Summary: Safari does not appear to garbage collect typed arrays / ArrayBuffers. Once allocated, they remain a part of Safari's memory footprint, even when they are no longer reachable by the JavaScript program. As a result, a web page that makes regular use of typed arrays can crash Safari through a series of allocations. I am unsure of which version of JavaScriptCore/WebKit is applicable. I am using the latest Safari on Mountain Lion. Steps to Reproduce: 1) Visit http://people.cs.umass.edu/~jvilk/safari-crash.html 2) Click on one of the buttons in Safari. (Or more generally) 1) Repeatedly allocate a 1MB ArrayBuffer to the same variable a large number of times (such that you allocate more than your system's memory). Each allocation should make the previous allocation unreachable. Expected Results: Safari does not freeze. The page pops up an alert with either "Congratulations, your browser didn't crash! Check your memory usage, though.", or "Looks like your browser limits how much we allocate. Received the following exception: [exception text]". Actual Results: Safari uses all system memory, starts swapping to disk, and either becomes completely unresponsive or crashes.
<rdar://problem/14535469>
See also: bug 118223, bug 114824.
I'm so over our typed array implementation.
*** This bug has been marked as a duplicate of bug 119064 ***