Closed
Bug 423804
Opened 16 years ago
Closed 16 years ago
Hang and OOM - uneval(Array(4294967295))
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: gkw, Unassigned)
Details
(Keywords: hang, testcase)
uneval(Array(4294967295)) hangs for a few minutes until it hits the virtual memory limit and generates error message: js-intelmac(1827) malloc: *** mmap(size=2397048832) failed (error code=12) *** error: can't allocate region *** set a breakpoint in malloc_error_break to debug w83-jsfunfuzz.js:1: out of memory
Comment 1•16 years ago
|
||
Hey Igor, did you fix this at one point, or something like it? /be
Comment 2•16 years ago
|
||
(In reply to comment #1) > Hey Igor, did you fix this at one point, or something like it? This is shell-only. Running javascript:uneval(Array(4294967295)) in the browser produces slow script dialog.
Reporter | ||
Comment 3•16 years ago
|
||
The "out of memory" message occurs in shell with: js> Array(0xffffffff)+"" as well. Running javascript:Array(0xffffffff)+"" in the browser also produces the slow script dialog. Just toString instead of toSource, according to Jesse.
Comment 4•16 years ago
|
||
I don't think this is a bug. You're trying to produce a string of 4GB worth of either ',,,,,,,,...' or '[ , , , , , , , ,... ]', either of which -should- yield an OOM condition. The hang is, unfortunately, caused by the fact that we are forced to check each array slot for holes, consult prototypes, and conditionally allocate more and more space for the output string, until we're done building it. That the slow-script dialog saves the browser from this makes it pretty much a non-issue, in my opinion. A smarter array_join_sub might be able to detect this condition more quickly, but that bug already exists (bug 200505). Even if this operation were O(n) (the best possible case) -- which it isn't -- it would still take a very long time relative to what it is accomplishing.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•