Bug 1085597 - Expose a nursery finalized class to the fuzzers for fuzzing; r=jonco
authorTerrence Cole <terrence@mozilla.com>
Tue, 06 Jan 2015 15:25:26 -0800
changeset 223128 311c6349e630d72a4eb2396db21a1a0afb6b3b42
parent 223127 f0503a20819c61910864f7c3d62113db37053e85
child 223129 6c8be2f5b065ea8f72082b7d7cdbe53f0f53b9f6
push id10769
push usercbook@mozilla.com
push dateMon, 12 Jan 2015 14:15:52 +0000
treeherderfx-team@0e9765732906 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjonco
bugs1085597
milestone37.0a1
Bug 1085597 - Expose a nursery finalized class to the fuzzers for fuzzing; r=jonco
js/src/builtin/TestingFunctions.cpp
js/src/jit-test/tests/gc/nursery-finalize.js
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@@ -988,27 +988,59 @@ static const JSClass FinalizeCounterClas
     nullptr, /* getProperty */
     nullptr, /* setProperty */
     nullptr, /* enumerate */
     nullptr, /* resolve */
     nullptr, /* convert */
     finalize_counter_finalize
 };
 
+static const JSClass NurseryFinalizeCounterClass = {
+    "NurseryFinalizeCounter", JSCLASS_IS_ANONYMOUS | JSCLASS_FINALIZE_FROM_NURSERY,
+    nullptr, /* addProperty */
+    nullptr, /* delProperty */
+    nullptr, /* getProperty */
+    nullptr, /* setProperty */
+    nullptr, /* enumerate */
+    nullptr, /* resolve */
+    nullptr, /* convert */
+    finalize_counter_finalize
+};
+
 static bool
 MakeFinalizeObserver(JSContext *cx, unsigned argc, jsval *vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
+    bool isNursery = false;
+    if (args.length() > 0) {
+        if (!args[0].isString()) {
+            JS_ReportError(cx, "first argument must be unset or a string.");
+            return false;
+        }
+        bool isTenured;
+        if (!JS_StringEqualsAscii(cx, args[0].toString(), "nursery", &isNursery))
+            return false;
+        if (!JS_StringEqualsAscii(cx, args[0].toString(), "tenured", &isTenured))
+            return false;
+        if (!isNursery && !isTenured) {
+            JS_ReportError(cx, "first argument must be either 'nursery' or 'tenured'.");
+            return false;
+        }
+        MOZ_ASSERT(isNursery != isTenured);
+    }
+
     RootedObject scope(cx, JS::CurrentGlobalOrNull(cx));
     if (!scope)
         return false;
 
-    JSObject *obj = JS_NewObjectWithGivenProto(cx, &FinalizeCounterClass, JS::NullPtr(), scope);
+    const JSClass *clasp = isNursery ? &NurseryFinalizeCounterClass : &FinalizeCounterClass;
+    JSObject *obj = JS_NewObjectWithGivenProto(cx, clasp, JS::NullPtr(), scope);
     if (!obj)
         return false;
+    MOZ_ASSERT(isNursery == IsInsideNursery(obj));
 
     args.rval().setObject(*obj);
     return true;
 }
 
 static bool
 FinalizeCount(JSContext *cx, unsigned argc, jsval *vp)
 {
@@ -2255,19 +2287,21 @@ static const JSFunctionSpecWithHelp Test
     JS_FN_HELP("settleFakePromise", SettleFakePromise, 1, 0,
 "settleFakePromise(promise)",
 "  'Settle' a 'promise' created by makeFakePromise(). This doesn't have any\n"
 "  observable effects outside of firing any onPromiseSettled hooks set on\n"
 "  Debugger instances that are observing the given promise's global as a\n"
 "  debuggee."),
 
     JS_FN_HELP("makeFinalizeObserver", MakeFinalizeObserver, 0, 0,
-"makeFinalizeObserver()",
+"makeFinalizeObserver(['nursery'|'tenured'])",
 "  Get a special object whose finalization increases the counter returned\n"
-"  by the finalizeCount function."),
+"  by the finalizeCount function. Pass an optional string of 'nursery' or\n"
+"  'tenured' (default of 'tenured') to the function to select a target heap\n"
+"  for the allocation."),
 
     JS_FN_HELP("finalizeCount", FinalizeCount, 0, 0,
 "finalizeCount()",
 "  Return the current value of the finalization counter that is incremented\n"
 "  each time an object returned by the makeFinalizeObserver is finalized."),
 
     JS_FN_HELP("gcPreserveCode", GCPreserveCode, 0, 0,
 "gcPreserveCode()",
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/nursery-finalize.js
@@ -0,0 +1,16 @@
+assertEq(0, finalizeCount());
+makeFinalizeObserver('tenured');
+minorgc();
+assertEq(0, finalizeCount());
+makeFinalizeObserver('nursery');
+minorgc();
+assertEq(1, finalizeCount());
+gc();
+assertEq(2, finalizeCount());
+
+var N = 10000;
+for (var i = 0; i < N; ++i)
+    makeFinalizeObserver('nursery');
+minorgc();
+assertEq(N + 2, finalizeCount());
+