Bug 17047

Summary: Out of Memory Error with .split("") due to large number of live objects
Product: WebKit Reporter: John Resig <jresig>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, mjs, mrowe
Priority: P2 Keywords: HasReduction, InRadar
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://ejohn.org/files/bugs/split/

Description John Resig 2008-01-28 12:31:15 PST 
I've been hitting some weird Out of Memory errors in the latest nightly builds of WebKit, see the attached URL for an example. It only occurs with .split("") and a mix of closures and intervals. Full script below:

var str = "", ret, fn = [];

for ( var i = 0; i < 16384; i++ )
  str += "a";

for ( var i = 16384; i <= 131072; i *= 2 ) (function(i){
  fn.push(function(){
    ret = str.split("");
  });

  str += str;
})();

window.onload = function(){
        setInterval(function(){
                if ( fn.length )
                        fn.shift()();
        }, 13);
};
Comment 1 Mark Rowe (bdash) 2008-01-28 12:35:55 PST 
After loading <http://ejohn.org/files/bugs/split/> the Caches window shows around 800,000 live objects, which is enough to trigger the "Out of Memory" error.  Forcing a collection manually drops this down to around 270,000.  Closing the tab drops back to around 8,000, which shows nothing is actually being leaked.
Comment 2 Mark Rowe (bdash) 2008-01-28 12:38:07 PST 
<rdar://problem/5710766>
Comment 3 David Kilzer (:ddkilzer) 2008-02-23 13:27:24 PST 
Fixed by r30492?

http://trac.webkit.org/projects/webkit/changeset/30492