Closed Bug 40802 Opened 24 years ago Closed 24 years ago

Javascript crashes on simple for-loop (by appearances "out of memory")

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 39125

People

(Reporter: jrgmorrison, Assigned: rogerl)

Details

(Keywords: crash)

Attachments

(1 file)

testcase; for-loop called from button onclick() handler
1.15 KB, text/html
Details 
Overview Description:

  Javascript crashes on simple for-loop (by appearances "out of
  memory")

Steps to Reproduce:
  1) load the attachment to this bug
  2) click on the button (usually crashes on the third click) 

  This is the code that crashes (huh? they say ...)

function doloop (msg) {
  loop(300);
}
function loop(n) {
  var i,j,k;
  for (var i=0; i<n; i++){ 
    for (var j=0; j<n; j++){ 
      k++;
    }
  }
}

Actual Results:   crashes 
Expected Results: no-op loop executes (and local storage cleared)
  
Reproducibility: always

Build Date & Platform Bug Found:
   20000525nn win32/linux/mac

Additional Builds and Platforms Tested On:
   DOES NOT OCCUR: Nav 4.73 win95

Additional Information:
  Here's the stack trace from a linux debug build (the stack is 
  the same for a talkback incident on win32 as well).

#0  0x405594e1 in __kill () from /lib/libc.so.6
#1  0x402a01eb in raise (sig=6) at signals.c:64
#2  0x4055a868 in abort () at ../sysdeps/generic/abort.c:88
#3  0x402123fb in JS_Assert (s=0x4021a690 "reportp", 
    file=0x4021a50a "jsexn.c", ln=554) at jsutil.c:174
#4  0x401bb5d0 in js_ErrorToException (cx=0x8689cf0, 
    message=0x893d520 "out of memory", reportp=0x0) at jsexn.c:554
#5  0x4019d70e in ReportError (cx=0x8689cf0, 
    message=0x893d520 "out of memory", reportp=0x0) at jscntxt.c:267
#6  0x4019d877 in js_ReportErrorVA (cx=0x8689cf0, flags=0, 
    format=0x402177eb "out of memory", ap=0xbfffe5ac) at jscntxt.c:316
#7  0x40197064 in JS_ReportError (cx=0x8689cf0, 
    format=0x402177eb "out of memory") at jsapi.c:2966
#8  0x401971ea in JS_ReportOutOfMemory (cx=0x8689cf0) at jsapi.c:3043
#9  0x401bfc9d in js_AllocGCThing (cx=0x8689cf0, flags=0) at jsgc.c:233
#10 0x401e34b8 in js_NewObject (cx=0x8689cf0, clasp=0x404a0e20, 
    proto=0x86d6b28, parent=0x0) at jsobj.c:1329
#11 0x40193cee in JS_NewObject (cx=0x8689cf0, clasp=0x404a0e20, 
    proto=0x86d6b28, parent=0x0) at jsapi.c:1471
#12 0x403e5b8c in NS_NewScriptKeyEvent (aContext=0x86933b0, 
    aSupports=0x893cc24, aParent=0x0, aReturn=0xbfffe76c)
    at nsJSKeyEvent.cpp:1011
#13 0x403df9f3 in nsJSEventListener::HandleEvent (this=0x8730d90, 
    aEvent=0x893cc24) at nsJSEventListener.cpp:141
#14 0x413f3c0c in nsEventListenerManager::HandleEventSubType (this=0x8575008, 
    aListenerStruct=0x8575070, aDOMEvent=0x893cc24, aCurrentTarget=0x857500c, 
    aSubType=32, aPhaseFlags=7) at nsEventListenerManager.cpp:754
#15 0x413f43d5 in nsEventListenerManager::HandleEvent (this=0x8575008, 
    aPresContext=0x86b7dd0, aEvent=0xbfffecac, aDOMEvent=0xbfffebec, 
    aCurrentTarget=0x857500c, aFlags=7, aEventStatus=0xbfffecec)
    at nsEventListenerManager.cpp:897
#16 0x416f140b in nsGenericElement::HandleDOMEvent (this=0x8574fe4, 
    aPresContext=0x86b7dd0, aEvent=0xbfffecac, aDOMEvent=0xbfffebec, aFlags=1, 
    aEventStatus=0xbfffecec) at nsGenericElement.cpp:1318
#17 0x414a18ad in nsHTMLDivElement::HandleDOMEvent (this=0x8574fd0, 
    aPresContext=0x86b7dd0, aEvent=0xbfffecac, aDOMEvent=0x0, aFlags=1, 
    aEventStatus=0xbfffecec) at nsHTMLDivElement.cpp:222
#18 0x413fcd77 in nsEventStateManager::GenerateMouseEnterExit (this=0x86f96f8, 
    aPresContext=0x86b7dd0, aEvent=0xbffff520) at nsEventStateManager.cpp:1335
#19 0x413f8804 in nsEventStateManager::PreHandleEvent (this=0x86f96f8, 
    aPresContext=0x86b7dd0, aEvent=0xbffff520, aTargetFrame=0x86e8028, 
    aStatus=0xbffff428, aView=0x8805c58) at nsEventStateManager.cpp:296
#20 0x4145a382 in PresShell::HandleEventInternal (this=0x8939d08, 
    aEvent=0xbffff520, aView=0x8805c58, aStatus=0xbffff428)
    at nsPresShell.cpp:3601
#21 0x4145a039 in PresShell::HandleEvent (this=0x8939d08, aView=0x8805c58, 
    aEvent=0xbffff520, aEventStatus=0xbffff428, aHandled=@0xbffff3cc)
    at nsPresShell.cpp:3542
#22 0x41a72c67 in nsView::HandleEvent (this=0x8805c58, event=0xbffff520, 
    aEventFlags=8, aStatus=0xbffff428, aHandled=@0xbffff3cc) at nsView.cpp:761
#23 0x41a72bf0 in nsView::HandleEvent (this=0x869a520, event=0xbffff520, 
    aEventFlags=8, aStatus=0xbffff428, aHandled=@0xbffff3cc) at nsView.cpp:745
#24 0x41a72bf0 in nsView::HandleEvent (this=0x8187628, event=0xbffff520, 
    aEventFlags=28, aStatus=0xbffff428, aHandled=@0xbffff3cc) at nsView.cpp:745
#25 0x41a85b93 in nsViewManager2::DispatchEvent (this=0x8187520, 
    aEvent=0xbffff520, aStatus=0xbffff428) at nsViewManager2.cpp:1367
#26 0x41a706e4 in HandleEvent (aEvent=0xbffff520) at nsView.cpp:68
#27 0x40a6ed28 in nsWidget::DispatchEvent (this=0x8805318, aEvent=0xbffff520, 
    aStatus=@0xbffff4c4) at nsWidget.cpp:1418
#28 0x40a6e96c in nsWidget::DispatchWindowEvent (this=0x8805318, 
    event=0xbffff520) at nsWidget.cpp:1309
#29 0x40a6ede0 in nsWidget::DispatchMouseEvent (this=0x8805318, 
    aEvent=@0xbffff520) at nsWidget.cpp:1445
#30 0x40a6f711 in nsWidget::OnMotionNotifySignal (this=0x8805318, 
    aGdkMotionEvent=0xbffff5b8) at nsWidget.cpp:1729
#31 0x40a76e65 in nsWindow::HandleGDKEvent (this=0x8805318, event=0x8224708)
    at nsWindow.cpp:1101
#32 0x40a65fc1 in dispatch_superwin_event (event=0x8224708, window=0x8805318)
    at nsGtkEventHandler.cpp:937
#33 0x40a65c34 in handle_gdk_event (event=0x8224708, data=0x0)
    at nsGtkEventHandler.cpp:782
#34 0x40bf500b in gdk_event_dispatch () from /usr/lib/libgdk-1.2.so.0
#35 0x40c22be6 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#36 0x40c231a1 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#37 0x40c23341 in g_main_run () from /usr/lib/libglib-1.2.so.0
#38 0x40b4a209 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#39 0x40a5ca77 in nsAppShell::Run (this=0x811e488) at nsAppShell.cpp:313
#40 0x40707044 in nsAppShellService::Run (this=0x814d988)
    at nsAppShellService.cpp:386
#41 0x8053269 in main1 (argc=1, argv=0xbffffa24, nativeApp=0x0)
    at nsAppRunner.cpp:904
#42 0x805396d in main (argc=1, argv=0xbffffa24) at nsAppRunner.cpp:1188
It seems to be the use of uninitialized variable 'k' 
(Okay, I was sloppy, but ... :-)
Adding crash to keyword field.
Keywords: crash
See also bug 39125. Seems like mozilla always crashes if JS runs out of memory.

I believe this is a duplicate of bug 39125. Note this 
comment from bug 39125, in light of the stack trace above:


------- Additional Comments From Brendan Eich 2000-06-12 14:37 -------

This bug depends on bug 40757, which must be fixed for js1.5 customers.  
Bug 40757 in part involves the lack of a safe GC point within js_AllocGCThing ..


John, do you agree we could close this as a duplicate?
I'd agree that this bug may be a dup of the other, but I am completely ignorant 
of js gc details, so I'll leave it to the language pros to decide.
Not crashing anymore. Marking as a dupe of 39125 (and hence fixed)

*** This bug has been marked as a duplicate of 39125 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
Verified dupe. Plus this WFM on Linux build 2000110221.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: