Closed Bug 1677857 Opened 5 years ago Closed 5 years ago

Implement fuzzPriv.MP() in FuzzingFunctions

Categories

(Core :: Fuzzing, enhancement)

Product:
Core
Component:
Fuzzing
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
85 Branch
Tracking Flags:
Tracking Status
firefox85 --- fixed

People

(Reporter: tsmith, Assigned: pbone)

Details

Attachments

(1 file)

Bug 1677857 - Add new GC related fuzzing functions r=tsmith
47 bytes, text/x-phabricator-request
Details | Review

Basically, you'd add a new method to FuzzingFunctions.webidl

The implementation in C++ would just be:
nsCOMPtr<nsIObserverService> os = services::GetObserverService();
os->NotifyObservers(nullptr, "memory-pressure", u"heap-minimize");

It might be better to rename this to "memoryPressure" or something because mp is a bit opaque IMO.

Paul, do you have time to look at this? It is sort of a "good first bug" for WebIDL.

Flags: needinfo?(pbone)

Yeah, agreed it'd be good to do a "good first bug" for WebIDL.

A problem with the observer notification is that it is asynchronous (AIUI). It might be nice if the caller could wait until the compaction finished, maybe it could make some fuzzing things more deterministic.

Assignee: nobody → pbone
Status: NEW → ASSIGNED
Flags: needinfo?(pbone)

That's a good point. The observer notification itself is synchronous, but the part where it propagates to the child processes is indeed async.

Hmm but I guess this will be run from a content process, so that shouldn't be an issue.

I think the completion of the GC will be async also. I'll check this when I implement it.

One thing I forgot to mention is that FuzzingFunctions is only available in fuzzing builds. You probably don't want to have to rebuild Firefox just to test this. I think you can avoid that by editing dom/base/moz.build and dom/webidl/moz.build to edit away the if CONFIG["FUZZING"]: for FuzzingFunctions.{h,cpp,webidl}.

Then you'll have to set the fuzzing.enabled pref in Firefox, because the FuzzingFunctions WebIDL interface has the property Pref="fuzzing.enabled"

This page has some documentation on WebIDL: https://developer.mozilla.org/en-US/docs/Mozilla/WebIDL_bindings

Most of that won't be stuff that you will need for this, because you are just adding one function.

This change runs a non-incremental shrinking GC if the new parameter is set
to true.

Attachment #9188764 - Attachment description: Bug 1677857 - Let the garbageCollect fuzzing function do shrinking GC r=tsmith → Bug 1677857 - Add new GC related fuzzing functions r=tsmith
Pushed by pbone@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/71d7e6400bae Add new GC related fuzzing functions r=tsmith,mccr8

https://hg.mozilla.org/mozilla-central/rev/71d7e6400bae

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox85: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 85 Branch
No longer regressions: 1681721
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: