From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- js/src/jit-test/tests/debug/gc-05.js | 41 ++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 js/src/jit-test/tests/debug/gc-05.js (limited to 'js/src/jit-test/tests/debug/gc-05.js') diff --git a/js/src/jit-test/tests/debug/gc-05.js b/js/src/jit-test/tests/debug/gc-05.js new file mode 100644 index 0000000000..e42b2a7272 --- /dev/null +++ b/js/src/jit-test/tests/debug/gc-05.js @@ -0,0 +1,41 @@ +// If a Debugger survives its debuggee, its object cache must still be swept. + +var g2arr = []; // non-debuggee globals +var xarr = []; // debuggee objects + +var N = 4, M = 4; +for (var i = 0; i < N; i++) { + var g1 = newGlobal({newCompartment: true}); + g1.M = M; + var dbg = new Debugger(g1); + var g2 = g1.eval("newGlobal('same-compartment')"); + g1.x = g2.eval("x = {};"); + + dbg.onDebuggerStatement = function (frame) { xarr.push(frame.eval("x").return); }; + g1.eval("debugger;"); + g2arr.push(g2); + + g1 = null; + gc(); +} + +// At least some of the debuggees have probably been collected at this +// point. It is nondeterministic, though. +assertEq(g2arr.length, N); +assertEq(xarr.length, N); + +// Try to make g2arr[i].eval eventually allocate a new object in the same +// location as a previously gc'd object. If the object caches are not being +// swept, the pointer coincidence will cause a Debugger.Object to be erroneously +// reused. +for (var i = 0; i < N; i++) { + var obj = xarr[i]; + for (j = 0; j < M; j++) { + assertEq(obj instanceof Debugger.Object, true); + g2arr[i].eval("x = x.prop = {};"); + obj = obj.getOwnPropertyDescriptor("prop").value;; + assertEq("seen" in obj, false); + obj.seen = true; + gc(); + } +} -- cgit v1.2.3