Last Comment Bug 578705 - Behave consistently in the face of too many args to fit on the stack
: Behave consistently in the face of too many args to fit on the stack
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: mozilla8
Assigned To: general
:
Mentors:
Depends on: 607371
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-14 10:46 PDT by Peter Kasting
Modified: 2011-08-01 11:10 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Peter Kasting 2010-07-14 10:46:55 PDT
(Note: I don't know what the current preferred term for the Firefox JS engine is, so I use "Spidermonkey" below; feel free to imagine a different name as needed.)

Spidermonkey is inconsistent about what to do when a function is passed too many arguments to fit on the stack.  In many cases, this throws a stack overflow exception, but in some (e.g. function.apply), the argument list is silently truncated instead.

By comparison, V8 (to the best of my knowledge) always throws an exception.

In http://trac.webkit.org/changeset/62432 , JSC was patched to act like Spidermonkey when too many args are passed to function.apply.  Both JSC and V8 developers have opined that in the abstract, always throwing seems like a better behavior, and in #jsapi Jeff Walden said that he considered "clamping sometimes" to be "a bug, to some degree".

It seems unlikely any site relies on one behavior or the other for compat reasons.  The only citations I've heard of this in the wild are sites that download enormous data files as JSON and pass them straight to function.apply -- something that's going to cause problems no matter what.

Therefore, in the interest of having all the engines match, and behave sanely, I propose that Spidermonkey change to always throwing a stack overflow exception.  Then JSC can copy that.
Comment 1 Peter Kasting 2011-08-01 10:22:50 PDT
Ping.  It would be nice to hear from Spidermonkey folks whether they consider this proposal to be sane.
Comment 2 Jeff Walden [:Waldo] (remove +bmo to email) 2011-08-01 11:10:08 PDT
Oops, we just fixed this and made SpiderMonkey throw an exception for an argument array with an overlarge length -- forgot to mark the dependency.

Note You need to log in before you can comment on or make changes to this bug.