Closed Bug 1476357 Opened 6 years ago Closed 6 years ago

JavaScript for..of + Array.splice can create infinite loop -> very high memory consumption

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Version:
61 Branch
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: mozilla, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: testcase)

Attachments

(6 files, 1 obsolete file)

js_infinite_loop_test.html
949 bytes, text/html
Details
2018-07-19_Windows_results.png
19.12 KB, image/png
Details
1. system monitor with increasing memory - shortly after 'test' start
209.49 KB, image/png
Details
2. Firefox nightly showing the unresponsive script dialog with the 'notification.xml' script
103.95 KB, image/png
Details
3. system monitor with full memory
402.10 KB, image/png
Details
4. system monitor process table showing a child process using 6,9G memory and and virtual memory of 15G
230.82 KB, image/png
Details
Attached file js_infinite_loop_test.html (obsolete) — 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Build ID: 20180704194802

Steps to reproduce:

I can reproduce by following these steps:
1.1 open attached test html file (with inline script) and click on button 'start infinite loop test'
1.2 alternative open developer console (F12), copy paste this code snippet and run it with hitting the enter key

    let value = ["hello", "world"];
    for (let index of value.keys()) {
        // careful: this creates an infinity loop!!!
        value.splice(index + 1, 0, '42');
    }

2. watch memory consumption of Firefox / web processes in your system task-manager


Actual results:

Firefox memory consumption rises infinite (or at least my computer run out of ram and also swap)

site-note:
in the web application i encountered the problem originally during developing 
this just needed <10seconds till RAM was filled up and my system got unresponsive and i was not able to kill Firefox anymore... (system is currently Kubuntu 17.10 64bit)


Expected results:

Firefox should 'kill' the script at some point / not allow a single tab to consume high amounts of ram (more than 1/4 of system RAM or something similar?!)
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
20180717220130

After 10 seconds, I got a notification bar asking,
"A web page is slowing down your browser. What would you like to do? [ Stop it ] [ Wait ]"
Clicking "Stop it" then stopped the script with no ill effects.

Can you reproduce the issue in a brand new profile with the latest Nightly?
https://support.mozilla.com/kb/profile-manager-create-and-remove-firefox-profiles
https://www.mozilla.org/firefox/nightly/all/
Has STR: --- → yes
Component: Untriaged → DOM
Keywords: testcase
OS: Unspecified → Linux
Product: Firefox → Core
Hardware: Unspecified → x86_64
Blocks: eviltraps
Component: DOM → JavaScript Engine
Priority: -- → P3
sorry for the initial noise- 
i simplified my test and did not let it run long enough after this..

i did not get the message window - but after about 2minutes and 3G RAM increase i got a 'out of memory' message in the developer console. 

i attached a updated test with the following code:

    let value = ["hello", "world"];
    for (let index of value.keys()) {
        value.splice(index+1, 0, document.createElement('br'));
    }

this resulted in 8G RAM + 8G SWAP filled.
System did not respond any more. (but this has also to do with the system not only with Firefox..)

if i updated my system i can try with Firefox nightly but this will take some days..

        Attachment #8992700 -
        Attachment is obsolete: true

    
    

    
  


  
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
20180704003137

(In reply to Stefan Krüger from comment #2)
> i did not get the message window

It's a notification bar, not a window. Here's a screenshot. This is the result with your updated testcase, in Firefox 61.0.1.

> if i updated my system i can try with Firefox nightly but this will take
> some days..

Not much point to it now, since it works for me in the release version as well. Please enter about:config?filter=max*script into the address bar and check if any of the values have been increased from their defaults.

    
    

    
  
Yeah, I see the bar as well.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME

    
    

    
  
thanks @Gingerbread Man
it seems that at some point i changed the `dom.max_script_run_time` time... 
but did not remember this :-(
i thought my 'clean' profile is really clean with no configuration changes......
(time to create a new one..)

in the meantime i updated my system to Kubuntu 18.04.
i have retested this with a fresh install of Firefox Nightly 63.0a1 (2018-07-20) (64-bit) - 
and found that the notification bar pos up as intended! 
so this is also working partly for me.

when the bar pops up this does not stop the memory consumption (seems the script is not paused)
and i waited some seconds to long -
my RAM filled and the os started to transfer to swap - and with this the hole system got very unresponsive.
i tried to click on the Stop button - but it seemed that nothing happened...
at some point a message popped up that asked me if i want to stop the unresponsive script -
i instantly clicked the stop button without reading the script name :-(
the dialog stayed some seconds - and i could take a screenshot and read what i clicked away.. 
it was the unresponsive 'notification.xml' script...
so eventually i killed the script that tried to kill the script ;-)
i tried the notification bar stop button again - and some long time later again a script-unresponsive window popped up.
this time the the 'tab.xml' or similar - i continued the script..
i don't remember exactly - eventually again an unresponsive script window with the  'notification.xml' script poppend up -
if i continued it..
at some point the yellow bar vanished.
but the memory usage and processor activity stayed the same. 
i tried to open another tab with the idea to save a about:memory image. 
but the tab did not open. i tried to close the 'test' tab but this also did not work.
then i just tried to close Firefox to release the system so i could restart and write this message..
this worked after some minutes. and the memory was released.


during this hole process i managed to save some screenshots (attached)
1. system monitor with increasing memory - shortly after 'test' start
2. Firefox nightly showing the unresponsive script dialog with the 'notification.xml' script
3. system monitor with full memory
4. system monitor process table showing a child process using 6,9G memory and and virtual memory of 15G

i know that part of this issue has to do with the os itself. so i don't blame anybody!
i just want to report and try to give you as much information as iam possible can!
thanks for your patients!

    
    

    
  


  
1. system monitor with increasing memory - shortly after 'test' start

    
  

        Attachment #8994244 -
        Attachment description: Screenshot_20180723_172840.png → 1. system monitor with increasing memory - shortly after 'test' start

    
    

    
  


  

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: