diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
commit | 2aa4a82499d4becd2284cdb482213d541b8804dd (patch) | |
tree | b80bf8bf13c3766139fbacc530efd0dd9d54394c /js/src/jsapi-tests/testGCStoreBufferRemoval.cpp | |
parent | Initial commit. (diff) | |
download | firefox-upstream.tar.xz firefox-upstream.zip |
Adding upstream version 86.0.1.upstream/86.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'js/src/jsapi-tests/testGCStoreBufferRemoval.cpp')
-rw-r--r-- | js/src/jsapi-tests/testGCStoreBufferRemoval.cpp | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/js/src/jsapi-tests/testGCStoreBufferRemoval.cpp b/js/src/jsapi-tests/testGCStoreBufferRemoval.cpp new file mode 100644 index 0000000000..81bf9356b5 --- /dev/null +++ b/js/src/jsapi-tests/testGCStoreBufferRemoval.cpp @@ -0,0 +1,117 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gc/Barrier.h" +#include "jsapi-tests/tests.h" + +using namespace JS; +using namespace js; + +struct AutoIgnoreRootingHazards { + // Force a nontrivial destructor so the compiler sees the whole RAII scope + static volatile int depth; + AutoIgnoreRootingHazards() { depth++; } + ~AutoIgnoreRootingHazards() { depth--; } +} JS_HAZ_GC_SUPPRESSED; +volatile int AutoIgnoreRootingHazards::depth = 0; + +BEGIN_TEST(testGCStoreBufferRemoval) { + // Sanity check - objects start in the nursery and then become tenured. + JS_GC(cx); + JS::RootedObject obj(cx, NurseryObject()); + CHECK(js::gc::IsInsideNursery(obj.get())); + JS_GC(cx); + CHECK(!js::gc::IsInsideNursery(obj.get())); + JS::RootedObject tenuredObject(cx, obj); + + // Hide the horrors herein from the static rooting analysis. + AutoIgnoreRootingHazards ignore; + + // Test removal of store buffer entries added by HeapPtr<T>. + { + JSObject* badObject = reinterpret_cast<JSObject*>(1); + JSObject* punnedPtr = nullptr; + HeapPtr<JSObject*>* relocPtr = + reinterpret_cast<HeapPtr<JSObject*>*>(&punnedPtr); + new (relocPtr) HeapPtr<JSObject*>; + *relocPtr = NurseryObject(); + relocPtr->~HeapPtr<JSObject*>(); + punnedPtr = badObject; + JS_GC(cx); + + new (relocPtr) HeapPtr<JSObject*>; + *relocPtr = NurseryObject(); + *relocPtr = tenuredObject; + relocPtr->~HeapPtr<JSObject*>(); + punnedPtr = badObject; + JS_GC(cx); + + new (relocPtr) HeapPtr<JSObject*>; + *relocPtr = NurseryObject(); + *relocPtr = nullptr; + relocPtr->~HeapPtr<JSObject*>(); + punnedPtr = badObject; + JS_GC(cx); + } + + // Test removal of store buffer entries added by HeapPtr<Value>. + { + Value punnedValue; + HeapPtr<Value>* relocValue = + reinterpret_cast<HeapPtr<Value>*>(&punnedValue); + new (relocValue) HeapPtr<Value>; + *relocValue = ObjectValue(*NurseryObject()); + relocValue->~HeapPtr<Value>(); + punnedValue = js::PoisonedObjectValue(0x48); + JS_GC(cx); + + new (relocValue) HeapPtr<Value>; + *relocValue = ObjectValue(*NurseryObject()); + *relocValue = ObjectValue(*tenuredObject); + relocValue->~HeapPtr<Value>(); + punnedValue = js::PoisonedObjectValue(0x48); + JS_GC(cx); + + new (relocValue) HeapPtr<Value>; + *relocValue = ObjectValue(*NurseryObject()); + *relocValue = NullValue(); + relocValue->~HeapPtr<Value>(); + punnedValue = js::PoisonedObjectValue(0x48); + JS_GC(cx); + } + + // Test removal of store buffer entries added by Heap<T>. + { + JSObject* badObject = reinterpret_cast<JSObject*>(1); + JSObject* punnedPtr = nullptr; + Heap<JSObject*>* heapPtr = reinterpret_cast<Heap<JSObject*>*>(&punnedPtr); + new (heapPtr) Heap<JSObject*>; + *heapPtr = NurseryObject(); + heapPtr->~Heap<JSObject*>(); + punnedPtr = badObject; + JS_GC(cx); + + new (heapPtr) Heap<JSObject*>; + *heapPtr = NurseryObject(); + *heapPtr = tenuredObject; + heapPtr->~Heap<JSObject*>(); + punnedPtr = badObject; + JS_GC(cx); + + new (heapPtr) Heap<JSObject*>; + *heapPtr = NurseryObject(); + *heapPtr = nullptr; + heapPtr->~Heap<JSObject*>(); + punnedPtr = badObject; + JS_GC(cx); + } + + return true; +} + +JSObject* NurseryObject() { return JS_NewPlainObject(cx); } +END_TEST(testGCStoreBufferRemoval) |