AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
e3242a4858
v8/test/mjsunit/regress/regress-crbug-1041232.js
Jakob Kummerow 8364fc74be [test] Proper OOM handling for multi-mapped mock allocator 
When reserving the requested virtual memory fails (due to address space
exhaustion), simply return nullptr to indicate allocation failure, which
callers must be prepared to handle anyway. That way, ClusterFuzz will
correctly classify OOM situations.
Bonus change: skip demo test on simulators to save time.
Drive-by cleanup: add a 'simulator_run' section to mjsunit.status

Bug: chromium:1042151,chromium:1042173
Change-Id: I8569f3c0d2a681fbf6f91b665dcb88a4ac3b901e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002391
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65785}
2020-01-15 12:11:33 +00:00

39 lines
1.4 KiB
JavaScript
Raw Blame History

// Copyright 2020 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --multi-mapped-mock-allocator
// Chosen for stress runs on 32-bit systems. Physical memory is not an issue
// thanks to the mock allocator, but virtual address space is still limited.
let kSize = 128 * 1024 * 1024;
// Must be >= MultiMappedMockAllocator::kChunkSize in d8.cc.
let kChunkSize = 2 * 1024 * 1024;
let a = new Uint8Array(kSize);
for (let i = 0; i < kChunkSize; i++) {
a[i] = 42;
}
// Check that OOB accesses return undefined and all array elements are 42.
// Importantly, nothing crashes.
assertEquals(undefined, a[-kChunkSize - 1]);
assertEquals(undefined, a[-kChunkSize]);
assertEquals(undefined, a[-1]);
assertEquals(42, a[0]);
assertEquals(42, a[1]);
// If this fails, then you probably tried to run this test without the
// multi-mapped mock allocator.
assertEquals(42, a[kChunkSize]);
assertEquals(42, a[kChunkSize + 1]);
assertEquals(42, a[kChunkSize + 1]);
assertEquals(42, a[kSize - kChunkSize]);
assertEquals(42, a[kSize - 1]);
assertEquals(undefined, a[kSize]);
assertEquals(undefined, a[kSize + 1]);
assertEquals(undefined, a[kSize + kChunkSize]);
assertEquals(undefined, a[kSize + kSize]);
// Check that excessive requests throw (crbug.com/1042173, crbug.com/1042151).
assertThrows(() => new ArrayBuffer(Number.MAX_SAFE_INTEGER));
Reference in New Issue View Git Blame Copy Permalink