bug698584.js should allow oom

RESOLVED FIXED in Firefox -esr10

Status

()

Core
JavaScript Engine
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: Ginn Chen, Assigned: Ginn Chen)

Tracking

unspecified
mozilla11
x86
Solaris
Points:
---

Firefox Tracking Flags

(firefox-esr10 fixed)

Details

(Whiteboard: [qa-])

Attachments

(1 attachment)

(Assignee)

Description

6 years ago
When I can jit-test.py on Solaris x86, bug698584.js failed with OOM.
If I run it directly with ./js, I got InternalError: allocation size overflow.

I think both results should be considered PASS.

Here's the stack of OOM:

=>[1] js_ReportOutOfMemory(cx = 0x86a00b8) (optimized), at 0x81dd83c (line ~718) in "jscntxt.h"
  [2] JSRuntime::onOutOfMemory(this = 0x865eec0, p = (nil), nbytes = 528482274U, cx = 0x86a00b8) (optimized), at 0x81df239 (line ~1587) in "jscntxt.cpp"
  [3] AllocChars(maybecx = 0x86a00b8, length = 234881010U, chars = 0x8044d9c, capacity = 0x8044d98) (optimized), at 0x83a813f (line ~743) in "jscntxt.h"
  [4] JSRope::flatten(this = 0xfda10030, maybecx = 0x86a00b8) (optimized), at 0x83a5c79 (line ~217) in "String.cpp"
  [5] ExecuteRegExp(cx = 0x86a00b8, native = 0x8404adc = &js::regexp_test(JSContext*,unsigned,JS::Value*), argc = 1U, vp = 0xfde00058) (optimized), at 0x840445e (line ~323) in "String.h"
  [6] js::regexp_test(cx = 0x86a00b8, argc = 1U, vp = 0xfde00058) (optimized), at 0x8404b03 (line ~586) in "RegExp.cpp"
  [7] CallCompiler::generateNativeStub(this = 0x8045620) (optimized), at 0x850a987 (line ~939) in "MonoIC.cpp"
  [8] js::mjit::ic::NativeCall(f = STRUCT, ic = 0x86a89ec) (optimized), at 0x8506bd3 (line ~1173) in "MonoIC.cpp"
  [9] 0xfed81d2f(0x8047230, 0xfde00020, 0x80456e8, 0x8408d4a, 0x86a00b8, 0xfde00020), at 0xfed81d2f 
  [10] 0x85d8750(0x0, 0xfda00040, 0x0, 0x857f73c, 0x0, 0xffffff82), at 0x85d8750
(Assignee)

Comment 1

6 years ago
Created attachment 574230 [details] [diff] [review]
patch
Assignee: general → ginn.chen
Status: NEW → ASSIGNED
Attachment #574230 - Flags: review?(mak77)
Comment on attachment 574230 [details] [diff] [review]
patch

i'm not the right person to review this, maybe you meant mrbkap
Attachment #574230 - Flags: review?(mak77) → review?(mrbkap)
Attachment #574230 - Flags: review?(mrbkap) → review?(evilpies)
Attachment #574230 - Flags: review?(evilpies) → review+
(Assignee)

Comment 3

6 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/cf6e30a75b0a
https://hg.mozilla.org/mozilla-central/rev/cf6e30a75b0a
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
Comment on attachment 574230 [details] [diff] [review]
patch

Requesting approval for esr10. This is a test-only fix that will fix a persistent test failure that we're seeing on the Thunderbird Linux 64 bit unit test boxes, hence clearing the orange picture a bit there and making it clearer for releases.
Attachment #574230 - Flags: approval-mozilla-esr10?
Comment on attachment 574230 [details] [diff] [review]
patch

[Triage Comment]
Approving test-only fix.
Attachment #574230 - Flags: approval-mozilla-esr10? → approval-mozilla-esr10+
Landed on esr10:

http://hg.mozilla.org/releases/mozilla-esr10/rev/ca2e4986ccfd
status-firefox-esr10: --- → fixed
Ginn, can you please confirm if this is working now with the latest ESR build?
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.