Closed Bug 822385 Opened 12 years ago Closed 12 years ago

Add getters/setters/methods with jitinfo to the shell

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla20

People

(Reporter: jandem, Assigned: jandem)

References

Details

Attachments

(1 file, 1 obsolete file)

Patch
8.43 KB, patch
bzbarsky
: review+
Details | Diff | Splinter Review 
IonMonkey optimizes calls to DOM getters, setters and methods. Our (shell) fuzzers are currently unable to test any of this though, because the shell does not expose any getters/setters with attached jitinfo.

Adding some getters/setters/methods to the shell shouldn't be hard and will get us a lot of extra fuzz testing for free. Note that we should also add some jit-tests, so that the fuzzers have something to mutate.
Attached patch Patch (obsolete) — Splinter Review 
This adds a FakeDOMObject constructor to the shell. It returns an object with a getter, setter and method with attached JitInfo. I verified IonMonkey uses its DOM instructions to access these, and I could reproduce some (browser) problems we found recently in the shell.

I don't have much time to add more stuff, but I think this is a good starting point. We can add additional objects/getters/setters/methods later.
Assignee: general → jdemooij
Status: NEW → ASSIGNED
Attachment #693295 - Flags: review?(bzbarsky)
Attached patch PatchSplinter Review 

        Attachment #693295 -
        Attachment is obsolete: true

        Attachment #693295 -
        Flags: review?(bzbarsky)

        Attachment #693296 -
        Flags: review?(bzbarsky)

    
    

    
  
Comment on attachment 693296 [details] [diff] [review]
Patch

r=me, sorry for the lag!

        Attachment #693296 -
        Flags: review?(bzbarsky) → review+

    
    

    
  
@decoder, gkw, Jesse: with this patch, "new FakeDOMObject()" in the shell returns an object with properties "x" and "doFoo". Can you guys make sure these are properly fuzzed? I also added a jit-test (tests/basic/test-jitinfo.js) so that the fuzzers that mutate existing tests will test it automatically.

    
    

    
  
(In reply to Gary Kwong [:gkw] from comment #7)
> This got backed out in:
> 
> http://hg.mozilla.org/integration/mozilla-inbound/rev/8a7b7f1ac53a

Nope, the bug number in that commit message is wrong :) Bug 823165 was backed out.

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/91dae8287643
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: