Changeset 30492 in webkit


Ignore:
Timestamp:
Feb 22, 2008, 3:16:40 PM (17 years ago)
Author:
ggaren@apple.com
Message:

JavaScriptCore:

Reviewed by Sam Weinig.


Partial fix for <rdar://problem/5744037> Gmail out of memory (17455)


I'm removing KJS_MEM_LIMIT for the following reasons:


  • We have a few reports of KJS_MEM_LIMIT breaking important web applications, like GMail and Google Reader. (For example, if you simply open 12 GMail tabs, tab #12 will hit the limit.)
  • Firefox has no discernable JS object count limit, so any limit, even a large one, is a potential compatibility problem.


  • KJS_MEM_LIMIT does not protect against malicious memory allocation, since there are many ways to maliciously allocate memory without increasing the JS object count.


  • KJS_MEM_LIMIT is already mostly broken, since it only aborts the script that breaches the limit, not any subsequent scripts.


  • We've never gotten bug reports about websites that would have benefited from an unbroken KJS_MEM_LIMIT. The initial check-in of KJS_MEM_LIMIT (KJS revision 80061) doesn't mention a website that needed it.


  • Any website that brings you anywhere close to crashing due to the number of live JS objects will almost certainly put up the "slow script" dialog at least 20 times beforehand.
  • kjs/collector.cpp: (KJS::Collector::collect):
  • kjs/collector.h:
  • kjs/nodes.cpp: (KJS::TryNode::execute):

LayoutTests:

Reviewed by Sam Weinig.


Removing the test for KJS_MEM_LIMIT, since I removed KJS_MEM_LIMIT.

  • fast/js/out-of-memory-expected.txt: Removed.
  • fast/js/out-of-memory.html: Removed.
Location:
trunk
Files:
2 deleted
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/ChangeLog

    r30475 r30492  
     12008-02-22  Geoffrey Garen  <ggaren@apple.com>
     2
     3        Reviewed by Sam Weinig.
     4       
     5        Partial fix for <rdar://problem/5744037> Gmail out of memory (17455)
     6       
     7        I'm removing KJS_MEM_LIMIT for the following reasons:
     8       
     9        - We have a few reports of KJS_MEM_LIMIT breaking important web
     10        applications, like GMail and Google Reader. (For example, if you
     11        simply open 12 GMail tabs, tab #12 will hit the limit.)
     12
     13        - Firefox has no discernable JS object count limit, so any limit, even
     14        a large one, is a potential compatibility problem.
     15       
     16        - KJS_MEM_LIMIT does not protect against malicious memory allocation,
     17        since there are many ways to maliciously allocate memory without
     18        increasing the JS object count.
     19       
     20        - KJS_MEM_LIMIT is already mostly broken, since it only aborts the
     21        script that breaches the limit, not any subsequent scripts.
     22       
     23        - We've never gotten bug reports about websites that would have
     24        benefited from an unbroken KJS_MEM_LIMIT. The initial check-in of
     25        KJS_MEM_LIMIT (KJS revision 80061) doesn't mention a website that
     26        needed it.
     27       
     28        - Any website that brings you anywhere close to crashing due to the
     29        number of live JS objects will almost certainly put up the "slow
     30        script" dialog at least 20 times beforehand.
     31
     32        * kjs/collector.cpp:
     33        (KJS::Collector::collect):
     34        * kjs/collector.h:
     35        * kjs/nodes.cpp:
     36        (KJS::TryNode::execute):
     37
    1382008-02-22  Oliver Hunt  <oliver@apple.com>
    239

  • trunk/JavaScriptCore/kjs/collector.cpp

    r29710 r30492  
    106106// Just a private global like "heap" above would be fine.
    107107size_t Collector::mainThreadOnlyObjectCount = 0;
    108 
    109 bool Collector::memoryFull = false;
    110108
    111109static CollectorBlock* allocateBlock()
     
    971969  numberHeap.operationInProgress = NoOperation;
    972970 
    973   bool newMemoryFull = (numLiveObjects >= KJS_MEM_LIMIT);
    974   if (newMemoryFull && newMemoryFull != memoryFull)
    975       reportOutOfMemoryToAllExecStates();
    976   memoryFull = newMemoryFull;
    977 
    978971  return numLiveObjects < originalLiveObjects;
    979972}

  • trunk/JavaScriptCore/kjs/collector.h

    r29396 r30492  
    2828#include <wtf/HashCountedSet.h>
    2929
    30 #define KJS_MEM_LIMIT 500000
    31 
    3230namespace KJS {
    3331
     
    4846
    4947    static size_t size();
    50     static bool isOutOfMemory() { return memoryFull; }
    5148
    5249    static void protect(JSValue*);

  • trunk/JavaScriptCore/kjs/nodes.cpp

    r30475 r30492  
    43024302    JSValue* result = m_tryBlock->execute(exec);
    43034303
    4304     if (Collector::isOutOfMemory())
    4305         return result; // don't try to catch an out of memory exception thrown by the collector
    4306 
    43074304    if (m_catchBlock && exec->completionType() == Throw) {
    43084305        JSObject* obj = new JSObject;

  • trunk/LayoutTests/ChangeLog

    r30475 r30492  
     12008-02-22  Geoffrey Garen  <ggaren@apple.com>
     2
     3        Reviewed by Sam Weinig.
     4       
     5        Removing the test for KJS_MEM_LIMIT, since I removed KJS_MEM_LIMIT.
     6
     7        * fast/js/out-of-memory-expected.txt: Removed.
     8        * fast/js/out-of-memory.html: Removed.
     9
    1102008-02-22  Oliver Hunt  <oliver@apple.com>
    211
Note: See TracChangeset for help on using the changeset viewer.