Bug 1322400 - Add content-exposed GC and CC functions to fuzzing builds. r=smaug
authorAndrew McCreight <continuation@gmail.com>
Wed, 22 Feb 2017 11:05:50 -0800
changeset 373877 80a323cabf561a081da59bc2695973ec53c30336
parent 373876 7ff9ada73578824a53afb4c533f8663a4c8649c1
child 373878 cd5ca1d05ff5debc92eeb9b8a9d2170148faca3a
push id10863
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 23:02:23 +0000
treeherdermozilla-aurora@0931190cd725 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1322400
milestone54.0a1
Bug 1322400 - Add content-exposed GC and CC functions to fuzzing builds. r=smaug MozReview-Commit-ID: 5iV4RDZxZIl
dom/base/FuzzingFunctions.cpp
dom/base/FuzzingFunctions.h
dom/base/moz.build
dom/bindings/Bindings.conf
dom/webidl/FuzzingFunctions.webidl
dom/webidl/moz.build
new file mode 100644
--- /dev/null
+++ b/dom/base/FuzzingFunctions.cpp
@@ -0,0 +1,30 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "FuzzingFunctions.h"
+
+#include "nsJSEnvironment.h"
+#include "js/GCAPI.h"
+
+namespace mozilla {
+namespace dom {
+
+/* static */ void
+FuzzingFunctions::GarbageCollect(const GlobalObject&)
+{
+  nsJSContext::GarbageCollectNow(JS::gcreason::COMPONENT_UTILS,
+                                 nsJSContext::NonIncrementalGC,
+                                 nsJSContext::NonShrinkingGC);
+}
+
+/* static */ void
+FuzzingFunctions::CycleCollect(const GlobalObject&)
+{
+  nsJSContext::CycleCollectNow();
+}
+
+} // namespace dom
+} // namespace mozilla
new file mode 100644
--- /dev/null
+++ b/dom/base/FuzzingFunctions.h
@@ -0,0 +1,28 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_dom_FuzzingFunctions
+#define mozilla_dom_FuzzingFunctions
+
+namespace mozilla {
+namespace dom {
+
+class GlobalObject;
+
+class FuzzingFunctions final
+{
+public:
+  static void
+  GarbageCollect(const GlobalObject&);
+
+  static void
+  CycleCollect(const GlobalObject&);
+};
+
+} // namespace dom
+} // namespace mozilla
+
+#endif // mozilla_dom_FuzzingFunctions
--- a/dom/base/moz.build
+++ b/dom/base/moz.build
@@ -208,16 +208,21 @@ EXPORTS.mozilla.dom += [
     'TimeoutHandler.h',
     'TimeoutManager.h',
     'TreeWalker.h',
     'WebKitCSSMatrix.h',
     'WebSocket.h',
     'WindowOrientationObserver.h',
 ]
 
+if CONFIG['FUZZING']:
+    EXPORTS.mozilla.dom += [
+        'FuzzingFunctions.h',
+    ]
+
 UNIFIED_SOURCES += [
     'AnonymousContent.cpp',
     'Attr.cpp',
     'BarProps.cpp',
     'BodyUtil.cpp',
     'BorrowedAttrInfo.cpp',
     'ChildIterator.cpp',
     'ChromeNodeList.cpp',
@@ -355,16 +360,21 @@ UNIFIED_SOURCES += [
     'WindowOrientationObserver.cpp',
 ]
 
 if CONFIG['MOZ_WEBRTC']:
     UNIFIED_SOURCES += [
         'nsDOMDataChannel.cpp',
     ]
 
+if CONFIG['FUZZING']:
+    UNIFIED_SOURCES += [
+        'FuzzingFunctions.cpp',
+    ]
+
 # these files couldn't be in UNIFIED_SOURCES for now for reasons given below:
 SOURCES += [
     # Several conflicts with other bindings.
     'DOMIntersectionObserver.cpp',
     # Because of OS X headers.
     'nsContentUtils.cpp',
     # this file doesn't like windows.h
     'nsDOMWindowUtils.cpp',
--- a/dom/bindings/Bindings.conf
+++ b/dom/bindings/Bindings.conf
@@ -425,16 +425,23 @@ DOMInterfaces = {
 'FontFaceSet': {
     'implicitJSContext': [ 'load' ],
 },
 
 'FontFaceSetIterator': {
     'wrapperCache': False,
 },
 
+'FuzzingFunctions': {
+    # The codegen is dumb, and doesn't understand that this interface is only a
+    # collection of static methods, so we have this `concrete: False` hack.
+    'concrete': False,
+    'headerFile': 'mozilla/dom/FuzzingFunctions.h',
+},
+
 'Geolocation': {
     'headerFile': 'nsGeolocation.h'
 },
 
 'HeapSnapshot': {
     'nativeType': 'mozilla::devtools::HeapSnapshot'
 },
 
new file mode 100644
--- /dev/null
+++ b/dom/webidl/FuzzingFunctions.webidl
@@ -0,0 +1,24 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+/*
+ * Various functions useful for automated fuzzing that are enabled
+ * only in --enable-fuzzing builds, because they may be dangerous to
+ * enable on untrusted pages.
+*/
+
+[Pref="fuzzing.enabled"]
+interface FuzzingFunctions {
+  /**
+   * Synchronously perform a garbage collection.
+   */
+  static void garbageCollect();
+
+  /**
+   * Synchronously perform a cycle collection.
+   */
+  static void cycleCollect();
+};
--- a/dom/webidl/moz.build
+++ b/dom/webidl/moz.build
@@ -1048,16 +1048,21 @@ if CONFIG['MOZ_SECUREELEMENT']:
          'SecureElementManager.webidl',
     ]
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gonk':
     WEBIDL_FILES += [
         'InstallTrigger.webidl',
     ]
 
+if CONFIG['FUZZING']:
+    WEBIDL_FILES += [
+        'FuzzingFunctions.webidl',
+    ]
+
 GENERATED_EVENTS_WEBIDL_FILES = [
     'AddonEvent.webidl',
     'AnimationPlaybackEvent.webidl',
     'AutocompleteErrorEvent.webidl',
     'BlobEvent.webidl',
     'CaretStateChangedEvent.webidl',
     'CloseEvent.webidl',
     'DeviceLightEvent.webidl',