The debugger currently stores breakpoint data as entries in a Vector (see BreakpointsInLine). It also keeps a fast map look up of breakpoint IDs to the breakpoint data (see m_breakpointIDToBreakpoint). Because a Vector can compact or reallocate it backing store, this can causes all sorts of havoc. The m_breakpointIDToBreakpoint assumes that the breakpoint data doesn't move in memory. The fix is to replace the BreakpointsInLine Vector with a BreakpointsList doubly linked list.
<rdar://problem/17487061>
Created attachment 234208 [details] the patch
Comment on attachment 234208 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=234208&action=review r=me > Source/JavaScriptCore/debugger/Breakpoint.h:56 > + Breakpoint(Breakpoint& other) Should be const&.
The compiler was complaining about: Source/JavaScriptCore/debugger/Breakpoint.h:88:27: error: using the result of an assignment as a condition without parentheses [-Werror,-Wparentheses] while (breakpoint = removeHead()) ~~~~~~~~~~~^~~~~~~~~~~~~~ Will add the parens.
Created attachment 234209 [details] updated patch to make the EWS bots happy + Geoff's suggested fix.
Thanks. Patch with fixes land in r170677: <http://trac.webkit.org/r170677>.