Commit 5ffdb7b1 authored by ggaren@apple.com's avatar ggaren@apple.com

JavaScriptCore:

        Reviewed by Sam Weinig.
        
        Partial fix for <rdar://problem/5744037> Gmail out of memory (17455)
        
        I'm removing KJS_MEM_LIMIT for the following reasons:
        
        - We have a few reports of KJS_MEM_LIMIT breaking important web
        applications, like GMail and Google Reader. (For example, if you
        simply open 12 GMail tabs, tab #12 will hit the limit.)

        - Firefox has no discernable JS object count limit, so any limit, even
        a large one, is a potential compatibility problem.
        
        - KJS_MEM_LIMIT does not protect against malicious memory allocation,
        since there are many ways to maliciously allocate memory without
        increasing the JS object count.
        
        - KJS_MEM_LIMIT is already mostly broken, since it only aborts the
        script that breaches the limit, not any subsequent scripts.
        
        - We've never gotten bug reports about websites that would have
        benefited from an unbroken KJS_MEM_LIMIT. The initial check-in of
        KJS_MEM_LIMIT (KJS revision 80061) doesn't mention a website that
        needed it.
        
        - Any website that brings you anywhere close to crashing due to the
        number of live JS objects will almost certainly put up the "slow
        script" dialog at least 20 times beforehand.

        * kjs/collector.cpp:
        (KJS::Collector::collect):
        * kjs/collector.h:
        * kjs/nodes.cpp:
        (KJS::TryNode::execute):

LayoutTests:

        Reviewed by Sam Weinig.
        
        Removing the test for KJS_MEM_LIMIT, since I removed KJS_MEM_LIMIT.

        * fast/js/out-of-memory-expected.txt: Removed.
        * fast/js/out-of-memory.html: Removed.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@30492 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 5ca5e8bd
2008-02-22 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Partial fix for <rdar://problem/5744037> Gmail out of memory (17455)
I'm removing KJS_MEM_LIMIT for the following reasons:
- We have a few reports of KJS_MEM_LIMIT breaking important web
applications, like GMail and Google Reader. (For example, if you
simply open 12 GMail tabs, tab #12 will hit the limit.)
- Firefox has no discernable JS object count limit, so any limit, even
a large one, is a potential compatibility problem.
- KJS_MEM_LIMIT does not protect against malicious memory allocation,
since there are many ways to maliciously allocate memory without
increasing the JS object count.
- KJS_MEM_LIMIT is already mostly broken, since it only aborts the
script that breaches the limit, not any subsequent scripts.
- We've never gotten bug reports about websites that would have
benefited from an unbroken KJS_MEM_LIMIT. The initial check-in of
KJS_MEM_LIMIT (KJS revision 80061) doesn't mention a website that
needed it.
- Any website that brings you anywhere close to crashing due to the
number of live JS objects will almost certainly put up the "slow
script" dialog at least 20 times beforehand.
* kjs/collector.cpp:
(KJS::Collector::collect):
* kjs/collector.h:
* kjs/nodes.cpp:
(KJS::TryNode::execute):
2008-02-22 Oliver Hunt <oliver@apple.com> 2008-02-22 Oliver Hunt <oliver@apple.com>
Reviewed by Alexey P. Reviewed by Alexey P.
......
...@@ -106,8 +106,6 @@ static CollectorHeap numberHeap = { 0, 0, 0, 0, 0, 0, 0, NoOperation }; ...@@ -106,8 +106,6 @@ static CollectorHeap numberHeap = { 0, 0, 0, 0, 0, 0, 0, NoOperation };
// Just a private global like "heap" above would be fine. // Just a private global like "heap" above would be fine.
size_t Collector::mainThreadOnlyObjectCount = 0; size_t Collector::mainThreadOnlyObjectCount = 0;
bool Collector::memoryFull = false;
static CollectorBlock* allocateBlock() static CollectorBlock* allocateBlock()
{ {
#if PLATFORM(DARWIN) #if PLATFORM(DARWIN)
...@@ -970,11 +968,6 @@ bool Collector::collect() ...@@ -970,11 +968,6 @@ bool Collector::collect()
primaryHeap.operationInProgress = NoOperation; primaryHeap.operationInProgress = NoOperation;
numberHeap.operationInProgress = NoOperation; numberHeap.operationInProgress = NoOperation;
bool newMemoryFull = (numLiveObjects >= KJS_MEM_LIMIT);
if (newMemoryFull && newMemoryFull != memoryFull)
reportOutOfMemoryToAllExecStates();
memoryFull = newMemoryFull;
return numLiveObjects < originalLiveObjects; return numLiveObjects < originalLiveObjects;
} }
......
...@@ -27,8 +27,6 @@ ...@@ -27,8 +27,6 @@
#include <string.h> #include <string.h>
#include <wtf/HashCountedSet.h> #include <wtf/HashCountedSet.h>
#define KJS_MEM_LIMIT 500000
namespace KJS { namespace KJS {
class JSCell; class JSCell;
...@@ -47,7 +45,6 @@ namespace KJS { ...@@ -47,7 +45,6 @@ namespace KJS {
static void reportExtraMemoryCost(size_t cost); static void reportExtraMemoryCost(size_t cost);
static size_t size(); static size_t size();
static bool isOutOfMemory() { return memoryFull; }
static void protect(JSValue*); static void protect(JSValue*);
static void unprotect(JSValue*); static void unprotect(JSValue*);
......
...@@ -4301,9 +4301,6 @@ JSValue* TryNode::execute(ExecState* exec) ...@@ -4301,9 +4301,6 @@ JSValue* TryNode::execute(ExecState* exec)
{ {
JSValue* result = m_tryBlock->execute(exec); JSValue* result = m_tryBlock->execute(exec);
if (Collector::isOutOfMemory())
return result; // don't try to catch an out of memory exception thrown by the collector
if (m_catchBlock && exec->completionType() == Throw) { if (m_catchBlock && exec->completionType() == Throw) {
JSObject* obj = new JSObject; JSObject* obj = new JSObject;
obj->put(exec, m_exceptionIdent, result, DontDelete); obj->put(exec, m_exceptionIdent, result, DontDelete);
......
2008-02-22 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Removing the test for KJS_MEM_LIMIT, since I removed KJS_MEM_LIMIT.
* fast/js/out-of-memory-expected.txt: Removed.
* fast/js/out-of-memory.html: Removed.
2008-02-22 Oliver Hunt <oliver@apple.com> 2008-02-22 Oliver Hunt <oliver@apple.com>
Reviewed by Alexey P. Reviewed by Alexey P.
CONSOLE MESSAGE: line 10: Error: Out of memory
This page should throw an out of memory exception.
<div>This page should throw an out of memory exception.</div>
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
var object = new Array;
var counter = 0;
try {
while(true) {
object[counter++] = new Array;
}
} catch(e) {
alert("FAILED! caught an Out Of Memory Exception!! " + e);
}
alert("FAILED! No out of memory exception was thrown!");
</script>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment