Large Heap followed by Streams use causing crash
Categories
(Core :: Performance: Memory, defect)
Tracking
()
People
(Reporter: mgaudet, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
One can provoke a tab crash by using lots of heap, trying to create streams. This has the same signature as the crashes we've been seeing in Bug 1931717.
This test case is tuned to my machine, and is not 100% reliable, but I can reproduce with this as set using uvx mozregression --launch 2025-11-6 -a jsobject-oom.html
Note: this is in many ways currently an architectural limitation: once the JS heap is exhausted at ~4GB then DOM attempts to get Promises will fail because we OOM in Promise::CreateInfallible.
To fix this reliably would require 1) A larger than 4GB JS heap 2) Making streams fail more gracefully than crashing. Yet, streams really can't function once we can't get a promise, so it's unclear what a 'graceful' failure looks like here beyond "oops we no longer run script?"
I am opening this because this is a reproducible test case we could consider working on.
|
Reporter | |
Comment 1•6 days ago
|
||
It's worth noting that this can crash in Chrome too; but they can allocate more objects (ignore the GB calculation, it's bull). Eg. where the limit for FF for me is 105600000, I can do 165600000 + 100,000 streams in chrome.
|
|
Reporter | |
Comment 2•6 days ago
|
||
(Oh, but side note I did modify the test case to have segmented arrays to test chrome, as otherwise they hit a range error on indices)
Description
•