Created attachment 305135 [details] memory.js Here's a first attempt at it. I still have a few things to add so it's not a patch yet. I'll work on this when I have downtime on other patches. Sample output with 64 iterations, verbose on, takes 2.6s to run in debug: + memory: section, max: + memory: imported, exported: ^ invoke: instances[0].func() instances[0].max() instances[0].throws() instances[0].max() + memory: section: + memory: section: + memory: none: - delete: delete 0 / 4 delete 0 / 3 delete 1 / 2 + memory: section, exported, max: + memory: section, exported, max: + memory: empty, section: + memory: empty, section: + memory: none: + memory: empty, section: + memory: empty, section: - delete: delete 0 / 8 + memory: empty, section: - delete: delete 6 / 8 delete 6 / 7 + memory: section, exported, max: - delete: delete 3 / 7 delete 0 / 6 delete 0 / 5 delete 1 / 4 delete 1 / 3 delete 0 / 2 + memory: none: - delete: delete 0 / 2 delete 0 / 1 + memory: empty, section: + memory: empty, section: - delete: delete 1 / 2 delete 0 / 1 ^ invoke: nothing to invoke + memory: section: + memory: section, exported, max: + memory: section, exported, max: + memory: empty, section: + memory: none: - delete: delete 1 / 5 delete 1 / 4 delete 2 / 3 ^ invoke: instances[0].max() instances[1].get() instances[1].grow() Grow from 0 (max 4) to 2 returned 0, current now 2 instances[1].get() + memory: none: + memory: section, exported, max: + memory: empty, section: ^ invoke: instances[1].max() instances[4].throws() instances[1].current() instances[4].get() + memory: section, max: + memory: imported, exported: + memory: none: + memory: none: + memory: section, max: + memory: section, max: - delete: delete 0 / 11 delete 3 / 10 delete 5 / 9 delete 4 / 8 delete 2 / 7 delete 3 / 6 delete 3 / 5 + memory: section, exported, max: + memory: section, max: + memory: section: + memory: imported, exported: + memory: none: + memory: section: + memory: section, exported: + memory: section, exported, max: + memory: section, max: + memory: none: + memory: empty, section: + memory: section: + memory: imported, exported: ^ invoke: instances[13].throws() instances[10].grow() Grow from 0 (max 3) to 7 returned -1, current now 0 instances[3].func() instances[7].current() + memory: none: + memory: section: + memory: none: + memory: imported, exported: + memory: empty, section: - delete: delete 20 / 22 delete 13 / 21 delete 15 / 20 delete 7 / 19 delete 7 / 18 delete 2 / 17 delete 10 / 16 delete 7 / 15 delete 4 / 14 delete 7 / 13 delete 6 / 12 delete 0 / 11 delete 5 / 10 delete 8 / 9 delete 7 / 8 + memory: section, exported: Finalizing: delete 3 / 8 delete 5 / 7 delete 5 / 6 delete 0 / 5 delete 0 / 4 delete 1 / 3 delete 0 / 2 delete 0 / 1

<rdar://problem/31965328>

Created attachment 309622 [details] patch

Attachment 309622 [details] did not pass style-queue: ERROR: JSTests/ChangeLog:3: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzer [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.

Comment on attachment 309622 [details] patch r=me.

Comment on attachment 309622 [details] patch Clearing flags on attachment: 309622 Committed r216913: <http://trac.webkit.org/changeset/216913>

All reviewed patches have been landed. Closing bug.