From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- js/src/jsapi-tests/testGCStoreBufferRemoval.cpp | 110 ++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 js/src/jsapi-tests/testGCStoreBufferRemoval.cpp (limited to 'js/src/jsapi-tests/testGCStoreBufferRemoval.cpp') diff --git a/js/src/jsapi-tests/testGCStoreBufferRemoval.cpp b/js/src/jsapi-tests/testGCStoreBufferRemoval.cpp new file mode 100644 index 0000000000..47cd92b403 --- /dev/null +++ b/js/src/jsapi-tests/testGCStoreBufferRemoval.cpp @@ -0,0 +1,110 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gc/Barrier.h" +#include "js/GCAPI.h" +#include "jsapi-tests/tests.h" + +using namespace JS; +using namespace js; + +// Name this constant without creating a GC hazard. +#define BAD_OBJECT_PTR reinterpret_cast(1) + +BEGIN_TEST(testGCStoreBufferRemoval) { + // Sanity check - objects start in the nursery and then become tenured. + JS_GC(cx); + JS::RootedObject obj(cx, NurseryObject()); + CHECK(js::gc::IsInsideNursery(obj.get())); + JS_GC(cx); + CHECK(!js::gc::IsInsideNursery(obj.get())); + JS::RootedObject tenuredObject(cx, obj); + + // Test removal of store buffer entries added by HeapPtr. + { + JSObject* punnedPtr = nullptr; + HeapPtr* relocPtr = + reinterpret_cast*>(&punnedPtr); + new (relocPtr) HeapPtr; + *relocPtr = NurseryObject(); + relocPtr->~HeapPtr(); + punnedPtr = BAD_OBJECT_PTR; + JS_GC(cx); + + new (relocPtr) HeapPtr; + *relocPtr = NurseryObject(); + *relocPtr = tenuredObject; + relocPtr->~HeapPtr(); + punnedPtr = BAD_OBJECT_PTR; + JS_GC(cx); + + new (relocPtr) HeapPtr; + *relocPtr = NurseryObject(); + *relocPtr = nullptr; + relocPtr->~HeapPtr(); + punnedPtr = BAD_OBJECT_PTR; + JS_GC(cx); + } + + // Test removal of store buffer entries added by HeapPtr. + { + Value punnedValue; + HeapPtr* relocValue = + reinterpret_cast*>(&punnedValue); + new (relocValue) HeapPtr; + *relocValue = ObjectValue(*NurseryObject()); + relocValue->~HeapPtr(); + punnedValue = js::PoisonedObjectValue(0x48); + JS_GC(cx); + + new (relocValue) HeapPtr; + *relocValue = ObjectValue(*NurseryObject()); + *relocValue = ObjectValue(*tenuredObject); + relocValue->~HeapPtr(); + punnedValue = js::PoisonedObjectValue(0x48); + JS_GC(cx); + + new (relocValue) HeapPtr; + *relocValue = ObjectValue(*NurseryObject()); + *relocValue = NullValue(); + relocValue->~HeapPtr(); + punnedValue = js::PoisonedObjectValue(0x48); + JS_GC(cx); + } + + // Test removal of store buffer entries added by Heap. + { + JSObject* punnedPtr = nullptr; + Heap* heapPtr = reinterpret_cast*>(&punnedPtr); + new (heapPtr) Heap; + *heapPtr = NurseryObject(); + heapPtr->~Heap(); + punnedPtr = BAD_OBJECT_PTR; + JS_GC(cx); + + new (heapPtr) Heap; + *heapPtr = NurseryObject(); + *heapPtr = tenuredObject; + heapPtr->~Heap(); + punnedPtr = BAD_OBJECT_PTR; + JS_GC(cx); + + new (heapPtr) Heap; + *heapPtr = NurseryObject(); + *heapPtr = nullptr; + heapPtr->~Heap(); + punnedPtr = BAD_OBJECT_PTR; + JS_GC(cx); + } + + return true; +} + +JSObject* NurseryObject() { return JS_NewPlainObject(cx); } +END_TEST(testGCStoreBufferRemoval) + +#undef BAD_OBJECT_PTR -- cgit v1.2.3