NEW 136772
Safari on iOS 8 crashes in JIT code 
https://bugs.webkit.org/show_bug.cgi?id=136772
Summary Safari on iOS 8 crashes in JIT code
Jason Parrott
Reported 2014-09-11 22:53:44 PDT
Created attachment 238016 [details] Crash log On the most recent build of iOS 8 (currently the GM release) Safari's tab process will crash when creating arrays (and possibly other regular objects as well). It seems that objects that no longer have references are not getting garbage collected and memory runs out. The attached URL will show how to crash it in an easy to understand manner. In this example a large array is created and setTimeout is called on the same function again. The large array in the old function should be gone when the setTimeout's call happens, yet when another array of that size is allocated the tab crashes with the attached crash log. The point of this is that things are not getting garbage collected it seems. You do not need a setTimeout. You could have a lot of allocations while nulling the previous arrays inline in a row and the crash will still occur. The size also doesn't seem to matter, just as long as the total amount of memory used in the end is more than the system has available.
Attachments
Crash log (35.13 KB, text/plain)
2014-09-11 22:53 PDT, Jason Parrott 		no flags
Details
HTML version of the test case (253 bytes, text/html)
2014-09-12 00:33 PDT, Jason Parrott 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2014-09-11 23:11:58 PDT
The crash log doesn't imply any relationship to GC - seems like we are just crashing in JIT code. The fact that the test case is allocating memory seems unrelated to the crash.
Jason Parrott
Comment 2 2014-09-12 00:33:25 PDT
Created attachment 238018 [details] HTML version of the test case
Radar WebKit Bug Importer
Comment 3 2014-09-13 00:56:41 PDT
<rdar://problem/18328854>
Kuu Miyazaki
Comment 4 2014-09-15 21:07:28 PDT
(In reply to comment #3) > <rdar://problem/18328854> Can we know the current status of the above bug? This might be a wrong place to ask about iOS issues. But it would be helpful if we could discuss the bug someplace. Thanks.
Note You need to log in before you can comment on or make changes to this bug.