Closed
Bug 822385
Opened 12 years ago
Closed 12 years ago
Add getters/setters/methods with jitinfo to the shell
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla20
People
(Reporter: jandem, Assigned: jandem)
References
Details
Attachments
(1 file, 1 obsolete file)
8.43 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
IonMonkey optimizes calls to DOM getters, setters and methods. Our (shell) fuzzers are currently unable to test any of this though, because the shell does not expose any getters/setters with attached jitinfo. Adding some getters/setters/methods to the shell shouldn't be hard and will get us a lot of extra fuzz testing for free. Note that we should also add some jit-tests, so that the fuzzers have something to mutate.
Comment 1•12 years ago
|
||
Yay!
Assignee | ||
Comment 2•12 years ago
|
||
This adds a FakeDOMObject constructor to the shell. It returns an object with a getter, setter and method with attached JitInfo. I verified IonMonkey uses its DOM instructions to access these, and I could reproduce some (browser) problems we found recently in the shell. I don't have much time to add more stuff, but I think this is a good starting point. We can add additional objects/getters/setters/methods later.
Assignee | ||
Comment 3•12 years ago
|
||
Attachment #693295 -
Attachment is obsolete: true
Attachment #693295 -
Flags: review?(bzbarsky)
Attachment #693296 -
Flags: review?(bzbarsky)
Comment 4•12 years ago
|
||
Comment on attachment 693296 [details] [diff] [review] Patch r=me, sorry for the lag!
Attachment #693296 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 5•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/91dae8287643
Assignee | ||
Comment 6•12 years ago
|
||
@decoder, gkw, Jesse: with this patch, "new FakeDOMObject()" in the shell returns an object with properties "x" and "doFoo". Can you guys make sure these are properly fuzzed? I also added a jit-test (tests/basic/test-jitinfo.js) so that the fuzzers that mutate existing tests will test it automatically.
Comment 7•12 years ago
|
||
This got backed out in: http://hg.mozilla.org/integration/mozilla-inbound/rev/8a7b7f1ac53a
Assignee | ||
Comment 8•12 years ago
|
||
(In reply to Gary Kwong [:gkw] from comment #7) > This got backed out in: > > http://hg.mozilla.org/integration/mozilla-inbound/rev/8a7b7f1ac53a Nope, the bug number in that commit message is wrong :) Bug 823165 was backed out.
Comment 9•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/91dae8287643
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
You need to log in
before you can comment on or make changes to this bug.
Description
•