Open Bug 1537871 Opened 3 years ago Updated 3 months ago

Hard crash the browser if it uses more memory than a specified limit

Categories

(Core :: Memory Allocator, enhancement, P5)

enhancement

Tracking

()

People

(Reporter: bht237, Unassigned)

Details

Once every day or so, FireFox consumes all available memory e.g. 4GBytes and renders my system unresponsive to an extent that there are not enough resources to even start Windows 7 Task Manager. I have 8GBytes of memory so that should not be an issue.

This is by today's standards reckless and unacceptable application behavior.

I don't want to get into any discussion about how many processes, what web sites, how many tabs, whether this is a CPU problem and so on. The situation is so extreme that it needs a solution which is missing at a fundamental level.

It is not acceptable that any application uses system resources without any limit. I need a guarantee that the browser does not use memory above a pre-set limit, e.g. 2GBytes. If the browser crashes as a consequence of this, I don't care about this either, because other applications are more important to me. I need to protect my system.

I have installed commercial Java software which when under stress, asks me to allocate more memory than currently set, reporting 1) what I have allocated and 2) what it thinks I should change it to. So that is industry standard - if cross-platform Java can do that so can a native application.

bht237, if I'm reading this correctly you have a feature request that we hard crash the browser once we've allocated more than a user-specified memory limit, is this correct?

This is a difficult topic and has some hard questions to answer:

  1. Can you specify how you'd measure that memory (are we talking resident, resident unique, private, heap-mapped, virtual, etc)
  2. Does it count across all Firefox related processes
  3. Does it include graphics memory
  4. Does it include memory allocated by drivers
  5. Does it include system libraries that are mapped in and do we care if they're shared with other processes
  6. Does it count programs that inject themselves into Firefox (AV, accessibility, etc)
  7. Do we care about any performance hits we get when gathering memory stats across processes (this can cause multi-second pauses)

If we're talking anything beyond heap memory this probably doesn't make sense to file against the memory allocator component.

Severity: critical → enhancement
Flags: needinfo?(bht237)
Priority: -- → P5
Summary: Fix Unbounded Resource Use → Hard crash the browser if it uses more memory than a specified limit

Hi Eric,

I thank you for your detailed questions and your enthusiasm to solve this hard but severe problem.

My request is not as specific as the new subject line suggests. I would say that as a worst case scenario, I am prepared to let the browser crash rather than having the browser crash my system. This is what effectively happens because that is happening if I am not spending an hour trying to figure out how to shut down applications one by one if there are still enough resources to let me do it. So crashing is still sub - standard compared with the Java applications I am referring to. I am using this scenario, the crash, just to explain how bad things really are. I am NOT requesting the crash behavior. In my subject line, I was requesting to "Fix Unbounded Resource Use". I do not appreciate being mocked here with a new subject line that I did not create.

1.: I am not familiar with the dependencies e.g. wrt 7. I would be counter-productive if I was specifying a component that would mainly be expensive to measure (responsible for a performance hit when being measured) while at the same time being of no great benefit.

2.: In this report, I am actually referring to memory consumption shown in Windows Task Manager against a single FireFox process. Sorry I failed to mention that. If additional processes each do not breach the same given limit, then that should be sufficient. I am against unbounded behavior only which is reckless. That is in line with many months of frequent memory issues, where an obvious memory leak was always limited to a single process where others were still running with moderate consumption somewhere at 500MB each. It is the situation where we have n times 500MB PLUS 4GB which is not acceptable.

3.: I don't know. I have some doubts about Task Manager showing graphics memory. I am concerned about memory leaks, and I have some doubts whether graphics memory is a candidate for what I am experiencing, and what others experience as well.

4.: Please refer to 3.

5.: I would refer to 3 if at all. I do not feel competent enough to answer this question.

6.: Probably not.

7.: From my perspective, practically speaking, I hope that question is a joke because you know if that was actually taking seconds, then why even discuss this. We don't need to explore the universe to diagnose the main culprit that causes this disaster, otherwise ... well I don't really want to go there.

I have reported multiple memory leaks, triggered by code hosted by multiple sites, and this did not go anywhere for more than a year. I hope that I am somehow making sense with my request in a way that you can facilitate a solution that solves the problem. As I wrote, I am aware already of two applications that communicate memory issues to the user, allowing for a graceful shutdown, and it does the trick. One of this is the NetBeans IDE, another one is the Thinkorswim trading platform. These are very big applications. A first step, addressing the biggest chunk of the well-known problems would be great.

Flags: needinfo?(bht237)

This Windows PowerShell script might help:
while ($true) {
Get-Process firefox -ea 0 | where { $.PM -ge 1000MB } | foreach {
[bool]$Ping = Test-Connection 8.8.8.8 -Quiet
if ($Ping) {
Stop-Process $
.ID -Force
}
}
sleep -s 1
}
Result for memory leaks:
I get an almost seamless fast browsing experience like never before with only the occasional:
"Gah. Your tab just crashed."
This is not a problem because I can get the page back because the URL is still in the URL bar.
Then it appears that the pool of firefox processes gets repleninshed.
More importantly, I can use my computer without system crashes. This appears to be the baseline for now from which to move forward.

Please bump this up. As bht237 is trying to explain, the solution does not have to be fancy. Just stop Firefox from taking all memory, and subsequently locking up the whole O/S.

In my case, yesterday I was developing a tiny web page on Linux (PopOS) and accidentally created an endless loop in Javascript that ate memory (by growing an array). My entire OS became inoperable and had to be hard-rebooted. I was surprised this could happen due to Javascript (a sandboxed browser language), running in a web page (a sandboxed app) running in a Firefox browser that is supposed to protect users from the world wild web. One errant line of legal Javascript in HTML should not equate to a denial-of-service attack. And users risk data loss if there are tabs or other apps outside of Firefox that have unsaved changes.

I understand it can be difficult to calculate memory allocations from so many subsystems: tabs, engines, DOMs, etc. However, all that matters here is the total. How much memory Firefox's native process(es) use as a whole, in relation to physical/real RAM. Managing that coarse number will save users a lot of lost time and bad feelings.

Thanks for your consideration!

See also bug# 1437470

You need to log in before you can comment on or make changes to this bug.