157595 2016-05-11 16:45:15 -0700 r199812 broke test262 2016-05-19 11:39:12 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Local Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 156832 1 saam msaboff benjamin fpizlo ggaren gskachkov keith_miller mark.lam msaboff oliver ossy saam sukolsak webkit-bug-importer ysuzuki oldest_to_newest 1192148 0 saam 2016-05-11 16:45:15 -0700 It fails around the 38% mark. 1192151 1 webkit-bug-importer 2016-05-11 16:48:31 -0700 <rdar://problem/26234295> 1194315 2 msaboff 2016-05-18 10:36:01 -0700 We believe that this is due to String.prototype.match() going into an infinite loop. This can happen when the argument RegExp object has an override for .global that always returns true, but the global flag on the base RegExp is false. 1194430 3 279288 msaboff 2016-05-18 14:54:58 -0700 Created attachment 279288 Patch 1194463 4 msaboff 2016-05-18 15:35:02 -0700 Committed r201105: <http://trac.webkit.org/changeset/201105> 1194492 5 279288 saam 2016-05-18 16:15:30 -0700 Comment on attachment 279288 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=279288&action=review > Source/JavaScriptCore/builtins/RegExpPrototype.js:113 > + throw new @Error("Out of memory"); Maybe this could be more descriptive about where we're throwing the OOM from? Or maybe the error object itself nicely handles this? 1194530 6 msaboff 2016-05-18 17:08:40 -0700 (In reply to comment #5) > Comment on attachment 279288 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=279288&action=review > > > Source/JavaScriptCore/builtins/RegExpPrototype.js:113 > > + throw new @Error("Out of memory"); > > Maybe this could be more descriptive about where we're throwing the OOM from? > Or maybe the error object itself nicely handles this? The Error object has a .stack property. For the added tests it shows: match@[native code] test@Source/JavaScriptCore/tests/stress/regress-157595.js:19:23 global code@Source/JavaScriptCore/tests/stress/regress-157595.js:23:9 1194784 7 ossy 2016-05-19 09:27:07 -0700 JSC consumes terribly much memory during executing this test: This new Source/JavaScriptCore/tests/stress/regress-157595.js It made my desktop machine useless for long minutes and swapped. I tried it on a server machine with huge RAM, it passed after 26 seconds long running and consumed 8Gb memory. It's not so good having a test consumes 8Gb memory. :( 1194785 8 msaboff 2016-05-19 09:33:07 -0700 (In reply to comment #7) > JSC consumes terribly much memory during executing this test: > This new Source/JavaScriptCore/tests/stress/regress-157595.js > > It made my desktop machine useless for long minutes and swapped. > I tried it on a server machine with huge RAM, it passed after 26 > seconds long running and consumed 8Gb memory. > > It's not so good having a test consumes 8Gb memory. :( It does consume 8GB. That is why I add the "runOneLargeHeap" option in run-jsc-stress-tests and configured it to run that way. You can use the --memory-limited option when you run the regression tests. The test is checking that String.prototype.match() doesn't infinite loop in a corner case. Just like in the C++ code, we set an upper bound on how many results .match() can return before throwing out of memory. The test runs till it hits that bound, thus the large memory usage. 1194810 9 ossy 2016-05-19 10:21:43 -0700 (In reply to comment #8) > (In reply to comment #7) > > JSC consumes terribly much memory during executing this test: > > This new Source/JavaScriptCore/tests/stress/regress-157595.js > > > > It made my desktop machine useless for long minutes and swapped. > > I tried it on a server machine with huge RAM, it passed after 26 > > seconds long running and consumed 8Gb memory. > > > > It's not so good having a test consumes 8Gb memory. :( > > It does consume 8GB. That is why I add the "runOneLargeHeap" option in > run-jsc-stress-tests and configured it to run that way. You can use the > --memory-limited option when you run the regression tests. run-javascriptcore-tests doesn't have --memory-limited option, only run-jsc-stress-tests has. :( And buildbots uses the first script. > The test is checking that String.prototype.match() doesn't infinite loop in > a corner case. Just like in the C++ code, we set an upper bound on how many > results .match() can return before throwing out of memory. The test runs > till it hits that bound, thus the large memory usage. 1194845 10 msaboff 2016-05-19 11:39:12 -0700 (In reply to comment #9) > (In reply to comment #8) > > (In reply to comment #7) > > > JSC consumes terribly much memory during executing this test: > > > This new Source/JavaScriptCore/tests/stress/regress-157595.js > > > > > > It made my desktop machine useless for long minutes and swapped. > > > I tried it on a server machine with huge RAM, it passed after 26 > > > seconds long running and consumed 8Gb memory. > > > > > > It's not so good having a test consumes 8Gb memory. :( > > > > It does consume 8GB. That is why I add the "runOneLargeHeap" option in > > run-jsc-stress-tests and configured it to run that way. You can use the > > --memory-limited option when you run the regression tests. > > run-javascriptcore-tests doesn't have --memory-limited option, only > run-jsc-stress-tests has. :( And buildbots uses the first script. > > > The test is checking that String.prototype.match() doesn't infinite loop in > > a corner case. Just like in the C++ code, we set an upper bound on how many > > results .match() can return before throwing out of memory. The test runs > > till it hits that bound, thus the large memory usage. Landed change set r201172 that skips the test. I filed <https://bugs.webkit.org/show_bug.cgi?id=157903> to track fixing the memory usage. 279288 2016-05-18 14:54:58 -0700 2016-05-18 14:56:39 -0700 Patch 157595.patch text/plain 4201 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjAxMDg1KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI0IEBA CisyMDE2LTA1LTE4ICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIHIxOTk4MTIgYnJva2UgdGVzdDI2MgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9MTU3NTk1CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChP T1BTISkuCisKKyAgICAgICAgQWRkZWQgYSByZWFzb25hYmxlIGxpbWl0IHRvIHRoZSBzaXplIG9m IHRoZSBtYXRjaCByZXN1bHQgYXJyYXkgdG8gY2F0Y2ggcG9zc2libGUKKyAgICAgICAgaW5maW5p dGUgbG9vcHMgd2hlbiBtYXRjaGluZy4KKyAgICAgICAgQWRkZWQgYSBuZXcgdGVzdHMgdGhhdCBj cmVhdGVzIGFuIGluZmluaXRlIGxvb3AgaW4gUmVnRXhwLnByb3RvdHlwZS5bU3ltYm9sLm1hdGNo XQorICAgICAgICBieSBjcmVhdGluZyBhIHN1YmNsYXNzIG9mIFJlZ0V4cCB3aGVyZSB0aGUgYmFz ZSBSZWdFeHAncyBnbG9iYWwgZmxhZyBpcyBmYWxzZSBhbmQKKyAgICAgICAgdGhlIHN1YmNsYXNz IG92ZXJyaWRlcyAuZ2xvYmFsIHdpdGggYSBnZXR0ZXIgdGhhdCBhbHdheXMgcmV0dXJucyB0cnVl LgorCisgICAgICAgICogYnVpbHRpbnMvUmVnRXhwUHJvdG90eXBlLmpzOgorICAgICAgICAobWF0 Y2gpOgorICAgICAgICAqIHRlc3RzL3N0cmVzcy9yZWdyZXNzLTE1NzU5NS5qczogQWRkZWQuCisg ICAgICAgIChNeVJlZ0V4cCk6CisgICAgICAgIChNeVJlZ0V4cC5wcm90b3R5cGUuZ2V0IGdsb2Jh bCk6CisgICAgICAgICh0ZXN0KToKKyAgICAgICAgKGNhdGNoKToKKwogMjAxNi0wNS0xOCAgWXVz dWtlIFN1enVraSAgPHV0YXRhbmUudGVhQGdtYWlsLmNvbT4KIAogICAgICAgICBbRVM2XSBOYW1l c3BhY2Ugb2JqZWN0IHJlLWV4cG9ydCBzaG91bGQgYmUgaGFuZGxlZCBhcyBsb2NhbCBleHBvcnQK SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9idWlsdGlucy9SZWdFeHBQcm90b3R5cGUuanMK PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2J1aWx0aW5zL1JlZ0V4cFByb3Rv dHlwZS5qcwkocmV2aXNpb24gMjAxMDg1KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2J1aWx0 aW5zL1JlZ0V4cFByb3RvdHlwZS5qcwkod29ya2luZyBjb3B5KQpAQCAtOTcsNyArOTcsOCBAQCBm dW5jdGlvbiBtYXRjaChzdHJBcmcpCiAgICAgbGV0IHVuaWNvZGUgPSByZWdleHAudW5pY29kZTsK ICAgICByZWdleHAubGFzdEluZGV4ID0gMDsKICAgICBsZXQgcmVzdWx0TGlzdCA9IFtdOwotICAg IGxldCBzdHJpbmdMZW5ndGggPSBzdHIubGVuZ3RoOworCisgICAgY29uc3QgbWF4aW11bVJlYXNv bmFibGVNYXRjaFNpemUgPSAxMDAwMDAwMDA7CiAKICAgICB3aGlsZSAodHJ1ZSkgewogICAgICAg ICBsZXQgcmVzdWx0ID0gQHJlZ0V4cEV4ZWMocmVnZXhwLCBzdHIpOwpAQCAtMTA4LDYgKzEwOSw5 IEBAIGZ1bmN0aW9uIG1hdGNoKHN0ckFyZykKICAgICAgICAgICAgIHJldHVybiByZXN1bHRMaXN0 OwogICAgICAgICB9CiAKKyAgICAgICAgaWYgKHJlc3VsdExpc3QubGVuZ3RoID4gbWF4aW11bVJl YXNvbmFibGVNYXRjaFNpemUpCisgICAgICAgICAgICB0aHJvdyBuZXcgQEVycm9yKCJPdXQgb2Yg bWVtb3J5Iik7CisKICAgICAgICAgaWYgKCFAaXNPYmplY3QocmVzdWx0KSkKICAgICAgICAgICAg IHRocm93IG5ldyBAVHlwZUVycm9yKCJSZWdFeHAucHJvdG90eXBlLkBAbWF0Y2ggY2FsbCB0byBS ZWdFeHAuZXhlYyBkaWRuJ3QgcmV0dXJuIG51bGwgb3IgYW4gb2JqZWN0Iik7CiAKSW5kZXg6IFNv dXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0cy9zdHJlc3MvcmVncmVzcy0xNTc1OTUuanMKPT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RzL3N0cmVzcy9yZWdyZXNzLTE1NzU5 NS5qcwkocmV2aXNpb24gMCkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0cy9zdHJlc3Mv cmVncmVzcy0xNTc1OTUuanMJKHdvcmtpbmcgY29weSkKQEAgLTAsMCArMSwyNyBAQAorLy8gVGVz dCB0aGF0IGFuIG92ZXJyaWRkZW4gZ2xvYmFsIG9uIGEgUmVnRXhwIG9iamVjdCBkb2Vzbid0IGNh dXNlIGFuIGluZmluaXRlIGxvb3AKKy8vIGluIFN0cmluZy5tYXRjaCgpLiBJbnN0ZWFkIGl0IHNo b3VsZCBldmVudHVhbGx5IHRocm93IGFuIE91dCBvZiBNZW1vcnkgZXhjZXB0aW9uLgorLy9AIHJ1 bk9uZUxhcmdlSGVhcAorCitjbGFzcyBNeVJlZ0V4cCBleHRlbmRzIFJlZ0V4cCB7CisgICAgY29u c3RydWN0b3IocGF0dGVybikgeworICAgICAgICBzdXBlcihwYXR0ZXJuLCAiIik7CisgICAgfQor CisgICAgZ2V0IGdsb2JhbCgpIHsKKyAgICAgICAgcmV0dXJuIHRydWU7CisgICAgfQorfTsKKwor ZnVuY3Rpb24gdGVzdCgpCit7CisgICAgbGV0IHIgPSBuZXcgTXlSZWdFeHAoIi4iKTsKKworICAg IHJldHVybiAiYWJjIi5tYXRjaChyKTsKK30KKwordHJ5IHsKKyAgICB0ZXN0KCk7Cit9IGNhdGNo KGUpIHsKKyAgICBpZiAoZS5tZXNzYWdlICE9ICJPdXQgb2YgbWVtb3J5IikKKyAgICAgICAgdGhy b3cgIldyb25nIGVycm9yOiAiICsgZTsKK30KSW5kZXg6IFRvb2xzL0NoYW5nZUxvZwo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBUb29scy9DaGFuZ2VMb2cJKHJldmlzaW9uIDIwMTEwMCkKKysrIFRvb2xzL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDE2LTA1LTE4ICBNaWNoYWVs IFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAgICAgIHIxOTk4MTIgYnJva2UgdGVz dDI2MgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTU3 NTk1CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQWRk ZWQgYSBuZXcgcnVuIHR5cGUsIHJ1bk9uZUxhcmdlSGVhcCwgZm9yIHRlc3RzIHRoYXQgdXNlIGEg bGFyZ2UgYW1vdW50IG9mIG1lbW9yeS4KKyAgICAgICAgVGhpcyBydW4gdHlwZSB3aWxsIG5vdCBy dW4gd2l0aCB0aGUgLS1tZW1vcnktbGltaXRlZCBvcHRpb24uICBXaXRob3V0IHRoYXQgb3B0aW9u LAorICAgICAgICB3ZSdsbCBvbmx5IHRoZSBkZWZhdWx0IHRlc3QgdmFyaWFudC4KKworICAgICAg ICAqIFNjcmlwdHMvcnVuLWpzYy1zdHJlc3MtdGVzdHM6CisKIDIwMTYtMDUtMTggIFNpbW9uIEZy YXNlciAgPHNpbW9uLmZyYXNlckBhcHBsZS5jb20+CiAKICAgICAgICAgUkVHUkVTU0lPTiAocjIw MDUzNCkgQ29tbWFuZC0rIG5vIGxvbmdlciB6b29tcyBwYWdlcyAKSW5kZXg6IFRvb2xzL1Njcmlw dHMvcnVuLWpzYy1zdHJlc3MtdGVzdHMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gVG9vbHMvU2NyaXB0cy9ydW4t anNjLXN0cmVzcy10ZXN0cwkocmV2aXNpb24gMjAxMDg1KQorKysgVG9vbHMvU2NyaXB0cy9ydW4t anNjLXN0cmVzcy10ZXN0cwkod29ya2luZyBjb3B5KQpAQCAtNzg0LDYgKzc4NCwxNSBAQCBkZWYg cnVuV2l0aFJBTVNpemUoc2l6ZSkKICAgICBydW4oInJhbS1zaXplLSN7c2l6ZX0iLCAiLS1mb3Jj ZVJBTVNpemU9I3tzaXplfSIpCiBlbmQKIAorZGVmIHJ1bk9uZUxhcmdlSGVhcAorICAgIGlmICRt ZW1vcnlMaW1pdGVkCisgICAgICAgICRkaWRBZGRSdW5Db21tYW5kID0gdHJ1ZQorICAgICAgICBw dXRzICJTa2lwcGluZyAjeyRjb2xsZWN0aW9uTmFtZX0vI3skYmVuY2htYXJrfSIKKyAgICBlbHNl CisgICAgICAgIHJ1bigiZGVmYXVsdCIpCisgICAgZW5kCitlbmQKKwogZGVmIHJ1bk5vSklUCiAg ICAgcnVuKCJuby1qaXQiLCAiLS11c2VKSVQ9ZmFsc2UiKQogZW5kCg==