Revision: 20114
Author: [email protected]
Date: Thu Mar 20 11:11:28 2014 UTC
Log: Revert "Throw exception on invalid string length instead of OOM."
This reverts r20112.
[email protected]
Review URL: https://codereview.chromium.org/206383002
http://code.google.com/p/v8/source/detail?r=20114
Deleted:
/branches/bleeding_edge/test/mjsunit/string-oom-array-join.js
/branches/bleeding_edge/test/mjsunit/string-oom-concat.js
/branches/bleeding_edge/test/mjsunit/string-oom-replace-global-regexp-with-string.js
/branches/bleeding_edge/test/mjsunit/string-oom-replace-regexp-global-with-function.js
/branches/bleeding_edge/test/mjsunit/string-oom-slow-escape.js
/branches/bleeding_edge/test/mjsunit/string-oom-slow-json-stringify.js
/branches/bleeding_edge/test/mjsunit/string-oom-slow-replace-one-with-string.js
/branches/bleeding_edge/test/mjsunit/string-oom-slow-to-uppercase.js
Modified:
/branches/bleeding_edge/src/api.cc
/branches/bleeding_edge/src/factory.cc
/branches/bleeding_edge/src/func-name-inferrer.cc
/branches/bleeding_edge/src/isolate.cc
/branches/bleeding_edge/src/isolate.h
/branches/bleeding_edge/src/json-stringifier.h
/branches/bleeding_edge/src/parser.cc
/branches/bleeding_edge/src/runtime.cc
/branches/bleeding_edge/src/uri.h
/branches/bleeding_edge/test/cctest/test-strings.cc
/branches/bleeding_edge/test/mjsunit/mjsunit.status
=======================================
--- /branches/bleeding_edge/test/mjsunit/string-oom-array-join.js Thu Mar
20 10:49:33 2014 UTC
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-var a = "a";
-for (var i = 0; i < 23; i++) a += a;
-var b = [];
-for (var i = 0; i < (1<<5); i++) b.push(a);
-
-function join() {
- b.join();
-}
-
-assertThrows(join, RangeError);
=======================================
--- /branches/bleeding_edge/test/mjsunit/string-oom-concat.js Thu Mar 20
10:49:33 2014 UTC
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-function concat() {
- var a = " ";
- for (var i = 0; i < 100; i++) {
- a += a;
- }
-}
-
-assertThrows(concat, RangeError);
=======================================
---
/branches/bleeding_edge/test/mjsunit/string-oom-replace-global-regexp-with-string.js
Thu Mar 20 10:49:33 2014 UTC
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-var a = 'a';
-for (var i = 0; i < 5; i++) a += a;
-var b = 'b';
-for (var i = 0; i < 23; i++) b += b;
-
-function replace() {
- a.replace(/./g, b);
-}
-
-assertThrows(replace, RangeError);
=======================================
---
/branches/bleeding_edge/test/mjsunit/string-oom-replace-regexp-global-with-function.js
Thu Mar 20 10:49:33 2014 UTC
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-var a = "a";
-for (var i = 0; i < 5; i++) a += a;
-var b = "b";
-for (var i = 0; i < 23; i++) b += b;
-
-function replace() {
- a.replace(/a/g, function() { return b });
-}
-
-assertThrows(replace, RangeError);
=======================================
--- /branches/bleeding_edge/test/mjsunit/string-oom-slow-escape.js Thu Mar
20 10:49:33 2014 UTC
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-
-var a = '<';
-for (var i = 0; i < 26; i++) a += a;
-a = a + a + a;
-
-function escape_a() {
- escape(a);
-}
-
-assertThrows(escape_a, RangeError);
=======================================
--- /branches/bleeding_edge/test/mjsunit/string-oom-slow-json-stringify.js
Thu Mar 20 10:49:33 2014 UTC
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-var a = 'a';
-for (var i = 0; i < 20; i++) a += a;
-for (var i = 0; i < 8; i++) a = [a, a];
-
-function stringify() {
- JSON.stringify(a);
-}
-
-assertThrows(stringify, RangeError);
=======================================
---
/branches/bleeding_edge/test/mjsunit/string-oom-slow-replace-one-with-string.js
Thu Mar 20 10:49:33 2014 UTC
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-var a = 'a';
-for (var i = 0; i < 27; i++) a += a;
-
-function replace() {
- a.replace('a', a);
-}
-
-assertThrows(replace, RangeError);
=======================================
--- /branches/bleeding_edge/test/mjsunit/string-oom-slow-to-uppercase.js
Thu Mar 20 10:49:33 2014 UTC
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-var s = "\u00df"; // ß
-for (var i = 0; i < 27; i++) s += s;
-
-function upper() {
- s.toUpperCase();
-}
-
-assertThrows(upper, RangeError);
=======================================
--- /branches/bleeding_edge/src/api.cc Thu Mar 20 10:49:33 2014 UTC
+++ /branches/bleeding_edge/src/api.cc Thu Mar 20 11:11:28 2014 UTC
@@ -5475,8 +5475,6 @@
i::Handle<i::String> right_string = Utils::OpenHandle(*right);
i::Handle<i::String> result =
isolate->factory()->NewConsString(left_string,
right_string);
- // We do not expect this to throw an exception. Change this if it does.
- CHECK_NOT_EMPTY_HANDLE(isolate, result);
return Utils::ToLocal(result);
}
@@ -6968,12 +6966,9 @@
return ToApiHandle<String>(
isolate->factory()->InternalizeUtf8String(entry->name()));
} else {
- i::Handle<i::String> cons = isolate->factory()->NewConsString(
+ return ToApiHandle<String>(isolate->factory()->NewConsString(
isolate->factory()->InternalizeUtf8String(entry->name_prefix()),
- isolate->factory()->InternalizeUtf8String(entry->name()));
- // We do not expect this to throw an exception. Change this if it does.
- CHECK_NOT_EMPTY_HANDLE(isolate, cons);
- return ToApiHandle<String>(cons);
+ isolate->factory()->InternalizeUtf8String(entry->name())));
}
}
=======================================
--- /branches/bleeding_edge/src/factory.cc Thu Mar 20 10:49:33 2014 UTC
+++ /branches/bleeding_edge/src/factory.cc Thu Mar 20 11:11:28 2014 UTC
@@ -377,7 +377,9 @@
// Make sure that an out of memory exception is thrown if the length
// of the new cons string is too large.
if (length > String::kMaxLength || length < 0) {
- isolate()->ThrowInvalidStringLength();
+ isolate()->context()->mark_out_of_memory();
+ V8::FatalProcessOutOfMemory("String concatenation result too large.");
+ UNREACHABLE();
return Handle<String>::null();
}
=======================================
--- /branches/bleeding_edge/src/func-name-inferrer.cc Thu Mar 20 10:49:33
2014 UTC
+++ /branches/bleeding_edge/src/func-name-inferrer.cc Thu Mar 20 11:11:28
2014 UTC
@@ -83,14 +83,11 @@
return MakeNameFromStackHelper(pos + 1, prev);
} else {
if (prev->length() > 0) {
- Handle<String> name = names_stack_.at(pos).name;
- if (prev->length() + name->length() + 1 > String::kMaxLength) return
prev;
Factory* factory = isolate()->factory();
- Handle<String> curr = factory->NewConsString(factory->dot_string(),
name);
- CHECK_NOT_EMPTY_HANDLE(isolate(), curr);
- curr = factory->NewConsString(prev, curr);
- CHECK_NOT_EMPTY_HANDLE(isolate(), curr);
- return MakeNameFromStackHelper(pos + 1, curr);
+ Handle<String> curr = factory->NewConsString(
+ factory->dot_string(), names_stack_.at(pos).name);
+ return MakeNameFromStackHelper(pos + 1,
+ factory->NewConsString(prev, curr));
} else {
return MakeNameFromStackHelper(pos + 1, names_stack_.at(pos).name);
}
=======================================
--- /branches/bleeding_edge/src/isolate.cc Thu Mar 20 10:49:33 2014 UTC
+++ /branches/bleeding_edge/src/isolate.cc Thu Mar 20 11:11:28 2014 UTC
@@ -949,12 +949,6 @@
if (FLAG_stack_trace_on_illegal) PrintStack(stdout);
return Throw(heap_.illegal_access_string());
}
-
-
-Failure* Isolate::ThrowInvalidStringLength() {
- return Throw(*factory()->NewRangeError(
- "invalid_string_length", HandleVector<Object>(NULL, 0)));
-}
void Isolate::ScheduleThrow(Object* exception) {
=======================================
--- /branches/bleeding_edge/src/isolate.h Thu Mar 20 10:49:33 2014 UTC
+++ /branches/bleeding_edge/src/isolate.h Thu Mar 20 11:11:28 2014 UTC
@@ -789,7 +789,6 @@
// Return pending location if any or unfilled structure.
MessageLocation GetMessageLocation();
Failure* ThrowIllegalOperation();
- Failure* ThrowInvalidStringLength();
// Promote a scheduled exception to pending. Asserts
has_scheduled_exception.
Failure* PromoteScheduledException();
=======================================
--- /branches/bleeding_edge/src/json-stringifier.h Thu Mar 20 10:49:33 2014
UTC
+++ /branches/bleeding_edge/src/json-stringifier.h Thu Mar 20 11:11:28 2014
UTC
@@ -51,8 +51,6 @@
enum Result { UNCHANGED, SUCCESS, EXCEPTION, CIRCULAR, STACK_OVERFLOW };
- void Accumulate();
-
void Extend();
void ChangeEncoding();
@@ -180,7 +178,6 @@
int current_index_;
int part_length_;
bool is_ascii_;
- bool overflowed_;
static const int kJsonEscapeTableEntrySize = 8;
static const char* const JsonEscapeTable;
@@ -257,10 +254,7 @@
BasicJsonStringifier::BasicJsonStringifier(Isolate* isolate)
- : isolate_(isolate),
- current_index_(0),
- is_ascii_(true),
- overflowed_(false) {
+ : isolate_(isolate), current_index_(0), is_ascii_(true) {
factory_ = isolate_->factory();
accumulator_store_ = Handle<JSValue>::cast(
factory_->ToObject(factory_->empty_string()));
@@ -275,12 +269,9 @@
switch (SerializeObject(object)) {
case UNCHANGED:
return isolate_->heap()->undefined_value();
- case SUCCESS: {
+ case SUCCESS:
ShrinkCurrentPart();
- Accumulate();
- if (overflowed_) return isolate_->ThrowInvalidStringLength();
- return *accumulator();
- }
+ return *factory_->NewConsString(accumulator(), current_part_);
case CIRCULAR:
return isolate_->Throw(*factory_->NewTypeError(
"circular_structure", HandleVector<Object>(NULL, 0)));
@@ -495,9 +486,7 @@
part_length_ = kInitialPartLength; // Allocate conservatively.
Extend(); // Attach current part and allocate new part.
// Attach result string to the accumulator.
- Handle<String> cons = factory_->NewConsString(accumulator(),
result_string);
- RETURN_IF_EMPTY_HANDLE_VALUE(isolate_, cons, EXCEPTION);
- set_accumulator(cons);
+ set_accumulator(factory_->NewConsString(accumulator(), result_string));
return SUCCESS;
}
@@ -717,22 +706,10 @@
current_part_ =
SeqString::Truncate(Handle<SeqString>::cast(current_part_),
current_index_);
}
-
-
-void BasicJsonStringifier::Accumulate() {
- if (accumulator()->length() + current_part_->length() >
String::kMaxLength) {
- // Screw it. Simply set the flag and carry on. Throw exception at
the end.
- // We most likely will trigger a real OOM before even reaching this
point.
- set_accumulator(factory_->empty_string());
- overflowed_ = true;
- } else {
- set_accumulator(factory_->NewConsString(accumulator(), current_part_));
- }
-}
void BasicJsonStringifier::Extend() {
- Accumulate();
+ set_accumulator(factory_->NewConsString(accumulator(), current_part_));
if (part_length_ <= kMaxPartLength / kPartLengthGrowthFactor) {
part_length_ *= kPartLengthGrowthFactor;
}
@@ -747,7 +724,7 @@
void BasicJsonStringifier::ChangeEncoding() {
ShrinkCurrentPart();
- Accumulate();
+ set_accumulator(factory_->NewConsString(accumulator(), current_part_));
current_part_ = factory_->NewRawTwoByteString(part_length_);
current_index_ = 0;
is_ascii_ = false;
=======================================
--- /branches/bleeding_edge/src/parser.cc Thu Mar 20 10:49:33 2014 UTC
+++ /branches/bleeding_edge/src/parser.cc Thu Mar 20 11:11:28 2014 UTC
@@ -2922,7 +2922,6 @@
Factory* heap_factory = isolate()->factory();
Handle<String> tempstr =
heap_factory->NewConsString(heap_factory->dot_for_string(),
name);
- RETURN_IF_EMPTY_HANDLE_VALUE(isolate(), tempstr, 0);
Handle<String> tempname = heap_factory->InternalizeString(tempstr);
Variable* temp =
scope_->DeclarationScope()->NewTemporary(tempname);
VariableProxy* temp_proxy = factory()->NewVariableProxy(temp);
=======================================
--- /branches/bleeding_edge/src/runtime.cc Thu Mar 20 10:49:33 2014 UTC
+++ /branches/bleeding_edge/src/runtime.cc Thu Mar 20 11:11:28 2014 UTC
@@ -3330,8 +3330,7 @@
array_builder_(heap->isolate(), estimated_part_count),
subject_(subject),
character_count_(0),
- is_ascii_(subject->IsOneByteRepresentation()),
- overflowed_(false) {
+ is_ascii_(subject->IsOneByteRepresentation()) {
// Require a non-zero initial size. Ensures that doubling the size to
// extend the array will work.
ASSERT(estimated_part_count > 0);
@@ -3379,11 +3378,6 @@
Handle<String> ToString() {
- if (overflowed_) {
- heap_->isolate()->ThrowInvalidStringLength();
- return Handle<String>();
- }
-
if (array_builder_.length() == 0) {
return heap_->isolate()->factory()->empty_string();
}
@@ -3415,7 +3409,7 @@
void IncrementCharacterCount(int by) {
if (character_count_ > String::kMaxLength - by) {
- overflowed_ = true;
+ V8::FatalProcessOutOfMemory("String.replace result too large.");
}
character_count_ += by;
}
@@ -3442,7 +3436,6 @@
Handle<String> subject_;
int character_count_;
bool is_ascii_;
- bool overflowed_;
};
@@ -4041,9 +4034,7 @@
capture_count,
global_cache.LastSuccessfulMatch());
- Handle<String> result = builder.ToString();
- RETURN_IF_EMPTY_HANDLE(isolate, result);
- return *result;
+ return *(builder.ToString());
}
@@ -4189,8 +4180,8 @@
replace,
found,
recursion_limit - 1);
+ if (*found) return isolate->factory()->NewConsString(new_first,
second);
if (new_first.is_null()) return new_first;
- if (*found) return isolate->factory()->NewConsString(new_first,
second);
Handle<String> new_second =
StringReplaceOneCharWithString(isolate,
@@ -4199,8 +4190,8 @@
replace,
found,
recursion_limit - 1);
+ if (*found) return isolate->factory()->NewConsString(first,
new_second);
if (new_second.is_null()) return new_second;
- if (*found) return isolate->factory()->NewConsString(first,
new_second);
return subject;
} else {
@@ -4209,7 +4200,6 @@
*found = true;
Handle<String> first = isolate->factory()->NewSubString(subject, 0,
index);
Handle<String> cons1 = isolate->factory()->NewConsString(first,
replace);
- RETURN_IF_EMPTY_HANDLE_VALUE(isolate, cons1, Handle<String>());
Handle<String> second =
isolate->factory()->NewSubString(subject, index + 1,
subject->length());
return isolate->factory()->NewConsString(cons1, second);
@@ -4235,7 +4225,6 @@
&found,
kRecursionLimit);
if (!result.is_null()) return *result;
- if (isolate->has_pending_exception()) return Failure::Exception();
return *StringReplaceOneCharWithString(isolate,
FlattenGetString(subject),
search,
@@ -6236,7 +6225,7 @@
Handle<String> result = string->IsOneByteRepresentationUnderneath()
? URIEscape::Escape<uint8_t>(isolate, source)
: URIEscape::Escape<uc16>(isolate, source);
- RETURN_IF_EMPTY_HANDLE(isolate, result);
+ if (result.is_null()) return Failure::OutOfMemoryException(0x12);
return *result;
}
@@ -6370,9 +6359,9 @@
int char_length = mapping->get(current, 0, chars);
if (char_length == 0) char_length = 1;
current_length += char_length;
- if (current_length > String::kMaxLength) {
- AllowHeapAllocation allocate_error_and_return;
- return isolate->ThrowInvalidStringLength();
+ if (current_length > Smi::kMaxValue) {
+ isolate->context()->mark_out_of_memory();
+ return Failure::OutOfMemoryException(0x13);
}
}
// Try again with the real length. Return signed if we need
@@ -7027,9 +7016,7 @@
CONVERT_ARG_HANDLE_CHECKED(String, str1, 0);
CONVERT_ARG_HANDLE_CHECKED(String, str2, 1);
isolate->counters()->string_add_runtime()->Increment();
- Handle<String> result = isolate->factory()->NewConsString(str1, str2);
- RETURN_IF_EMPTY_HANDLE(isolate, result);
- return *result;
+ return *isolate->factory()->NewConsString(str1, str2);
}
@@ -7076,7 +7063,10 @@
HandleScope scope(isolate);
ASSERT(args.length() == 3);
CONVERT_ARG_HANDLE_CHECKED(JSArray, array, 0);
- if (!args[1]->IsSmi()) return isolate->ThrowInvalidStringLength();
+ if (!args[1]->IsSmi()) {
+ isolate->context()->mark_out_of_memory();
+ return Failure::OutOfMemoryException(0x14);
+ }
int array_length = args.smi_at(1);
CONVERT_ARG_HANDLE_CHECKED(String, special, 2);
@@ -7150,7 +7140,8 @@
return isolate->Throw(isolate->heap()->illegal_argument_string());
}
if (increment > String::kMaxLength - position) {
- return isolate->ThrowInvalidStringLength();
+ isolate->context()->mark_out_of_memory();
+ return Failure::OutOfMemoryException(0x15);
}
position += increment;
}
@@ -7185,15 +7176,20 @@
RUNTIME_FUNCTION(MaybeObject*, Runtime_StringBuilderJoin) {
- HandleScope scope(isolate);
+ SealHandleScope shs(isolate);
ASSERT(args.length() == 3);
- CONVERT_ARG_HANDLE_CHECKED(JSArray, array, 0);
- if (!args[1]->IsSmi()) return isolate->ThrowInvalidStringLength();
+ CONVERT_ARG_CHECKED(JSArray, array, 0);
+ if (!args[1]->IsSmi()) {
+ isolate->context()->mark_out_of_memory();
+ return Failure::OutOfMemoryException(0x16);
+ }
int array_length = args.smi_at(1);
- CONVERT_ARG_HANDLE_CHECKED(String, separator, 2);
- RUNTIME_ASSERT(array->HasFastObjectElements());
+ CONVERT_ARG_CHECKED(String, separator, 2);
- Handle<FixedArray> fixed_array(FixedArray::cast(array->elements()));
+ if (!array->HasFastObjectElements()) {
+ return isolate->Throw(isolate->heap()->illegal_argument_string());
+ }
+ FixedArray* fixed_array = FixedArray::cast(array->elements());
if (fixed_array->length() < array_length) {
array_length = fixed_array->length();
}
@@ -7202,32 +7198,38 @@
return isolate->heap()->empty_string();
} else if (array_length == 1) {
Object* first = fixed_array->get(0);
- RUNTIME_ASSERT(first->IsString());
- return first;
+ if (first->IsString()) return first;
}
int separator_length = separator->length();
int max_nof_separators =
(String::kMaxLength + separator_length - 1) / separator_length;
if (max_nof_separators < (array_length - 1)) {
- return isolate->ThrowInvalidStringLength();
+ isolate->context()->mark_out_of_memory();
+ return Failure::OutOfMemoryException(0x17);
}
int length = (array_length - 1) * separator_length;
for (int i = 0; i < array_length; i++) {
Object* element_obj = fixed_array->get(i);
- RUNTIME_ASSERT(element_obj->IsString());
+ if (!element_obj->IsString()) {
+ // TODO(1161): handle this case.
+ return isolate->Throw(isolate->heap()->illegal_argument_string());
+ }
String* element = String::cast(element_obj);
int increment = element->length();
if (increment > String::kMaxLength - length) {
- return isolate->ThrowInvalidStringLength();
+ isolate->context()->mark_out_of_memory();
+ return Failure::OutOfMemoryException(0x18);
}
length += increment;
}
- Handle<SeqTwoByteString> answer =
- isolate->factory()->NewRawTwoByteString(length);
-
- DisallowHeapAllocation no_gc;
+ Object* object;
+ { MaybeObject* maybe_object =
+ isolate->heap()->AllocateRawTwoByteString(length);
+ if (!maybe_object->ToObject(&object)) return maybe_object;
+ }
+ SeqTwoByteString* answer = SeqTwoByteString::cast(object);
uc16* sink = answer->GetChars();
#ifdef DEBUG
@@ -7235,14 +7237,13 @@
#endif
String* first = String::cast(fixed_array->get(0));
- String* seperator_raw = *separator;
int first_length = first->length();
String::WriteToFlat(first, sink, 0, first_length);
sink += first_length;
for (int i = 1; i < array_length; i++) {
ASSERT(sink + separator_length <= end);
- String::WriteToFlat(seperator_raw, sink, 0, separator_length);
+ String::WriteToFlat(separator, sink, 0, separator_length);
sink += separator_length;
String* element = String::cast(fixed_array->get(i));
@@ -7255,7 +7256,7 @@
// Use %_FastAsciiArrayJoin instead.
ASSERT(!answer->IsOneByteRepresentation());
- return *answer;
+ return answer;
}
template <typename Char>
@@ -7356,7 +7357,9 @@
// Throw an exception if the resulting string is too large. See
// https://code.google.com/p/chromium/issues/detail?id=336820
// for details.
- return isolate->ThrowInvalidStringLength();
+ return isolate->Throw(*isolate->factory()->
+ NewRangeError("invalid_string_length",
+ HandleVector<Object>(NULL, 0)));
}
if (is_ascii) {
=======================================
--- /branches/bleeding_edge/src/uri.h Thu Mar 20 10:49:33 2014 UTC
+++ /branches/bleeding_edge/src/uri.h Thu Mar 20 11:11:28 2014 UTC
@@ -264,8 +264,7 @@
// We don't allow strings that are longer than a maximal length.
ASSERT(String::kMaxLength < 0x7fffffff - 6); // Cannot overflow.
if (escaped_length > String::kMaxLength) {
- AllowHeapAllocation allocate_error_and_return;
- isolate->ThrowInvalidStringLength();
+ isolate->context()->mark_out_of_memory();
return Handle<String>::null();
}
}
=======================================
--- /branches/bleeding_edge/test/cctest/test-strings.cc Thu Mar 20 10:49:33
2014 UTC
+++ /branches/bleeding_edge/test/cctest/test-strings.cc Thu Mar 20 11:11:28
2014 UTC
@@ -1209,17 +1209,24 @@
// starting with 'bad', followed by 2^14 times the string s. That means
the
// total length of the concatenated strings is 2^31 + 3. So on 32bit
systems
// summing the lengths of the strings (as Smis) overflows and wraps.
- LocalContext context;
- v8::HandleScope scope(CcTest::isolate());
- v8::TryCatch try_catch;
- CHECK(CompileRun(
+ static const char* join_causing_out_of_memory =
"var two_14 = Math.pow(2, 14);"
"var two_17 = Math.pow(2, 17);"
"var s = Array(two_17 + 1).join('c');"
"var a = ['bad'];"
"for (var i = 1; i <= two_14; i++) a.push(s);"
- "a.join("");").IsEmpty());
- CHECK(try_catch.HasCaught());
+ "a.join("");";
+
+ v8::HandleScope scope(CcTest::isolate());
+ LocalContext context;
+ v8::V8::IgnoreOutOfMemoryException();
+ v8::Local<v8::Script> script = v8::Script::Compile(
+ v8::String::NewFromUtf8(CcTest::isolate(),
join_causing_out_of_memory));
+ v8::Local<v8::Value> result = script->Run();
+
+ // Check for out of memory state.
+ CHECK(result.IsEmpty());
+ CHECK(context->HasOutOfMemoryException());
}
=======================================
--- /branches/bleeding_edge/test/mjsunit/mjsunit.status Thu Mar 20 10:49:33
2014 UTC
+++ /branches/bleeding_edge/test/mjsunit/mjsunit.status Thu Mar 20 11:11:28
2014 UTC
@@ -44,7 +44,6 @@
# When that bug is fixed, revert the expectation to:
# Skip long running test in debug and allow it to timeout in release
mode.
# regress/regress-524: [PASS, TIMEOUT, ['mode == debug', SKIP]],
- 'string-oom-slow-*': [SLOW, ['mode == debug', SKIP]],
# This test non-deterministically runs out of memory on Windows ia32.
'regress/regress-crbug-160010': [SKIP],
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
