Bug 17047
| Summary: | Out of Memory Error with .split("") due to large number of live objects | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | John Resig <jresig> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | ggaren, mjs, mrowe |
| Priority: | P2 | Keywords: | HasReduction, InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.5 | ||
| URL: | http://ejohn.org/files/bugs/split/ | ||
John Resig
I've been hitting some weird Out of Memory errors in the latest nightly builds of WebKit, see the attached URL for an example. It only occurs with .split("") and a mix of closures and intervals. Full script below:
var str = "", ret, fn = [];
for ( var i = 0; i < 16384; i++ )
str += "a";
for ( var i = 16384; i <= 131072; i *= 2 ) (function(i){
fn.push(function(){
ret = str.split("");
});
str += str;
})();
window.onload = function(){
setInterval(function(){
if ( fn.length )
fn.shift()();
}, 13);
};
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Mark Rowe (bdash)
After loading <http://ejohn.org/files/bugs/split/> the Caches window shows around 800,000 live objects, which is enough to trigger the "Out of Memory" error. Forcing a collection manually drops this down to around 270,000. Closing the tab drops back to around 8,000, which shows nothing is actually being leaked.
Mark Rowe (bdash)
<rdar://problem/5710766>
David Kilzer (:ddkilzer)
Fixed by r30492?
http://trac.webkit.org/projects/webkit/changeset/30492