Closed
Bug 40802
Opened 25 years ago
Closed 25 years ago
Javascript crashes on simple for-loop (by appearances "out of memory")
Categories
(Core :: JavaScript Engine, defect, P3)
Core
JavaScript Engine
Tracking
()
People
(Reporter: jrgmorrison, Assigned: rogerl)
Details
(Keywords: crash)
Attachments
(1 file)
|
1.15 KB,
text/html
|
Details |
Overview Description:
Javascript crashes on simple for-loop (by appearances "out of
memory")
Steps to Reproduce:
1) load the attachment to this bug
2) click on the button (usually crashes on the third click)
This is the code that crashes (huh? they say ...)
function doloop (msg) {
loop(300);
}
function loop(n) {
var i,j,k;
for (var i=0; i<n; i++){
for (var j=0; j<n; j++){
k++;
}
}
}
Actual Results: crashes
Expected Results: no-op loop executes (and local storage cleared)
Reproducibility: always
Build Date & Platform Bug Found:
20000525nn win32/linux/mac
Additional Builds and Platforms Tested On:
DOES NOT OCCUR: Nav 4.73 win95
Additional Information:
Here's the stack trace from a linux debug build (the stack is
the same for a talkback incident on win32 as well).
#0 0x405594e1 in __kill () from /lib/libc.so.6
#1 0x402a01eb in raise (sig=6) at signals.c:64
#2 0x4055a868 in abort () at ../sysdeps/generic/abort.c:88
#3 0x402123fb in JS_Assert (s=0x4021a690 "reportp",
file=0x4021a50a "jsexn.c", ln=554) at jsutil.c:174
#4 0x401bb5d0 in js_ErrorToException (cx=0x8689cf0,
message=0x893d520 "out of memory", reportp=0x0) at jsexn.c:554
#5 0x4019d70e in ReportError (cx=0x8689cf0,
message=0x893d520 "out of memory", reportp=0x0) at jscntxt.c:267
#6 0x4019d877 in js_ReportErrorVA (cx=0x8689cf0, flags=0,
format=0x402177eb "out of memory", ap=0xbfffe5ac) at jscntxt.c:316
#7 0x40197064 in JS_ReportError (cx=0x8689cf0,
format=0x402177eb "out of memory") at jsapi.c:2966
#8 0x401971ea in JS_ReportOutOfMemory (cx=0x8689cf0) at jsapi.c:3043
#9 0x401bfc9d in js_AllocGCThing (cx=0x8689cf0, flags=0) at jsgc.c:233
#10 0x401e34b8 in js_NewObject (cx=0x8689cf0, clasp=0x404a0e20,
proto=0x86d6b28, parent=0x0) at jsobj.c:1329
#11 0x40193cee in JS_NewObject (cx=0x8689cf0, clasp=0x404a0e20,
proto=0x86d6b28, parent=0x0) at jsapi.c:1471
#12 0x403e5b8c in NS_NewScriptKeyEvent (aContext=0x86933b0,
aSupports=0x893cc24, aParent=0x0, aReturn=0xbfffe76c)
at nsJSKeyEvent.cpp:1011
#13 0x403df9f3 in nsJSEventListener::HandleEvent (this=0x8730d90,
aEvent=0x893cc24) at nsJSEventListener.cpp:141
#14 0x413f3c0c in nsEventListenerManager::HandleEventSubType (this=0x8575008,
aListenerStruct=0x8575070, aDOMEvent=0x893cc24, aCurrentTarget=0x857500c,
aSubType=32, aPhaseFlags=7) at nsEventListenerManager.cpp:754
#15 0x413f43d5 in nsEventListenerManager::HandleEvent (this=0x8575008,
aPresContext=0x86b7dd0, aEvent=0xbfffecac, aDOMEvent=0xbfffebec,
aCurrentTarget=0x857500c, aFlags=7, aEventStatus=0xbfffecec)
at nsEventListenerManager.cpp:897
#16 0x416f140b in nsGenericElement::HandleDOMEvent (this=0x8574fe4,
aPresContext=0x86b7dd0, aEvent=0xbfffecac, aDOMEvent=0xbfffebec, aFlags=1,
aEventStatus=0xbfffecec) at nsGenericElement.cpp:1318
#17 0x414a18ad in nsHTMLDivElement::HandleDOMEvent (this=0x8574fd0,
aPresContext=0x86b7dd0, aEvent=0xbfffecac, aDOMEvent=0x0, aFlags=1,
aEventStatus=0xbfffecec) at nsHTMLDivElement.cpp:222
#18 0x413fcd77 in nsEventStateManager::GenerateMouseEnterExit (this=0x86f96f8,
aPresContext=0x86b7dd0, aEvent=0xbffff520) at nsEventStateManager.cpp:1335
#19 0x413f8804 in nsEventStateManager::PreHandleEvent (this=0x86f96f8,
aPresContext=0x86b7dd0, aEvent=0xbffff520, aTargetFrame=0x86e8028,
aStatus=0xbffff428, aView=0x8805c58) at nsEventStateManager.cpp:296
#20 0x4145a382 in PresShell::HandleEventInternal (this=0x8939d08,
aEvent=0xbffff520, aView=0x8805c58, aStatus=0xbffff428)
at nsPresShell.cpp:3601
#21 0x4145a039 in PresShell::HandleEvent (this=0x8939d08, aView=0x8805c58,
aEvent=0xbffff520, aEventStatus=0xbffff428, aHandled=@0xbffff3cc)
at nsPresShell.cpp:3542
#22 0x41a72c67 in nsView::HandleEvent (this=0x8805c58, event=0xbffff520,
aEventFlags=8, aStatus=0xbffff428, aHandled=@0xbffff3cc) at nsView.cpp:761
#23 0x41a72bf0 in nsView::HandleEvent (this=0x869a520, event=0xbffff520,
aEventFlags=8, aStatus=0xbffff428, aHandled=@0xbffff3cc) at nsView.cpp:745
#24 0x41a72bf0 in nsView::HandleEvent (this=0x8187628, event=0xbffff520,
aEventFlags=28, aStatus=0xbffff428, aHandled=@0xbffff3cc) at nsView.cpp:745
#25 0x41a85b93 in nsViewManager2::DispatchEvent (this=0x8187520,
aEvent=0xbffff520, aStatus=0xbffff428) at nsViewManager2.cpp:1367
#26 0x41a706e4 in HandleEvent (aEvent=0xbffff520) at nsView.cpp:68
#27 0x40a6ed28 in nsWidget::DispatchEvent (this=0x8805318, aEvent=0xbffff520,
aStatus=@0xbffff4c4) at nsWidget.cpp:1418
#28 0x40a6e96c in nsWidget::DispatchWindowEvent (this=0x8805318,
event=0xbffff520) at nsWidget.cpp:1309
#29 0x40a6ede0 in nsWidget::DispatchMouseEvent (this=0x8805318,
aEvent=@0xbffff520) at nsWidget.cpp:1445
#30 0x40a6f711 in nsWidget::OnMotionNotifySignal (this=0x8805318,
aGdkMotionEvent=0xbffff5b8) at nsWidget.cpp:1729
#31 0x40a76e65 in nsWindow::HandleGDKEvent (this=0x8805318, event=0x8224708)
at nsWindow.cpp:1101
#32 0x40a65fc1 in dispatch_superwin_event (event=0x8224708, window=0x8805318)
at nsGtkEventHandler.cpp:937
#33 0x40a65c34 in handle_gdk_event (event=0x8224708, data=0x0)
at nsGtkEventHandler.cpp:782
#34 0x40bf500b in gdk_event_dispatch () from /usr/lib/libgdk-1.2.so.0
#35 0x40c22be6 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#36 0x40c231a1 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#37 0x40c23341 in g_main_run () from /usr/lib/libglib-1.2.so.0
#38 0x40b4a209 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#39 0x40a5ca77 in nsAppShell::Run (this=0x811e488) at nsAppShell.cpp:313
#40 0x40707044 in nsAppShellService::Run (this=0x814d988)
at nsAppShellService.cpp:386
#41 0x8053269 in main1 (argc=1, argv=0xbffffa24, nativeApp=0x0)
at nsAppRunner.cpp:904
#42 0x805396d in main (argc=1, argv=0xbffffa24) at nsAppRunner.cpp:1188
|
Reporter | |
Comment 1•25 years ago
|
||
|
|
Reporter | |
Comment 2•25 years ago
|
||
It seems to be the use of uninitialized variable 'k'
(Okay, I was sloppy, but ... :-)
|
|
||
Comment 4•25 years ago
|
||
See also bug 39125. Seems like mozilla always crashes if JS runs out of memory.
|
|
||
Comment 5•25 years ago
|
||
I believe this is a duplicate of bug 39125. Note this
comment from bug 39125, in light of the stack trace above:
------- Additional Comments From Brendan Eich 2000-06-12 14:37 -------
This bug depends on bug 40757, which must be fixed for js1.5 customers.
Bug 40757 in part involves the lack of a safe GC point within js_AllocGCThing ..
John, do you agree we could close this as a duplicate?
|
|
Reporter | |
Comment 6•25 years ago
|
||
I'd agree that this bug may be a dup of the other, but I am completely ignorant
of js gc details, so I'll leave it to the language pros to decide.
|
|
Assignee | |
Comment 7•25 years ago
|
||
Not crashing anymore. Marking as a dupe of 39125 (and hence fixed)
*** This bug has been marked as a duplicate of 39125 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
|
|
||
Comment 8•25 years ago
|
||
Verified dupe. Plus this WFM on Linux build 2000110221.
You need to log in
before you can comment on or make changes to this bug.
Description
•