Bug 1085597 - Expose a nursery finalized class to the fuzzers for fuzzing; r=jonco
authorTerrence Cole <terrence@mozilla.com>
Tue, 06 Jan 2015 15:25:26 -0800
changeset 248896 311c6349e630d72a4eb2396db21a1a0afb6b3b42
parent 248895 f0503a20819c61910864f7c3d62113db37053e85
child 248897 6c8be2f5b065ea8f72082b7d7cdbe53f0f53b9f6
push id4489
push userraliiev@mozilla.com
push dateMon, 23 Feb 2015 15:17:55 +0000
treeherdermozilla-beta@fd7c3dc24146 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjonco
bugs1085597
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1085597 - Expose a nursery finalized class to the fuzzers for fuzzing; r=jonco
js/src/builtin/TestingFunctions.cpp
js/src/jit-test/tests/gc/nursery-finalize.js
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@@ -988,27 +988,59 @@ static const JSClass FinalizeCounterClas
     nullptr, /* getProperty */
     nullptr, /* setProperty */
     nullptr, /* enumerate */
     nullptr, /* resolve */
     nullptr, /* convert */
     finalize_counter_finalize
 };
 
+static const JSClass NurseryFinalizeCounterClass = {
+    "NurseryFinalizeCounter", JSCLASS_IS_ANONYMOUS | JSCLASS_FINALIZE_FROM_NURSERY,
+    nullptr, /* addProperty */
+    nullptr, /* delProperty */
+    nullptr, /* getProperty */
+    nullptr, /* setProperty */
+    nullptr, /* enumerate */
+    nullptr, /* resolve */
+    nullptr, /* convert */
+    finalize_counter_finalize
+};
+
 static bool
 MakeFinalizeObserver(JSContext *cx, unsigned argc, jsval *vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
+    bool isNursery = false;
+    if (args.length() > 0) {
+        if (!args[0].isString()) {
+            JS_ReportError(cx, "first argument must be unset or a string.");
+            return false;
+        }
+        bool isTenured;
+        if (!JS_StringEqualsAscii(cx, args[0].toString(), "nursery", &isNursery))
+            return false;
+        if (!JS_StringEqualsAscii(cx, args[0].toString(), "tenured", &isTenured))
+            return false;
+        if (!isNursery && !isTenured) {
+            JS_ReportError(cx, "first argument must be either 'nursery' or 'tenured'.");
+            return false;
+        }
+        MOZ_ASSERT(isNursery != isTenured);
+    }
+
     RootedObject scope(cx, JS::CurrentGlobalOrNull(cx));
     if (!scope)
         return false;
 
-    JSObject *obj = JS_NewObjectWithGivenProto(cx, &FinalizeCounterClass, JS::NullPtr(), scope);
+    const JSClass *clasp = isNursery ? &NurseryFinalizeCounterClass : &FinalizeCounterClass;
+    JSObject *obj = JS_NewObjectWithGivenProto(cx, clasp, JS::NullPtr(), scope);
     if (!obj)
         return false;
+    MOZ_ASSERT(isNursery == IsInsideNursery(obj));
 
     args.rval().setObject(*obj);
     return true;
 }
 
 static bool
 FinalizeCount(JSContext *cx, unsigned argc, jsval *vp)
 {
@@ -2255,19 +2287,21 @@ static const JSFunctionSpecWithHelp Test
     JS_FN_HELP("settleFakePromise", SettleFakePromise, 1, 0,
 "settleFakePromise(promise)",
 "  'Settle' a 'promise' created by makeFakePromise(). This doesn't have any\n"
 "  observable effects outside of firing any onPromiseSettled hooks set on\n"
 "  Debugger instances that are observing the given promise's global as a\n"
 "  debuggee."),
 
     JS_FN_HELP("makeFinalizeObserver", MakeFinalizeObserver, 0, 0,
-"makeFinalizeObserver()",
+"makeFinalizeObserver(['nursery'|'tenured'])",
 "  Get a special object whose finalization increases the counter returned\n"
-"  by the finalizeCount function."),
+"  by the finalizeCount function. Pass an optional string of 'nursery' or\n"
+"  'tenured' (default of 'tenured') to the function to select a target heap\n"
+"  for the allocation."),
 
     JS_FN_HELP("finalizeCount", FinalizeCount, 0, 0,
 "finalizeCount()",
 "  Return the current value of the finalization counter that is incremented\n"
 "  each time an object returned by the makeFinalizeObserver is finalized."),
 
     JS_FN_HELP("gcPreserveCode", GCPreserveCode, 0, 0,
 "gcPreserveCode()",
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/nursery-finalize.js
@@ -0,0 +1,16 @@
+assertEq(0, finalizeCount());
+makeFinalizeObserver('tenured');
+minorgc();
+assertEq(0, finalizeCount());
+makeFinalizeObserver('nursery');
+minorgc();
+assertEq(1, finalizeCount());
+gc();
+assertEq(2, finalizeCount());
+
+var N = 10000;
+for (var i = 0; i < N; ++i)
+    makeFinalizeObserver('nursery');
+minorgc();
+assertEq(N + 2, finalizeCount());
+