1 <!DOCTYPE HTML PUBLIC
"-//IETF//DTD HTML//EN">
6 function runArrayOOMTest() {
7 document
.write("<p>Starting test...</p>");
9 // The index 'target' is the location in the array we expect to fault on access, should the size calculation of the realloc of the vector be allowed
10 // to overflow. The vector needs to be ((target + 1) * sizeof(JSValue*)) bytes long to hold 'target', or approximately 2/3 UINT32_MAX. Upon growing
11 // the array an additional 50% capacity will be allocated, plus the storage object header, taking the size of the allocation over UINT32_MAX.
12 var target
= Math
.floor(0xFFFFFFFF / 6);
13 // In order to force arr[target] to be stored in the vector, rather than the sparse map, we need ensure the vector is sufficiently densely populated.
14 var populate
= Math
.floor(target
/ 8 + 1);
17 var arr
= new Array();
18 for (i
=0; i
< populate
; ++i
)
22 var expect_name
= "Error";
23 var expect_message
= "Out of memory";
24 if ((e
.name
== expect_name
) && (e
.message
== expect_message
))
25 document
.write("<p>SUCCESS</p>");
27 document
.write("<p>FAIL - Expected \"" + expect_name
+ "/" + expect_message
+ "\", got \"" + e
.name
+ "/" + e
.message
+ "\".</p>");
32 document
.write("<p>FAIL - Expected exception.</p>");
38 <p>This test checks that Array objects fail gracefully (throw exception) when array length grows large.
</p>
39 <p>This test may run for over
20 seconds on a fast machine, and will consume hundereds of MB of memory.
</p>
40 <input type=
"button" onclick=
"runArrayOOMTest()" value=
"Start">