Bug 1322400 - Add content-exposed GC and CC functions to fuzzing builds. r=smaug
MozReview-Commit-ID: 5iV4RDZxZIl
new file mode 100644
--- /dev/null
+++ b/dom/base/FuzzingFunctions.cpp
@@ -0,0 +1,30 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "FuzzingFunctions.h"
+
+#include "nsJSEnvironment.h"
+#include "js/GCAPI.h"
+
+namespace mozilla {
+namespace dom {
+
+/* static */ void
+FuzzingFunctions::GarbageCollect(const GlobalObject&)
+{
+ nsJSContext::GarbageCollectNow(JS::gcreason::COMPONENT_UTILS,
+ nsJSContext::NonIncrementalGC,
+ nsJSContext::NonShrinkingGC);
+}
+
+/* static */ void
+FuzzingFunctions::CycleCollect(const GlobalObject&)
+{
+ nsJSContext::CycleCollectNow();
+}
+
+} // namespace dom
+} // namespace mozilla
new file mode 100644
--- /dev/null
+++ b/dom/base/FuzzingFunctions.h
@@ -0,0 +1,28 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_dom_FuzzingFunctions
+#define mozilla_dom_FuzzingFunctions
+
+namespace mozilla {
+namespace dom {
+
+class GlobalObject;
+
+class FuzzingFunctions final
+{
+public:
+ static void
+ GarbageCollect(const GlobalObject&);
+
+ static void
+ CycleCollect(const GlobalObject&);
+};
+
+} // namespace dom
+} // namespace mozilla
+
+#endif // mozilla_dom_FuzzingFunctions
--- a/dom/base/moz.build
+++ b/dom/base/moz.build
@@ -208,16 +208,21 @@ EXPORTS.mozilla.dom += [
'TimeoutHandler.h',
'TimeoutManager.h',
'TreeWalker.h',
'WebKitCSSMatrix.h',
'WebSocket.h',
'WindowOrientationObserver.h',
]
+if CONFIG['FUZZING']:
+ EXPORTS.mozilla.dom += [
+ 'FuzzingFunctions.h',
+ ]
+
UNIFIED_SOURCES += [
'AnonymousContent.cpp',
'Attr.cpp',
'BarProps.cpp',
'BodyUtil.cpp',
'BorrowedAttrInfo.cpp',
'ChildIterator.cpp',
'ChromeNodeList.cpp',
@@ -355,16 +360,21 @@ UNIFIED_SOURCES += [
'WindowOrientationObserver.cpp',
]
if CONFIG['MOZ_WEBRTC']:
UNIFIED_SOURCES += [
'nsDOMDataChannel.cpp',
]
+if CONFIG['FUZZING']:
+ UNIFIED_SOURCES += [
+ 'FuzzingFunctions.cpp',
+ ]
+
# these files couldn't be in UNIFIED_SOURCES for now for reasons given below:
SOURCES += [
# Several conflicts with other bindings.
'DOMIntersectionObserver.cpp',
# Because of OS X headers.
'nsContentUtils.cpp',
# this file doesn't like windows.h
'nsDOMWindowUtils.cpp',
--- a/dom/bindings/Bindings.conf
+++ b/dom/bindings/Bindings.conf
@@ -425,16 +425,23 @@ DOMInterfaces = {
'FontFaceSet': {
'implicitJSContext': [ 'load' ],
},
'FontFaceSetIterator': {
'wrapperCache': False,
},
+'FuzzingFunctions': {
+ # The codegen is dumb, and doesn't understand that this interface is only a
+ # collection of static methods, so we have this `concrete: False` hack.
+ 'concrete': False,
+ 'headerFile': 'mozilla/dom/FuzzingFunctions.h',
+},
+
'Geolocation': {
'headerFile': 'nsGeolocation.h'
},
'HeapSnapshot': {
'nativeType': 'mozilla::devtools::HeapSnapshot'
},
new file mode 100644
--- /dev/null
+++ b/dom/webidl/FuzzingFunctions.webidl
@@ -0,0 +1,24 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+/*
+ * Various functions useful for automated fuzzing that are enabled
+ * only in --enable-fuzzing builds, because they may be dangerous to
+ * enable on untrusted pages.
+*/
+
+[Pref="fuzzing.enabled"]
+interface FuzzingFunctions {
+ /**
+ * Synchronously perform a garbage collection.
+ */
+ static void garbageCollect();
+
+ /**
+ * Synchronously perform a cycle collection.
+ */
+ static void cycleCollect();
+};
--- a/dom/webidl/moz.build
+++ b/dom/webidl/moz.build
@@ -1048,16 +1048,21 @@ if CONFIG['MOZ_SECUREELEMENT']:
'SecureElementManager.webidl',
]
if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gonk':
WEBIDL_FILES += [
'InstallTrigger.webidl',
]
+if CONFIG['FUZZING']:
+ WEBIDL_FILES += [
+ 'FuzzingFunctions.webidl',
+ ]
+
GENERATED_EVENTS_WEBIDL_FILES = [
'AddonEvent.webidl',
'AnimationPlaybackEvent.webidl',
'AutocompleteErrorEvent.webidl',
'BlobEvent.webidl',
'CaretStateChangedEvent.webidl',
'CloseEvent.webidl',
'DeviceLightEvent.webidl',