Issue metadata
Sign in to add a comment
|
Regex.test method result changes(fallback to false) on high memory usage.
Reported by
masat...@takai.mobi,
Feb 7 2017
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Steps to reproduce the problem: 1. Execute the javascript code attached and monitor console window. 2. If output does not have any "false" result, try to use a lot of memory or use a computer with smaller memory. 3. Using a timeline recording from developer tool is a good tool to increase memory usage. What is the expected behavior? Since evaluated string is always the same, the output should always be the same, "true" in this case. However, at some point, the result fallbacks to false, and after that, result is always "false". What went wrong? Javascript regex method output gets wrong. Did this work before? Yes chrome 55 Same problem happens on Windows 7&8.1&10 as well. Chrome version: 56.0.2924.87 Channel: stable OS Version: OS X 10.11.5 Flash Version: Shockwave Flash 24.0 r0
,
Feb 8 2017
,
Feb 8 2017
For convenience for reproduction, I copied the script in #1 to jsbin. http://output.jsbin.com/dicizebeta ( http://jsbin.com/dicizebeta/edit?js,console )
,
Feb 8 2017
I tried 56.0.2924.87 (Official Build) (64-bit) on Linux, and cannot reproduce. Will try Win & Mac next.
,
Feb 8 2017
Reproduced on Mac (56.0.2924.87 (Official Build) (64 bit). For this repro, it seems true is returned 100+ times then it turns to return false for the rest. Sometimes, 100+ true, 700+ false, then 100+ true (See screenshot). Could be a V8 bug - can anyone triage?
,
Feb 8 2017
Able to reproduce the issue on Windows-7 and Mac-10.12.2 using chrome stable version 56.0.2924.87 And issue not observed in Canary 58.0.3006.0 and Beta 57.0.2987.21. This is regression issue fixed in M57. Please find the Reverse bisect information as below Using the per-revision bisect providing the bisect results, Bad:: 57.0.2925.0-- (build revision 433363) Good :57.0.2926.0 -- (build revision 433437) ChangeLog: https://chromium.googlesource.com/chromium/src/+log/4ff3e57600d5433dd8d31c5dcdf7d0e26de73f02..c996ed6fe7db9b512d465ae65dc85d30b7efc745 Review-Url: https://codereview.chromium.org/2513753003 msw@ could you please merge the fix to M56 if it is valid candidate,else please help us in finding the appropriate owner for this issue. Note:Issue not observed in Ubuntu-14.04. Thanks..
,
Feb 8 2017
I don't think msw's change you quoted in c#6 affects this issue...
,
Feb 8 2017
,
Feb 8 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by masat...@takai.mobi
, Feb 7 2017Below is the test script I used. This sometimes outputs "false". var LOOP = 1000; function createHTML() { var html=''; with({}){ html+='<div><div><div><div><div><div></div></div></div></div></div></div><div><div><div><div><div><div></div></div></div></div></div></div><div><div><div><div><div><div></div></div></div></div></div></div><div><div><div><div><div><div></div></div></div></div></div></div><div><div><div><div><div><div></div></div></div></div></div></div><div><div><div><div><div><div></div></div></div></div></div></div><div><div><div><div><div><div></div></div></div></div></div></div><div><div><div><div><div><div></div></div></div></div></div></div><div><div><div><div><div><div></div></div></div></div></div></div><div><div><div><div><div><div></div></div></div></div></div></div>'; } return html; } for(var i = 0; i < LOOP; i++) { if(/<|&?#\w;/.test(createHTML())) { console.log("true"); } else { console.log("false"); } } console.log("Done");