testGCStoreBufferRemoval.cpp (3265B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- 2 * vim: set ts=8 sts=2 et sw=2 tw=80: 3 */ 4 /* This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 8 #include "gc/Barrier.h" 9 #include "js/GCAPI.h" 10 #include "jsapi-tests/tests.h" 11 12 using namespace JS; 13 using namespace js; 14 15 // Name this constant without creating a GC hazard. 16 #define BAD_OBJECT_PTR reinterpret_cast<JSObject*>(1) 17 18 BEGIN_TEST(testGCStoreBufferRemoval) { 19 // Sanity check - objects start in the nursery and then become tenured. 20 JS_GC(cx); 21 JS::RootedObject obj(cx, NurseryObject()); 22 CHECK(js::gc::IsInsideNursery(obj.get())); 23 JS_GC(cx); 24 CHECK(!js::gc::IsInsideNursery(obj.get())); 25 JS::RootedObject tenuredObject(cx, obj); 26 27 // Test removal of store buffer entries added by HeapPtr<T>. 28 { 29 JSObject* punnedPtr = nullptr; 30 HeapPtr<JSObject*>* relocPtr = 31 reinterpret_cast<HeapPtr<JSObject*>*>(&punnedPtr); 32 new (relocPtr) HeapPtr<JSObject*>; 33 *relocPtr = NurseryObject(); 34 relocPtr->~HeapPtr<JSObject*>(); 35 punnedPtr = BAD_OBJECT_PTR; 36 JS_GC(cx); 37 38 new (relocPtr) HeapPtr<JSObject*>; 39 *relocPtr = NurseryObject(); 40 *relocPtr = tenuredObject; 41 relocPtr->~HeapPtr<JSObject*>(); 42 punnedPtr = BAD_OBJECT_PTR; 43 JS_GC(cx); 44 45 new (relocPtr) HeapPtr<JSObject*>; 46 *relocPtr = NurseryObject(); 47 *relocPtr = nullptr; 48 relocPtr->~HeapPtr<JSObject*>(); 49 punnedPtr = BAD_OBJECT_PTR; 50 JS_GC(cx); 51 } 52 53 // Test removal of store buffer entries added by HeapPtr<Value>. 54 { 55 Value punnedValue; 56 HeapPtr<Value>* relocValue = 57 reinterpret_cast<HeapPtr<Value>*>(&punnedValue); 58 new (relocValue) HeapPtr<Value>; 59 *relocValue = ObjectValue(*NurseryObject()); 60 relocValue->~HeapPtr<Value>(); 61 punnedValue = js::PoisonedObjectValue(0x48); 62 JS_GC(cx); 63 64 new (relocValue) HeapPtr<Value>; 65 *relocValue = ObjectValue(*NurseryObject()); 66 *relocValue = ObjectValue(*tenuredObject); 67 relocValue->~HeapPtr<Value>(); 68 punnedValue = js::PoisonedObjectValue(0x48); 69 JS_GC(cx); 70 71 new (relocValue) HeapPtr<Value>; 72 *relocValue = ObjectValue(*NurseryObject()); 73 *relocValue = NullValue(); 74 relocValue->~HeapPtr<Value>(); 75 punnedValue = js::PoisonedObjectValue(0x48); 76 JS_GC(cx); 77 } 78 79 // Test removal of store buffer entries added by Heap<T>. 80 { 81 JSObject* punnedPtr = nullptr; 82 JS::Heap<JSObject*>* heapPtr = 83 reinterpret_cast<JS::Heap<JSObject*>*>(&punnedPtr); 84 new (heapPtr) JS::Heap<JSObject*>; 85 *heapPtr = NurseryObject(); 86 heapPtr->~Heap<JSObject*>(); 87 punnedPtr = BAD_OBJECT_PTR; 88 JS_GC(cx); 89 90 new (heapPtr) JS::Heap<JSObject*>; 91 *heapPtr = NurseryObject(); 92 *heapPtr = tenuredObject; 93 heapPtr->~Heap<JSObject*>(); 94 punnedPtr = BAD_OBJECT_PTR; 95 JS_GC(cx); 96 97 new (heapPtr) JS::Heap<JSObject*>; 98 *heapPtr = NurseryObject(); 99 *heapPtr = nullptr; 100 heapPtr->~Heap<JSObject*>(); 101 punnedPtr = BAD_OBJECT_PTR; 102 JS_GC(cx); 103 } 104 105 return true; 106 } 107 108 JSObject* NurseryObject() { return JS_NewPlainObject(cx); } 109 END_TEST(testGCStoreBufferRemoval) 110 111 #undef BAD_OBJECT_PTR