1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> 2 <html> 3 <head> 4 <script> 5 6 function runArrayOOMTest() { 7 document.write("<p>Starting test...</p>"); 8 9 // The index 'target' is the location in the array we expect to fault on access, should the size calculation of the realloc of the vector be allowed 10 // to overflow. The vector needs to be ((target + 1) * sizeof(JSValue*)) bytes long to hold 'target', or approximately 2/3 UINT32_MAX. Upon growing 11 // the array an additional 50% capacity will be allocated, plus the storage object header, taking the size of the allocation over UINT32_MAX. 12 var target = Math.floor(0xFFFFFFFF / 6); 13 // In order to force arr[target] to be stored in the vector, rather than the sparse map, we need ensure the vector is sufficiently densely populated. 14 var populate = Math.floor(target / 8 + 1); 15 16 try { 17 var arr = new Array(); 18 for (i=0; i < populate; ++i) 19 arr[i] = 0; 20 arr[target] = 0; 21 } catch(e) { 22 var expect_name = "Error"; 23 var expect_message = "Out of memory"; 24 if ((e.name == expect_name) && (e.message == expect_message)) 25 document.write("<p>SUCCESS</p>"); 26 else 27 document.write("<p>FAIL - Expected \"" + expect_name + "/" + expect_message + "\", got \"" + e.name + "/" + e.message + "\".</p>"); 28 29 return; 30 } 31 32 document.write("<p>FAIL - Expected exception.</p>"); 33 } 34 35 </script> 36 </head> 37 <body> 38 <p>This test checks that Array objects fail gracefully (throw exception) when array length grows large.</p> 39 <p>This test may run for over 20 seconds on a fast machine, and will consume hundereds of MB of memory.</p> 40 <input type="button" onclick="runArrayOOMTest()" value="Start"> 41 </body> 42 </html> 43
