Created attachment 305135 [details]
memory.js

Here's a first attempt at it. I still have a few things to add so it's not a patch yet. I'll work on this when I have downtime on other patches.

Sample output with 64 iterations, verbose on, takes 2.6s to run in debug:

+ memory: section, max:
+ memory: imported, exported:
^ invoke:
    instances[0].func()
    instances[0].max()
    instances[0].throws()
    instances[0].max()
+ memory: section:
+ memory: section:
+ memory: none:
- delete:
    delete 0 / 4
    delete 0 / 3
    delete 1 / 2
+ memory: section, exported, max:
+ memory: section, exported, max:
+ memory: empty, section:
+ memory: empty, section:
+ memory: none:
+ memory: empty, section:
+ memory: empty, section:
- delete:
    delete 0 / 8
+ memory: empty, section:
- delete:
    delete 6 / 8
    delete 6 / 7
+ memory: section, exported, max:
- delete:
    delete 3 / 7
    delete 0 / 6
    delete 0 / 5
    delete 1 / 4
    delete 1 / 3
    delete 0 / 2
+ memory: none:
- delete:
    delete 0 / 2
    delete 0 / 1
+ memory: empty, section:
+ memory: empty, section:
- delete:
    delete 1 / 2
    delete 0 / 1
^ invoke:
    nothing to invoke
+ memory: section:
+ memory: section, exported, max:
+ memory: section, exported, max:
+ memory: empty, section:
+ memory: none:
- delete:
    delete 1 / 5
    delete 1 / 4
    delete 2 / 3
^ invoke:
    instances[0].max()
    instances[1].get()
    instances[1].grow()
        Grow from 0 (max 4) to 2 returned 0, current now 2
    instances[1].get()
+ memory: none:
+ memory: section, exported, max:
+ memory: empty, section:
^ invoke:
    instances[1].max()
    instances[4].throws()
    instances[1].current()
    instances[4].get()
+ memory: section, max:
+ memory: imported, exported:
+ memory: none:
+ memory: none:
+ memory: section, max:
+ memory: section, max:
- delete:
    delete 0 / 11
    delete 3 / 10
    delete 5 / 9
    delete 4 / 8
    delete 2 / 7
    delete 3 / 6
    delete 3 / 5
+ memory: section, exported, max:
+ memory: section, max:
+ memory: section:
+ memory: imported, exported:
+ memory: none:
+ memory: section:
+ memory: section, exported:
+ memory: section, exported, max:
+ memory: section, max:
+ memory: none:
+ memory: empty, section:
+ memory: section:
+ memory: imported, exported:
^ invoke:
    instances[13].throws()
    instances[10].grow()
        Grow from 0 (max 3) to 7 returned -1, current now 0
    instances[3].func()
    instances[7].current()
+ memory: none:
+ memory: section:
+ memory: none:
+ memory: imported, exported:
+ memory: empty, section:
- delete:
    delete 20 / 22
    delete 13 / 21
    delete 15 / 20
    delete 7 / 19
    delete 7 / 18
    delete 2 / 17
    delete 10 / 16
    delete 7 / 15
    delete 4 / 14
    delete 7 / 13
    delete 6 / 12
    delete 0 / 11
    delete 5 / 10
    delete 8 / 9
    delete 7 / 8
+ memory: section, exported:
Finalizing:
    delete 3 / 8
    delete 5 / 7
    delete 5 / 6
    delete 0 / 5
    delete 0 / 4
    delete 1 / 3
    delete 0 / 2
    delete 0 / 1

<rdar://problem/31965328>

Created attachment 309622 [details]
patch

Attachment 309622 [details] did not pass style-queue:


ERROR: JSTests/ChangeLog:3:  Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzer  [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment on attachment 309622 [details]
patch

r=me.

Comment on attachment 309622 [details]
patch

Clearing flags on attachment: 309622

Committed r216913: <http://trac.webkit.org/changeset/216913>

All reviewed patches have been landed.  Closing bug.