Closed Bug 822385 Opened 8 years ago Closed 8 years ago
Add getters/setters/methods with jitinfo to the shell
IonMonkey optimizes calls to DOM getters, setters and methods. Our (shell) fuzzers are currently unable to test any of this though, because the shell does not expose any getters/setters with attached jitinfo. Adding some getters/setters/methods to the shell shouldn't be hard and will get us a lot of extra fuzz testing for free. Note that we should also add some jit-tests, so that the fuzzers have something to mutate.
This adds a FakeDOMObject constructor to the shell. It returns an object with a getter, setter and method with attached JitInfo. I verified IonMonkey uses its DOM instructions to access these, and I could reproduce some (browser) problems we found recently in the shell. I don't have much time to add more stuff, but I think this is a good starting point. We can add additional objects/getters/setters/methods later.
Assignee: general → jdemooij
Status: NEW → ASSIGNED
Attachment #693295 - Flags: review?(bzbarsky)
Comment on attachment 693296 [details] [diff] [review] Patch r=me, sorry for the lag!
Attachment #693296 - Flags: review?(bzbarsky) → review+
@decoder, gkw, Jesse: with this patch, "new FakeDOMObject()" in the shell returns an object with properties "x" and "doFoo". Can you guys make sure these are properly fuzzed? I also added a jit-test (tests/basic/test-jitinfo.js) so that the fuzzers that mutate existing tests will test it automatically.
This got backed out in: http://hg.mozilla.org/integration/mozilla-inbound/rev/8a7b7f1ac53a
(In reply to Gary Kwong [:gkw] from comment #7) > This got backed out in: > > http://hg.mozilla.org/integration/mozilla-inbound/rev/8a7b7f1ac53a Nope, the bug number in that commit message is wrong :) Bug 823165 was backed out.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
8 years ago
Depends on: 823715
You need to log in before you can comment on or make changes to this bug.