diff options
| author | Steve Block <steveblock@google.com> | 2011-05-06 11:45:16 +0100 |
|---|---|---|
| committer | Steve Block <steveblock@google.com> | 2011-05-12 13:44:10 +0100 |
| commit | cad810f21b803229eb11403f9209855525a25d57 (patch) | |
| tree | 29a6fd0279be608e0fe9ffe9841f722f0f4e4269 /Source/WebCore/manual-tests/array-out-of-memory.html | |
| parent | 121b0cf4517156d0ac5111caf9830c51b69bae8f (diff) | |
| download | external_webkit-cad810f21b803229eb11403f9209855525a25d57.zip external_webkit-cad810f21b803229eb11403f9209855525a25d57.tar.gz external_webkit-cad810f21b803229eb11403f9209855525a25d57.tar.bz2 | |
Merge WebKit at r75315: Initial merge by git.
Change-Id: I570314b346ce101c935ed22a626b48c2af266b84
Diffstat (limited to 'Source/WebCore/manual-tests/array-out-of-memory.html')
| -rw-r--r-- | Source/WebCore/manual-tests/array-out-of-memory.html | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/Source/WebCore/manual-tests/array-out-of-memory.html b/Source/WebCore/manual-tests/array-out-of-memory.html new file mode 100644 index 0000000..486e200 --- /dev/null +++ b/Source/WebCore/manual-tests/array-out-of-memory.html @@ -0,0 +1,42 @@ +<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> +<html> +<head> +<script> + +function runArrayOOMTest() { + document.write("<p>Starting test...</p>"); + + // The index 'target' is the location in the array we expect to fault on access, should the size calculation of the realloc of the vector be allowed + // to overflow. The vector needs to be ((target + 1) * sizeof(JSValue*)) bytes long to hold 'target', or approximately 2/3 UINT32_MAX. Upon growing + // the array an additional 50% capacity will be allocated, plus the storage object header, taking the size of the allocation over UINT32_MAX. + var target = Math.floor(0xFFFFFFFF / 6); + // In order to force arr[target] to be stored in the vector, rather than the sparse map, we need ensure the vector is sufficiently densely populated. + var populate = Math.floor(target / 8 + 1); + + try { + var arr = new Array(); + for (i=0; i < populate; ++i) + arr[i] = 0; + arr[target] = 0; + } catch(e) { + var expect_name = "Error"; + var expect_message = "Out of memory"; + if ((e.name == expect_name) && (e.message == expect_message)) + document.write("<p>SUCCESS</p>"); + else + document.write("<p>FAIL - Expected \"" + expect_name + "/" + expect_message + "\", got \"" + e.name + "/" + e.message + "\".</p>"); + + return; + } + + document.write("<p>FAIL - Expected exception.</p>"); +} + +</script> +</head> +<body> +<p>This test checks that Array objects fail gracefully (throw exception) when array length grows large.</p> +<p>This test may run for over 20 seconds on a fast machine, and will consume hundereds of MB of memory.</p> +<input type="button" onclick="runArrayOOMTest()" value="Start"> +</body> +</html> |