boa icon indicating copy to clipboard operation
boa copied to clipboard
verified publisher icon boa-dev

`1000n << 10000000n` takes forever

Open Razican opened this issue 5 years ago • 1 comments

As mentioned in #883, running the following code stalls the interpreter:

1000n << 10000000n;

This is controlled here and here. We don't ever check if the generated BigInt would be out of range.

The spec here is not very clear, but I guess we should be checking if any of the operands would make it go out of range before trying to execute the operation.

Razican avatar Jan 09 '21 20:01 Razican

As far as I know, v8 takes forever to run and SpiderMonkey throws an early range error (too large to allocate). The current implementation should be fine since the spec defines the size of BigInt to be unlimited, and so does the crate num-bigint we use.

But it is doable to set a reasonable size limit for BigInt. For reference, this is how SpiderMonkey estimates the shift result's length and check the limit: https://searchfox.org/mozilla-central/source/js/src/vm/BigIntType.cpp#2180 https://searchfox.org/mozilla-central/source/js/src/vm/BigIntType.cpp#146

jevancc avatar Jan 10 '21 09:01 jevancc

Not a bug, this is just the correct behaviour for someone trying to shift a bigint by a massive amount.

jedel1043 avatar Apr 14 '24 14:04 jedel1043