third_party/WebKit/Source/bindings/core/v8/serialization/SerializedScriptValueFuzzer.cpp - Issue 2658653003: Always force a major GC after each input in v8_serialized_script_value_fuzzer.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/bindings/core/v8/serialization/SerializedScriptValueFuzzer.cpp

Issue 2658653003: Always force a major GC after each input in v8_serialized_script_value_fuzzer. (Closed)

Patch Set: correct number in comment Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/WebKit/Source/bindings/core/v8/serialization/SerializedScriptValueFuzzer.cpp

diff --git a/third_party/WebKit/Source/bindings/core/v8/serialization/SerializedScriptValueFuzzer.cpp b/third_party/WebKit/Source/bindings/core/v8/serialization/SerializedScriptValueFuzzer.cpp

index 56cca93f706653fc9e2ed1751243a2c17150aa66..1c4bb3913b4a6303b34f74dac3d0786d17e94fea 100644

--- a/third_party/WebKit/Source/bindings/core/v8/serialization/SerializedScriptValueFuzzer.cpp

+++ b/third_party/WebKit/Source/bindings/core/v8/serialization/SerializedScriptValueFuzzer.cpp

@@ -5,12 +5,12 @@

#include "bindings/core/v8/SerializedScriptValue.h"

#include "bindings/core/v8/ScriptState.h"

+#include "bindings/core/v8/V8PerIsolateData.h"

#include "core/dom/MessagePort.h"

#include "core/frame/Settings.h"

#include "core/testing/DummyPageHolder.h"

#include "platform/RuntimeEnabledFeatures.h"

#include "platform/testing/BlinkFuzzerTestSupport.h"

-#include "platform/testing/UnitTestHelpers.h"

#include "public/platform/WebBlobInfo.h"

#include "public/platform/WebMessagePortChannel.h"

#include "wtf/StringHasher.h"

@@ -48,6 +48,8 @@ class WebMessagePortChannelImpl final : public WebMessagePortChannel {

} // namespace

extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {

+ const char kExposeGC[] = "--expose_gc";

+ v8::V8::SetFlagsFromString(kExposeGC, sizeof(kExposeGC));

InitializeBlinkFuzzTest(argc, argv);

RuntimeEnabledFeatures::setV8BasedStructuredCloneEnabled(true);

pageHolder = DummyPageHolder::create().release();

@@ -97,13 +99,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

CHECK(!tryCatch.HasCaught())

<< "deserialize() should return null rather than throwing an exception.";

- // Clean up. We have to periodically run pending tasks so that scheduled

- // Oilpan GC occurs.

- static int iterations = 0;

- if (iterations++ == 2048) {

- testing::runPendingTasks();

- iterations = 0;

- }

+ // Request a V8 GC. Oilpan will be invoked by the GC epilogue.

+ //

+ // Multiple GCs may be required to ensure everything is collected (due to

+ // a chain of persistent handles), so some objects may not be collected until

+ // a subsequent iteration. This is slow enough as is, so we compromise on one

+ // major GC, as opposed to the 5 used in V8GCController for unit tests.

+ V8PerIsolateData::mainThreadIsolate()->RequestGarbageCollectionForTesting(

+ v8::Isolate::kFullGarbageCollection);

return 0;

}

« no previous file with comments | « no previous file | no next file » | no next file with comments »