Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / third_party / WebKit / ManualTests / array-out-of-memory.html
blob486e200ddae56c5bad89e7ffac0920f3b71c2080
1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
2 <html>
3 <head>
4 <script>
6 function runArrayOOMTest() {
7 document.write("<p>Starting test...</p>");
9 // The index 'target' is the location in the array we expect to fault on access, should the size calculation of the realloc of the vector be allowed
10 // to overflow. The vector needs to be ((target + 1) * sizeof(JSValue*)) bytes long to hold 'target', or approximately 2/3 UINT32_MAX. Upon growing
11 // the array an additional 50% capacity will be allocated, plus the storage object header, taking the size of the allocation over UINT32_MAX.
12 var target = Math.floor(0xFFFFFFFF / 6);
13 // In order to force arr[target] to be stored in the vector, rather than the sparse map, we need ensure the vector is sufficiently densely populated.
14 var populate = Math.floor(target / 8 + 1);
16 try {
17 var arr = new Array();
18 for (i=0; i < populate; ++i)
19 arr[i] = 0;
20 arr[target] = 0;
21 } catch(e) {
22 var expect_name = "Error";
23 var expect_message = "Out of memory";
24 if ((e.name == expect_name) && (e.message == expect_message))
25 document.write("<p>SUCCESS</p>");
26 else
27 document.write("<p>FAIL - Expected \"" + expect_name + "/" + expect_message + "\", got \"" + e.name + "/" + e.message + "\".</p>");
29 return;
32 document.write("<p>FAIL - Expected exception.</p>");
35 </script>
36 </head>
37 <body>
38 <p>This test checks that Array objects fail gracefully (throw exception) when array length grows large.</p>
39 <p>This test may run for over 20 seconds on a fast machine, and will consume hundereds of MB of memory.</p>
40 <input type="button" onclick="runArrayOOMTest()" value="Start">
41 </body>
42 </html>