // | ||
| // [inspector pause]; | ||
| // }); | ||
| // CFRunLoopWakeUp(runloop); |
There was a problem hiding this comment.
Delete commented block.
| tempInspector = inspector; | ||
| } | ||
|
|
||
| [tempInspector dispatchMessage:message]; |
There was a problem hiding this comment.
Check whether inspector is null
|
run ci |
…ous ones This is consistent with the behavior of `AttachRequest` notification and it is more natural for the last connection attempt to succeed instead of fail due to an already existing one.
|
run ci (after |
…side of the VM lock Native call is made outside of the VM lock by design. For more information see #215 and it's corresponding PR. This creates a racing condition which might corrupt the internal state of the VM but a fix for it is outside of this PR's scope, so I'm leaving it as it has always been till now. We could address the issue by reimplementing the feature with a new VM or a JSWorker.
| self->_inspectorController->pause(); | ||
| } | ||
|
|
||
| - (bool)hasFrontends { |
There was a problem hiding this comment.
We might delete this method as it's never called.
* Remove unused `hasFrontends` method * Delete forgotten clearing of `m_frontendDispatcher` * Remove commented code for delegating `pause` to the main loop
|
Can one of the admins verify this patch? |
|
run ci |
mbektchiev
force-pushed
the
tdermendzhiev/fix-crash-on-debugging
branch
from
d186dc7 to
bb70e82
Compare
mbektchiev
force-pushed
the
tdermendzhiev/fix-crash-on-debugging
branch
from
bb70e82 to
c59d709
Compare
5 participants
Introduction
We identified a couple of issues with the way connections are handled between the Inspector and the backend. On one side, the sockets were not handled correctly using the Dispatch API resulting in faulty connections upon subsequent connection attempts.
On the other side, there was an issue with the way Backend Dispatchers were handled via RefPtrs. For example, the DomainBackendDispatcher adopts a pointer to the dispatcher created by the DomainInspectorAgent, which also has a pointer to it. Adopting this pointer does not increase the refcount which in turn breaks the underlying object's (RefCountedBase) state.
The third amendment is in the way backend dispatchers are handled by the Agents in the
didCreateFrontendAndBackendandwillDestroyFrontendAndBackendcalls. We now create a single instance of each dispatcher and leave it alive until the owning Agent is destroyed. This is the behaviour as seen in the vanilla WebKit source.Fixes #832
After the debugger frontend is detached certain RefPtr properties are cleaned up and recreated on a subsequent connection which is causing a crash due to improper reference management. Making the m_backendDispatcher property persist between different connections fixes the bug.
Every time the debugger is detached the IO channel should be closed in order the next connection to be successful. Otherwise the connection attempt will fail with a bad descriptor error.
153d45f addresses an issue with debugger delay killing the already existing listen connection at an inappropriate time. We do not need this delay to cancel the listen connection as we immediately close it after a successful frontend connection.